Cyber Crimes and Cyber Law
By
Puneet Nagpal
Master of Science Cyber Law and Information Security
[Indian Institute of Information Technolgy , Allahabad]
We are very much known to the words crime and criminals. But not aware of their ways of doing such activities that are not acceptable in the society. Criminals have sharp minds and change their tools and techniques but not Targets. As we know the well known targets are:-
Government and Society. Whenever any Crime is detected there is involvement of Public , Police is well defined . Police is to protect the suffered public from various Anti-Social ones.
They do the anti-social activities by using the new technology. They target their victim through Internet and attack on them by using the same technology.This means Criminals are very much attracted towards Computers and Internet. They are turned into the Cyber Crimes rather than General ones.
Cyber Crimes are those in which Computers are used as a tool , target or both. And the people who are associated with such activities are known as Cyber Criminals. There are some points discussed as follows that How criminals are using to Computer and Internet for their criminal activities :-
- They are making secure communication with their followers by the use of Encryption techniques
- They are attacking on Government and Private targets using web defacement techniques
- They are transmitting pornographic matter over Internet
- They are stealing bank-accounts and use the money for Cyber wars and other activities
- They are hijacking victims e-mail accounts and extort them
- They are masking themselves by using web masking or spoofing
- They hack into target computer and control it remotely using RAT’s
- They are writing malicious codes to disrupting the target networks
- They are using mirrored websites to make the client fool and gather information what they want
- They are doing the e-mail frauds to capture e-mail accounts (Lottery , Adoption and Kick-Back )
- They are triggering their followers by using well-known chat rooms
In this way we can say that the turned path is very sensitive matter. As the Crime rate is increasing we have to be alert and take some Cyber precautions to fight against these Cyber Attacks.
Cyber Crimes :-
In the world of computing, as the researches are increasing day by day, one of the important aspects is the privacy & security.
-> Is our data secure?
-> Is not somebody watching us while on computers?
-> Is our data is reaching on the right place?
The simple answers are:-
Yes or I don’t know.
Do u know that we are never alone while on internet? Many computer criminals are along with us but we are away from them & their actions because not having knowledge of hacking, cracking & other computer crimes. So in this section I am trying to make u a computer guard & tell u some important things in ur mind while we are working with windows, internet, chatting, even in e-mail which is commonly used by us for sharing our information with others. Because now these days due to increasing of types of attacks, sometimes we are weak in front of them.
First Cyber Crime
The first recorded cyber crime took place in the year 1820! That is not surprising considering the fact that the abacus, which is thought to be the earliest form of a computer, has been around since 3500 B.C. in India, Japan and China. The era of modern computers, however, began with the analytical engine of Charles Babbage.
In 1820, Joseph-Marie Jacquard, a textile manufacturer in France, produced the loom. This device allowed the repetition of a series of steps in the weaving of special fabrics. This resulted in a fear amongst Jacquard's employees that their traditional employment and livelihood were being threatened. They committed acts of sabotage to discourage Jacquard from further use of the new technology. This is the first recorded cyber crime!
First Cyber Crime In India
Pavan Duggal was a part of three-member panel of neutrals in the famous case of the domain name maruti.com. In the said case, the panel expanded the jurisprudence on different aspects of Uniform Domain Name Dispute Resolution Policy.
Pavan Duggal was the counsel for the complainant in India’s first cyber crime conviction. In this case, the Central Bureau of Investigation registered the case, which was duly investigated and prosecuted. The accused Arif Azim was convicted on charges of online cheating and given his age and background, he was led off on probation for a period of one year.
Cyber Criminals :-
The person who is associated with the cybercrimes is known as Cyber Criminal
The thinking of a computer criminal is:-
. Hack the world before it hacks u
. Money & internet are real drugs
. Don’t tense with problems, just find out the solution, I know u r capable
.Never think u r alone on internet
.A good Cyber criminal / engineer should be the criminal of society - Social Criminal / Engineer
The most important point for a computer criminal is – He doesn’t exist.
