Cyber Law Cyber Crime & IPR Notes

CYBER CRIMES, CYBER
LAWS & INTELLECTUAL

PROPERTY RIGHTS
Safeguarding the
Digital Realm:
Cybersecurity, Legal
Frameworks, and IP
Protection
Unlocking the Digital Enigma: Exploring the Nexus of Cyber Crimes, Legal
Safeguards, and Intellectual Property Rights. In today's interconnected
world, the digital landscape is rife with both opportunities and
challenges. This document delves into the intriguing realm of cyber
crimes, cyber laws, and the protection of intellectual property rights.
Discover the evolving threat landscape, legal frameworks, and strategies
for safeguarding your digital assets. Join us on a journey through the
dynamic intersection of technology and law, where innovation meets
protection. Dive into the complex web of cybersecurity, legal compliance,
and intellectual property preservation as we decode the crucial elements
of this digital enigma.
1 CYBER CRIMES, CYBER LAWS & INTELLECTUAL PROPERTY RIGHTS
PROF. MANOJ KUMAR N | SIMS

BASICS OF CYBERSECURITY:
Context: An Overview of Cyber Security:
With internet bandwidth becoming cheaper, and the usage of connected, smart gadgets
increasing exponentially, protecting ourselves online and keeping all data safe and secure has
become a priority. We are relying heavily on data, connected systems and online ecosystems to
live our daily lives. It has become ubiquitous, and we cannot imagine living without connectivity
and gadgets. Security threats like denial of service, hacking into systems, data theft, identity theft
are something that we all have to safeguard against.
Cyber security is important because it protects all categories of data from theft and damage. This
includes sensitive data, personally identifiable information (PII), protected health information
(PHI), personal information, intellectual property, data, and governmental and industry
information systems.
This part helps us to understand what Cyber security means, and how it can be implemented.
Key Concepts
What is Cyber security?
Cyber security is the application of technologies, processes and controls to protect systems,
networks, programs, devices and data from cyberattacks.
It aims to reduce the risk of cyberattacks and protect against the unauthorised exploitation of
systems, networks and technologies.
Cybercrime that uses computers to commit other crimes may involve using
computers to spread malware, illegal information or illegal images.

5 types of Cyber Security

1. Critical infrastructure security:
Critical infrastructure security consists of the cyber-physical systems that modern societies rely
on. Common examples of critical infrastructure:
• Electricity Grid
• Water Purification
• Traffic Lights
• Shopping Centers
• Hospitals
Having the infrastructure of an electricity grid on the internet makes it vulnerable to cyber-
attacks.
Organizations with responsibility for any critical infrastructures should perform due diligence to
understand the vulnerabilities and protect their business against them. The security and
resilience of this critical infrastructure is vital to our society’s safety and well-being.
Organizations that are not responsible for critical infrastructure, but still rely on it for a portion
of their business, should develop a contingency plan by evaluating how an attack on critical
infrastructure they depend on might affect them.
2. Application security:

You should choose application security as one of the several must-have security measures
adopted to protect your systems. Application security uses software and hardware methods to
tackle external threats that can arise in the development stage of an application.
Applications are much more accessible over networks, causing the adoption of security measures
during the development phase to be an imperative phase of the project.
Types of application security:
1. Antivirus Programs
2. Firewalls
3. Encryption Programs
These help to ensure that unauthorized access is prevented. Companies can also detect sensitive
data assets and protect them through specific application security processes attached to these
data sets.
3. Network security:
As cyber security is concerned with outside threats, network security guards against
unauthorized intrusion of your internal networks due to malicious intent.
Network security ensures that internal networks are secure by protecting the infrastructure and
inhibiting access to it.
To help better manage network security monitoring, security teams are now using machine
learning to flag abnormal traffic and alert to threats in real time. Network administrators continue
to implement policies and procedures to prevent unauthorized access, modification and
exploitation of the network.
Common examples of network security implementation:
1. Extra Logins
2. New Passwords
3. Application Security
a. Antivirus Programs
b. Antispyware Software
c. Encryption
d. Firewalls
e. Monitored Internet Access
4. Cloud security:
Improved cyber security is one of the main reasons why the cloud is taking over.
Cloud security is a software-based security tool that protects and monitors the data in your cloud
resources. Cloud providers are constantly creating and implementing new security tools to help
enterprise users better secure their data.

Cloud computing security is similar to traditional on-premise data centers, only without the time
and costs of maintaining huge data facilities, and the risk of security breaches is minimal.
5 Internet of things (IoT) security

IoT refers to a wide variety of critical and non-critical cyber physical systems, like appliances,
sensors, televisions, wifi routers, printers, and security cameras.
According to Bain & Company’s prediction…
• The combined markets of IoT will grow to about $520 billion in 2021;
• More than double the $235 billion spent in 2017.
IoT devices are frequently sent in a vulnerable state and offer little to no security patching. This
poses unique security challenges for all users.
5 Essential elements of Cyber Security

Effective cyber security risk management must include the following five elements.
1. An Effective Framework – A framework must be adopted, adjusted, and fine-tuned to an
organization’s particular circumstances and the type of data being protected. Executives
need to establish proper governance that applies to all of the organization’s resources –
its people, processes, and technology. Choosing and implementing an appropriate
framework is an essential first step to building a cyber security risk management
program.
2. End-to-End Scope – A cyber security program must be comprehensive in order to be
successful – that is, address all data in the organization that needs to be protected. To be
effective, a cyber security program must keep all of the critical elements of the
organization that need to be protected in its scope.
3. Thorough Risk Assessment and Threat Modeling – Identifying the risks and the
likelihood of an array of threats and the damage they could do is a critical step to prioritize
cyber security threats. In prioritizing, the cyber security team should consider the
organization’s data from an outside perspective, in other words identify which data is
likely to be valuable from a hacker’s point of view. This perspective will help the team
develop an effective cyber security strategy to help prevent likely attacks.
4. Proactive Incident Response Planning – Acknowledging that any system’s security
might be breached eventually, many organizations have adopted incident response plans.
Taking a proactive approach to incident response planning means testing the plan,
identifying how to improve its effectiveness, making those improvements, and ensuring
that personnel are trained and prepared to react to a security breach and limit its damage.
5. Dedicated Cyber security Resources – The last, but not least, critical element is
personnel who are dedicated to managing the organization’s cyber security. In order to

establish an effective cyber security risk management program, it is essential that the
roles and responsibilities for the governance of the chosen framework be clearly defined.
8 components of a strong Cyber Security Defense System



