Cyber Crime Notes Ajsal Punya

REVISION NOTES
ON
CYBER CRIMES
9TH SEMESTER BBA,LL.B(HONOURS)
TITLE PAGE NO
MODULE 1 01-13
MODULE 2 14- 25
MODULE 3 26- 34
MODULE 4 35- 42
MODULE 5 43- 48
Revision Notes on CYBER CRIMES

by Ajsal Meeras & Punya Shaji
th
9 Semester BBA,LL.B(Hons) 2015-2020
GOVERNMENT LAW COLLEGE
THRISSUR
Revision Notes CYBER CRIMES by Ajsal Meeras & Punya Shaji 9th Semester BBA,LL.B(Hons) 2015-2020 GLC Thrissur
Page 1 of 48
MODULE 1
Cyber Crime - Types - Understanding Cyber Crimes, Theoretical and Social

Perspectives in Cyber Crimes - Digital Key, Hash Functions, Cryptography
1. Introduction
Cyber crime is not an old sort of crime to the world. It is defined as any criminal
activity which takes place on or over the medium of computers or internet or other
technology recognised by the Information Technology Act.
Cybercrime is the most prevalent crime playing a devastating role in Modern

India. Not only the criminals are causing enormous losses to the society and the
government but are also able to conceal their identity to a great extent.
There are number of illegal activities which are committed over the internet by
technically skilled criminals. Taking a wider interpretation, it can be said that,
Cybercrime includes any illegal activity where computer or internet is either a
tool or target or both.
The term cybercrime may be judicially interpreted in some judgments passed by

courts in India; however, it is not defined in any act or statute passed by the Indian
Legislature. Cybercrime is an uncontrollable evil having its base in the misuse of
growing dependence on computers in modern life. Usage of computer and other
allied technology in daily life is growing rapidly and has become an urge which
facilitates user convenience. It is a medium which is infinite and immeasurable.
Whatsoever the good internet does to us, it has its dark sides too.
Some of the newly emerged cybercrimes are cyber-stalking, cyber-terrorism, e-

mail spoofing, e-mail bombing, cyber pornography, cyberdefamation etc. Some
conventional crimes may also come under the category of cybercrimes if they are
committed through the medium of computer or Internet.
2. Definition of Cyber Crime
The Indian Legislature doesn’t provide the exact definition of Cybercrime in any
statute, even the Information Technology Act, 2000; which deals with cybercrime
doesn’t defined the term of cybercrime. However, in general the term cybercrime
means any illegal activity which is carried over or with the help of internet or
computers.
Page 2 of 48
We do not have any precise definition of cybercrime; however, following is the
general definitions of term cybercrime:
The Oxford Dictionary defined the term cybercrime as “Criminal activities

carried out by means of computers or the Internet.”
“Cybercrime means any criminal or other offence that is facilitated by or

involves the use of electronic communications or information systems,
including any device or the Internet or any one or more of them”.
Professor S.T. Viswanathan has given three definitions in his book The Indian
Cyber Laws with Cyber Glossary is as follows -
1. Any illegal action in which a computer is the tool or object of the crime i.e.
any crime, the means or purpose of which is to influence the function of a
computer,
2. Any incident associated with computer technology in which a victim
suffered or could have suffered loss and a perpetrator, by intention, made
or could have made a gain,
3. Computer abuse is considered as any illegal, unethical or unauthorized
behavior relating to the automatic processing and transmission of data.
Characteristics of Cyber Crime
The Concept of cybercrime is very different from the traditional crime. Also due
to the growth of Internet Technology, this crime has gained serious and unfettered
attention as compared to the traditional crime. So, it is necessary to examine the
peculiar characteristics of cybercrime.
1.People with specialized knowledge – Cybercrimes can only be

committed through the technology, thus to commit this kind of crime one
has to be very skilled in internet and computers and internet to commit such
a crime. The people who have committed cybercrime are well educated and
have deep understanding of the usability of internet, and that’s made work
of police machinery very difficult to tackle the perpetrators of cybercrime.
Page 3 of 48
2. Geographical challenges – In cyberspace the geographical boundaries
reduced to zero. A cybercriminal in no time sitting in any part of the world
commit crime in other corner of world. For example, a hacker sitting in
India hack in the system placed in United States.
3. Virtual World –The act of cybercrime takes place in the cyber space
and the criminal who is committing this act is physically outside the cyber
space. Every activity of the criminal while committing that crime is done
over the virtual world.
4. Collection of Evidence - It is very difficult to collect evidence of

cybercrime and prove them in court of law due to the nature of cybercrime.
The criminal in cybercrime invoke jurisdiction of several countries while
committing the cybercrime and at the same time he is sitting some place
safe where he is not traceable.
5. Magnitude of crime unimaginable- The cybercrime has the potential

of causing injury and loss of life to an extent which cannot be imagined.
The offences like cyber terrorism, cyber pornography etc. has wide reach
and it can destroy the websites, steal data of the companies in no time.
Page 4 of 48
Types of Cyber Crimes
Cybercrime can be categorised into:

1. Cybercrime against person
2. Cybercrime against property
3. Cybercrime against government
4. Cybercrime against society
1. Cyber-crime against person:
In this category crime is committed against a person using electronic

service as a medium. Below are some offences that comes under this
category:
a. Cyber stalking: The term stalking means unwanted or obsessive

attention by an individual or group towards another person. Cyber stalking
refers to threat that is created through the use of computer technology such
as Internet, e-mails, SMS, webcams, phones calls, websites or even videos.
b. Hacking: This means gaining unauthorised access over computer

system with the intent of personal gain or misuse. It generally destroys the
whole data present in computer system.
c. Cracking: Cracking refers to digitally removing the copy write

protection code that prevents copied or pirated software from running on
computers that haven’t been authorised to run it by the vendor of the
software. The person who carries out this task if called as Cracker.
d. Defamation: It involves action of damaging the good reputation of

someone using computer or electronic service as medium. For e.g., Posting
vulgar message and/or photos about a person on his/her social network
profile such as Facebook, twitter etc.
e. Online fraud: This refers to acts of stealing confidential details of victim

such as banking credentials using phishing sites and thereafter withdrawing
Page 5 of 48
money from victims account, online lottery scams such as Nigeria lottery
scams.
f. Child pornography: This involves the use of electronic device and

services to create, distribute or access materials that sexually exploit minor
children. For e.g., Recording heinous act done with child on mobile device
and distributing on porn site.
g. Spoofing: The term spoofing means imitate something while

exaggerating its characteristic features with some personal gain or profit.
Spoofing of user identity can be described as a situation in which one
person or program successfully masquerades (means pretending to be
someone one is not) as another by falsifying data. Spoofing can be done
using email or SMS or WhatsApp. For e.g., Constantly mailing a person
claiming from bank and requesting banking credentials.
2. Cyber-crime against property:
In this category crime is committed against property of person using

electronic service as a medium. Below are some offences that comes under
this category:
a. Transmitting virus: A computer virus is a malware program that

reproduces itself into another computer programs, disk drive, files or
booting sector of hard drive. Once this replication of so-called virus is
succeeded the areas affected are termed as “infected”. Hacker generally
transmit virus to target system using email attachment as medium. When
victim opens the attachment (which is infected with virus) this virus gets
replicated throughout the system and thereby slowing down your system.
b. Cyber Squatting: The term squatting means unlawfully occupying an

uninhabited place. Cyber Squatting is where two or more persons claim for
the same Domain Name or any service available on Internet such as
Facebook profile etc. The hacker claims that he/she had first registered the
name before other person or he/she is the owner for twitter handle. For e.g.,
the first case in India registered for cybersquatting was Yahoo Inc. v/s
Page 6 of 48
Aakash Arora in 1999 where the defendant launched a YahooIndia.com
website nearly identical to the plaintiff’s popular website Yahoo.com and
also provided almost similar services. However, the court ruled in favour
of Yahoo Inc.
c. Cyber Vandalism: Vandalism refers to action involving deliberate

destruction or damage of public or private property. Cyber vandalism
means destroying or damaging the data when a network service is
unavailable.
d. Intellectual Property Crimes: Intellectual property are intangible

property that is the result of creativity such as copyrights, trademark, patent
etc. Intellectual Property Right (IPR) crime is any unlawful act by which
the owner is deprived of his/her rights completely or partially. These are
the most common offence occurring in India and includes software piracy,
infringement of patents, designs, trademark, copyright, theft of source code
etc.
For e.g., The popular case of trademark of Bikanerwala v/s New

Bikanerwala
Bikanerwala filed in 2005. The plaintiff (here Bikanervala) had filed IPR
case with defendant (here New Bikanerwala) since they were running new
outlet in Delhi by using trademark registered with plaintiff. The court had
allowed plaintiff’s application and the defendant was restrained by means
of an ad interim injunction.
3. Cyber-crime against government:
In this category crime is committed against government by using Internet

facilities. Below are some offences that comes under this category:
a. Cyber Warfare: Cyber warfare is Internet-based conflict that involves

politically motivated attacks on information and its related systems. It can
disable official websites and networks, disrupt or even disable essential
services such as Internet connection, steal or alter classified data such as
Sensex details on official website, and cripple financial systems such as
blocking payment gateways. For e.g., National Security Agency (NSA) of
US spying on large scale on many countries. This spying was blown up by
Page 7 of 48
former NSA agent Edward Snowden.
b. Cyber Terrorism: Cyber Terrorism is politically motivated use of

computers and information technology to cause severe disruption or
widespread fear amongst people.
4. Cyber-crime against society:

An unlawful activity done with the intention of causing harm to the
cyberspace that can affect entire society or large number of persons. Below
are offences that comes under this category:
a. Online Gambling: The term gambling means involving in activities that

allows chance for money. Online gambling is one of the most lucrative
businesses that is growing today in the list of cyber-crimes in India. It is
also known as Internet gambling or iGambling. The cyber-crime incident
such as online lottery scam (particularly those of Nigeria lottery scam),
online jobs i.e. work from remote location etc.
b. Cyber Trafficking: The term trafficking means dealing or involving in

trade activities that is considered to be illegal and is prohibited by
cybercrime law. Cyber Trafficking refers to unlawful activities carried out
using computer and/or computer services. For e.g., selling kidnapped child
to human trafficking group using WhatsApp as medium.
Understanding Cyber Crimes

Most cybercrime falls under two main categories:
• Criminal activity that targets computers or devices
• Criminal activity that uses computers to commit other crimes.
Cybercrime that targets computers often involves viruses and other types
of malware. Cybercriminals may infect computers with viruses and
malware to damage devices or stop them working. They may also use
malware to delete or steal data. Cybercrime that stops users using a
Page 8 of 48
machine or network, or prevents a business providing a software service to
its customers, is called a Denial-of Service (DoS) attack.
Cybercrime that uses computers to commit other crimes may involve using
computers or networks to spread malware, illegal information or illegal
images. Sometimes cybercriminals conduct both categories of cybercrime
at once. They may target computers with viruses first. Then, use them to
spread malware to other machines or throughout a network. Cyber
criminals may also carry out what is known as a Distributed-Denial-of
Service (DDos) attack. This is similar to a DoS attack but cybercriminals
use numerous compromised computers to carry it out.
The US Department of Justice recognizes a third category of cybercrime

which is where a computer is used as an accessory to crime. An example
of this is using a computer to store stolen data. “European Convention of
Cybercrime” The convention casts a wide net and there are numerous
malicious computer related crimes which it considers cybercrime.
For example:
• Illegally intercepting or stealing data.
• Interfering with systems in a way that compromises a network.
• Infringing copyright.
• Illegal gambling.
• Selling illegal items online.
• Soliciting, producing or possessing child pornography
Cyber-crimes are increasing day-by-day due to extensive use of Internet by

people. In order to deal with this Government of India has imposed Information
Technology Act, 2000 which was enacted with prime objective to create an
enabling environment for commercial use of Information Technology.
Page 9 of 48
Cyber-crimes under the IT Act:
– Section 65: Tampering with computer source documents
– Section 66: Hacking with computer systems, data alteration
– Section 67: Publishing obscene information
– Section 68: Power of controller to give directions
– Section 69: Directions of controller to a subscriber to extend facilities to decrypt

information
– Section 70: Unauthorised access to protected system
– Section 71: Penalty for misrepresentation

– Section 72: Breach of confidentiality and privacy
– Section 73: Publishing false digital signature certificates
Cybercrimes under IPC and special laws:

– Section 503 IPC: Sending threatening messages by email
– Section 499 IPC: Sending defamatory messages by email
– Section 463 IPC: Forgery of electronic records
– Section 420 IPC: Fake websites, cyber frauds
– Section 463 IPC: Email spoofing
– Section 383 IPC: Web-Jacking
– Section 500 IPC: Sending abusive message by email.
Page 10 of 48
Theoretical and Social Perspectives in Cyber Crimes
Social Control Theory and Cyber-Crime.

Social control refers to the effort of a group or society to regulate the behaviour
of members in conformity with established norms. These are officially imposed
pressures to conform, such as fines or imprisonment. Very little crime is
committed by young children because they are constantly under adult supervision.
However, adolescents and young people are relatively free from adult control. As
a result, they experience less social control and of these who exhibit an underlying
tendency to pursue short term immediate pleasure often engage in cyber-crimes.
Rational choice theory and cyber crime

‘Rationality’ means that an individual balances cost and benefit to arrive at action
that maximizes personal benefit. Cyber stalkers commit a crime after weighing
the prospective rewards against the potential risk. Rational choice theory is
accepted by many people because it assumes that people act in a manner that is
rational. It assumes that many of the cyber criminals are very talented and well
educated, not necessarily in formal manner but they have an ability to think
rationally.
Social learning Theory and Cyber crime

This theory takes into account the fact that the behaviour learnt could be negative
as well as positive. Most human behaviour is learned observationally and this
information serves as a guide for action in future. Through the process of
socialization an individual learns the norms of society. An individual with less
experience views the more experienced person as a mentor. For example, the act
of hacking is learnt in group interaction. Even photo morphing is learnt for fun
which can be later used for defamation. Most of the cyber-crimes are learnt as
they involve the use of technology. Social learning theory proposes that crime is
a learned behaviour stemming from peer association that leads to deviant attitude.
Less self-control is also linked to various forms of cyber-crime including illegal
download of music, piracy of movies, software piracy.
Page 11 of 48
Differential association Theory and Cyber crime
The basic idea behind this theory is that criminal tendencies are learned in
interaction with other deviant persons. It is through interaction with others that
one engages in illegal acts. This theory considers social environment as a means
to explain why some individuals engage in criminal behaviour. This is seen in
poor socio- economic conditions which encourage disobedience of law and
authority. The main premise of this theory is that criminal behaviour is learnt
through social interactions.
Space Transition Theory

Space Transition Theory explains the behaviour of the persons who bring out
their conforming and non-conforming behaviour in the physical space and virtual
space. Virtual space provides an individual with such space where he can express
his feelings and even vent out his outrage against anyone. Cyber stalking and
Cyber defamation are instances where offenders use online space because of its
anonymity and widespread approach. It also argues that people behave differently
when they move from one space to another. People with repressed criminal
behaviour (in the physical space) have a propensity to commit crime in
cyberspace, which, otherwise they would not commit in physical space, due to
their status and position.
Digital Key
There are two types of digital keys
Private key
Private key is the key which creates a digital signature to an electronic record. It
has to be corresponding to the public key listed in the Digital Signature Certificate,
and it is kept confidential by the subscriber.
Public key
Public key is the key which verifies a digital signature which is affixed by the
private key, and it is listed in the Digital Signature Certificate. This key is made
freely available to the public and the Certifying Authority.
Page 12 of 48
Digital Signature.
When an electronic record needs to be authenticated, Digital Signature is affixed
to it by means of asymmetric cryptosystem and hash function. Hash Function is
nothing but a computer programming algorithm mapping by which the
information is translated from one sequence of bits to another, and the latter is
known as hash result.
Cryptographic Hash Function

A cryptographic hash function is an algorithm that can be run on data such as an
individual file or a password to produce a value called a checksum. The main use
of a cryptographic hash function is to verify the authenticity of a piece of data.
Two files can be assumed to be identical only if the checksums generated from
each file, using the same cryptographic hash function, are identical. Some
commonly used cryptographic hash functions include MD5 and SHA-1.
Cryptography
Cryptography is the process by which any information is transformed into cipher
text or code, which can’t be read by an individual apart from the intended
recipient that is also when the recipient holds the secret key to unlock or decipher
such information. Cryptography is meant for security purposes.
Types of Cryptography
1. Symmetric cryptography
2. Asymmetric cryptography
1. Symmetric cryptography
Symmetric cryptography only one secret key, which can be words or numbers or
characters, is used to encrypt and decrypt an electronic record or a particular
message. The sender and the receiver both should know about that key to
respectively form and retrieve the message.
2. Asymmetric cryptography
Asymmetric cryptography two keys are used, one is kept confidential by the
person who is affixing the encryption to an electronic record or message, known
as private key, and the other is distributed generally to the public for decrypting
such record or message in order to retrieve it, known as public key. Asymmetric
cryptosystem takes more time than symmetric but is more secure
Page 13 of 48
MODULE 2
Online fraud—Identity theft—Virtual crime—Password cracking-scams-
phishing attacks Computer intrusions and attacks
Online fraud
Fraud that is committed using the internet is “online fraud.” Online fraud can
involve financial fraud and identity theft.
Fraud comes in many forms. It ranges from viruses that attack computers with
the goal of retrieving personal information, to email schemes that lure victims
into wiring money to fraudulent sources, to “phishing” emails that purport to be
from official entities (such as banks or the Internal Revenue Service) that solicit
personal information from victims to be used to commit identity theft, to fraud on
online auction sites (such as eBay) where perpetrators sell fictional goods. The
methods used by perpetrators of online fraud are constantly evolving. criminals
use scams to try to defraud people.
Phishing
Phishing involves using a form of spam to fraudulently gain access to people's

