Anti-Cyber Crime Law Seeks Legislation in Pakistan

Computer crime, cyber crime, e-crime or electronic crime generally refers to

criminal activity where a computer or network is the source, tool, target, or
place of a crime. These categories are not exclusive and many activities can
be characterized as falling in one or more. Additionally, although the terms
computer crime and cyber crime are more properly restricted to describing
criminal activity in which the computer or network is a necessary part of the
crime, these terms are also sometimes used to include traditional crimes,
such as fraud, theft, blackmail, forgery, and embezzlement, in which
computers or networks are used. As the use of computers has grown,
computer crime has become more important.

Computer crime can broadly be defined as criminal activity involving an

information technology infrastructure, including illegal access (unauthorized
access), illegal interception (by technical means of non-public transmissions
of computer data to, from or within a computer system), data interference
(unauthorized damaging, deletion, deterioration, alteration or suppression of
computer data), systems interference (interfering with the functioning of a
computer system by inputting, transmitting, damaging, deleting,
deteriorating, altering or suppressing computer data), misuse of devices,
forgery (ID theft), and electronic fraud.

A common example is when a person starts to steal information from sites,

or cause damage to, a computer or computer network. This can be entirely
virtual in that the information only exists in digital form, and the damage,
while real, has no physical consequence other than the machine ceases to
function. In some legal systems, intangible property cannot be stolen and the
damage must be visible, e.g. as resulting from a blow from a hammer. Where
human-centric terminology is used for crimes relying on natural language
skills and innate gullibility, definitions have to be modified to ensure that
fraudulent behavior remains criminal no matter how it is committed

There are different categories of cyber-crime which are as under;

Financial - crimes which disrupt businesses' ability to conduct 'e-commerce'
(or electronic commerce).
Piracy - the act of copying copyrighted material. The personal computer and
the Internet both offer new mediums for committing an 'old' crime. Online
theft is defined as any type of 'piracy' that involves the use of the Internet
to market or distribute creative works protected by copyright.
Hacking - the act of gaining unauthorized access to a computer system or
network and in some cases making unauthorized use of this access. Hacking
is also the act by which other forms of cyber-crime (e.g., fraud, terrorism,
etc.) are committed.
Cyber-terrorism - the effect of acts of hacking designed to cause terror.
Like conventional terrorism, `e-terrorism' is classified as such if the result
of hacking is to cause violence against persons or property, or at least cause
enough harm to generate fear.
Online Pornography - There are laws against possessing or distributing child
pornography. Distributing pornography of any form to a minor is illegal. The
Internet is merely a new medium for this `old' crime, but how best to
regulate this global medium of communication across international
boundaries and age groups has sparked a great deal of controversy and
debate.

On January 18, 2007 Pakistan Minister for IT (Information Technology),

Awais Ahmad Khan Leghari visualizes cyber crime bill's adoption as a
significant step in enforcing a secure ambiance for business and encouraging
e-commerce.
This bill on Prevention of Cyber Crimes outlined the knowledge about
electronic crimes and illegal online intrusion to spread it among general
public. The bill would help improve e-readiness in Pakistan that would rank
the country among indices drawn by various international business journals
and agencies. The federal cabinet will soon table the e-crime bill in the
parliament.

This law will mandate ISPs to maintain records of e-mails and data for
specific periods of time.

Under this law proposition namely Prevention of Electronics Crime Bill 2006
imposes penalties varying between 6 months in jail to 17 types of execution
for committing cyber crimes, hacking, cyber terrorism, and unauthorized
access of protected data.
The law is designed to help the government in extraditing foreign nationals
engaged in any kind of criminal activity through the Internet.

I personally believe this is the very reason that the IT community was up in
arms in 2007 when the initial Cyber Crime Bill was drafted, it contained
abundant loop holes which gave sweeping powers to the Cyber Crime Tribunal
and the FIA to arrest and detain the offender without even presenting a
proper evidence and proof. Now we must be watchful of the statements
issued by Rehman Malik it does seem that all Anti-Govt emailers, SMS’ers
and website are doomed. They choose to silence the offending voice rather
then changing their own corrupt ways which are leading our country down
towards doom and destruction – maybe now we could start labeling them as a
democratically elected dictatorship.

Profile of National Response Centre for Cyber Crimes

Introduction to National Response Centre for Cyber Crimes:-

Information technology is making profound inroads into the very fabric of

our society and our economy as a nation in the global community. In a very
real sense, the "Information Superhighway" has become the economic
lifeblood of our nation.

We are depending on information technology, computers and the global

network that connect them together. This dependency has become a clear
and compelling threat to our economic well-being, our public safety, and our
national security.

The world's networks, referred to by many as "cyberspace", know no

physical boundaries. Our increasing connectivity to and through cyberspace
increases our exposure to traditional adversaries and a growing body of new
ones. Terrorists, radical groups, narcotics traffickers, and organized crime
will join adversarial nation-states in making use of a burgeoning array of
sophisticated information attack tools. Information attacks can supplement
or replace traditional military attacks, greatly complicating and expanding
the vulnerabilities we must anticipate and counter. The resources at risk
include not only information stored on or traversing cyberspace, but all of
the components of our national infrastructure that depend upon information
technology and the timely availability of accurate data. These include the
telecommunications infrastructure itself, our banking and financial systems,
our transportation networks, emergency services, such as police, fire, and
rescue; and government operations at all levels. All are necessary for
economic success and national security. Keeping this in view National
Response Centre for cyber crimes was formed.

