Professional Documents
Culture Documents
Cyber Crime Notes Ajsal Punya
Cyber Crime Notes Ajsal Punya
Cyber Crime Notes Ajsal Punya
ON
CYBER CRIMES
9TH SEMESTER BBA,LL.B(HONOURS)
TITLE PAGE NO
MODULE 1 01-13
MODULE 2 14- 25
MODULE 3 26- 34
MODULE 4 35- 42
MODULE 5 43- 48
Revision Notes CYBER CRIMES by Ajsal Meeras & Punya Shaji 9th Semester BBA,LL.B(Hons) 2015-2020 GLC Thrissur
Page 1 of 48
MODULE 1
1. Introduction
Cyber crime is not an old sort of crime to the world. It is defined as any criminal
activity which takes place on or over the medium of computers or internet or other
technology recognised by the Information Technology Act.
There are number of illegal activities which are committed over the internet by
technically skilled criminals. Taking a wider interpretation, it can be said that,
Cybercrime includes any illegal activity where computer or internet is either a
tool or target or both.
The Indian Legislature doesn’t provide the exact definition of Cybercrime in any
statute, even the Information Technology Act, 2000; which deals with cybercrime
doesn’t defined the term of cybercrime. However, in general the term cybercrime
means any illegal activity which is carried over or with the help of internet or
computers.
Revision Notes CYBER CRIMES by Ajsal Meeras & Punya Shaji 9th Semester BBA,LL.B(Hons) 2015-2020 GLC Thrissur
Page 2 of 48
We do not have any precise definition of cybercrime; however, following is the
general definitions of term cybercrime:
Professor S.T. Viswanathan has given three definitions in his book The Indian
Cyber Laws with Cyber Glossary is as follows -
1. Any illegal action in which a computer is the tool or object of the crime i.e.
any crime, the means or purpose of which is to influence the function of a
computer,
2. Any incident associated with computer technology in which a victim
suffered or could have suffered loss and a perpetrator, by intention, made
or could have made a gain,
3. Computer abuse is considered as any illegal, unethical or unauthorized
behavior relating to the automatic processing and transmission of data.
The Concept of cybercrime is very different from the traditional crime. Also due
to the growth of Internet Technology, this crime has gained serious and unfettered
attention as compared to the traditional crime. So, it is necessary to examine the
peculiar characteristics of cybercrime.
Revision Notes CYBER CRIMES by Ajsal Meeras & Punya Shaji 9th Semester BBA,LL.B(Hons) 2015-2020 GLC Thrissur
Page 3 of 48
2. Geographical challenges – In cyberspace the geographical boundaries
reduced to zero. A cybercriminal in no time sitting in any part of the world
commit crime in other corner of world. For example, a hacker sitting in
India hack in the system placed in United States.
3. Virtual World –The act of cybercrime takes place in the cyber space
and the criminal who is committing this act is physically outside the cyber
space. Every activity of the criminal while committing that crime is done
over the virtual world.
Revision Notes CYBER CRIMES by Ajsal Meeras & Punya Shaji 9th Semester BBA,LL.B(Hons) 2015-2020 GLC Thrissur
Page 4 of 48
Types of Cyber Crimes
Revision Notes CYBER CRIMES by Ajsal Meeras & Punya Shaji 9th Semester BBA,LL.B(Hons) 2015-2020 GLC Thrissur
Page 5 of 48
money from victims account, online lottery scams such as Nigeria lottery
scams.
Bikanerwala filed in 2005. The plaintiff (here Bikanervala) had filed IPR
case with defendant (here New Bikanerwala) since they were running new
outlet in Delhi by using trademark registered with plaintiff. The court had
allowed plaintiff’s application and the defendant was restrained by means
of an ad interim injunction.
Cybercrime that targets computers often involves viruses and other types
of malware. Cybercriminals may infect computers with viruses and
malware to damage devices or stop them working. They may also use
malware to delete or steal data. Cybercrime that stops users using a
Revision Notes CYBER CRIMES by Ajsal Meeras & Punya Shaji 9th Semester BBA,LL.B(Hons) 2015-2020 GLC Thrissur
Page 8 of 48
machine or network, or prevents a business providing a software service to
its customers, is called a Denial-of Service (DoS) attack.
Cybercrime that uses computers to commit other crimes may involve using
computers or networks to spread malware, illegal information or illegal
images. Sometimes cybercriminals conduct both categories of cybercrime
at once. They may target computers with viruses first. Then, use them to
spread malware to other machines or throughout a network. Cyber
criminals may also carry out what is known as a Distributed-Denial-of
Service (DDos) attack. This is similar to a DoS attack but cybercriminals
use numerous compromised computers to carry it out.
For example:
• Infringing copyright.
• Illegal gambling.
Revision Notes CYBER CRIMES by Ajsal Meeras & Punya Shaji 9th Semester BBA,LL.B(Hons) 2015-2020 GLC Thrissur
Page 9 of 48
Cyber-crimes under the IT Act:
Revision Notes CYBER CRIMES by Ajsal Meeras & Punya Shaji 9th Semester BBA,LL.B(Hons) 2015-2020 GLC Thrissur
Page 10 of 48
Theoretical and Social Perspectives in Cyber Crimes
Revision Notes CYBER CRIMES by Ajsal Meeras & Punya Shaji 9th Semester BBA,LL.B(Hons) 2015-2020 GLC Thrissur
Page 11 of 48
Differential association Theory and Cyber crime
The basic idea behind this theory is that criminal tendencies are learned in
interaction with other deviant persons. It is through interaction with others that
one engages in illegal acts. This theory considers social environment as a means
to explain why some individuals engage in criminal behaviour. This is seen in
poor socio- economic conditions which encourage disobedience of law and
authority. The main premise of this theory is that criminal behaviour is learnt
through social interactions.