internet banking details. The term 'phishing' refers to the use of spam e-mails
purporting to be from a bank, in this way criminals’ 'fish' for legitimate bank
customer's logon information.
Criminals send out millions of these fraudulent e-mails to random e-mail

addresses in the hope of luring unsuspecting innocent persons into providing their
personal banking details.
Typically, a phishing email will ask an internet banking customer to follow a link
to a fake banking website and enter his or her personal banking details.
If the link is followed, the victim often also downloads a malicious program
which captures his/her keyboard strokes including any typed information such as
banking login details and sends them to a third party. As well as targeting internet
banking customers, phishing emails may target online auction sites or other
online payment facilities.
Legitimate banks do NOT send such emails to their customers.
Page 14 of 48
Mule Recruitment
'Mule Recruitment' is an attempt to get a person to receive stolen funds using his
or her bank account, and then transfer those funds to criminals overseas.
Usually, criminals send out millions of fraudulent job and employment emails to
random email addresses, in the hope of involving unsuspecting, innocent persons
in their criminal activity.
Shopping and auction site fraud
Regarding online transactions, it is advisable to select a secure payment service

yourself rather than accept advice from the seller. Do not click on links to banking
or similar services provided in emails as these may lead to fraudulent sites. If you
receive a suspect email, the best course of action is to delete it immediately. Do
not follow any links, or reply to the sender. By following a link, you may
accidentally download a 'Trojan' or 'key logging' program, which could
compromise your security. By replying, you run the risk of receiving more emails
from this source.
Scams
'Nigerian letter' or '419' scams, as well as 'lottery' or 'Spanish lottery' scams,

attempt to lure victims into a type of fraud known as an 'illegal advance fee'. They
typically arrive via email.
Criminals send out millions of these fraudulent spam emails to random email
addresses in the hope of enticing someone to respond.
Although the stories in these scams vary widely, after an initial exchange of
conversation or emails with the victim, they all usually ask victims to provide
bank account or personal details in order to receive a fictitious financial windfall.
The promised windfall may be lottery winnings, a huge inheritance, a multi-

million-dollar bank transfer, etc. While the windfall payment is never made,
victims pay large sums of money to cover various false costs and fees.
Page 15 of 48
Spam
Spam is unsolicited commercial messages sent via email, SMS, MMS and other,
similar electronic messaging media. They may try to persuade you to buy a
product or service, or visit a website where you can make purchases; or they may
attempt to trick you into divulging your bank account or credit card details.
If you receive a suspect email, the best course of action is to delete it immediately.
Do not follow any links, or reply to the sender. By following a link, you may
accidentally download a 'Trojan' or 'key logging' program, which could
compromise your security. By replying, you run the risk of receiving more emails
from this source.
Identity theft
The term identity theft was coined in 1964. A large part of online crime is now
centered on identity theft which is part of identity fraud and specifically refers to
the theft and use of personal identifying information of an actual person, as
opposed to the use of a fictitious identity. This can include the theft and use of
identifying personal information of persons either living or dead.
Identity theft is stealing someone's identity in which someone pretends to

someone else by assuming that person's identity, in order to access resources or
obtain credit and other benefits in that person's name. The victim of identity theft
suffers adverse consequences if they are held accountable for the perpetrator's
actions. identity theft occurs when someone uses another's personally identifying
information, like their name, identifying number, or credit card number, without
their permission, to commit fraud or other crimes.
Definition:
There is no universally accepted definition, few definitions of identity theft are:
Identity theft and identity fraud are terms used to, refer to all types of crime in
which someone wrongfully obtains and uses another person’s personal data in
some way' that involves fraud or deception, usually for economic gain.
Page 16 of 48
Identity Theft is a crime in which an impostor obtains key pieces of personal
identifying information (PI) such as Social Security numbers and driver's license
numbers and uses them for their own personal gain This is called ID Theft. It can
start with lost or stolen wallets. pilfered mail, a data breach, computer virus,
phishing, a scam, or paper documents thrown out by you or a business (dumpster
diving). This crime varies widely, and can include check fraud, credit card fraud
financial identity theft. criminal identity theft. governmental identity theft, and
identity fraud.
identity theft is carried out in 3 stages. which is acquisition, using of identity and
finally discovery of theft
Acquisition of the identity: It involves the acquisition of the identity through

theft. hacking. redirecting or intercepting mail or by purchasing identifying
information on the internet.
Use of the identity: After the acquisition of the identity, the fraudster may use
the identity to commit another crime resulting in financial gain to him. Financial
gain crimes could be such as misuse of the credit card information to make online
purchase, opening new accounts, sell the identities to others who commit fraud.
Sometime ne stolen information may be used to harass the victim, like posting O
pornography or obscene material by fraudster posing himself as the victim.
Discovery of the theft: Many cases of misuse of credit cards are discovered
quickly. however, in some cases the victim of an identity theft may not even know
how or when their identity was stolen and theft may take 6 months to several
years to come to the notice of the Victim. Study reveals that the longer it takes to
discover the theft, the greater the loss incurred by the victim.
Various ways of committing identity theft:
The most rampant ways to commit identity theft are as follows: Theft: There may
be a theft of wallet or bag containing bank credit cards, passport and other
identifying documents containing vital personal information.
Hacking, unauthorized access to systems, and database theft: The fraudsters

frequently compromise systems, diverting information directly or indirectly with
the help of gadgets on the network. Hackers gain access to a huge base of
Page 17 of 48
confidential data, decrypt it and misuse the same elsewhere for financial gain or
commit fraud.
Phishing: Phishing is the most prevalent method to steal the personal identifying
information. The fraudster sends a fraudulent email with a link to a fake website
that is exact replica of the original bank sites which are so designed to fool the
users so that they reveal their personal information.
Vishing: It is the act of calling a victim on the phone by the fraudster posing as
the bank representative in an attempt to scam victim users into disclosing personal
information.
Pharming: It is a technique used by fraudster by setting up a phony web server

and intercepting user names and PIN numbers.
Theft by past present employees: Perpetrators can also obtain personal

information by bribing employees who have access to personal records, data
bases or confidential an information.
Skimming: Skimming can occur when a criminal attaches a small skimmer

gadget to an ATM which records the magnetic stripe details of the ATM card and
the camera films the personal identification number filed by the user.
Shoulder Surfing: The fraudster can also obtain your personal data without
breaking into your homes. In public places, some people loiter around ATM &
Telephone Booths who watch you enter your secret PIN Number or simply
looking over your shoulder on a public telephone or just by eavesdropping if you
are giving your credit card information over the phone.
Types of Identity theft
1. Criminal Identity theft

2. Financial Identity theft
3. Synthetic Identity theft
4. Identity cloning and concealment
5. Medical Identity theft
6. Child Identity theft
Page 18 of 48
1.Criminal Identity theft
Criminal Identity theft occurs when someone who has been arrested for
committing a crime presents himself as another person, by using that person’s
details and information. This results in the filing of criminal record against the
victim who may have no idea about the crime committed or may not learn about
the crime until it’s too late or when the court summons.
It must be difficult for the victim to clear their records as the jurisdiction for every
crime is different and it will be very hard to find the true identity of the criminal.
might need to find the police officers and they will identify the victim and the
Court after an investigation will clear the charges.
2.Financial Identity theft
Financial Identity theft refers to the taking over of the victim’s account by the
criminal by stealing his personal information. Thus, financial identity theft is the
outcome of Identity theft. The ultimate goal of the criminals is to obtain the credit
card in the name of the victim or to withdraw the amount from the victim’s
account.
This includes taking a loan on the victim’s name, writing the cheques on the
victim’s name or transferring money from the victim’s account. Also, using goods
and services by claiming to be someone else come into financial identity theft.
3.Synthetic Identity theft
Synthetic Identity theft is the most common identity theft in which original
identities are completely or partly forged. It is committed by the criminals by
combining the fake credentials and the legitimate personal information of the
victim in order to create a fake document. This false document can be used by the
criminal to apply for a loan, obtain a duplicate license, apply for credit, etc.
This majorly harms the creditors who granted credit to the fraud. Victims are
minorly affected if their names are confused with the synthetic identity or
negative ratings can affect their credit score.
Page 19 of 48
4.Identity cloning and concealment
Identity cloning and concealment are committed when someone uses the identity
of someone else in order to conceal his identity. It is mostly used by immigrants.
A person may apply for the visa by using false information and thus, concealing
the identity. Terrorists use Identity cloning to impersonate someone else.
Thus, instead of using someone else’s identity for financial gains or committing
crimes, it is used by the person the criminal to live the life of the person whose
information is obtained.
5.Medical Identity theft
Medical Identity theft occurs when the criminal uses the information of someone
else to get prescription drugs, see the doctor or claim the insurance benefit. The
result is, the medical records of the criminal are added to the victim’s record.
Thus, this has serious consequences on the medical records of the victim.
6.Child Identity theft
The theft in which a child’s identity is used by another person for illegal gain is
known as child identity theft. The imposter can be anyone, an unknown, a friend
or even a family member who targets children.
Virtual crime
Virtual crime or in-game crime refers to a virtual criminal act that takes place in
a massively multiplayer online game (MMOG), usually an MMORPG. The huge
time and effort invested into such games can lead online "crime" to spill over into
real world crime, and even blur the distinctions between the two. Some countries
have introduced special police investigation units to cover such "virtual crimes".
South Korea is one such country and looked into 22,000 cases in the first six
months of 2003.
Several interpretations of the term "virtual crime" exist. Some legal scholars opt
for a definition based on a report written by freelance journalist Julian Dibbell on
what was the first prominent case, "a rape in cyberspace." One such scholar
Page 20 of 48
defined virtual crime as needing to have all the qualities of a real crime, and so
was not a new subset of crime at all. Conversely, it has also been said that the
connection between virtual crimes and real crimes are "tenuous at best: It is the
link between a brutal rape and a fictional story of a brutal rape. Surely the
difference is more striking than any similarity." It is difficult to prove that there
are real-life implications of virtual crime, so it is not widely accepted as
prosecutable.
To rectify this, the modern interpretation of the term "virtual" must be amended
such that it carries the traditional implication; "that is such in essence or effect,
though not recognised as such in name or according to strict definition." In this
sense, it "would include those crimes that somehow evoke and approach the effect
and essence of real crime, but are not considered crimes."
Real Crimes in Virtual Worlds
Many police officials, including seasoned and experienced cybercrime