Enhance the capability of Government of Pakistan and Federal


Investigation Agency to effectively prevent growing cyber crimes.
Reporting & Investigation Centre for all types of Cyber Crimes in the

country
Liaison with all relevant national and international organizations to handle

cases against the Cyber Criminals
Provide necessary technical support to all sensitive government

organizations to make their critical information resources secure.
Carry out regular R & D activities to make the Response Centre as a

centre of technical excellence.
Provide timely information to critical infrastructure owners and
 government departments about threats, actual attacks and recovery
techniques. A role of Computer Emergency Response Team (CERT).
To provide on demand state-of-the-art electronic forensic services and

cyber investigative to support local police
 Build local capability in incident handling and security intelligence
 Monitor global security issues and gather IT security intelligence.
 Capacity building to investigate and handle cyber crime cases.
Investigation and prosecution of cyber criminals and cope with high-tech

crimes.
To enforce existing laws to combat computer crime and to protect

consumers and Internet users.

Achievements Made Up till Now:

Organized Over Forty (40) Seminars/Workshops in different cities of


Pakistan, in which thousands of relevant persons participated
 Approximately Sixty Eight (68) complaints have been received by NR3C
 and being processed by Zonal Cyber Crimes Units.
NR3C has provided training to over 100 officers of National
 Accountability Bureau with basic cyber investigations techniques and
methods.
Timely inform all Government organizations and financial institutions etc

about the DOS attacks
NR3C is providing training on “Collection of Digital Evidence from Scene

of Crimes “ for the Police Officers of all provinces in Pakistan.
Availability of Internet users log has been increased from (45) days to

(90) days after lot of efforts by NR3C.
First Responder course is being approved from National Police Training

Management Board.
During last two years NR3C played a vital role regarding timely reporting

of defacement of websites in Pakistan.

Past performance of National Response Centre for Cyber Crimes is as

under.

1.AWARENESS PROGRAM

NR3C is providing single point of contact for all local and foreign
organizations for all matters related to cyber crimes It is imparting training
and related security education to persons of government/semi-government
and private sector organization. It has also conducted a number of seminars
in different cities of the country to educate the senior management of
sensitive government organizations regarding cyber attacks on their
information resources: information breach and to make their systems secure
against all such threats. The details of seminars are as under:

Date Topics Participation from

 Public/Private
sector
Cyber Security Challenges and
16th Oct, 02 Solutions (Middle Level 80
Management)
Cyber Security Challenges and
25th Feb,
Solutions (For Senior Level 200
03
Management)
Orientation on Cyber Crimes (For
2nd Jun, 03 85
Junior Level Management)
Coordination Efforts to Combat
Banking related Cyber Crimes and
18th Jun, 03 40
Money Laundering (For Senior
Executives of Banking Sector)
10th July, Cyber Security challenges and
200
03 Solutions (at Karachi)
12th July, Cyber Security challenges and
200
03 Solutions (at Lahore)
29th Aug, Processing of first Cyber Crime
20
03 case by NR3C
Coordination Efforts to Combat
4th Oct, 03 30
ISP’s related Cyber Crimes
Cyber Crimes For SIG,at FIA
9th Feb, 04 20
Academy
30 March, Cyber Security challenges and
200
04 Solution at Islamabad
24th May, Information Security and Cyber
200
04 Crimes at Islamabad
27 Nov, Information Security and Cyber
250
2004 Crimes at Islamabad
27 Nov, Conference on Cyber Security at
200
2004 Karachi
Sep-Dec-04 Training of Police Agency officers 300
in the area of Digital Evidence
 Islamabad, Peshawar, Lahore,
Karachi, Quetta and Muzafrabad
Lecture on Cyber Security to
3rd Dec,07 52
trainee NAB Officers
One day Seminar on Cyber 60 Trainee Judges
17th Dec,07
Security from Punjab
Lecture on Information Security
18th Dec,07 35
in NAB
Lecture on Information Security
28th Jan,08 55
in NAB
Four Days Training Workshop for
28th Jan to
under training ASPs at National 37
30th Jan,08
Police Academy
4th One day workshop on Cyber
60
March,08 Security Challenges & Solutions
Lecture on Introduction to Cyber
12th Apr,08 50
Crimes
One day Seminar on Cyber
14th Apr, 08 Terrorism: A threat to Critical 45
Information Infrastructure
26th Apr,08 Lecture on Cyber Security 65
Lecture on Eminent Threat of
28th Apr,08 50
Cyber Crimes & Cyber Terrorism
One day Seminar on Awareness of
8th May,08 150
Cyber Crimes/Electronic Crimes

2.FIA TEAM SKILL IMPROVE TO HELP ORGANIZATIONS:

NR3C is helping to improve the skill level of FIA officer and official to
interrogate such kind of hi-tech and sophisticated crimes, through training,
seminars and workshops.

3.HANDLING OF CYBER CRIMES IN PAKISTAN

 The major category of cases which is handled is as under:

 Financial Crimes
 Email Treating
 Denial of Service attack and DDOS attack.
 Virus / Worm attacks.
 Internet time thefts.
 Unauthorized to access the system
 Credit Cards Frauds
 Anti Pakistan/Islam material on websites
 ATM Frauds
 Mobile communication
 Theft of Systems
 Web SMS
 Pornography
 Interpol Cases

4.ASSISTANCE PROVIDE TO OTHER ORGANIZATION:

Provided real time help and assistance to number of financial


institutions in their efforts regarding information security.
Facilitates police departments in tracing a large number of cases

involving electronic evidence like e-mail and telephone messages etc.
 Provided assistance to finalize cyber laws.
Provided training to lawyers and judges through Islamic University &

Judicial Academy.
Nature of the cases reported to NR3C/FIA