Tools for Cyber Security

1. Password Managers: The need to keep private digital information protected is
highlighted by the prevalence of growing cyber attacks. Password managers are being
used to keep track of and generate secure passwords. The user has to only remember one
password, that of the password manager.
Password managers like Lastpass,Dashlane, Sticky Password and KeepassX can be used.
2. Virtual Private Network (VPN): A VPN connection establishes a secure connection

between you and the internet. Via the VPN, all your data traffic is routed through an
encrypted virtual tunnel. This disguises your IP address when you use the internet,
making its location invisible to everyone. You can still access all online services using the
VPN.
VPNs offer the best protection available when it comes to your online security. Therefore,
you should leave your VPN on at all times to protect from data leaks and
cyberattacks.
3. Blockchain Technology: Blockchain technology, a decentralized distributed ledger of
transactions, offers the next level of cyber security.
Common Types of Cyber Attacks

A cyberattack is when an individual or an organization deliberately and maliciously attempts to

breach the information system of another individual or organization. While there is usually an
economic goal, some recent attacks show destruction of data as a goal.
Malicious actors often look for ransom, or other kinds of economic gain, but attacks can be
perpetrated with an array of motives, including political activism purposes.
1. Malware
The term “malware” encompasses various types of attacks including spyware, viruses, and
worms. Malware uses a vulnerability to breach a network when a user clicks a “planted”
dangerous link or email attachment, which is used to install malicious software inside the system.
Malware and malicious files inside a computer system can:
Malware is so common that there is a large variety of modus operandi. The most common types
being:
• Deny access to the critical components of the network
• Obtain information by retrieving data from the hard drive
• Disrupt the system or even rendering it inoperable
Malware is so common that there is a large variety of modus operandi. The most common types
being:
• Viruses—these infect applications attaching themselves to the initialization sequence. The
virus replicates itself, infecting other code in the computer system. Viruses can also attach
themselves to executable code or associate themselves with a file by creating a virus file with the
same name but with an .exe extension, thus creating a decoy which carries the virus.
• Trojans—a program hiding inside a useful program with malicious purposes. Unlike viruses, a
trojan doesn’t replicate itself and it is commonly used to establish a backdoor to be exploited by
attackers.
• Worms—unlike viruses, they don’t attack the host, being self-contained programs that
propagate across networks and computers. Worms are often installed through email
attachments, sending a copy of themselves to every contact in the infected computer email list.
They are commonly used to overload an email server and achieve a denial-of-service attack.
• Ransomware—a type of malware that denies access to the victim data, threatening to publish
or delete it unless a ransom is paid. Advanced ransomware uses cryptoviral extortion, encrypting
the victim’s data so that it is impossible to decrypt without the decryption key.
• Spyware—a type of program installed to collect information about users, their systems or
browsing habits, sending the data to a remote user. The attacker can then use the information for
blackmailing purposes or download and install other malicious programs from the web.
2. Phishing

Phishing attacks are extremely common and involve sending mass amounts of fraudulent emails
to unsuspecting users, disguised as coming from a reliable source. The fraudulent emails often
have the appearance of being legit, but link the recipient to a malicious file or script designed to
grant attackers access to your device to control it or gather recon, install malicious scripts/files,
or to extract data such as user information, financial info, and more.
Phishing attacks can also take place via social networks and other online communities, via direct
messages from other users with a hidden intent. Phishers often leverage social engineering and
other public information sources to collect info about your work, interests, and activities—giving
attackers an edge in convincing you they’re not who they say.
There are several different types of phishing attacks, including:
• Spear Phishing—targeted attacks directed at specific companies and/or individuals.
• Whaling—attacks targeting senior executives and stakeholders within an organization.
• Pharming—leverages DNS cache poisoning to capture user credentials through a fake
login landing page.
Phishing attacks can also take place via phone call (voice phishing) and via text message (SMS
phishing).
3. Man-in-the-Middle (MitM) Attacks
Occurs when an attacker intercepts a two-party transaction, inserting themselves in the middle.
From there, cyber attackers can steal and manipulate data by interrupting traffic.
This type of attack usually exploits security vulnerabilities in a network, such as an unsecured
public WiFi, to insert themselves between a visitor’s device and the network. The problem with
this kind of attack is that it is very difficult to detect, as the victim thinks the information is going
to a legitimate destination. Phishing or malware attacks are often leveraged to carry out a MitM
attack.
4. Denial-of-Service (DOS) Attack
DOS attacks work by flooding systems, servers, and/or networks with traffic to overload
resources and bandwidth. This result is rendering the system unable to process and fulfill
legitimate requests. In addition to denial-of-service (DoS) attacks, there are also distributed
denial-of-service (DDoS) attacks.
DoS attacks saturate a system’s resources with the goal of impeding response to service requests.
On the other hand, a DDoS attack is launched from several infected host machines with the goal
of achieving service denial and taking a system offline, thus paving the way for another attack to
enter the network/environment.
The most common types of DoS and DDoS attacks are the TCP SYN flood attack, teardrop attack,
smurf attack, ping-of-death attack, and botnets.
5. SQL Injections