investigators, may not have yet investigated a case involving a virtual world or
MMORPG. Faced with already overwhelming caseloads from traditional forms
of cybercrime, such as hacking, Internet fraud and online child abuse images, few
investigators want additional work from virtual cases. That said, we believe that
virtual world crimes merit further examination given their inevitable emergency
into the daily workload of cybercrime investigators around the world.
Password cracking
Password cracking means recovering passwords from a computer or from data

that a computer transmits. This doesn’t have to be a sophisticated method. A
brute-force attack where all possible combinations are checked is also password
cracking.
While password cracking is mostly associated with criminal activities, it can be

used for benign causes as well. For instance, you might want to crack a forgotten
password that you cannot change at the moment. Alternatively, you may want to
check your network for weak passwords to prevent an intrusion. Finally, law
enforcement might use password cracking to retrieve evidence from a suspect’s
online accounts.
Page 21 of 48
Password cracking techniques used by hackers
Naturally, hackers want to use the easiest available method for password cracking.
More often than not, that method is phishing, described in detail below. As long
as the human is the weakest link of any security system, targeting her or him is
the best bet. If that fails, there are plenty of other password cracking techniques
to try.
While passwords are a very popular account security tool, they aren’t necessarily
the safest option. That’s especially the case if a user creates a weak password,
reuses it, and stores its plaintext copy somewhere online.
Is password cracking illegal?
There’s no clear-cut answer to this. For starters, all password cracking tools
described above are perfectly legal. That’s because they play a key role in
checking for vulnerabilities and can also help recover a lost password. What’s
more, such tools help law enforcement fight crime. So, as it often is, password
cracking can help the good and the bad cause.
As to the password cracking as an activity, it depends on two factors. One, the

hacker doesn’t have the authority to access that particular data. Two, the goal is
to steal, damage, or otherwise misuse the data. Even if only one of these factors
is present, a hacker will most likely receive a punishment, ranging from a fine to
multi-year imprisonment.
Password cracking is legal if someone asks a hacker to try and break into the
system with the goal to find vulnerabilities, such as weak passwords. These so-
called white-hat hackers have no authorized access but use all possible means to
penetrate the system.
In contrast, black-hat hackers always have personal gain, and the means are
almost exclusively illegal. If they manage to crack a password, they will use it to
get even more information about the target, leading to banking and other valuable
data.
Page 22 of 48
In not so much contrast, we find grey-hat hackers. These try to access data
illegally and they don’t inform about a successful attack. However, grey-hat stop
after they reach their goal and have no interest in profiting from the exposed
information. One can compare this to breaking into someone’s home while
they’re at work and leaving as soon as you’re in.
To sum up, if there’s no bug bounty, no agreement to do a penetration testing,

and no request to help recover a lost password, cracking is illegal.
Phishing
In computing, phishing is a form of social engineering, characterized by attempts
to fraudulently acquire sensitive information, such as passwords and credit card
details, by masquerading as a trustworthy person or business in an apparently
official electronic communication, such as an e-mail or an instant message. The
act of sending an e-mail to a user falsely claiming to be established legitimate
enterprises in an attempt to scam the user into surrendering private information
that will be used for identity theft. The e-mail directs the user to visit a Website
where they are asked to update personal information, such as passwords, credit
card, social security, and bank account numbers, that the legitimate organization
already has. The Website, however, is bogus and set up only to steal the user’s
information.
The motive behind phishing is that people will share their credit card information,
passwords, bank account numbers and other information thinking that they are
sharing their information to the legitimate organization but in real they are sharing
their information with bogus website or organization which is going to steal their
money.
Most methods of phishing use some form of technical deception designed to make
a link in an e-mail appear to belong to the spoofed organization. Misspelled URLs
or the use of sub domains are common tricks used by phishers, for example, the
link http://www.google.com@membcrs.abc.com/ might deceive a casual
observer into believing that the link will open a page on www.google.com,
whereas the link actually directs the browser to a page on members.abc.com,
using a username of www.google.com; were there no such user, the page would
open normally. This method has since been closed off in the Mozilla and Internet
Page 23 of 48
Explorer web browsers, while Opera provides a warning message and the option
not to follow the link.
Nowadays Phishing attacks are becoming common form of risk in Internet based
Banking. Banks have been largely forcing the customers to believe that the
liability for Phishing should be borne by the customers because they were
negligent in responding to the Phishing mail. However, the legal position can be
different. Phishing is a result of multiple contraventions of Information
Technology Act 2000 particularly after the amendments of 2008. It results in
wrongful loss to the customer. The contravention therefore attracts provisions of
Section 43 for adjudication. Already, several complaints have been registered
against Banks in Bangalore, Chennai and Hyderabad.
Banks are basically being held liable under the age-old Banking law that
“Forgery cannot be held against the customer, however clever or undetectable the
forgery is”. Additionally, Banks are ignoring the law of the land through IT Act
2000 as well as the Guidelines of RBI and not using digital signatures for
authentication of Internet transactions. This makes them negligent under Sections
79 and 85 making them liable for any offence attributable to a computer
belonging to the Bank. Recently Bank of India has set precedence by accepting
liability for Phishing in one the cases filed in Bangalore and repaying the amount
along with interest to the customer who was a victim of a Phishing fraud.
Phishing under Information Technology Act, 2000
Phishing is a cybercrime and few sections have been amended in 2008 Act to
punish phishers. The following Sections of the Information Technology Act,
2000 are applicable to Phishing.
Section 66A: Sec 66A of the Act prescribes punishment for sending offensive
messages through computer resource or communication device. It states that any
information which is offensive or has menacing character, or which is false in
nature for causing annoyance shall he punished with an imprisonment of three
years and with fine
It is clear from this that the misrepresenting email containing the fake link of the
bank or organization is used to deceive or to mislead the recipient about the origin
of such email and thus, it attracts the provisions of Section 66A IT Act 2000.
Page 24 of 48
Section 66D: Punishment for cheating by personation by using computer
resources. Whoever by means of any communication device or computer
resource cheats by personation, shall be punished with imprisonment of either
description for a term which may extend to three years and shall also be liable to
fine which may extend to one lakh rupees.
Computer intrusions and attacks
Computer intrusions occur when someone tries to gain access to any part of your
computer system. Computer intruders or hackers typically use automated
computer programs when they try to compromise a computer’s security. There
are several ways an intruder can try to gain access to your computer.
They can:
1. Access your computer to view, change, or delete information on your

computer.
2. Crash or slow down your computer.
3. Access your private data by examining the files on your system.
4. Use your computer to access other computers on the Internet.
Page 25 of 48
MODULE 3
International aspects and Jurisdiction relating to cybercrimes, Human right
violations and internet, public domain
International aspects and jurisdiction relating to cyber crime
Cybercrime is not a national problem but an international one. International

access to information and the mobility of data are fundamental to the working of
our economic systems. Distance, time and space have ceased to be obstacles in
commercial transactions. However, the rapid transnational expansion of large-
scale computer networks and the ability to access this system through regular
telephone lines increases the vulnerability of these systems and the opportunity
for their misuse or criminal activity.
The menace of crime in cyberspace has the potential for limiting the development
of cyber based international trade and commerce, apart from shying away the
ordinary people whose privacy and security gets affected by onslaught of
information crime.
The international element of cybercrimes creates new problems and challenges

for the law. System may be accessed in one country, the data manipulated in
another country and the consequences felt in third country. The result of this
ability is that different sovereignties, jurisdictions, laws and rules will come into
play. More than any other transnational crime the speed, mobility, flexibility
significance and value of electronic transactions profoundly challenge the
existing rules of international crime law.
The United Nation Manual on the Prevention and Control of Computer –related
crime call upon the international community to strive for the following, in seeking
solutions to the above problems:
Maximizing cooperation between nation in order to address, firstly, the potential