So try to know how to hide ur identity to be a good criminal. I am not advising u for crimes but if u have a thinking of a criminal then u can find out a criminal. So, follow this point by heart.
Message to Cyber Engineers:-
We are Cyber Engineers. Our motive is not to join the criminal world , we have to stop them & it depends upon our thinking only.
Classes of computer criminals :à
Whitehat Blackhat
Always work for defensive approach. Always work for offensive approach.
Geryhat Suicide Criminals
Depends upon Situation they turn Love to do suicide crimes and don’t
either into whitehat or blackhat feel to face 30 years in jail
The important point for attack is information gathering. If information gathering is right then it is time to attack. Breaking into a system is very easy but securely break into a system is very difficult as I told u that somebody is continuously watching u.
Attacking Cycle commonly used by computer criminals to commit attack:-
Foot printing
Scanning
Enumerating
Maintain attack
Remove traces ----->Attack succeed.
Various types of Cyber Crimes are:-
Hacking
Hacking in simple terms means an illegal intrusion into a computer system and/or network. There is an equivalent term to hacking i.e. cracking, but from Indian Laws perspective there is no difference between the term hacking and cracking. Every act committed towards breaking into a computer and/or network is hacking. Hackers write or use ready-made computer programs to attack the target computer. They possess the desire to destruct and they get the kick out of such destruction. Some hackers hack for personal monetary gains, such as to stealing the credit card information, transferring money from various bank accounts to their own account followed by withdrawal of money. They extort money from some corporate giant threatening him to publish the stolen information which is critical in nature.
Child Pornography
The Internet is being highly used by its abusers to reach and abuse children sexually, worldwide. The internet is very fast becoming a household commodity in India. It’s explosion has made the children a viable victim to the cyber crime. As more homes have access to internet, more children would be using the internet and more are the chances of falling victim to the aggression of pedophiles.
Cyber Stalking
Cyber Stalking can be defined as the repeated acts harassment or threatening behavior of the cyber criminal towards the victim by using internet services. Stalking in General terms can be referred to as the repeated acts of harassment targeting the victim such as following the victim, making harassing phone calls, killing the victims pet, vandalizing victims property, leaving written messages or objects. Stalking may be followed by serious violent acts such as physical harm to the victim and the same has to be treated and viewed seriously. It all depends on the course of conduct of the stalker.Basically releted to the tracking of any person over internet.
Denial of service Attack
This is an act by the criminal, who floods the bandwidth of the victim network or fills his e-mail box with spam mail depriving him of the services he is entitled to access or provide. Short for denial-of-service attack, a type of attack on a network that is designed to bring the network to its knees by flooding it with useless traffic. Many DoS attacks, such as the Ping of Death and Teardrop attacks, exploit limitations in the TCp/IP protocols. For all known DoS attacks, there are software fixes that system administrators can install to limit the damage caused by the attacks. But, like Virus, new DoS attacks are constantly being dreamed up by Hacker.
Virus Dissemination
Malicious software that attaches itself to other software. (virus, worms, Trojan Horse, Time bomb, Logic Bomb, Rabbit and Bacterium are the malicious code
The basics steps used by a malicious code are:-
Insertion – Being a member of target system
Avoidance-Any no. of methods used to detection
Eradication-Removes own traces in system
Proation/replication-To proviance of virus and worms only.
Trigger-Events that initiates payload.
Payload-That is additional coding for virus.
Software Piracy
Theft of software through the illegal copying of genuine programs or the counterfeiting and distribution of products intended to pass for the original.
IRC-Crime
Internet Relay Chat (IRC) servers have chat rooms in which people from anywhere the world can come together and chat with each other and attack the online ones.
Credit-Card-Fraud
The unauthorized and illegal use of a credit card to purchase property.
Net-Extortion
Copying the company confidential data in order to extort said company for huge amount
Phishing
The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization alreadyhas.