This occurs when an attacker inserts malicious code into a server using server query language
(SQL) forcing the server to deliver protected information. This type of attack usually involves
submitting malicious code into an unprotected website comment or search box. Secure coding
practices such as using prepared statements with parameterized queries is an effective way to
prevent SQL injections.
When a SQL command uses a parameter instead of inserting the values directly, it can allow the
backend to run malicious queries. Moreover, the SQL interpreter uses the parameter only as data,
without executing it as a code. REFER: Secure Coding: A Practical Guide | Mend
6. Zero-day Exploit
A Zero-day Exploit refers to exploiting a network vulnerability when it is new and recently
announced — before a patch is released and/or implemented. Zero-day attackers jump at the
disclosed vulnerability in the small window of time where no solution/preventative measures
exist. Thus, preventing zero-day attacks requires constant monitoring, proactive detection, and
agile threat management practices.
7. Password Attack
Passwords are the most widespread method of authenticating access to a secure information
system, making them an attractive target for cyber attackers. By accessing a person’s password,
an attacker can gain entry to confidential or critical data and systems, including the ability to
manipulate and control said data/systems.
Password attackers use a myriad of methods to identify an individual password, including using
social engineering, gaining access to a password database, testing the network connection to
obtain unencrypted passwords, or simply by guessing.
The last method mentioned is executed in a systematic manner known as a “brute-force attack.”
A brute-force attack employs a program to try all the possible variants and combinations of
information to guess the password.
Another common method is the dictionary attack, when the attacker uses a list of common
passwords to attempt to gain access to a user’s computer and network. Account lockout best
practices and two- factor authentication are very useful at preventing a password attack. Account
lockout features can freeze the account out after a number of invalid password attempts and two-
factor authentication adds an additional layer of security, requiring the user logging in to enter a
secondary code only available on their 2FA device(s).
8. Cross-site Scripting
A cross-site scripting attack sends malicious scripts into content from reliable websites. The
malicious code joins the dynamic content that is sent to the victim’s browser. Usually, this
malicious code consists of Javascript code executed by the victim’s browser, but can include Flash,
HTML and XSS.

9. Rootkits
Rootkits are installed inside legitimate software, where they can gain remote control and
administration-level access over a system. The attacker then uses the rootkit to steal passwords,
keys, credentials, and retrieve critical data.
Since rootkits hide in legitimate software, once you allow the program to make changes in your
OS, the rootkit installs itself in the system (host, computer, server, etc.) and remains dormant until
the attacker activates it or it’s triggered through a persistence mechanism. Rootkits are
commonly spread through email attachments and downloads from insecure websites.
10. Internet of Things (IoT) Attacks
While internet connectivity across almost every imaginable device creates convenience and ease
for individuals, it also presents a growing—almost unlimited—number of access points for
attackers to exploit and wreak havoc. The interconnectedness of things makes it possible for
attackers to breach an entry point and use it as a gate to exploit other devices in the network.
IoT attacks are becoming more popular due to the rapid growth of IoT devices and (in general)
low priority given to embedded security in these devices and their operating systems. In one IoT
attack case, a Vegas casino was attacked and the hacker gained entry via an internet-connected
thermometer inside one of the casino’s fishtanks.
Best practices to help prevent an IoT attack include updating the OS and keeping a strong password
for every IoT device on your network, and changing passwords often.
Tips to avoid Cyber Attacks:

1. Train employees in cyber security principles
2. Install, use and regularly update antivirus and anti-spyware software on every computer
3. Use a firewall for Internet connection
4. Download and install software for operating systems and applications as they become available
5. Make backup copies of important business data and information
6. Control physical access to your computers and network components
7. Secure the Wi-Fi network
8. Require individual user accounts for each employee
9. Limit employee access to data and information, and limit authority to install software
10. Regularly change passwords
Preventing Cyber Attacks on your Company:

1. Identify the Threats
Basic threats like unauthorized access to your computer should be tackled immediately before
you suffer any loss of information. Most companies contain very sensitive information which, if

leaked, could be ruinous for the company. Hackers are always looking for opportunities to invade
privacy and steal data that’s of crucial importance. Identify and deal with potential threats to your
business before they cause harm.
2. Beware of Cybercrimes
Always be wary of cybercriminals, work like you expect an attack. This will allow you to ensure
that your corporation is covered at all times with the necessary strategies and plans. Always keep
records of which information is attractive for criminals and which is not. In addition to this,
develop multiple strategies with proper risk assessments on a regular basis to ensure effective
solutions should the need arise.
3. Keep an Eye on Employees
Employees are one of the key elements of the company because they have insights of the business
and are privy to the operations. Keep employees motivated and discourage them from leaking out
crucial information, try to make them more loyal to the company. In addition to this, keep a
backup of all the messages that are exchanged between employees. Check on how they use
passwords and keep these passwords safe from unauthorized personnel. You can use a Password
Manager for generating and managing the passwords of your company.
4. Use Two-Factor Authentication
You can minimize the risk of getting hacked by using a two-factor authentication for your
company. Encourage all employees to use two-factor authentication as it increases security by
adding an additional step for accessing accounts. In this particular system, you have to enter a
password plus you have to enter a code which is sent to your smartphone, something that only
you have access to. This double authentication allows you to protect your data and discourages
hackers from attacking.
5. Conduct Audits on a Regular Basis
When your company starts to grow, you eventually reach a point where you cannot compromise
the security of your data and have to minimize the risk of getting hacked. For this specific purpose,
you can have an audit performed by cyber security consultants who are experts at protecting your
data. In addition to this, you can hire a full-time security officer who will be responsible for
handling all security- related problems and ensure the safety of your business.
6. Ensure a Strong Sign-Off Policy
In order to keep your company safe and secure from online threats, you need to develop and
implement a strong sign-off policy for all employees. This sign-off policy should ensure that the
employees return laptops and mobile devices before they leave the premises. In addition to this,
the email address that you use must be encrypted so information doesn’t leak and data remains
confidential.
7. Protect the Important Data

Always protect the most sensitive information of your company. Data which is vulnerable and can
be targeted by hackers should be protected first. Keep a check on how this crucial data storage is
being accessed by staff and make sure that it cannot be accessed by anyone without authorization.
Double check the procedures that you use to lock the data to ensure that it is safe and out of reach
from intruders.
8. Carry Out Risk Assessments
Conduct cyber security risk assessments on a regular basis in order to mitigate the risks. There
should be a separate department in your company that is dedicated to minimizing the risk of data
loss. Risk Management is one of the key factors that contribute towards the growth of your
company as it keeps the business safe from getting exposed to competitors who are always
looking for insights. You can also hire a professional like a Cybercrime Consultant or Risk
Mitigation Specialist, these are experts at protecting your company against threats and are known
for producing positive results for your
business.
9. Insure Your Company Against Cybercrime
There are many companies that offer insurance policies against cybercrimes and attackers. This
can prove to be a good investment for your company as it covers all the risks and threats that
arise because of hackers and viruses. Moreover, by covering your company for cybercrime, you
will also have an idea about the damages that you can suffer and have an estimate of the level of
the risk that your company is involved in.
10. Have In-Depth Knowledge About Risk Factors
Get knowledge about the risks involved in your business, the better security measures you will
be able to take for your company. Plan systematic audits for your company in order to keep your
company clean from all sorts of viruses and build a detailed overview of the rules and regulations
that all employees have to follow to ensure the safety of the business. After compiling the results
of the audits, develop and implement security strategies accordingly in order to reduce the risks
that you have identified