Digital Key
There are two types of digital keys
Private key
Private key is the key which creates a digital signature to an electronic record. It
has to be corresponding to the public key listed in the Digital Signature Certificate,
and it is kept confidential by the subscriber.
Public key
Public key is the key which verifies a digital signature which is affixed by the
private key, and it is listed in the Digital Signature Certificate. This key is made
freely available to the public and the Certifying Authority.
Revision Notes CYBER CRIMES by Ajsal Meeras & Punya Shaji 9th Semester BBA,LL.B(Hons) 2015-2020 GLC Thrissur
Page 12 of 48
Digital Signature.
When an electronic record needs to be authenticated, Digital Signature is affixed
to it by means of asymmetric cryptosystem and hash function. Hash Function is
nothing but a computer programming algorithm mapping by which the
information is translated from one sequence of bits to another, and the latter is
known as hash result.
Cryptography
Cryptography is the process by which any information is transformed into cipher
text or code, which can’t be read by an individual apart from the intended
recipient that is also when the recipient holds the secret key to unlock or decipher
such information. Cryptography is meant for security purposes.
Types of Cryptography
1. Symmetric cryptography
2. Asymmetric cryptography
1. Symmetric cryptography
Symmetric cryptography only one secret key, which can be words or numbers or
characters, is used to encrypt and decrypt an electronic record or a particular
message. The sender and the receiver both should know about that key to
respectively form and retrieve the message.
2. Asymmetric cryptography
Asymmetric cryptography two keys are used, one is kept confidential by the
person who is affixing the encryption to an electronic record or message, known
as private key, and the other is distributed generally to the public for decrypting
such record or message in order to retrieve it, known as public key. Asymmetric
cryptosystem takes more time than symmetric but is more secure
Revision Notes CYBER CRIMES by Ajsal Meeras & Punya Shaji 9th Semester BBA,LL.B(Hons) 2015-2020 GLC Thrissur
Page 13 of 48
MODULE 2
Online fraud—Identity theft—Virtual crime—Password cracking-scams-
phishing attacks Computer intrusions and attacks
Online fraud
Fraud that is committed using the internet is “online fraud.” Online fraud can
involve financial fraud and identity theft.
Fraud comes in many forms. It ranges from viruses that attack computers with
the goal of retrieving personal information, to email schemes that lure victims
into wiring money to fraudulent sources, to “phishing” emails that purport to be
from official entities (such as banks or the Internal Revenue Service) that solicit
personal information from victims to be used to commit identity theft, to fraud on
online auction sites (such as eBay) where perpetrators sell fictional goods. The
methods used by perpetrators of online fraud are constantly evolving. criminals
use scams to try to defraud people.
Phishing
Typically, a phishing email will ask an internet banking customer to follow a link
to a fake banking website and enter his or her personal banking details.
If the link is followed, the victim often also downloads a malicious program
which captures his/her keyboard strokes including any typed information such as
banking login details and sends them to a third party. As well as targeting internet
banking customers, phishing emails may target online auction sites or other
online payment facilities.
Revision Notes CYBER CRIMES by Ajsal Meeras & Punya Shaji 9th Semester BBA,LL.B(Hons) 2015-2020 GLC Thrissur
Page 14 of 48
Mule Recruitment
'Mule Recruitment' is an attempt to get a person to receive stolen funds using his
or her bank account, and then transfer those funds to criminals overseas.
Usually, criminals send out millions of fraudulent job and employment emails to
random email addresses, in the hope of involving unsuspecting, innocent persons
in their criminal activity.
Scams
Criminals send out millions of these fraudulent spam emails to random email
addresses in the hope of enticing someone to respond.
Although the stories in these scams vary widely, after an initial exchange of
conversation or emails with the victim, they all usually ask victims to provide
bank account or personal details in order to receive a fictitious financial windfall.
Revision Notes CYBER CRIMES by Ajsal Meeras & Punya Shaji 9th Semester BBA,LL.B(Hons) 2015-2020 GLC Thrissur
Page 15 of 48
Spam
Spam is unsolicited commercial messages sent via email, SMS, MMS and other,
similar electronic messaging media. They may try to persuade you to buy a
product or service, or visit a website where you can make purchases; or they may
attempt to trick you into divulging your bank account or credit card details.
If you receive a suspect email, the best course of action is to delete it immediately.
Do not follow any links, or reply to the sender. By following a link, you may
accidentally download a 'Trojan' or 'key logging' program, which could
compromise your security. By replying, you run the risk of receiving more emails
from this source.
Identity theft
The term identity theft was coined in 1964. A large part of online crime is now
centered on identity theft which is part of identity fraud and specifically refers to
the theft and use of personal identifying information of an actual person, as
opposed to the use of a fictitious identity. This can include the theft and use of
identifying personal information of persons either living or dead.
Definition:
Identity theft and identity fraud are terms used to, refer to all types of crime in
which someone wrongfully obtains and uses another person’s personal data in
some way' that involves fraud or deception, usually for economic gain.
Revision Notes CYBER CRIMES by Ajsal Meeras & Punya Shaji 9th Semester BBA,LL.B(Hons) 2015-2020 GLC Thrissur
Page 16 of 48
Identity Theft is a crime in which an impostor obtains key pieces of personal
identifying information (PI) such as Social Security numbers and driver's license
numbers and uses them for their own personal gain This is called ID Theft. It can
start with lost or stolen wallets. pilfered mail, a data breach, computer virus,
phishing, a scam, or paper documents thrown out by you or a business (dumpster
diving). This crime varies widely, and can include check fraud, credit card fraud
financial identity theft. criminal identity theft. governmental identity theft, and
identity fraud.
identity theft is carried out in 3 stages. which is acquisition, using of identity and
finally discovery of theft
Use of the identity: After the acquisition of the identity, the fraudster may use
the identity to commit another crime resulting in financial gain to him. Financial
gain crimes could be such as misuse of the credit card information to make online
purchase, opening new accounts, sell the identities to others who commit fraud.