for enormous economic losses and, secondly, the general threat to privacy and
other fundamental values that near-instantaneous cross-border electronic
transaction may create, Worldwide protection so as to avoid “data paradise” or
computer crimes havens where computer criminal can find refuge or launch their
attacks;
Page 26 of 48
A lawfully structured cooperation scheme, taking into account and balancing the
necessities of international trade and relations on the one hand, and the rights and
freedoms of individual on the other hand.
It has been recognized under the International law that a state may assert extra-
territorial jurisdiction under certain circumstances. The basic principles where the
extra-territorial jurisdiction can be exercised are:
1. Territorial principle:
2. Nationality principle:
3. Protective Principle:
4. Passive Personality Principle
5. The "Effects Doctrine"
6. Universality Principle
1. Territorial principle: A state's territory for jurisdictional purposes extends to

its land and dependent territories airspace, aircraft, ships, territorial sea and for
limited purposes, to its contiguous zone, continental shelf and exclusive
economic zone. The principle as adopted by the national court has been that all
people within a state’s territory are subject to national law, save only for those
granted immunity under International law.
In France vs. Turkey (S.S Lotus case) it was held by the Permanent Court of
International Justice that "the first and foremost restriction imposed by
international law on the state is that the state shall not exercise its power in any
form in the territory of another State. In this sense jurisdiction is certainly
territorial and it cannot be exercised by a State outside its territory except by
virtue of a permissive rule derived from international custom or from convention.
When there is a conflict between two states or territories involving two or more
states the only way out to resolve the issue is through mutual negotiation or
extradition to the most affected state or simply by exercising of jurisdiction by
the State having custody of the accused.
Page 27 of 48
2. Nationality principle: It is for the state to determine under its own law who
are its nationals. Any question as to whether a person possesses nationality of a
particular state shall be determined in accordance with the law of the State.
Nationality serves to determine that the person, upon whom it is conferred, enjoys
the rights and is bound by the obligations which the law of the state grants to or
imposes upon its nationals.
Under the principle of nationality, a state may exercise jurisdiction over its own
nationals irrespective of the place where the relevant acts occurred. A state may
even assume Extra-territorial jurisdiction.
3.Protective Principle: A state relies upon this principle when its national
security or a matter of public interest is in issue. A state has a right to protect itself
from acts of international conspiracies and terrorism, drug trafficking etc. In the
case of Attorney-General of the Government of Israel v Eichmann, the court of
Jerusalem held that " The State of Israel's right to punish the accused derives from
the two cumulative sources: a universal source- which vests the right to prosecute
and punish crimes of this order in every state within the family of nations, and a
specific or national source, which gives the victim nation the right to try any who
assault its existence"
4. Passive Personality Principle: It extends the nationality principle to apply to

any crime committed against a national of a state, wherever that national may be.
It in a way provides that the citizen of one country. When he visits another country
takes with him for his protection the law of his own country and subjects those,
with whom he comes into contact, to the operation of that law.
This principle was elaborated in the case of United States v Yunis
The US District court held that "The Passive personality principle authorizes
states to assert jurisdiction over offences committed against their citizens abroad.
It recognizes that each state has a legitimate interest in protecting the safety of its
citizens when they journey outside national boundaries".
Page 28 of 48
5. The "Effects Doctrine": It is an extra-territorial application of national laws
where an action by a person with no territorial or national connection with a state
has an effect on that State. The situation is compounded if the act is legal in the
place where it was performed. The 'effects' doctrine' is primarily a doctrine to
protect American business interests and is applicable where there are restrictive
trade or anti- competitive agreements between corporations.
In the case of Hartford Fire Insurance Co California, the question was whether
the London insurance companies refusing to grant reinsurance to certain US
businesses except on terms agreed amongst themselves are violative of the US
anti-trust laws and tried in the United States. The US Supreme Court held that the
US court did have jurisdiction and that there exists no conflict between domestic
and foreign law and "where a person subject to regulation by two states can
comply with the laws of both"
6. Universality Principle: A state has jurisdiction to define and prescribe

punishment for certain offences recognized by the community of nations as of
universal concern. It includes acts of terrorism, attacks or hijacking of aircraft,
genocide, war crimes etc. a State may assert its universal jurisdiction irrespective
of who committed the act and where it occurred.
Jurisdiction in Cyberspace
Jurisdiction means the authority which a court has to decide matters that are
litigated before it or to take cognizance if matters are presented in a formal way
for its decisions.
The rapid development of information and communication technologies has

revolutionized the business practices and individual practices. Taking the lead in
these technologies is the Internet. Internet is not only a means of communication
and information flow but is also a medium of conducting business. More and
more business transactions and on-line contracts are taking place on the internet.
Like every other technology, Internet has also brought certain problems with
itself such as computer crimes, breach of contracts done on line, issues of
pornography due to different moral standards in different countries etc.
Page 29 of 48
The decentralized nature of Internet usually brings parties residing in different
jurisdictions in contact with each other. Due to this which court will acquire the
authority to try the case in case of a contentious issue always remains a
problematic question.
Traditional rules relating to jurisdiction and competence incorporate a notion of

territoriality. But Internet communications are not geographically dependent. The
very origin of an e-mall message may be unknown. Website information cannot
be confined to a target audience, but is disseminated simultaneously to global
market. It may affect individuals in number of Jurisdictions, all of which have
their own particular local laws. This gives rise to enormous challenges.
According to the tradition Indian law the Jurisdiction of Civil Courts is mentioned
in the Code of Civil Procedure, 1908. A civil court in India can take cognizance
of a civil dispute if the cause of action has either wholly or partly arisen within
its territorial jurisdiction. The jurisdiction of Criminal Courts is discussed in the
Indian Penal Code and the Code of Criminal Procedure, 1973.
By section 2(2) of the I.T Act the Act extends to the whole of India and applies
to any offence or contravention committed outside India by any person. By
section 75(1) the provisions of the Act shall apply also to any offence or
contravention committed outside India by any person irrespective of his
nationality. However, the Act shall apply to an offence or contravention
committed outside India by any person only if the act or conduct constituting the
offence or contravention involves a computer, computer system or computer
network located, in India.
Thus, the Indian Courts can take cognizance of offences punishable under the Act
if the offence involves a computer, computer system or computer network located
in India, even though the offence was committed outside India. Furthermore, the
Indian courts can proceed even against a foreigner if the offence or contravention
involves a computer, computer system or computer network located in India.
Page 30 of 48
Human right violation and internet
Day in and day out we find human rights violations and privacy of an individual
is at stake with the recent advancements in the cyber space. A sincere effort is
made to focus on the asserted boundlessness" of cyber space in order to examine
how and to what extent the activities are centered round. Before we go deep into
the subject, it is appropriate and necessary to understand the meaning and scope
of cyber space.
The internet has been in existence since 1960’s and the World Wide Web (WWW)
since 1990’s2. Cyber space however remains a relatively new terrain in terms of
the questions it raises about human rights and responsibilities. The International
Telecommunications Union estimates that almost 40% of the world’s population
and over 76% of people in developed countries are now internet users.3
Government, business and organizations in civil society are increasingly using
cyber space platforms in the communication of information and delivery of
services.
Accordingly, the internet has become a major vehicle for the exercise of the right
to freedom of expression and information. The International Covenant on Civil
and Political Rights (I.C.C.P.R) 4states (in Article 19(2) Freedom of opinion and
expression. Everyone shall have the right to freedom of expression, this right shall
include freedom to seek, receive and impart information and ideas of all kinds,
regardless of frontiers, either orally, in writing or in print, in the form of art or
through any other media of his choice.
The Human Rights Commission has stated that the freedom of expression and
information under Article 19 of the ICCPR include the freedom to receive and
communicate information, ideas and opinions through the internet.
Article 19(3) provides that:
The exercise of the rights provided for in paragraph 2 of this article carries with
its special duties and responsibilities. It may therefore be subject to certain
restrictions, but these shall only be such as provided by a law and are necessary:
Page 31 of 48
a) For respect of the rights or reputations of others.
b) For the protection of national security or public order (order public), or public
health or morals.
Constitutional Provisions and Cyber Space
1. Freedom of expression and internet censorship
2. Effective responses to racism, sexism, sexual harassment on the internet
3. Right to access the internet.
Freedom of Expression and the Internet Censorship
The internet has opened up new possibilities, avenues, and channels for the
realization of the right to freedom of expression. This is certainly because of the
internet’s unique characteristics including its speed, worldwide reach and
importantly the aspect of anonymity.
These distinctive features have enabled individuals to use the internet to

disseminate information in “real time” and to mobilise people. The United
Nation’s Special Rapport on the promotion and protection of the Right to
Freedom of opinion and Expression (Special Rapport) asserts that: “Unlike any
other medium the internet facilitated the ability of individuals to seek, receive and
impart information and ideas of all kinds instantaneously and inexpensively
across national borders. By vastly expanding the capacity of individuals to enjoy
their right to freedom of opinion and expression, which is an “enabler” of other
human rights, the internet boosts economic, social and political development and
contributes to the progress of human kind as a whole.”
Page 32 of 48
Other human rights violations occurring in cyber space.
Cyber Bullying
Perhaps the most well-known “Cyber” form of offensive behavior is “Cyber