Steganography
This is the art of hiding data within jpeg , bitmap,mp3& a lot of files . This is used by Osama Bin Laden. He hide his message within the photo of an Hollywood singer & send it o his terrorist friend.FBI find out the terrorist through e-mail but the action was taken after the attack on world trade center. In this way u can think that how dangerous technique is?
Daemon banner grabbing
Daemon is the application which runs in the background while doing any application on the n/w . Attacker picks it up & attack to the wanted application. Eg: if he stop mail transfer he block the SMTP service (port - 25) using any mail server.
Os detection
Attacker find out the operating system running on the target pc. So as to easy in attack .Because he uses the commands acc. to operating system.
Active o.s detection
Passive o.s detection
Identity attacks
Breaking into a system is one thing, but breaking into a system without caught is totally different & important thing. Our 1 mistake can justify us a successful & unsuccessful attack. So we have to attack in such way so that we never caught .
Social engineering
A social engineer is just an engineer of society .it means attacker has ability to show his negative attitude as positive. it should be capable for doing like fraud with people .He gets all the information being a part of attacker, to break all the bank accounts, & other private information either by using Computer or Phone
If u r capable to do all the above steps, believe me u will be the best Cyber Engineer as well will be a good Computer Detective and Cyber Crime Investigator.
Internet Laws :-
We are thankful to the Governments and Intelligence Investigation Agencies because they are developing are trying to catch and prevent cyber crimes by making Laws and Government policies to slow down the crimes. Internet Criminals becomes weak before these Laws. Our Government has established Cyber Crime Investigation Cells and Cyber Courts to handle Cyber Crime Cases.
On Oct 17th 2000 The Information Technology Act was passed. It covers the Crimes related to the Information Technology. It covers the chapters for both Civil and Criminal Offences.
Amendments were included as per the crime rate increased. Some of the Sections are also Included from Indian penal code, Indian Evidence Act, RBI Act, Bankers Book of Evidence Act.
Some of the main offences according to the IT Act discussed as follows:-
Offence Section under IT Act
Unauthorized Access , Copy Data , Virus , Damage Computer/Network , Disrupt , Network Denial of Service, Assistance , Fraud Sec.43 (a, b, c, d, e, f, g, h)
Tampering with Computer source documents Sec.65
Hacking with Computer systems, Data alteration Sec.66
Publishing obscene information Sec.67
Non-Compiling with Compilers order Sec.-68
Fail to decrypt by controller Sec.69
Unauthorized access to protected System Sec. 70
Misrepresentation Sec.71
Breach Privacy and Confidentiality Sec. 72
False Digital Signature Certificate Sec. 73
Fraudulent Purpose of e-records Sec.74
Computer Related Crimes Covered under IPC and Special Laws
Offence Section:-
Sending threatening messages by email Sec 503 IPC
Sending defamatory messages by email Sec 499 IPC
Forgery of electronic records Sec 463 IPC
Bogus websites, cyber frauds Sec 420 IPC
Email spoofing Sec 463 IPC
Web-Jacking Sec. 383 IPC
E-Mail Abuse Sec.500 IPC
Online sale of Drugs NDPS Act
Online sale of Arms Arms Act
Some concerns are related to ideological with India Penal Code u/s Religious Hurts. TADA , POTA and UAPA are introduced under the unaccepted things in society.
Some Real World Cases:-
*Web Defacement
*Online Illegal sale of articals
*Music Piracy
*Hacking
*Financial Crimes ( Salami Attacks )
*Social Networking Websites Fake Profiles
*Pornography (Degree starts from small Images to High end Graphic Videos)
*Phishing and Vishing
*Credit- Card Fraud
*ATM Skimming
*E-mail attack (Fraud , Bombing , Spoofing , Hijacking -Extortion )
*Software Piracy
*Online Gambling (Not An issue in Some Countries but Banned in India)
*Bluetooth Control using RATS
Cyber Crime – A Problem
The Cyber Crime is a serious Issue. Even the amendments have done in IPC and IT ACT but we cannot read the mindset of a person that what he wants to do in the field of Cyber Crime or any other General Crime.
Is it possible to have Neuro Laws ?
