JKJ 2006 (3) J-1
Cyber Crimes
By:- Pavit Singh ( Law Student, Law College Banglore)
Cyber Crimes are one of the most pretentious of the crimes that faces us today. Security in cyber world is one of the most sensitive issues in the scope of cyber laws. Cyber crime is an evil having its origin in the growing dependence on computers in modern life. The first recorded cyber crime took place in the year 1820! In a day and age when everything from microwave ovens and refrigerators to nuclear power plants is being run on computers, cyber crime has assumed rather sinister implications. It is estimated that about 500 million people can be affected by cyber crimes and the extent of losses that would be incurred is enormous. Present estimates suggest that cyber crime is growing at the rate of 5% every week. These figures are more alarming considering the fact that just about 10% of cyber crimes get reported.
The word “Cyber” first came into recognition when a novelist by name Willium Gibson used the term in his novel “Neuro Mancer” to describe the imaginary space in which cyber criminals like “Hackers” operated. When two computers are connected in a network, there appears to be a transaction space in which both computers seem to operate which cannot be identified as existing in any of the two computers. This transaction space which exists when the connection exists and vanishes when the connection is broken is a “Virtual Space” which is also called the “Cyber Space”. The existence of such a space becomes even more pronounced in the huge network which we call the “Internet” where millions of computers are connected and conduct transactions between them in a transitory space which is not identifiable with any of the Computers themselves.
In the current context, one way to look at “cyber crimes” is to identify any “Crime” in “Cyber Space” as a “Cyber Crime”. For the society, a “Crime” is an act which is not in tune with the accepted behavioural norm of the society. In other words, any deviant behaviour is a “Crime” as far as the society is concerned. Cyber crimes are crimes that occur in the digital space which is the aggregation of the transaction space within each of the connected computers and the virtual space arising out of the connection
However, in practice, a “Crime” is associated with a deviant behaviour in relation to the established “Law” in the society. In this framework therefore, a “Cyber Crime” is an “Offence” declared in some statute. In India, the “Information Technology Act 2000" (ITA-2000) was the specific law enacted to address the issues concerning the Cyber Society. One restricted meaning of ”cyber crimes" in India could therefore be that it refers to “Offences mentioned in ITA-2000". ITA-2000 has not only defined certain offences within the Act, but has also extended the meaning of many offences which were earlier available in other Acts and Regulations such as the Indian Penal Code (IPC). This extension occurs since ITA-2000 defines an ”Electronic Document" as equivalent to a “Written Document”.
The definition of “Computer” itself is so wide in law that devices such as mobile phones, ATMs etc can come within the definition of computers and crimes committed using such devices may therefore be called “cyber crimes” too. The same definition is expressed by some by defining “cyber crimes” as “Crimes where Computers are either the target of crime or used as tools of crime”. In other words, “Cyber crimes are offences or contraventions under any law committed with the use of electronic documents".
Commission of Cyber-Crime:
Computer related offences are not new, but the advancement of technology and more user-friendly devices have only aggravated their consequences, with their impact being felt simultaneously in many parts of the globe. The pace of the technology has enabled the commission of these crimes at lightening speed, further hampering their detection and punishment. It may be broadly divided against three basic groups -
1. Individual
a. person &
b. property of an individual
2. Organization
a. Government
b. Firm, Company, Group of Individuals.
3. Society at large
The following are the crimes, which can be committed against the followings group:
Against Individuals
i. Harassment via e-mails
ii. Cyber-stalking.
iii. Dissemination of obscene material.
iv. Defamation.
v. Hacking/cracking.
vi. Indecent exposure.
Individual Property
i. Computer vandalism.
ii. Transmitting virus.
iii. Net-trespass.
iv. Unauthorized control over computer system.
v. Hacking /cracking.
Against Organization
i. Hacking & Cracking.
ii. Possession of unauthorized information.
iii. Cyber terrorism against the government organization.
iv. Distribution of pirated software etc.
Against Society at large
i. Pornography (basically child pornography),
ii. Polluting the youth through indecent exposure,
iii. Trafficking.
Now, we will deal with them in detail:
Spamming: Spamming, in recent times, has increased to a dangerous level. According to recent 2003 Report, almost 70% of all emails are spam emails and only 30% are genuine emails. Spamming involves sending regular, unsolicited and useless email messages to one’s email account. Some of the major email related crimes are: Email spoofing, Sending malicious codes through email, Email bombing, Sending threatening emails, Defamatory emails, Email frauds. A regular bombardment of spam messages can cause disruption of an ISP’s Network. The Indian Information Technology Act, 2000 does not provide any measure against spamming or email bombardment.
Hacking : It is the most common type of Cyber crime being committed across the world. It means tricking a machine into performing an unintended task. A Hacker is a person who breaks in or trespasses a computer system. Hackers are of different types ranging from code hackers to crackers to cyber punks to freaks. Hacking has been covered under section 66 of The I.T. Act, 2000 and covers any unauthorized modifications, alteration or destruction of any information residing in a computer resource.