Bullying”. Cyber bullying is defined as a person (or a group of people) using
technology to repeatedly and intentionally use negative words and / or actions
against a person which causes distress and risks that person’s well-being.
Cyber Racism
There are many examples of cyber- racism on the internet from racist individual
Facebook posts to group pages specifically set up a racist purpose.
Cyber-Sexism/Sexual Harassment
Instances of Cyber-Sexism are similarly numerous. Other examples of Cyber-
Sexism, Sexual harassment include “Creep Shots” where man take pictures of
intimate body parts of unsuspecting women snapped on the street or in their
private places and load them on a publicly accessible website.
Cyber Homophobia
The incidence of homophobic cyber-bullying has increased greatly in recent years
with the proliferation of online social networking tools.19 In U.S.A, a student
killed himself shortly after discovering that his roommate had secretly used a
webcam to stream his sexual intimate actions with another man over the internet.
It is thus evident that the internet is being used in different ways to facilitate
various forms of discrimination and harassment.
Public domain
The term "public domain" refers to creative materials that are not protected by
intellectual property laws such as copyright, trademark, or patent laws. The public
owns these works, not an individual author or artist. Anyone can use a public
domain work without obtaining permission, but no one can ever own it.
An important wrinkle to understand about public domain material is that, while

each work belongs to the public, collections of public domain works may be
protected by copyright. If, for example, someone has collected public domain
images in a book or on a website, the collection as a whole may be protectable
even though individual images are not. You are free to copy and use individual
Page 33 of 48
images but copying and distributing the complete collection may infringe what is
known as the "collective works" copyright. Collections of public domain material
will be protected if the person who created it has used creativity in the choices
and organization of the public domain material. This usually involves some
unique selection process, for example, a poetry scholar compiling a book-The
Greatest Poems of E.E. cummings.
There are four common ways that works arrive in the public domain:
• the copyright has expired

• the copyright owner failed to follow copyright renewal rules
• the copyright owner deliberately places it in the public domain, known as
"dedication," or
• copyright law does not protect this type of work.
Page 34 of 48
MODULE 4
Cyber warfare—Cyber terrorism—Cyber-squatting –cyber stalking-software
privacy—and copyright infringement
Cyber warfare
Cyber warfare is computer- or network-based conflict involving politically

motivated attacks by a nation-state on another nation-state. In these types of
attacks, nation-state actors attempt to disrupt the activities of organizations or
nation-states, especially for strategic or military purposes and cyber espionage.
Although cyber warfare generally refers to cyber-attacks perpetrated by one

nation-state on another, it can also describe attacks by terrorist groups or hacker
groups aimed at furthering the goals of particular nations. It can be difficult to
definitively attribute cyber-attacks to a nation-state when those attacks are carried
out by advanced persistent threat (APT) actors, but such attacks can often be
linked to specific nations. While there are a number of examples of suspect
cyberwarfare attacks in recent history, there has been no formal, agreed-upon
definition for a cyber "act of war," which experts generally agree would be a
cyberattack that directly leads to loss of life.
Cyberwarfare can take many forms, including:
• viruses, computer worms and malware that can take down water supplies,
transportation systems, power grids, critical infrastructure and military
systems;
• denial-of-service (DoS) attacks, cyber security events that occur when
attackers take action that prevents legitimate users from accessing targeted
computer systems, devices or other network resources;
• hacking and theft of critical data from institutions, governments and
businesses; and
• ransomware that holds computer systems hostage until the victims pay
ransom.
Page 35 of 48
Objectives of cyberwarfare
According to Cybersecurity and Infrastructure Security Agency (CISA), the goal

of those engaged in cyberwarfare is to “weaken, disrupt or destroy the US.” To
achieve their goals, “national cyber warfare programs are unique in posing a
threat along the entire spectrum of objectives that might harm US interests,” says
CISA. These threats range from propaganda to espionage and serious disruption
with loss of life and extensive infrastructure disruption. A few examples of
threats include:
• Espionage for technology advancement. For example, the National

Counterintelligence and Security Center (NCSC) in its 2018 Foreign
Economic Espionage in Cyberspace report notes that China’s cybersecurity
law mandates that foreign companies submit their technology to the
Chinese government for review and that Russia has increased its demand
of source code reviews to approve of foreign technology sold in their
country. In 2018, the US Department of Justice charged two Chinese
hackers associated with the Ministry of State Security with targeting
intellectual property and confidential business information.
• Disruption of infrastructure to attack the US economy or, when attacked

by the US, to damage the ability of the US to continue its attacks. For
example, by controlling a router between supervisory control and data
acquisition (SCADA) sensors and controllers in a critical infrastructure,
such as the energy sector, an enemy can attempt to destroy or badly damage
energy plants or the grid itself.
Types of cyberwarfare attacks
Increasingly, cybercriminals are attacking governments through their critical

infrastructure, including transportation systems, banking systems, power grids,
water supplies, dams, hospitals and critical manufacturing.
The threat of cyberwarfare attacks grows as a nation's critical systems are

increasingly connected to the internet. Even if these systems can be properly
secured, they can still be hacked by perpetrators recruited by nation-states to find
weaknesses and exploit them.
APT attacks on infrastructure can devastate a country. For example, attacks on a

nation's utility systems can wreak havoc by causing widespread power outages,
Page 36 of 48
but an attacker with access to hydropower grids could also conceivably cause
flooding by opening dams.
Cyberattacks on a government's computer systems can be used to support

conventional warfare efforts. Such attacks can prevent government officials from
communicating with one another; enable attackers to steal secret communications;
or release employee and citizen personal data, such as Social Security numbers
and tax information, to the public.
Nation-state-sponsored or military-sponsored attackers might also hack the

military databases of their enemies to get information on troop locations, as well
as what kind of weapons and equipment they're using.
DoS attacks, which continue to increase around the world, are expected to be
leveraged for waging cyberwarfare. Attackers are using distributed denial of
service (DDoS) attack methods to hit government entities with massive sustained
bandwidth attacks, and at the same time infecting them with spyware and
malware to steal or destroy data. These attacks may inject misinformation into
the networks of their targets to create chaos, outages or scandals.
Cyber Terrorism
The term cyberterrorism refers to the use of the Internet in order to perform
violent actions that either threaten or result in serious bodily harm or even loss of
life. Cyberterrorism acts often aim to achieve political or ideological advantages
by means of intimidation, fear and threat.
Sometimes, the definition of cyberterrorism expands to cover the terrorist

activities like intentional disruption of computer networks through using various
tools like worms, viruses, phishing activities and various other malicious software
and programming scripts.
By Section 66 F of the Information Technology Act, 2000 prescribes punishment

for Cyber Terrorism. As per section 66F there are two types of Cyber Terrorism.
They are the following.
(A) Whoever with intent to threaten the unity, integrity, security or sovereignty
of India or to strike terror in the people or any section of the people
Page 37 of 48
(i) denies or cause the denial of access to any person authorised to access
computer resource; or
(ii)attempts to penetrate or access a computer resource without authorisation or

exceeding authorised access; or
(iii) introduces or causing to introduce any computer contaminant; and by

means of such conduct causes or is likely to cause
• death or injuries to persons or

• damage to or destruction of property or
• disrupts or knowing that it is likely to cause damage or disruption of
supplies or services essential to life of the community or
• adversely affect the 'critical information infrastructure specified under
section 70 commits the offence of Cyber Terrorism.
The expression 'critical information infrastructure' means the computer resource,

the incapacitation or destruction of which, shall have debilitating impact on
national security, economy, public health or safety
(B) Whoever, knowingly or intentionally penetrates or accesses a computer

resource without authorisation or exceeding authorised access, and by means of
such conduct obtains access to:
information, data, or computer database that is restricted for reasons of the

security of the State or foreign relations; or
any restricted information, data or computer data base, with reasons to believe
that such information, data, computer database so obtained may be used to cause
or likely to cause injury to the
• interests of the sovereignty and integrity of India,