Sometime ne stolen information may be used to harass the victim, like posting O
pornography or obscene material by fraudster posing himself as the victim.
Discovery of the theft: Many cases of misuse of credit cards are discovered
quickly. however, in some cases the victim of an identity theft may not even know
how or when their identity was stolen and theft may take 6 months to several
years to come to the notice of the Victim. Study reveals that the longer it takes to
discover the theft, the greater the loss incurred by the victim.
The most rampant ways to commit identity theft are as follows: Theft: There may
be a theft of wallet or bag containing bank credit cards, passport and other
identifying documents containing vital personal information.
Revision Notes CYBER CRIMES by Ajsal Meeras & Punya Shaji 9th Semester BBA,LL.B(Hons) 2015-2020 GLC Thrissur
Page 17 of 48
confidential data, decrypt it and misuse the same elsewhere for financial gain or
commit fraud.
Phishing: Phishing is the most prevalent method to steal the personal identifying
information. The fraudster sends a fraudulent email with a link to a fake website
that is exact replica of the original bank sites which are so designed to fool the
users so that they reveal their personal information.
Vishing: It is the act of calling a victim on the phone by the fraudster posing as
the bank representative in an attempt to scam victim users into disclosing personal
information.
Shoulder Surfing: The fraudster can also obtain your personal data without
breaking into your homes. In public places, some people loiter around ATM &
Telephone Booths who watch you enter your secret PIN Number or simply
looking over your shoulder on a public telephone or just by eavesdropping if you
are giving your credit card information over the phone.
Revision Notes CYBER CRIMES by Ajsal Meeras & Punya Shaji 9th Semester BBA,LL.B(Hons) 2015-2020 GLC Thrissur
Page 18 of 48
1.Criminal Identity theft
Criminal Identity theft occurs when someone who has been arrested for
committing a crime presents himself as another person, by using that person’s
details and information. This results in the filing of criminal record against the
victim who may have no idea about the crime committed or may not learn about
the crime until it’s too late or when the court summons.
It must be difficult for the victim to clear their records as the jurisdiction for every
crime is different and it will be very hard to find the true identity of the criminal.
might need to find the police officers and they will identify the victim and the
Court after an investigation will clear the charges.
Financial Identity theft refers to the taking over of the victim’s account by the
criminal by stealing his personal information. Thus, financial identity theft is the
outcome of Identity theft. The ultimate goal of the criminals is to obtain the credit
card in the name of the victim or to withdraw the amount from the victim’s
account.
This includes taking a loan on the victim’s name, writing the cheques on the
victim’s name or transferring money from the victim’s account. Also, using goods
and services by claiming to be someone else come into financial identity theft.
Synthetic Identity theft is the most common identity theft in which original
identities are completely or partly forged. It is committed by the criminals by
combining the fake credentials and the legitimate personal information of the
victim in order to create a fake document. This false document can be used by the
criminal to apply for a loan, obtain a duplicate license, apply for credit, etc.
This majorly harms the creditors who granted credit to the fraud. Victims are
minorly affected if their names are confused with the synthetic identity or
negative ratings can affect their credit score.
Revision Notes CYBER CRIMES by Ajsal Meeras & Punya Shaji 9th Semester BBA,LL.B(Hons) 2015-2020 GLC Thrissur
Page 19 of 48
4.Identity cloning and concealment
Identity cloning and concealment are committed when someone uses the identity
of someone else in order to conceal his identity. It is mostly used by immigrants.
A person may apply for the visa by using false information and thus, concealing
the identity. Terrorists use Identity cloning to impersonate someone else.
Thus, instead of using someone else’s identity for financial gains or committing
crimes, it is used by the person the criminal to live the life of the person whose
information is obtained.
Medical Identity theft occurs when the criminal uses the information of someone
else to get prescription drugs, see the doctor or claim the insurance benefit. The
result is, the medical records of the criminal are added to the victim’s record.
Thus, this has serious consequences on the medical records of the victim.
The theft in which a child’s identity is used by another person for illegal gain is
known as child identity theft. The imposter can be anyone, an unknown, a friend
or even a family member who targets children.
Virtual crime
Virtual crime or in-game crime refers to a virtual criminal act that takes place in
a massively multiplayer online game (MMOG), usually an MMORPG. The huge
time and effort invested into such games can lead online "crime" to spill over into
real world crime, and even blur the distinctions between the two. Some countries
have introduced special police investigation units to cover such "virtual crimes".
South Korea is one such country and looked into 22,000 cases in the first six
months of 2003.
Several interpretations of the term "virtual crime" exist. Some legal scholars opt
for a definition based on a report written by freelance journalist Julian Dibbell on
what was the first prominent case, "a rape in cyberspace." One such scholar
Revision Notes CYBER CRIMES by Ajsal Meeras & Punya Shaji 9th Semester BBA,LL.B(Hons) 2015-2020 GLC Thrissur
Page 20 of 48
defined virtual crime as needing to have all the qualities of a real crime, and so
was not a new subset of crime at all. Conversely, it has also been said that the
connection between virtual crimes and real crimes are "tenuous at best: It is the
link between a brutal rape and a fictional story of a brutal rape. Surely the
difference is more striking than any similarity." It is difficult to prove that there
are real-life implications of virtual crime, so it is not widely accepted as
prosecutable.