Computer Fraud : Internet fraud is a common type of crime whose growth has been proportionate to the growth of internet itself. There are innumerable scams and frauds most of them relating to investment schemes and instances of computer frauds committed in one part of the world affecting banking accounts maintained in other countries. Many newsletters on the internet provide the investors with free advice recommending stocks where they should invest. Sometimes these recommendations are totally bogus and cause loss to the investors. Bulletin boards are a forum for sharing investor information and often fraud is perpetrated in this zone causing loss of millions who bank on them. With the electronic commerce rapidly becoming a major force in national economies Credit card fraud offers rich pickings for criminals prepared to undertake fraudulent activities. It is covered under both the I.T. Act 2000 and the Indian Penal Code.
Offences relating to false digital signature are covered under Sec. 73 and 74 of the I.T. Act. According to section 73 of the I.T. Act 2000, if a person knows that a digital signature certificate is erroneous in certain particulars and still goes ahead and publishes it, is guilty of having contravened the Act. Making available digital signature for fraudulent purpose is an offence punishable under section 74 of the above mentioned act, with imprisonment for a term that may extend to two years or with fine of two lakh rupees or with both.
Pornography on the Net : The growth of technology has brought about new problems by facilitating crimes like pornography. This would include pornographic websites; pornographic magazines produced using computers (to publish and print the material) and the Internet (to download and transmit pornographic pictures, photos, writings etc). Cyber porn is popularly called as rife. Almost 50% of the web sites exhibit pornographic material on the Internet today. Pornographic materials can be reproduced more quickly and cheaply on new media like hard disks, floppy discs and CD-Roms. Another great disadvantage with a media like this is its easy availability and accessibility. Furthermore, there are more serious offences which have universal disapproval like child pornography and far easier for offenders to hide and propagate through the medium of the internet. The Information Technology Act 2000 makes the publishing of information which is obscene in electronic form punishable as under Section 63 of the I.T. Act but no separate status is given to child pornography unlike the statutes enacted in the USA.
Cyber Defamation: Defamation is a derogatory statement made against a person. In the context of cyberspace, the offence of defamation remains the same and the maker of the statement would be as much liable as for his acts. I.T. Act 2000 does not specifically cover defamation but it is covered under Sec. 499 of I.P.C. However, on the issue of liability of the Internet Service Provider (ISP) for such defamation, there is no uniformity. It is the extent of control retained by the service provider that would determine its liability.
Security Related Crimes: Network Security has become a major cause of concern with the increasing growth of internet. Following are the main security related cyber crimes;-
Network Packet Sniffers : A packet sniffer is a software application that uses a network adapter card in a promiscuous mode (a mode in which the network adapter card sends all packets received by the physical network wire to an application for processing) to capture all network packets that are sent across a local network. A packet sniffer can provide its users with meaningful and often sensitive information such as user account names and passwords. It is not covered specifically under the I.T. Act 2000 but if the password is actually used to hack or if the pass words are obtained by hacking to hack or use the time of another person. The resultant action is covered.
IP Spoofing : Spoofing is the act of disguising one computer to electronically “look” like another computer in order to gain access to a system that would normally be restricted. Normally, an IP spoofing attack is limited to the injection of data or commands into an existing stream of data passed between client and server application or a peer to peer network connection. There is a thin line between accessing and receiving unauthorized data the perpetuator will find his defense strong. The bottom-line is that the Indian I.T. Act does not specifically cover spoofing.
Virus/Worm Attacks: The corruption and destruction of digital information is the single largest menace facing the world of computers. Virus just as a virus can infect the human immunity system there exist programs, which, can destroy or hamper computer systems. A computer virus is a program designed to replicate and spread, generally with the victim being oblivious to its existence. Computer viruses spread by attaching themselves to programs like word processor or spreadsheets or they attach themselves to the boot sector of a disk. When an infected file is activated or when the computer is started from an infected disk, the virus itself is also executed. Worms, unlike viruses do not need the host to attach themselves to. They merely make functional copies of themselves and do this repeatedly till they eat up all the available space on a computer’s memory
Cyber-Squatting: Cyber-squatting is a term more frequently used to describe a deliberate, bad faith and abusive registration of a domain name in violation of rights in trademarks and service marks. Some call such abusive registration as “cyber piracy”. Selection of a domain name is crucial to all the transactions through the internet as it functions similar to trademark in the real world. Cyber-squatting is not covered under the I.T. Act, 2002 but legal remedies are available through authorities like the International Corporation for Assigned Names and Numbers (ICANN) and Domain Name System (DNS).