• the security of the State,
• friendly relations with foreign States,
• public order, decency or morality, or
• in relation to contempt of Court, defamation or incitement to an offence, or
• to the advantage of any foreign nation, group of individuals or otherwise.
Commits the offence of Cyber Terrorism
Whoever commits or conspires to commits cyber terrorism shall be punished with

imprisonment which may extend to imprisonment for life. S.66F(2).
Page 38 of 48
Cybersquatting
Cybersquatting is the practice of registering an Internet domain name that is likely

to be wanted by another person, business, or organization in the hope that it can
be sold to them for a profit. It involves the registration of trademarks and trade
names as domain names by third parties, who do not possess rights in such names.
Simply put, cybersquatters (or bad faith imitators) register trade-marks, trade
names, business names and so on, belonging to third parties with the common
motive of trading on the reputation and goodwill of such third parties by either
confusing customers or potential customers, and at times, to even sell the domain
name to the rightful owner at a profit.
Cyberstalking
Stalking or being 'followed are problems that many people, especially women,
are familiar with... Sometimes these problems (harassment & stalking) can occur
over the Internet. This IS known as cyber stalking. Cyberstalking simply put, is
online stalking. It has been defined as the use of technology. Common
characteristics include particularly the Internet, to harass someone. Common
characteristics include false accusations, monitoring, threats, identity theft, and
data destruction or manipulation. Cyberstalking also includes exploitation of
minors, be it sexual or otherwise.
The harassment can take on many forms, but the common denominator is that it's
unwanted, often obsessive, and usually illegal. Cyberstalkers use e-mail, instant
messages, phone calls, and other. communication devices to stalk, whether it
takes the form of sexual harassment; inappropriate contact or just plain annoying
attention to your life' and your family's activities
A Cyber stalker need not eave his home to find, or harass his targets and has no
fear of physical violence since he knows that he cannot be physically touched in
cyberspace. He may be may be on the other side of the earth or a neighbor or even
a relative. It could be a former friend, or just someone who wants to bother you
Page 39 of 48
and your family in an inappropriate way. A stalker could be of either sex.
Interestingly, it is often perpetrated not by strangers, but by someone you know.
Both kind of Stalkers' Online & Offline - have desire to control the victim’s life.
Majority of the stalkers are the dejected lovers or ex-lovers, who then want to
harass the victim because they failed to satisfy their secret desires. Most of the
stalkers are men and victim female.
How do cyber stalkers operate
They collect all personal information about the victim such as name, family
background, telephone numbers of residence and work place, daily routine of the
victim, address of residence and place of work, date of birth etc. If the stalker is
one of the acquaintances of the victim, he can easily get this information. If stalker
is a stranger to victim, he collects the information from the internet resources such
as various profiles, the victim may have filled in while opening the chat or e-mail
account or while signing an account with some website.
The stalker may post this information on any website related to sex services
posing as if the victim is posting this information and invite the people to call the
victim on her telephone numbers to have sexual services. Stalker even uses very
filthy and obscene language to invite the interested persons.
People of all kind from nook and corners of the world, who come across this
information, start calling the victim at her residence or workplace, asking for
sexual services or relationships
Some stalkers subscribe the email account of the victim to innumerable

pornographic and sex sites because of which the victim stats receiving such kind
of unsolicited emails.
Some stalkers keep on sending repeated emails asking for various kinds of
favours or threaten the victim. In online stalking the stalker makes third party to
harass the victim.
In 2013 Indian parliament made amendments to the Indian penal Code,

introducing cyberstalking (sec.354C) as a criminal offence. Stalking has been
defined as a man who follows or contacts a woman, or monitoring of use of
internet or electronic communication of a woman. A man committing the offence
of stalking would be liable for imprisonment up to three years for the first offence
Page 40 of 48
and shall also be liable to fine and for any subsequent conviction would be liable
for imprisonment up to 5 years and with fine.
software privacy—and copyright infringement
Software piracy (officially called copyright infringement of software) refers to

the illegal copying of software. It often uses the Internet. Some countries have
laws about this. The problem is considered to be bigger in certain countries than
in others. Those who hold the copyright get less money because of copyright
infringement.
Nature of Copyright Infringement in Internet
With the emergence of the internet and increasing use of the worldwide web
possibilities of infringement of copyright have become mind boggling free and
easy access on the web together with possibilities of down loading has created
new issued in copyright infringement. Taking content from one site, modifying it
or just reproducing it on another site has been made possible by digital technology
and this has posed new challenges for the traditional interpretation of individual
rights and protection. Any person with a PC (Personal Computers) and a modem
can become a publisher. Downloading, uploading saving transforming or crating
a derivative work is just a mouse click away.
A web page is not much different than a book a magazine or a multimedia CD-
ROM and will be eligible for copyright protection, as it contains text graphics and
even audio and videos.
Copyright law grants the owner exclusive right to authorize reproduction of the
copy righted works preparation of derivative works, distribution etc. However,
application of this concept on the internet cannot be strictly applied to copyright.
Duplication of the information is an essential step in the transmission of
information on the internet and even plain browsing information at a computer
terminal (which is equivalent to reading a book or a magazine at book store) may
result in the creation of an unauthorized copy since a temporary copy of the work
Page 41 of 48
is created in the RAM of the user’s computer for the purpose of access. The law
on the subject evolving and the general view is that more accessing a web page
would not be an infringement as the copy created is temporary or ephemeral.
Another common issue amongst web site owners is to create links to other sites
within the design of their own web pages. Would such linking be considered a
copy right violation as these links give access to other copy righted sites?
Although strictly speaking it may be a violation of copyright. But there is an
implied doctrine of public access for linking to other web pages. The Internet was
created on the basic of being able to attach hypertext links to any other location
and it is assumed that once a page is put on the net, implied consent is given,
unless specifically prohibited by the web site owner.
Computer Software and Internet Piracy
Software is defined as a set of instructions which when incorporated in a machine-

readable form or in capable of causing a computer to perform a particular task.
To put it simply, it is a series of commands which can be understood by the
machine.
There are three essential types of software which help to function the computer,
micro code it is a programme which controls the details of execution, the
operating system software which control the sources of a computer and manages
routine tasks and is a necessary requirement for a computer to function and the
third is an application software which is designed to perform a particular task.
Piracy occurs when copyrighted software is made available to users to download

without the express permission of the copyright owner. Such illegal software is
offered over online sources such as online advertisements newsgroups bulletin
board service and auction sites. Piracy hampers creativity, hinders the
development of new software and local software industry and ultimately effects
e-commerce. Piracy harms consumers and has negative impact on local and
national economy. Consumers run the risk of viruses and having corrupted and
defective programs.
Page 42 of 48
MODULE 5
Investigating cybercrime- interception- search and seizure, surveillance, digital
evidence.
Investigation of cybercrimes in India
In keeping with the demand of the times, the Cyber Crime Investigation Cell
(CCIC) of the CBI, notified in September 1999, started functioning with effect
from 3.3.2000. The Cell is headed by a Superintendent of Police. The jurisdiction
of this Cell is all India, and besides the offences punishable under Chapter X1, IT
Act, 2000, it also has power to look into other high-tech crimes. Cyber Crime
Investigation Cell is a wing of Mumbai Police, India, to deal with Cybercrimes,
and to enforce provisions of the Information Technology Act 2000, and various
cybercrime related provisions of criminal laws, including the Indian Penal Code.
Cyber Crime Investigation Cell is a part of Crime Branch, Criminal Investigation
Department of the Mumbai Police. The Cyber Crime Investigation Cell of
Mumbai Police was inaugurated on 18th December 2000 and it is functioning
under the overall guidance of Jt. Commissioner of Police (Crime), Addl.
Commissioner of Police (Crime) and Dy. Commissioner of Police (Enforcement).
Cyber Crime Cells are also there at Delhi, Chennai, Bangalore, Hyderabad, Thane,
Pune, Gujarat and Gurgaon.
The following information should be submitted while lodging a complaint Victim

of hacking
• Server Logs;
• Copy of defaced web page in soft copy as well as hard copy format, if
website is defaced;
• If data is compromised on your server or computer or any other network
equipment, soft copy of original <data and soft copy of compromised data.
• Access control mechanism details i.e.- who had what kind of access to the
compromised system;
• List of suspects - if the victim is having any suspicion on anyone.
• All relevant information leading to answers to the following questions
Page 43 of 48
1. what? (what is compromised)
2. who? (who might have compromised system)
3. when? (when the system was compromised)
4. why? (why the system might have been compromised)
5. where? (where is the impact of attack-identifying the target system from
the network)
6. How many? (How many systems have been compromised by the attack)
2. Victim of e-mall abuse, vulgar e-mall etc.
• Extract the extended headers of offending e-mail.