UNIT 1 – CYBERCRIME & LAWS

Types of Cybercrimes
Most cybercrime falls under two main categories:
• Criminal activity that targets computers.
• Criminal activity that uses computers.
Cybercrime that targets computers often involves malware (Viruses, Trojans, Worms,
Ransomware, Spyware) like viruses.
List of Cybercrimes: Examples

Cybercrimes include monetary crimes as well as non-monetary offences. The crimes
result in damage to persons, computers, or governments.
1. Child Pornography OR Child sexually abusive material (CSAM)
2. Cyber Bullying
3. Cyber Stalking
4. Cyber Grooming
5. Online Job Fraud
6. Online Sextortion
7. Phishing
8. Vishing
9. Smishing
10. Sexting
11. SIM Swap Scam
12. Credit Card Fraud or Debit Card Fraud
13. Impersonation and identity theft
14. Spamming
15. Ransomware
16. Viruses, Worms, and Trojans
17. Data Breach
18. Denial of Services (DoS) attack
19. Website Defacement
20. Cyber-Squatting
21. Pharming
22. Cryptojacking

23. Online Drug Trafficking

24. Espionage
Child Pornography or Child Sexually Abusive Material (CSAM): Illegal and explicit
images or videos involving minors, exploiting their sexual content.
Cyber Bullying: Harassment, threats, or intimidation of individuals through digital
means, often causing emotional distress.
Cyber Stalking: Persistent online harassment and monitoring of an individual,
causing fear and invasion of privacy.
Cyber Grooming: Online manipulation and persuasion by adults to exploit or
sexually abuse minors.
Online Job Fraud: Deceptive online schemes offering fake job opportunities to scam
money from job seekers.
Online Sextortion: Extortion involving threatening to release explicit photos or
information unless the victim complies with demands.
Phishing: Deceptive online tactics to trick individuals into revealing personal
information, such as passwords or credit card details or Phishing attacks are
extremely common and involve sending mass amounts of fraudulent emails to
unsuspecting users, disguised as coming from a reliable source.
There are several different types of phishing attacks, including:
• Spear Phishing—targeted attacks directed at specific companies and/or individuals.
• Whaling—attacks targeting senior executives and stakeholders within an
organization.
• Pharming—leverages DNS cache poisoning to capture user credentials through a
fake login landing page.
Vishing: Voice-based phishing, where scammers use phone calls to deceive victims
into divulging sensitive information.
Smishing: Phishing conducted via SMS or text messages, aiming to trick recipients
into revealing personal information.
Sexting: Sending explicit texts, images, or videos of a sexual nature via electronic
communication.
SIM Swap Scam: Unauthorized transfer of a victim's phone number to a different SIM
card for fraudulent activities.

Credit Card Fraud or Debit Card Fraud: Illegitimate use of credit or debit card
information to make unauthorized transactions.
Impersonation and Identity Theft: Assuming another person's identity for
fraudulent purposes, often involving financial fraud.
Spamming: Sending unsolicited and often irrelevant messages or content in bulk
through various online channels.
Ransomware: Malicious software that encrypts data and demands a ransom for its
release.
Viruses, Worms, and Trojans: Malicious software designed to harm or compromise
computer systems, each with distinct methods.
Data Breach: Unauthorized access, exposure, or theft of sensitive or confidential data
from a secure system or database.
Denial of Service (DoS) Attack: Deliberate disruption of online services by
overwhelming them with excessive traffic or requests.
Website Defacement: Unauthorized alteration of a website's content, often to
convey a message or cause damage.
Cyber-Squatting: Registering domain names similar to established brands with the
intent to profit or deceive.
Pharming: Redirecting website traffic to fraudulent sites to steal personal
information, often through DNS manipulation.
Cryptojacking: Illegally using a victim's computer or device to mine cryptocurrency
without their consent.
Online Drug Trafficking: Illicit sale and distribution of drugs through online
platforms and the dark web.
Espionage: Covert activities involving the theft of sensitive information or state
secrets, often conducted by governments or hackers.
What is the process for submitting an online complaint for a
cybercrime in India?
To report a cybercrime in India online, you can submit a complaint through the
National Crime Reporting Portal of India, accessible at National Cyber Security Report
Portal
National Cyber Security Report Portal
The Cyber Crime Helpline Number is 155260

This portal caters for all types of cybercrime complaints including complaints
pertaining to
• Online Child Pornography (CP)
• Child Sexual Abuse Material (CSAM)
• Sexually explicit content such as Rape/Gang Rape (CP/RGR) content
• Other cybercrimes such as mobile crimes, online and social media crimes,
online financial frauds, ransomware, hacking, cryptocurrency crimes and
online cyber trafficking.
The portal also provides an option of reporting an anonymous complaint about
reporting online Child Pornography (CP) or sexually explicit content such as
Rape/Gang Rape (RGR) content.
Indian Computer Emergency Response Team (CERT-IN or ICERT)
The Indian Computer Emergency Response Team (CERT-IN or ICERT) is an office within
the Ministry of Electronics and Information Technology of the Government of India.
CERT-In is the national nodal agency for responding to computer security incidents as
and when they occur. CERT-In is operational since January 2004.
CERT-In has been designated to serve as the national agency to perform the
following functions in the area of cyber security:
• Collection, analysis and dissemination of information on cyber incidents.
• Forecast and alerts of cyber security incidents.
• Emergency measures for handling cyber security incidents.
• Coordination of cyber incident response activities.
• Issue guidelines, advisories, vulnerability notes and whitepapers relating to
information security practices, procedures, prevention, response and reporting
of cyber incidents.
• Such other functions relating to cyber security may be prescribed.
CERT-IN has overlapping responsibilities with other agencies such as National Critical
Information Infrastructure Protection Centre (NCIIPC).
Cyber Laws in India
Information Technology Act 2000 (IT Act 2000) is the main law connected with cyber
security in India.
Indian Penal Code, 1860 is also used to book criminals connected with cybercrimes