To rectify this, the modern interpretation of the term "virtual" must be amended
such that it carries the traditional implication; "that is such in essence or effect,
though not recognised as such in name or according to strict definition." In this
sense, it "would include those crimes that somehow evoke and approach the effect
and essence of real crime, but are not considered crimes."
Password cracking
Revision Notes CYBER CRIMES by Ajsal Meeras & Punya Shaji 9th Semester BBA,LL.B(Hons) 2015-2020 GLC Thrissur
Page 21 of 48
Password cracking techniques used by hackers
Naturally, hackers want to use the easiest available method for password cracking.
More often than not, that method is phishing, described in detail below. As long
as the human is the weakest link of any security system, targeting her or him is
the best bet. If that fails, there are plenty of other password cracking techniques
to try.
While passwords are a very popular account security tool, they aren’t necessarily
the safest option. That’s especially the case if a user creates a weak password,
reuses it, and stores its plaintext copy somewhere online.
There’s no clear-cut answer to this. For starters, all password cracking tools
described above are perfectly legal. That’s because they play a key role in
checking for vulnerabilities and can also help recover a lost password. What’s
more, such tools help law enforcement fight crime. So, as it often is, password
cracking can help the good and the bad cause.
Password cracking is legal if someone asks a hacker to try and break into the
system with the goal to find vulnerabilities, such as weak passwords. These so-
called white-hat hackers have no authorized access but use all possible means to
penetrate the system.
In contrast, black-hat hackers always have personal gain, and the means are
almost exclusively illegal. If they manage to crack a password, they will use it to
get even more information about the target, leading to banking and other valuable
data.
Revision Notes CYBER CRIMES by Ajsal Meeras & Punya Shaji 9th Semester BBA,LL.B(Hons) 2015-2020 GLC Thrissur
Page 22 of 48
In not so much contrast, we find grey-hat hackers. These try to access data
illegally and they don’t inform about a successful attack. However, grey-hat stop
after they reach their goal and have no interest in profiting from the exposed
information. One can compare this to breaking into someone’s home while
they’re at work and leaving as soon as you’re in.
Phishing
In computing, phishing is a form of social engineering, characterized by attempts
to fraudulently acquire sensitive information, such as passwords and credit card
details, by masquerading as a trustworthy person or business in an apparently
official electronic communication, such as an e-mail or an instant message. The
act of sending an e-mail to a user falsely claiming to be established legitimate
enterprises in an attempt to scam the user into surrendering private information
that will be used for identity theft. The e-mail directs the user to visit a Website
where they are asked to update personal information, such as passwords, credit
card, social security, and bank account numbers, that the legitimate organization
already has. The Website, however, is bogus and set up only to steal the user’s
information.
The motive behind phishing is that people will share their credit card information,
passwords, bank account numbers and other information thinking that they are
sharing their information to the legitimate organization but in real they are sharing
their information with bogus website or organization which is going to steal their
money.
Most methods of phishing use some form of technical deception designed to make
a link in an e-mail appear to belong to the spoofed organization. Misspelled URLs
or the use of sub domains are common tricks used by phishers, for example, the
link http://www.google.com@membcrs.abc.com/ might deceive a casual
observer into believing that the link will open a page on www.google.com,
whereas the link actually directs the browser to a page on members.abc.com,
using a username of www.google.com; were there no such user, the page would
open normally. This method has since been closed off in the Mozilla and Internet
Revision Notes CYBER CRIMES by Ajsal Meeras & Punya Shaji 9th Semester BBA,LL.B(Hons) 2015-2020 GLC Thrissur
Page 23 of 48
Explorer web browsers, while Opera provides a warning message and the option
not to follow the link.
Nowadays Phishing attacks are becoming common form of risk in Internet based
Banking. Banks have been largely forcing the customers to believe that the
liability for Phishing should be borne by the customers because they were
negligent in responding to the Phishing mail. However, the legal position can be
different. Phishing is a result of multiple contraventions of Information
Technology Act 2000 particularly after the amendments of 2008. It results in
wrongful loss to the customer. The contravention therefore attracts provisions of
Section 43 for adjudication. Already, several complaints have been registered
against Banks in Bangalore, Chennai and Hyderabad.
Banks are basically being held liable under the age-old Banking law that
“Forgery cannot be held against the customer, however clever or undetectable the
forgery is”. Additionally, Banks are ignoring the law of the land through IT Act
2000 as well as the Guidelines of RBI and not using digital signatures for
authentication of Internet transactions. This makes them negligent under Sections
79 and 85 making them liable for any offence attributable to a computer
belonging to the Bank. Recently Bank of India has set precedence by accepting
liability for Phishing in one the cases filed in Bangalore and repaying the amount
along with interest to the customer who was a victim of a Phishing fraud.
Phishing is a cybercrime and few sections have been amended in 2008 Act to
punish phishers. The following Sections of the Information Technology Act,
2000 are applicable to Phishing.
Section 66A: Sec 66A of the Act prescribes punishment for sending offensive
messages through computer resource or communication device. It states that any
information which is offensive or has menacing character, or which is false in
nature for causing annoyance shall he punished with an imprisonment of three
years and with fine
It is clear from this that the misrepresenting email containing the fake link of the
bank or organization is used to deceive or to mislead the recipient about the origin
of such email and thus, it attracts the provisions of Section 66A IT Act 2000.
Revision Notes CYBER CRIMES by Ajsal Meeras & Punya Shaji 9th Semester BBA,LL.B(Hons) 2015-2020 GLC Thrissur
Page 24 of 48
Section 66D: Punishment for cheating by personation by using computer
resources. Whoever by means of any communication device or computer
resource cheats by personation, shall be punished with imprisonment of either
description for a term which may extend to three years and shall also be liable to
fine which may extend to one lakh rupees.