• Bring soft copy as well hard copy of offending e-mail.
• Please do not delete the offending e-mail from your e-mail box.
• Please save the copy of offending e-mail on your computer's hard drive.
REGULATORY AUTHORITIES
1) Department of Electronics and Information Technology
The functions of the Department of Electronics and Information Technology,

Ministry of Communications & Information Technology, Government of India
are as follows -
• Policy matters relating to Information Technology, Electronics and

Internet.
• Initiatives for development of Hardware / Software industry including
knowledge-based enterprises, measures for promoting Information
• Technology exports and competitiveness of the industry.
• Promotion of Information Technology and Information Technology
enabled services and Internet.
• Assistance to other departments in the promotion of E-Governance, E
Infrastructure, E-Medicine, E-Commerce, etc.
• Promotion of Information Technology education and Information
Page 44 of 48
• Technology-based education.
• Matters relating to Cyber Laws, administration of the Information
Technology Act. 2000 (21 of 2000) and other Information Technology
related laws.
• Matters relating to promotion and manufacturing of Semiconductor
Devices in the country.
• Interaction in Information Technology related matters with International
agencies and bodies.
• Initiative on bridging the Digital Divide, Matters relating to Media Lab
Asia.
• Promotion of Standardization, Testing and Quality in Information
• Technology and standardization of procedure for Information Technology
application and Tasks.
• Electronics Export and Computer Software Promotion Council (ESC).
• National Informatics Centre (NIC)
• All matters relating to personnel under the control of the Department.
2) Controller of Certifying Authorities (CCA)
The IT Act provides for the Controller of Certifying Authorities (CCA) to license
and regulate the working of Certifying Authorities. The Certifying Authorities
(CAs) issue digital signature certificates for electronic authentication of users.
The CCA certifies the public keys of CAs using its own private key, which
enables users in the cyberspace to verily that a given certificate is issued by a
licensed CA. For this purpose, it operates, the Root Certifying Authority of India
(RCAI).
3) Cyber Appellate Tribunal
Cyber Appellate Tribunal has been established under the IT Act under the aegis
of Controller of Certifying Authorities (CCA). A Cyber Appellate Tribunal
consists of one Presiding Officer who is qualified to be a Judge of a High Court
or is or has been a member of the Indian Legal Service and is holding or has held
a post in Grade I of that service for at least three years supported by other official
under him/her.
Page 45 of 48
The Cyber Appellate Tribunal has, for the purposes of discharging its functions
under the IT Act, the same powers as are vested in a civil court under the Code
of Civil Procedure, 1908. However, is not bound by the procedure laid down by
the Code of Civil Procedure, 1908 but is guided by the principles of natural justice
and, subject to the other provisions of this Act and of any rules. The Cyber
Appellate Tribunal has powers to regulate its own procedure including the place
at which it has its sitting.
Every proceeding before the Cyber Appellate Tribunal shall be deemed to be a

judicial proceeding within the meaning of sections 193 and 228, and for the
purposes of section 196 of the Indian Penal Code and the Cyber Appellate
Tribunal shall be deemed to be a civil court for the purposes of section 195 and
Chapter XXVI of the Code of Criminal Procedure, 1973.
The composition of the Cyber Appellate Tribunal is provided for under section
49 of the Information Technology Act, 2000. Initially the Tribunal consisted of
only one person who was referred to as the Presiding Officer who was to be
appointed by way of notification by the Central Government. Thereafter the Act
was amended in the year 2008 by which section 49 which provides for the
composition of the Cyber Appellate Tribunal has been changed. As per the
amended section the Tribunal shall consist of a Chairperson and such number of
other Members as the Central Government may by notification in the Official
Gazette appoint. The selection of the Chairperson and Members of the Tribunal
is made by the Central Government in consultation with the Chief Justice of India.
The Presiding Officer of the Tribunal is now known as the Chairperson.
4) Indian Computer Emergency Response Team (ICERT)
The mission of ICERT is to enhance the security of India's Communications and

Information Infrastructure through proactive action and effective collaboration.
Its constituency is the Indian Cyber-community. The purpose of the ICERT is, to
become the nation's most trusted referral agency of the Indian Community for
responding to computer security incidents as and when they occur; the ICERT
will also assist members of the Indian Community in implementing proactive
measures to reduce the risks of computer security incidents. It provides technical
advice to system administrators and users to respond to computer security
incidents. It also identifies trends in intruder activity, works with other similar
institutions and organisations to resolve major security issues and disseminates
Page 46 of 48
information to the Indian cyber community. It functions under the Department of
Information Technology, Ministry of Communications & Information
Technology, Government of India.
INTERCEPTION
Lawful interception (LI) refers to the facilities in telecommunications and

telephone networks that allow law enforcement agencies with court orders or
other legal authorization to selectively wiretap individual subscribers. Most
countries require licensed telecommunications operators to provide their
networks with Legal Interception gateways and nodes for the interception of
communications. The interfaces of these gateways have been standardized by
telecommunication standardization organizations.
Section 69 of the Information Technology Act, 2000 empowers the central

government or a state government to intercept, monitor or decrypt or cause to be
intercepted or monitored or decrypted, any information generated, transmitted,
received or stored in any computer resource in the interest of the sovereignty or
integrity of India, security of the state, friendly relations with foreign states or
public order or for preventing incitement to the commission of any cognizable
offence relating to above or for investigation of any offence.
Search and seizure, surveillance, digital evidence.
The Section 93 of the CrPC, “mandates for a magistrate to issue a search warrant
for any ‘document or thing’ also warrant for general search in the area only for
the purpose of investigation”. However, “Section 100 of the CrPC prerequisites
search for a closed place, also it mandates a prior approved warrant for search
and a witness at the searched premises”. Other provisions include Sections 165
and 51 which provide for search without a warrant. “If any officer-in-charge feels
that it would be time-consuming in acquiring a warrant and the evidence shall be
lost then the officer can search the premises without a warrant”
The “Information Technology Act, 2000 (IT Act)” was enacted by the Parliament
for adding provisions for electronic evidence to the laws of India. There have
Page 47 of 48
been various amendments to the Indian Evidence Act in particular. “Section 3 of
the Evidence Act talks about evidence and includes electronic evidence too”.
“Electronic record is a piece of documentary evidence”.
It was decided in the case of State of Maharashtra v Dr. Praful B. Desai that,
“evidence recorded through video-conferencing is legal as interpreted under
Section 273 of the CrPC”. Supreme Court now also allows video conferencing as
a medium for the examination of the witness. As per Section 273, “evidence has
to be taken in the presence of accused”. But physical presence is not important,
constructive presence would suffice.
“Admissibility of transcripts of interviews from news channels such as Aaj Tak,

Zee News, Haryana News of Punjab Today channels as digital evidence was
allowed by the Supreme Court in the case of Jagjit Singh v State of Haryana”.
Page 48 of 48

Cyber Crime Notes Ajsal Punya

Uploaded by

Copyright:

Available Formats

You might also like

Cyber Crime Notes Ajsal Punya

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cyber Crime Notes Ajsal Punya

Uploaded by

Copyright:

Available Formats

REVISION NOTES

Revision Notes on CYBER CRIMES

Cyber Crime - Types - Understanding Cyber Crimes, Theoretical and Social

Cybercrime is the most prevalent crime playing a devastating role in Modern

The term cybercrime may be judicially interpreted in some judgments passed by

Some of the newly emerged cybercrimes are cyber-stalking, cyber-terrorism, e-

2. Definition of Cyber Crime

The Oxford Dictionary defined the term cybercrime as “Criminal activities

“Cybercrime means any criminal or other offence that is facilitated by or

Characteristics of Cyber Crime

1.People with specialized knowledge – Cybercrimes can only be

4. Collection of Evidence - It is very difficult to collect evidence of

5. Magnitude of crime unimaginable- The cybercrime has the potential

Cybercrime can be categorised into:

1. Cyber-crime against person:

In this category crime is committed against a person using electronic

a. Cyber stalking: The term stalking means unwanted or obsessive

b. Hacking: This means gaining unauthorised access over computer

c. Cracking: Cracking refers to digitally removing the copy write

d. Defamation: It involves action of damaging the good reputation of

e. Online fraud: This refers to acts of stealing confidential details of victim

f. Child pornography: This involves the use of electronic device and

g. Spoofing: The term spoofing means imitate something while

2. Cyber-crime against property:

In this category crime is committed against property of person using

a. Transmitting virus: A computer virus is a malware program that

b. Cyber Squatting: The term squatting means unlawfully occupying an

c. Cyber Vandalism: Vandalism refers to action involving deliberate

d. Intellectual Property Crimes: Intellectual property are intangible

For e.g., The popular case of trademark of Bikanerwala v/s New

3. Cyber-crime against government:

In this category crime is committed against government by using Internet

a. Cyber Warfare: Cyber warfare is Internet-based conflict that involves

b. Cyber Terrorism: Cyber Terrorism is politically motivated use of

4. Cyber-crime against society:

a. Online Gambling: The term gambling means involving in activities that

b. Cyber Trafficking: The term trafficking means dealing or involving in

Understanding Cyber Crimes

• Criminal activity that targets computers or devices

• Criminal activity that uses computers to commit other crimes.

The US Department of Justice recognizes a third category of cybercrime

• Illegally intercepting or stealing data.

• Interfering with systems in a way that compromises a network.

• Selling illegal items online.

• Soliciting, producing or possessing child pornography

Cyber-crimes are increasing day-by-day due to extensive use of Internet by

– Section 65: Tampering with computer source documents

– Section 66: Hacking with computer systems, data alteration

– Section 67: Publishing obscene information

– Section 68: Power of controller to give directions

– Section 69: Directions of controller to a subscriber to extend facilities to decrypt

– Section 71: Penalty for misrepresentation

Cybercrimes under IPC and special laws:

– Section 499 IPC: Sending defamatory messages by email

– Section 463 IPC: Forgery of electronic records

– Section 420 IPC: Fake websites, cyber frauds

– Section 463 IPC: Email spoofing

– Section 383 IPC: Web-Jacking