The Information Technology Act 2000, also known as the IT Act 2000, is an Indian
legislation that was enacted to provide legal recognition and regulation for electronic
transactions and digital information. Here are its key provisions:
1. Legal Recognition: The IT Act 2000 grants legal recognition to electronic records
and digital signatures, making electronic documents and transactions legally
enforceable.
2. Digital Signatures: It establishes the framework for the use of digital signatures,
enabling secure and authentic electronic communications and transactions.
3. Cybercrimes: The act addresses various forms of cybercrimes, such as hacking,
data theft, and computer-related offenses, with defined penalties and legal
procedures.
4. Data Protection: The act contains provisions for safeguarding the privacy and
security of electronic data and information. It also specifies requirements for data
protection and security practices.
5. Offenses and Penalties: It outlines various offenses related to electronic
communication, data breaches, and unauthorized access to computer systems,
along with corresponding penalties.
6. Adjudication: The act sets up specialized bodies and authorities to handle issues
related to electronic transactions, disputes, and cybercrimes.
7. Digital Evidence: The IT Act 2000 recognizes digital evidence in legal
proceedings and specifies procedures for its admissibility in court.
8. Cyber Appellate Tribunal: It establishes a Cyber Appellate Tribunal to hear
appeals against orders issued by the adjudicating officers under the act.
9. Electronic Governance: The act encourages the use of electronic means for
government communication and public services to promote efficiency and
transparency.
10. Regulating Certifying Authorities: It regulates entities that issue digital
certificates and digital signatures to ensure their trustworthiness and security.
Overall, the IT Act 2000 is a comprehensive legal framework that addresses electronic
commerce, data security, and cybercrimes in India, providing a foundation for the
country's digital transformation and online legal framework. Please note that since my
knowledge cutoff date is January 2022, there may have been amendments or updates to
the IT Act beyond that date.

Information Technology (Intermediary Guidelines and Digital Media

Ethics Code) Rules,2021
The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021,
commonly known as the IT Rules 2021, are a set of regulations introduced by the Indian
government to govern the behavior of online intermediaries and digital media platforms operating
in India. These rules aim to address issues related to online content, user privacy, and the
responsibilities of online platforms.
Here are the key components of the IT Rules 2021:
1. Definition of Intermediaries: The rules define "intermediaries" to include social media
platforms, messaging services, search engines, and other online service providers that host
and publish user-generated content.
2. Appointment of Grievance Officer: Online intermediaries are required to appoint a
Grievance Officer who must be a resident of India. This officer is responsible for addressing
user complaints and government requests.
3. Content Removal and Blocking: Intermediaries are obligated to remove or disable access
to certain types of content, such as content that threatens the sovereignty and integrity of
India, public order, or decency and morality.
4. User Privacy: The rules place an emphasis on the protection of user privacy, requiring
intermediaries to establish privacy policies and disclose how user data is collected, stored,
and used.
5. Traceability of Messages: Messaging services with more than 5 million users must enable
traceability of the originator of a message to curb the spread of fake news and unlawful
content.
6. Self-Regulation Mechanism: Digital news publishers and OTT (Over-The-Top) platforms
are required to establish a self-regulation mechanism and adhere to a Code of Ethics, which
includes provisions related to content classification, age-appropriate content, and more.
7. Compliance and Reporting: Online platforms are required to provide compliance reports
to the government, including details of complaints received and actions taken.
8. Takedown Timelines: Intermediaries must respond to government or court orders to
remove content within specific timeframes.
9. Blocking of Apps: The rules grant the government the authority to block mobile apps and
services if they are deemed to be involved in activities that may threaten national security.
10. Intermediary Liability: Online intermediaries may lose their safe harbor protections if
they do not comply with these rules.
The Personal Data Protection Bill, 2019

The Personal Data Protection Bill, 2019 was introduced in the Lok Sabha (lower house of
the Indian Parliament) in December 2019. The main objective of this bill is to provide for
the protection of personal data of individuals and to establish a Data Protection Authority
for the same.
Some of the key objectives of the Personal Data Protection Bill, 2019 are:
1. To ensure that personal data of individuals is processed in a fair and transparent
manner.
2. To provide individuals with control over their personal data.
3. To establish a regulatory framework for the processing of personal data.

4. To ensure that personal data is processed only for legitimate purposes and with
the consent of the individual.
5. To provide for the right to be forgotten, which allows individuals to restrict or
prevent continuing disclosure of their personal data.
6. To establish a Data Protection Authority to oversee and enforce the provisions of
the bill.
Overall, the Personal Data Protection Bill, 2019 aims to protect the privacy and autonomy
of individuals with respect to their personal data in India.
Flaws of the IT Act 2000
The Information Technology Act 2000 (IT Act 2000) of India, while serving as an
important legal framework for the digital age, has faced criticism and exhibited some
flaws, including:
1. Lack of Comprehensive Amendments: The IT Act 2000 has not kept pace with
the rapid evolution of technology and the internet. It hasn't been comprehensively
updated to address emerging cyber threats and challenges, which has led to gaps
in cybersecurity and legal enforcement.
2. Ambiguity in Certain Provisions: Some provisions in the act are criticized for
being vague and open to interpretation, potentially leading to legal uncertainty in
cybercrime cases.
3. Limited Data Protection: The act lacks comprehensive data protection
provisions, which has become a significant concern in the age of widespread data
breaches and privacy violations. India has introduced separate data protection
laws to address this issue, but there is still debate over how these laws interact
with the IT Act.
4. Limited Accountability of Intermediaries: The act places certain
responsibilities on internet intermediaries, but there has been ongoing debate
over the extent of their liability and the potential for overreach in regulating online
content and services.
5. Limited Focus on Cybersecurity: While the act addresses cybercrimes and legal
recognition of electronic records, it does not provide a comprehensive framework
for promoting cybersecurity measures or incident response.