Other Cyber Crimes:
Salami Attack
A salami attack aims at financial gain to the offender and generally used against financial institutions. The offender inserts a program into the network of the financial institution whereby, at regular intervals, it is able to slice-off a fraction of financial resources and remits to his own account, which, in due course becomes a substantial sum.
Denial of Service attack (Crashing)
This involves flooding a computer resource with more requests than it can handle. This causes the resource (e.g. a web server) to crash thereby denying authorized users the service offered by the resource. Another variation to a typical denial of service attack is known as a Distributed Denial of Service (DDoS) attack wherein the perpetrators are many and are geographically widespread. It is very difficult to control such attacks. The attack is initiated by sending excessive demands to the victim’s computer(s), exceeding the limit that the victim’s servers can support and making the servers crash.
Logic bombs
These are event dependent programs. This implies that these programs are created to do something only when a certain event (known as a trigger event) occurs. E.g. even some viruses may be termed logic bombs because they lie dormant all through the year and become active only on a particular date
Trojan attacks
A Trojan as this program is aptly called, is an unauthorized program which functions from inside what seems to be an authorized program, thereby concealing what it is actually doing.
Web jacking
This occurs when someone forcefully takes control of a website (by cracking the password and later changing it). The actual owner of the website does not have any more control over what appears on that website In a recent incident reported in the USA the owner of a hobby website for children received an e-mail informing her that a group of hackers had gained control over her website.
Data diddling
This kind of an attack involves altering raw data just before it is processed by a computer and then changing it back after the processing is completed. Electricity Boards in India have been victims to data diddling programs inserted when private parties were computerizing their systems.
Online gambling
There are millions of websites; all hosted on servers abroad, that offer online gambling. In fact, it is believed that many of these websites are actually fronts for money laundering.
Intellectual Property crimes
These include software piracy, copyright infringement, trademarks violations, theft of computer source code etc.
Forgery
Counterfeit currency notes, postage and revenue stamps, mark sheets etc can be forged using sophisticated computers, printers and scanners. Outside many colleges across India, one finds touts soliciting the sale of fake mark sheets or even certificates. These are made using computers, and high quality scanners and printers. In fact, this has becoming a booming business involving thousands of Rupees being given to student gangs in exchange for these bogus but authentic looking certificates.
The real issue is how to prevent cyber crime. For this, there is need to raise the probability of apprehension and conviction. India has a law on evidence that considers admissibility, authenticity, accuracy, and completeness to convince the judiciary. The challenge in cyber crime cases includes getting evidence that will stand scrutiny in a foreign court. Also, Jurisdiction is the highly debatable issue as to the maintainability of any suits which has been filed. Today with the growing arms of cyberspace, the territorial boundaries seems to vanish thus the concept of territorial jurisdiction as envisaged under S.16 of C.P.C. and S.2.of the I.P.C. will have to give way to alternative method of dispute resolution. Moreover, the Indian I.T. Act 2000 does not provide for new breed of cyber crimes like Phishing, Internet time thefts, Copyright piracy, Software Piracy, etc. Crimes on the internet were common but they have now reached school classrooms. Cyber crimes by school children are disturbingly increasing and while a few are reported, most are hushed up by the schools themselves.
For this India needs total international cooperation with specialized agencies of different countries. Recently, India and the U.S. have decided to enhance co-operation among the law enforcement agencies to deal with cyber crime. Judiciaries also play a vital role in shaping the enactment according to the order of the day. Cyber savvy judges are the need of the day. Establishing fast track courts for cyber crimes is also a good idea. Even, IT industry body Nasscom has asked the government to set up special or fast track courts for early conviction in cyber crimes matters. Police has to ensure that they have seized exactly what was there at the scene of crime, is the same that has been analysed and the report presented in court is based on this evidence. It has to maintain the chain of custody. The threat is not from the intelligence of criminals but from our ignorance and the will to fight it. The law is stricter now on producing evidence especially where electronic documents are concerned. There is also an imperative need to build a high technology crime & investigation infrastructure, with highly technical staff at the other end.
The Cyber Crime Cells set up all over the country have cyber policemen trained to trace Cyber crimes and traces of Cyber Crimes, in often less than 24 hours. You are not an anonymous face on the internet anymore. However, these cells haven’t quite kept up with expectations as only 10% of the cyber crime is reported. These figures indicate how difficult it is to convince the police to register a cyber crime. The absolutely poor rate of cyber crime conviction in the country has also not helped the cause of regulating cyber crime. There have only been few cyber crime convictions in the whole country, which can be counted on fingers. We need to ensure that we have specialized procedures for prosecution of cyber crime cases so as to tackle them on a priority basis. This is necessary so as to win the faith of the people in the ability of the system to tackle cyber crime. We must ensure that our system provides for stringent punishment of cyber crimes and cyber criminals so that the same acts as a deterrent for others. The laws therefore enacted needs to be suitably amended on varied & complicated issues to cope with new challenges on the cyber security horizon.