Computer intrusions occur when someone tries to gain access to any part of your
computer system. Computer intruders or hackers typically use automated
computer programs when they try to compromise a computer’s security. There
are several ways an intruder can try to gain access to your computer.
They can:
Revision Notes CYBER CRIMES by Ajsal Meeras & Punya Shaji 9th Semester BBA,LL.B(Hons) 2015-2020 GLC Thrissur
Page 25 of 48
MODULE 3
International aspects and Jurisdiction relating to cybercrimes, Human right
violations and internet, public domain
The menace of crime in cyberspace has the potential for limiting the development
of cyber based international trade and commerce, apart from shying away the
ordinary people whose privacy and security gets affected by onslaught of
information crime.
The United Nation Manual on the Prevention and Control of Computer –related
crime call upon the international community to strive for the following, in seeking
solutions to the above problems:
It has been recognized under the International law that a state may assert extra-
territorial jurisdiction under certain circumstances. The basic principles where the
extra-territorial jurisdiction can be exercised are:
1. Territorial principle:
2. Nationality principle:
3. Protective Principle:
4. Passive Personality Principle
5. The "Effects Doctrine"
6. Universality Principle
In France vs. Turkey (S.S Lotus case) it was held by the Permanent Court of
International Justice that "the first and foremost restriction imposed by
international law on the state is that the state shall not exercise its power in any
form in the territory of another State. In this sense jurisdiction is certainly
territorial and it cannot be exercised by a State outside its territory except by
virtue of a permissive rule derived from international custom or from convention.
When there is a conflict between two states or territories involving two or more
states the only way out to resolve the issue is through mutual negotiation or
extradition to the most affected state or simply by exercising of jurisdiction by
the State having custody of the accused.
Revision Notes CYBER CRIMES by Ajsal Meeras & Punya Shaji 9th Semester BBA,LL.B(Hons) 2015-2020 GLC Thrissur
Page 27 of 48
2. Nationality principle: It is for the state to determine under its own law who
are its nationals. Any question as to whether a person possesses nationality of a
particular state shall be determined in accordance with the law of the State.
Nationality serves to determine that the person, upon whom it is conferred, enjoys
the rights and is bound by the obligations which the law of the state grants to or
imposes upon its nationals.
Under the principle of nationality, a state may exercise jurisdiction over its own
nationals irrespective of the place where the relevant acts occurred. A state may
even assume Extra-territorial jurisdiction.
3.Protective Principle: A state relies upon this principle when its national
security or a matter of public interest is in issue. A state has a right to protect itself
from acts of international conspiracies and terrorism, drug trafficking etc. In the
case of Attorney-General of the Government of Israel v Eichmann, the court of
Jerusalem held that " The State of Israel's right to punish the accused derives from
the two cumulative sources: a universal source- which vests the right to prosecute
and punish crimes of this order in every state within the family of nations, and a
specific or national source, which gives the victim nation the right to try any who
assault its existence"
The US District court held that "The Passive personality principle authorizes
states to assert jurisdiction over offences committed against their citizens abroad.
It recognizes that each state has a legitimate interest in protecting the safety of its
citizens when they journey outside national boundaries".
Revision Notes CYBER CRIMES by Ajsal Meeras & Punya Shaji 9th Semester BBA,LL.B(Hons) 2015-2020 GLC Thrissur
Page 28 of 48
5. The "Effects Doctrine": It is an extra-territorial application of national laws
where an action by a person with no territorial or national connection with a state
has an effect on that State. The situation is compounded if the act is legal in the
place where it was performed. The 'effects' doctrine' is primarily a doctrine to
protect American business interests and is applicable where there are restrictive
trade or anti- competitive agreements between corporations.
In the case of Hartford Fire Insurance Co California, the question was whether
the London insurance companies refusing to grant reinsurance to certain US
businesses except on terms agreed amongst themselves are violative of the US
anti-trust laws and tried in the United States. The US Supreme Court held that the
US court did have jurisdiction and that there exists no conflict between domestic
and foreign law and "where a person subject to regulation by two states can
comply with the laws of both"
Jurisdiction in Cyberspace
Jurisdiction means the authority which a court has to decide matters that are
litigated before it or to take cognizance if matters are presented in a formal way
for its decisions.
Revision Notes CYBER CRIMES by Ajsal Meeras & Punya Shaji 9th Semester BBA,LL.B(Hons) 2015-2020 GLC Thrissur
Page 29 of 48
The decentralized nature of Internet usually brings parties residing in different
jurisdictions in contact with each other. Due to this which court will acquire the
authority to try the case in case of a contentious issue always remains a
problematic question.
According to the tradition Indian law the Jurisdiction of Civil Courts is mentioned
in the Code of Civil Procedure, 1908. A civil court in India can take cognizance
of a civil dispute if the cause of action has either wholly or partly arisen within
its territorial jurisdiction. The jurisdiction of Criminal Courts is discussed in the
Indian Penal Code and the Code of Criminal Procedure, 1973.
By section 2(2) of the I.T Act the Act extends to the whole of India and applies
to any offence or contravention committed outside India by any person. By
section 75(1) the provisions of the Act shall apply also to any offence or
contravention committed outside India by any person irrespective of his
nationality. However, the Act shall apply to an offence or contravention
committed outside India by any person only if the act or conduct constituting the
offence or contravention involves a computer, computer system or computer
network located, in India.
Thus, the Indian Courts can take cognizance of offences punishable under the Act
if the offence involves a computer, computer system or computer network located
in India, even though the offence was committed outside India. Furthermore, the
Indian courts can proceed even against a foreigner if the offence or contravention
involves a computer, computer system or computer network located in India.