6. Outdated Definitions: The definitions and terminology used in the act may not
align with the current state of technology and digital practices, leading to
challenges in enforcement.
7. Slow Legal Processes: The legal processes under the IT Act can be time-
consuming and may not keep up with the fast-paced nature of cybercrimes. Delays
in prosecution can hinder the effectiveness of the law.
8. Enforcement Challenges: Cybercrimes often transcend international borders,
making enforcement and extradition difficult. The act doesn't provide a clear
mechanism for handling these challenges.
9. Digital Evidence Handling: There may be challenges in handling and presenting
digital evidence in court due to the lack of clear procedures and standards under
the act.
10. Limited Public Awareness: Many people in India may not be fully aware of their
rights and responsibilities under the IT Act, which can lead to issues related to
cybercrimes and digital privacy.
It's worth noting that there have been subsequent amendments and the introduction of
new laws and regulations to address some of these flaws and modernize India's legal
framework for the digital era. The Information Technology (Amendment) Act 2008 and
the Personal Data Protection Bill are examples of legislative efforts to address some of
these concerns.
Steps to Prepare a checklist for reporting cybercrime at cybercrime
police Station
1. Identification and Contact Information:
• Provide your full name, contact details, and a valid email address.
• Have a government-issued ID ready.
2. Description of the Incident:
• Document the date, time, and location of the cybercrime.
• Provide a detailed account of what happened, including any relevant online
interactions or transactions.
3. Type of Cybercrime:
• Identify the specific type of cybercrime, such as hacking, online fraud,
cyberbullying, etc.

4. Evidence:
• Collect any evidence related to the cybercrime, including screenshots, emails, chat
logs, or any other relevant digital data.
5. Financial Details (if applicable):
• If the cybercrime involves financial loss, provide information on the financial
transactions, account details, and any suspicious payments.
6. Witness Information (if applicable):
• If there were witnesses to the incident, provide their contact information and
statements.
7. Device Information:
• List the devices involved (e.g., computers, smartphones) and their relevant details
(e.g., IP addresses, device names).
8. Online Platforms and Websites:
• Mention the websites, social media platforms, or online services involved,
including any user profiles, handles, or links.
9. Actions Taken:
• Describe any actions you have taken in response to the cybercrime, such as
reporting the incident to online platforms or financial institutions.
10. Request for Action:
• Specify the outcome you expect or any specific actions you want the police to take.
11. Previous Complaints:
• If you have previously reported the incident elsewhere, provide details of those
complaints.
Checklist for Reporting Cybercrime Online:
1. Visit the Official Portal: Go to the official website or portal designated for
reporting cybercrimes in your region.
2. Create an Account: If required, create an account on the portal using your contact
information.
3. File a Complaint: Follow the instructions to file a cybercrime complaint. Provide
a detailed description of the incident, including all relevant information.
4. Upload Evidence: Use the portal's interface to upload any evidence you have
collected, such as screenshots, emails, or chat logs.

5. Specify the Type of Cybercrime: Choose the appropriate category or type of

cybercrime from the options provided on the portal.
6. Provide Contact Information: Ensure that your contact information is accurate,
as this will be used for communication regarding the case.
7. Acknowledge Terms and Conditions: Read and acknowledge any terms and
conditions related to the complaint submission process.
8. Review and Submit: Review your complaint for accuracy and completeness, then
submit it through the online portal.
9. Receive Confirmation: After submission, you should receive a confirmation or
reference number for your complaint. Keep this for future reference.
10. Follow Up: Follow up with the relevant authorities if you do not receive a
response within a reasonable time frame.
Remember to stay vigilant about the security of your personal information and ensure
that you are using an official and secure portal or website for reporting cybercrimes.
Phishing E-mails
Identifying phishing emails

Identifying phishing emails is crucial to protect yourself from online scams and fraud.
Here are some key indicators to help you recognize phishing emails:

1. Check the Sender's Email Address: Verify the sender's email address. Be
cautious if it looks suspicious, misspelled, or doesn't match the organization it
claims to be from.
2. Inspect the Greeting: Legitimate organizations often use your name in their
emails. Be cautious if the email uses generic greetings like "Dear Customer" or
"Hello User."
3. Look for Spelling and Grammar Mistakes: Phishing emails often contain
spelling and grammatical errors. Be on the lookout for these indicators.
4. Check for Urgent or Threatening Language: Phishing emails may use fear
tactics, urgency, or threats to pressure you into taking immediate action.
5. Examine the URL: Hover your mouse over any links without clicking to see the
actual URL. Ensure it matches the legitimate website domain.
6. Beware of Unusual Requests: Be suspicious of emails requesting personal
information, financial details, or passwords. Legitimate organizations usually
don't request sensitive data via email.
7. Check for Unusual Attachments: Avoid opening email attachments from
unknown sources. Malicious attachments can contain malware.
8. Verify the Logo and Branding: Phishers often use fake logos and branding to
mimic legitimate organizations. Compare them to the real brand for discrepancies.
9. Inspect the Email Signature: Genuine emails typically include contact details and
a professional signature. Lack of this information can be a red flag.
10. Don't Trust Unsolicited Emails: Be cautious of emails you didn't expect or
subscribe to, especially those promising prizes, winnings, or unsolicited job offers.
11. Watch for Mismatched Email Content: Inconsistent content or unusual
formatting within the email can be a sign of phishing.
12. Check the Security Certificate: For websites, ensure the URL begins with "https"
and look for a padlock icon in the address bar, indicating a secure connection.
13. Use Email Filtering and Security Software: Enable email filtering and use
reliable antivirus and anti-phishing software to automatically detect and block
phishing attempts.
14. Trust Your Intuition: If something feels off or too good to be true, it's best to be
cautious and verify the email's authenticity.

15. Contact the Organization Directly: If you're unsure about an email's legitimacy,
independently verify the information by contacting the organization using official
contact details from their website or other trusted sources.
Analyze cybercrime cases and identify section applicable
(as per IT Act - 2000)
Cyber Law Cases in India
1. Shreya Singhal v. UOI:
• Challenge to the constitutionality of Section 66A of the IT Act, which criminalized
offensive online comments.
• The Supreme Court emphasized freedom of speech, distinguishing between
discussion and incitement. Section 66A was found capable of restricting all
communication, violating free speech.
2. Shamsher Singh Verma v. State of Haryana:
• Recognized Compact Discs as documents.
• No need for personal admission or denial of documents; they can be proven
without it.
3. Syed Asifuddin and Ors. v. State of Andhra Pradesh and Anr.:
• Hacking ESNs of mobile handsets.
• Court found that mobile handsets fall under the definition of "computer" in the IT
Act, and altering ESN is an offense under Section 65.
Note: In the case "Syed Asifuddin and Ors. v. State of Andhra Pradesh and Anr.," the
term "ESN" stands for "Electronic Serial Number." Electronic Serial Number is a
unique identifier associated with a mobile device, particularly in the context of older
analog and early digital cellular networks. It is used to track and identify individual
mobile devices on a network. The ESN is distinct from the International Mobile
Equipment Identity (IMEI) number, which is used in modern mobile devices to serve
a similar purpose.
4. Shankar v. State Rep:
• Unauthorized access to a protected system.
• Court ruled that the charge sheet couldn't be quashed regarding non-granting of
prosecution sanction under Section 72 of the IT Act.
5. Christian Louboutin SAS v. Nakul Bajaj & Ors.:

• Trademark violation by an e-commerce portal.

• Court found the e-commerce platform was more than an intermediary, exempting
it from Section 79 protections.
6. Avnish Bajaj v. State (NCT) of Delhi:
• CEO of Bazee.com arrested for cyber pornography.
• Court ruled that Bazee.com wasn't involved in broadcasting porn, but its platform
could earn from sales and advertisements.
7. State of Tamil Nadu v. Suhas Katti:
• Conviction in a cyber harassment case in 7 months.
• Accused convicted under Sections 67 of the IT Act and Indian Penal Code sections.
8. CBI v. Arif Azim (Sony Sambandh case):
• Unauthorized funds transfer from Citibank accounts.
• Court found the accused guilty of offenses under the IT Act and IPC.
9. SMC Pneumatics (India) Pvt. Ltd. vs. Jogesh Kwatra:
• Defamatory emails sent by an employee.
• Plaintiff's request for perpetual injunction denied due to lack of certified evidence.
10. Pune Citibank Mphasis Call Center Fraud
• Summary: In 2005, $350,000 was fraudulently taken from the Citibank accounts
of four U.S. customers through the internet and transferred to fake accounts. The
fraudsters gained customers' trust and acquired their PINs by posing as helpful
advisors during difficult situations. Instead of breaking encryption or firewalls,
they exploited weaknesses in the MphasiS system.
• Court Decision: The accused were former employees of the MphasiS call center.
These employees were observed upon entry and exit, indicating that they likely
memorized customer account details. They used the SWIFT (Society for
Worldwide Interbank Financial Telecommunication) service for transferring
funds, involving unauthorized access to customer electronic accounts. This falls
under "cybercrimes." The court applied Section 43(a) of the IT Act, 2000 due to
unauthorized access. The accused were also charged under Section 66 of the IT
Act, 2000, and Sections 420 (cheating), 465, 467, and 471 of the Indian Penal Code,
1860.

Conclusion
The Cyber Law regime in India is governed by the IT Act and related rules. However, it
may not cover all evolving cybercrimes. With India's "Digital India" movement,
cybercrimes continue to evolve, and the existing legal framework may need to adapt to
address new challenges effectively.
DATA PROTECTION LAWS IN INDIA

The Parliament has approved the Digital Personal Data Protection Bill in 2023. How does
it differ from the earlier version? Where has it improved, and where may it still need
enhancements?
Digital personal data protection involves safeguarding people's personal information in
the digital world.
As technology and internet use continue to grow, individuals share a lot of personal data
online, including financial details and private messages.
Keeping this data safe from unauthorized access, breaches, and misuse is a significant
concern in today's digital age.
Understanding Digital Personal Data Protection:
In today's era, as people increasingly share personal information online, safeguarding this data
from unauthorized access, breaches, and misuse has become paramount.
Key Aspects of Personal Data Protection:
Around the world, countries have implemented data privacy laws governing the collection,
processing, storage, and sharing of personal data. These laws grant individuals control over their
data and impose responsibilities on organizations.
These responsibilities include obtaining informed consent before collecting personal data,
implementing robust security measures, offering clear information on data practices, and
respecting individuals' rights to access, correct, or delete their data.
The Digital Personal Data Protection Bill of 2023:
The journey towards a comprehensive data protection law in India commenced in 2017 with the
establishment of an expert committee. While the Data Protection Bill of 2021 marked a significant
milestone, it was retracted in 2022. The 2023 Bill addresses the handling of digital personal data
in India and introduces several notable provisions.
Highlights of the 2023 Bill:
1. This Bill applies to personal data collected online or digitized within India.
2. It mandates that data processing must align with lawful purposes and individual consent.

3. Data fiduciaries are bound to maintain data accuracy and security and delete data once
its purpose is fulfilled.
4. The Bill bestows specific rights upon individuals, including the right to access information
and seek grievance redressal.
5. Certain exemptions are granted to government agencies for reasons such as national
security.
Challenges with the 2023 Bill:
The provision for exemptions related to national security raises concerns of potential excessive
data processing.
The Bill lacks provisions regarding data portability and the right to be forgotten.
It permits the transfer of personal data abroad without stringent evaluation.
The short-term appointments of members to the Data Protection Board may impact the board's
independence.
The Need for Digital Data Protection in India:
India's data protection regulations must catch up with technological advancements and align with
global trends. The current legal framework is inconsistent, and new regulations are necessary to
address emerging challenges like spam, online transactions, and more.
Landmark Cases in Data Protection:
Several legal cases have played a pivotal role in emphasizing the significance of privacy and the
right to information in India.
1. State of Tamil Nadu v. Suhas Katti (2004): This case holds importance as it encouraged
citizens nationwide to report incidents of online abuse.
2. Amar Singh v. Union of India (2011): In this case, which considered Sections 69, 69A,
and 69B of the IT Act, 2000, the court ruled that service providers must validate the
legitimacy of government orders for phone tapping, particularly when such orders
contain significant errors. To prevent unlawful call interception, the court mandated the
central government to establish specific directives and rules.
3. Shreya Singhal v. Union of India (2015): This landmark case saw the Supreme Court of
India declare Section 66A unconstitutional. The section aimed to protect against
annoyance, inconvenience, danger, obstruction, insult, injury, and criminal intimidation
but was found to exceed reasonable restrictions under Article 19(2) of the Indian
Constitution.
4. Justice K.S. Puttaswamy (Retd) v. Union of India (2017): This case affirmed the right
to privacy as a constitutionally protected right in India.
5. Praveen Arimbrathodiyil v. Union of India (2021): In this case, various companies,
including WhatsApp, Quint, LiveLaw, and the Foundation for Independent Journalists,