Revision Notes CYBER CRIMES by Ajsal Meeras & Punya Shaji 9th Semester BBA,LL.B(Hons) 2015-2020 GLC Thrissur
Page 30 of 48
Human right violation and internet
Day in and day out we find human rights violations and privacy of an individual
is at stake with the recent advancements in the cyber space. A sincere effort is
made to focus on the asserted boundlessness" of cyber space in order to examine
how and to what extent the activities are centered round. Before we go deep into
the subject, it is appropriate and necessary to understand the meaning and scope
of cyber space.
The internet has been in existence since 1960’s and the World Wide Web (WWW)
since 1990’s2. Cyber space however remains a relatively new terrain in terms of
the questions it raises about human rights and responsibilities. The International
Telecommunications Union estimates that almost 40% of the world’s population
and over 76% of people in developed countries are now internet users.3
Government, business and organizations in civil society are increasingly using
cyber space platforms in the communication of information and delivery of
services.
Accordingly, the internet has become a major vehicle for the exercise of the right
to freedom of expression and information. The International Covenant on Civil
and Political Rights (I.C.C.P.R) 4states (in Article 19(2) Freedom of opinion and
expression. Everyone shall have the right to freedom of expression, this right shall
include freedom to seek, receive and impart information and ideas of all kinds,
regardless of frontiers, either orally, in writing or in print, in the form of art or
through any other media of his choice.
The Human Rights Commission has stated that the freedom of expression and
information under Article 19 of the ICCPR include the freedom to receive and
communicate information, ideas and opinions through the internet.
The exercise of the rights provided for in paragraph 2 of this article carries with
its special duties and responsibilities. It may therefore be subject to certain
restrictions, but these shall only be such as provided by a law and are necessary:
Revision Notes CYBER CRIMES by Ajsal Meeras & Punya Shaji 9th Semester BBA,LL.B(Hons) 2015-2020 GLC Thrissur
Page 31 of 48
a) For respect of the rights or reputations of others.
b) For the protection of national security or public order (order public), or public
health or morals.
The internet has opened up new possibilities, avenues, and channels for the
realization of the right to freedom of expression. This is certainly because of the
internet’s unique characteristics including its speed, worldwide reach and
importantly the aspect of anonymity.
Revision Notes CYBER CRIMES by Ajsal Meeras & Punya Shaji 9th Semester BBA,LL.B(Hons) 2015-2020 GLC Thrissur
Page 32 of 48
Other human rights violations occurring in cyber space.
Cyber Bullying
Cyber Racism
There are many examples of cyber- racism on the internet from racist individual
Facebook posts to group pages specifically set up a racist purpose.
Cyber-Sexism/Sexual Harassment
Instances of Cyber-Sexism are similarly numerous. Other examples of Cyber-
Sexism, Sexual harassment include “Creep Shots” where man take pictures of
intimate body parts of unsuspecting women snapped on the street or in their
private places and load them on a publicly accessible website.
Cyber Homophobia
The incidence of homophobic cyber-bullying has increased greatly in recent years
with the proliferation of online social networking tools.19 In U.S.A, a student
killed himself shortly after discovering that his roommate had secretly used a
webcam to stream his sexual intimate actions with another man over the internet.
It is thus evident that the internet is being used in different ways to facilitate
various forms of discrimination and harassment.
Public domain
The term "public domain" refers to creative materials that are not protected by
intellectual property laws such as copyright, trademark, or patent laws. The public
owns these works, not an individual author or artist. Anyone can use a public
domain work without obtaining permission, but no one can ever own it.
There are four common ways that works arrive in the public domain:
Revision Notes CYBER CRIMES by Ajsal Meeras & Punya Shaji 9th Semester BBA,LL.B(Hons) 2015-2020 GLC Thrissur
Page 34 of 48
MODULE 4
Cyber warfare—Cyber terrorism—Cyber-squatting –cyber stalking-software
privacy—and copyright infringement
Cyber warfare
• viruses, computer worms and malware that can take down water supplies,
transportation systems, power grids, critical infrastructure and military
systems;
• denial-of-service (DoS) attacks, cyber security events that occur when
attackers take action that prevents legitimate users from accessing targeted
computer systems, devices or other network resources;
• hacking and theft of critical data from institutions, governments and
businesses; and
• ransomware that holds computer systems hostage until the victims pay
ransom.
Revision Notes CYBER CRIMES by Ajsal Meeras & Punya Shaji 9th Semester BBA,LL.B(Hons) 2015-2020 GLC Thrissur
Page 35 of 48
Objectives of cyberwarfare
DoS attacks, which continue to increase around the world, are expected to be
leveraged for waging cyberwarfare. Attackers are using distributed denial of
service (DDoS) attack methods to hit government entities with massive sustained
bandwidth attacks, and at the same time infecting them with spyware and
malware to steal or destroy data. These attacks may inject misinformation into
the networks of their targets to create chaos, outages or scandals.
Cyber Terrorism
The term cyberterrorism refers to the use of the Internet in order to perform
violent actions that either threaten or result in serious bodily harm or even loss of
life. Cyberterrorism acts often aim to achieve political or ideological advantages
by means of intimidation, fear and threat.
(A) Whoever with intent to threaten the unity, integrity, security or sovereignty
of India or to strike terror in the people or any section of the people
Revision Notes CYBER CRIMES by Ajsal Meeras & Punya Shaji 9th Semester BBA,LL.B(Hons) 2015-2020 GLC Thrissur
Page 37 of 48
(i) denies or cause the denial of access to any person authorised to access
computer resource; or
any restricted information, data or computer data base, with reasons to believe
that such information, data, computer database so obtained may be used to cause
or likely to cause injury to the
Cyberstalking
Stalking or being 'followed are problems that many people, especially women,
are familiar with... Sometimes these problems (harassment & stalking) can occur
over the Internet. This IS known as cyber stalking. Cyberstalking simply put, is
online stalking. It has been defined as the use of technology. Common
characteristics include particularly the Internet, to harass someone. Common
characteristics include false accusations, monitoring, threats, identity theft, and
data destruction or manipulation. Cyberstalking also includes exploitation of
minors, be it sexual or otherwise.