contested regulations introduced in 2021. The judgment's outcomes are anticipated to

shape the future of Indian information technology law, and the petition is currently
pending before the Supreme Court for listing.
Looking Ahead:
Despite India's participation in international bodies and its commitment to data protection, the
country lacks a comprehensive data protection law. Such legislation is vital for the welfare of the
people and to ensure global peace and security. Digital personal data protection is a shared
responsibility among individuals, organizations, and governments, aiming to strike a balance
between data utilization and privacy while fostering trust in the digital landscape.
References:
1. https://en.wikipedia.org/wiki/National_Critical_Information_Infrastructure_Protection_Centre
2. https://www.cert-in.org.in/
3. https://cybercrime.gov.in/
4. https://www.g2.com/articles/cyber-threats
5. https://www.clearias.com/digital-personal-data-protection/
6. https://futureskillsprime.in/
7. Ministry of Electronics and Information Technology (MeitY): https://www.meity.gov.in/
8. National Critical Information Infrastructure Protection Centre (NCIIPC): https://nciipc.gov.in/
9. Computer Emergency Response Team - India (CERT-In): https://www.cert-in.org.in/
10. Ministry of Home Affairs - Cyber Crime Division: http://mha.gov.in/
11. National Cyber Security Coordinator: http://www.nsa.gov.in/
12. United Nations Office at Geneva (UNOG) - Cybersecurity: https://www.unog.ch/
13. United Nations Office for Disarmament Affairs (UNODA) - Cybersecurity: https://www.un.org/disarmament/
14. United Nations Institute for Disarmament Research (UNIDIR) - Cybersecurity: https://unidir.org/
15. United Nations Security Council (UNSC) - Resolutions on Cybersecurity: https://www.un.org/securitycouncil/
16. United Nations Commission on International Trade Law (UNCITRAL) - Electronic Commerce: https://uncitral.un.org/
17. Cybersecurity and Infrastructure Security Agency (CISA): https://www.cisa.gov/
18. National Institute of Standards and Technology (NIST) - Cybersecurity: https://www.nist.gov/
19. Federal Bureau of Investigation (FBI) - Cybercrime: https://www.fbi.gov/investigate/cyber
20. Department of Homeland Security (DHS) - Cybersecurity: https://www.dhs.gov/
21. National Security Agency (NSA) - Cybersecurity: https://www.nsa.gov/


Cyber Law Cyber Crime & IPR Notes

Uploaded by

Copyright:

Available Formats

You might also like

Cyber Law Cyber Crime & IPR Notes

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cyber Law Cyber Crime & IPR Notes

Uploaded by

Copyright:

Available Formats

CYBER CRIMES, CYBER

LAWS & INTELLECTUAL

PROF. MANOJ KUMAR N | SIMS

PROF. MANOJ KUMAR N | SIMS

5 types of Cyber Security

PROF. MANOJ KUMAR N | SIMS

PROF. MANOJ KUMAR N | SIMS

5 Internet of things (IoT) security

5 Essential elements of Cyber Security

PROF. MANOJ KUMAR N | SIMS

8 components of a strong Cyber Security Defense System

PROF. MANOJ KUMAR N | SIMS

PROF. MANOJ KUMAR N | SIMS

PROF. MANOJ KUMAR N | SIMS

Tools for Cyber Security

2. Virtual Private Network (VPN): A VPN connection establishes a secure connection

Common Types of Cyber Attacks

PROF. MANOJ KUMAR N | SIMS

A cyberattack is when an individual or an organization deliberately and maliciously attempts to

PROF. MANOJ KUMAR N | SIMS

PROF. MANOJ KUMAR N | SIMS

PROF. MANOJ KUMAR N | SIMS

Tips to avoid Cyber Attacks:

Preventing Cyber Attacks on your Company:

PROF. MANOJ KUMAR N | SIMS

PROF. MANOJ KUMAR N | SIMS

PROF. MANOJ KUMAR N | SIMS

UNIT 1 – CYBERCRIME & LAWS

List of Cybercrimes: Examples

PROF. MANOJ KUMAR N | SIMS

23. Online Drug Trafficking

PROF. MANOJ KUMAR N | SIMS

PROF. MANOJ KUMAR N | SIMS

PROF. MANOJ KUMAR N | SIMS

PROF. MANOJ KUMAR N | SIMS

Information Technology (Intermediary Guidelines and Digital Media

The Personal Data Protection Bill, 2019

PROF. MANOJ KUMAR N | SIMS

PROF. MANOJ KUMAR N | SIMS

PROF. MANOJ KUMAR N | SIMS

PROF. MANOJ KUMAR N | SIMS

5. Specify the Type of Cybercrime: Choose the appropriate category or type of

Identifying phishing emails

PROF. MANOJ KUMAR N | SIMS

PROF. MANOJ KUMAR N | SIMS

PROF. MANOJ KUMAR N | SIMS

• Trademark violation by an e-commerce portal.

PROF. MANOJ KUMAR N | SIMS

DATA PROTECTION LAWS IN INDIA

PROF. MANOJ KUMAR N | SIMS

PROF. MANOJ KUMAR N | SIMS

contested regulations introduced in 2021. The judgment's outcomes are anticipated to

PROF. MANOJ KUMAR N | SIMS

PROF. MANOJ KUMAR N | SIMS

You might also like