The harassment can take on many forms, but the common denominator is that it's
unwanted, often obsessive, and usually illegal. Cyberstalkers use e-mail, instant
messages, phone calls, and other. communication devices to stalk, whether it
takes the form of sexual harassment; inappropriate contact or just plain annoying
attention to your life' and your family's activities
A Cyber stalker need not eave his home to find, or harass his targets and has no
fear of physical violence since he knows that he cannot be physically touched in
cyberspace. He may be may be on the other side of the earth or a neighbor or even
a relative. It could be a former friend, or just someone who wants to bother you
Revision Notes CYBER CRIMES by Ajsal Meeras & Punya Shaji 9th Semester BBA,LL.B(Hons) 2015-2020 GLC Thrissur
Page 39 of 48
and your family in an inappropriate way. A stalker could be of either sex.
Interestingly, it is often perpetrated not by strangers, but by someone you know.
Both kind of Stalkers' Online & Offline - have desire to control the victim’s life.
Majority of the stalkers are the dejected lovers or ex-lovers, who then want to
harass the victim because they failed to satisfy their secret desires. Most of the
stalkers are men and victim female.
They collect all personal information about the victim such as name, family
background, telephone numbers of residence and work place, daily routine of the
victim, address of residence and place of work, date of birth etc. If the stalker is
one of the acquaintances of the victim, he can easily get this information. If stalker
is a stranger to victim, he collects the information from the internet resources such
as various profiles, the victim may have filled in while opening the chat or e-mail
account or while signing an account with some website.
The stalker may post this information on any website related to sex services
posing as if the victim is posting this information and invite the people to call the
victim on her telephone numbers to have sexual services. Stalker even uses very
filthy and obscene language to invite the interested persons.
People of all kind from nook and corners of the world, who come across this
information, start calling the victim at her residence or workplace, asking for
sexual services or relationships
Some stalkers keep on sending repeated emails asking for various kinds of
favours or threaten the victim. In online stalking the stalker makes third party to
harass the victim.
Revision Notes CYBER CRIMES by Ajsal Meeras & Punya Shaji 9th Semester BBA,LL.B(Hons) 2015-2020 GLC Thrissur
Page 40 of 48
and shall also be liable to fine and for any subsequent conviction would be liable
for imprisonment up to 5 years and with fine.
With the emergence of the internet and increasing use of the worldwide web
possibilities of infringement of copyright have become mind boggling free and
easy access on the web together with possibilities of down loading has created
new issued in copyright infringement. Taking content from one site, modifying it
or just reproducing it on another site has been made possible by digital technology
and this has posed new challenges for the traditional interpretation of individual
rights and protection. Any person with a PC (Personal Computers) and a modem
can become a publisher. Downloading, uploading saving transforming or crating
a derivative work is just a mouse click away.
A web page is not much different than a book a magazine or a multimedia CD-
ROM and will be eligible for copyright protection, as it contains text graphics and
even audio and videos.
Copyright law grants the owner exclusive right to authorize reproduction of the
copy righted works preparation of derivative works, distribution etc. However,
application of this concept on the internet cannot be strictly applied to copyright.
Duplication of the information is an essential step in the transmission of
information on the internet and even plain browsing information at a computer
terminal (which is equivalent to reading a book or a magazine at book store) may
result in the creation of an unauthorized copy since a temporary copy of the work
Revision Notes CYBER CRIMES by Ajsal Meeras & Punya Shaji 9th Semester BBA,LL.B(Hons) 2015-2020 GLC Thrissur
Page 41 of 48
is created in the RAM of the user’s computer for the purpose of access. The law
on the subject evolving and the general view is that more accessing a web page
would not be an infringement as the copy created is temporary or ephemeral.
Another common issue amongst web site owners is to create links to other sites
within the design of their own web pages. Would such linking be considered a
copy right violation as these links give access to other copy righted sites?
Although strictly speaking it may be a violation of copyright. But there is an
implied doctrine of public access for linking to other web pages. The Internet was
created on the basic of being able to attach hypertext links to any other location
and it is assumed that once a page is put on the net, implied consent is given,
unless specifically prohibited by the web site owner.
There are three essential types of software which help to function the computer,
micro code it is a programme which controls the details of execution, the
operating system software which control the sources of a computer and manages
routine tasks and is a necessary requirement for a computer to function and the
third is an application software which is designed to perform a particular task.
Revision Notes CYBER CRIMES by Ajsal Meeras & Punya Shaji 9th Semester BBA,LL.B(Hons) 2015-2020 GLC Thrissur
Page 42 of 48
MODULE 5
Investigating cybercrime- interception- search and seizure, surveillance, digital
evidence.
In keeping with the demand of the times, the Cyber Crime Investigation Cell
(CCIC) of the CBI, notified in September 1999, started functioning with effect
from 3.3.2000. The Cell is headed by a Superintendent of Police. The jurisdiction
of this Cell is all India, and besides the offences punishable under Chapter X1, IT
Act, 2000, it also has power to look into other high-tech crimes. Cyber Crime
Investigation Cell is a wing of Mumbai Police, India, to deal with Cybercrimes,
and to enforce provisions of the Information Technology Act 2000, and various
cybercrime related provisions of criminal laws, including the Indian Penal Code.
Cyber Crime Investigation Cell is a part of Crime Branch, Criminal Investigation
Department of the Mumbai Police. The Cyber Crime Investigation Cell of
Mumbai Police was inaugurated on 18th December 2000 and it is functioning
under the overall guidance of Jt. Commissioner of Police (Crime), Addl.
Commissioner of Police (Crime) and Dy. Commissioner of Police (Enforcement).
Cyber Crime Cells are also there at Delhi, Chennai, Bangalore, Hyderabad, Thane,
Pune, Gujarat and Gurgaon.
• Server Logs;
• Copy of defaced web page in soft copy as well as hard copy format, if
website is defaced;
• If data is compromised on your server or computer or any other network
equipment, soft copy of original <data and soft copy of compromised data.
• Access control mechanism details i.e.- who had what kind of access to the
compromised system;
• List of suspects - if the victim is having any suspicion on anyone.
• All relevant information leading to answers to the following questions
Revision Notes CYBER CRIMES by Ajsal Meeras & Punya Shaji 9th Semester BBA,LL.B(Hons) 2015-2020 GLC Thrissur
Page 43 of 48
1. what? (what is compromised)
2. who? (who might have compromised system)
3. when? (when the system was compromised)
4. why? (why the system might have been compromised)
5. where? (where is the impact of attack-identifying the target system from
the network)
6. How many? (How many systems have been compromised by the attack)
REGULATORY AUTHORITIES
Revision Notes CYBER CRIMES by Ajsal Meeras & Punya Shaji 9th Semester BBA,LL.B(Hons) 2015-2020 GLC Thrissur
Page 44 of 48
• Technology-based education.
• Matters relating to Cyber Laws, administration of the Information
Technology Act. 2000 (21 of 2000) and other Information Technology
related laws.
• Matters relating to promotion and manufacturing of Semiconductor
Devices in the country.
• Interaction in Information Technology related matters with International
agencies and bodies.
• Initiative on bridging the Digital Divide, Matters relating to Media Lab
Asia.
• Promotion of Standardization, Testing and Quality in Information
• Technology and standardization of procedure for Information Technology
application and Tasks.
• Electronics Export and Computer Software Promotion Council (ESC).
• National Informatics Centre (NIC)
• All matters relating to personnel under the control of the Department.
The IT Act provides for the Controller of Certifying Authorities (CCA) to license
and regulate the working of Certifying Authorities. The Certifying Authorities
(CAs) issue digital signature certificates for electronic authentication of users.
The CCA certifies the public keys of CAs using its own private key, which
enables users in the cyberspace to verily that a given certificate is issued by a
licensed CA. For this purpose, it operates, the Root Certifying Authority of India
(RCAI).
Cyber Appellate Tribunal has been established under the IT Act under the aegis
of Controller of Certifying Authorities (CCA). A Cyber Appellate Tribunal
consists of one Presiding Officer who is qualified to be a Judge of a High Court
or is or has been a member of the Indian Legal Service and is holding or has held
a post in Grade I of that service for at least three years supported by other official
under him/her.
Revision Notes CYBER CRIMES by Ajsal Meeras & Punya Shaji 9th Semester BBA,LL.B(Hons) 2015-2020 GLC Thrissur
Page 45 of 48
The Cyber Appellate Tribunal has, for the purposes of discharging its functions
under the IT Act, the same powers as are vested in a civil court under the Code
of Civil Procedure, 1908. However, is not bound by the procedure laid down by
the Code of Civil Procedure, 1908 but is guided by the principles of natural justice
and, subject to the other provisions of this Act and of any rules. The Cyber
Appellate Tribunal has powers to regulate its own procedure including the place
at which it has its sitting.
The composition of the Cyber Appellate Tribunal is provided for under section
49 of the Information Technology Act, 2000. Initially the Tribunal consisted of
only one person who was referred to as the Presiding Officer who was to be
appointed by way of notification by the Central Government. Thereafter the Act
was amended in the year 2008 by which section 49 which provides for the
composition of the Cyber Appellate Tribunal has been changed. As per the
amended section the Tribunal shall consist of a Chairperson and such number of
other Members as the Central Government may by notification in the Official
Gazette appoint. The selection of the Chairperson and Members of the Tribunal
is made by the Central Government in consultation with the Chief Justice of India.
The Presiding Officer of the Tribunal is now known as the Chairperson.
INTERCEPTION
The Section 93 of the CrPC, “mandates for a magistrate to issue a search warrant
for any ‘document or thing’ also warrant for general search in the area only for
the purpose of investigation”. However, “Section 100 of the CrPC prerequisites
search for a closed place, also it mandates a prior approved warrant for search
and a witness at the searched premises”. Other provisions include Sections 165
and 51 which provide for search without a warrant. “If any officer-in-charge feels
that it would be time-consuming in acquiring a warrant and the evidence shall be
lost then the officer can search the premises without a warrant”
The “Information Technology Act, 2000 (IT Act)” was enacted by the Parliament
for adding provisions for electronic evidence to the laws of India. There have
Revision Notes CYBER CRIMES by Ajsal Meeras & Punya Shaji 9th Semester BBA,LL.B(Hons) 2015-2020 GLC Thrissur
Page 47 of 48
been various amendments to the Indian Evidence Act in particular. “Section 3 of
the Evidence Act talks about evidence and includes electronic evidence too”.
“Electronic record is a piece of documentary evidence”.
It was decided in the case of State of Maharashtra v Dr. Praful B. Desai that,
“evidence recorded through video-conferencing is legal as interpreted under
Section 273 of the CrPC”. Supreme Court now also allows video conferencing as
a medium for the examination of the witness. As per Section 273, “evidence has
to be taken in the presence of accused”. But physical presence is not important,
constructive presence would suffice.
Revision Notes CYBER CRIMES by Ajsal Meeras & Punya Shaji 9th Semester BBA,LL.B(Hons) 2015-2020 GLC Thrissur
Page 48 of 48