Information Technology Act, 2000

History of the Act

The United Nations General Assembly by resolution A/RES/51/162, dated the 30 January 1997 has adopted the Model Law on Electronic Commerce adopted by theUnited Nations Commission on International Trade Law. This is referred to as the UNCITRAL Model Law on E-Commerce. Following the UN Resolution India passed the Information Technology Act 2000 in May 2000 and notified it for effectiveness on October 17, 2000. The Information technology Act 2000 has been substantially amended through the Information Technology Amendment Act 2008 which was passed by the two houses of the Indian Parliament on December 23, and 24, 2008. It got the Presidential assent on February 5, 2009 and was notified for effectiveness on October 27, 2009. A complete history of how the current version of the Information Technology Act -2008 version evolved over a period of time between 1998 to 2009 is available at the reference link given under external links below.'

Specifics of the Act

Information technology Act 2000 consisted of 94 sections segregated into 13 chapters. Four schedules form part of the Act. In the 2008 version of the Act, there are 124 sections (excluding 5 sections that have been omitted from the earlier version) and 14 chapters. Schedule I and II have been replaced. Schedules III and IV are deleted.

Essence of the Act

Information Technology Act 2000 addressed the following issues: 1. Legal Recognition of Electronic Documents 2. Legal Recognition of Digital Signatures 3. Offenses and Contraventions 4. Justice Dispensation Systems for Cybercrimes ITAA 2008 (Information Technology Amendment Act 2008) as the new version of Information Technology Act 2000 is often referred has provided additional focus on Information Security. It has added several new sections on offences including Cyber Terrorism and Data Protection.

The Information Technology (Amendment) Act, 2008

The Government of India has brought major amendments to ITA-2000 in form of the Information Technology Amendment Act, 2008. A set of Rules relating to Sensitive Personal Information and Reasonable Security Practices (mentioned in section 43A of the ITAA, 2008) was released in April 2011.

Criticism
The amendment was passed in an eventful Parliamentary session on 23rd of December 2008 with no discussion in the House. Some of the cyber law observers have criticized the amendments on the ground of lack of legal and procedural safeguards to prevent violation of civil liberties of Indians. There have also been appreciation about the amendments from many observers because it addresses the issue of Cyber Security. Section 69 empowers the Central Government/State Government/ its authorized agency to intercept, monitor or decrypt any information generated, transmitted, received or stored in any computer resource if it is necessary or expedient so to do in the interest of the sovereignty or integrity of India, defence of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence or for investigation of any offence. They can also secure assistance from computer personnel in decrypting data (see mandatory decryption), under penalty of imprisonment

Notification Of IT Act 2008

The Information Technology Amendment Act, 2008 (IT Act 2008) has been passed on 23rd December 2008 and received the assent of President of India on 5th February, 2009. The IT Act 2008 has been notified onOct 27 2009

Legal aspects of computing are related to various areas of law. Cyberlaw is a term that encapsulates the legal issues related to use of communicative, transactional, and distributive aspects of networked information devices and technologies. It is less a distinct field of law than property or contract law, as it is a domain covering many areas of law and regulation. Some leading topics include intellectual property, privacy, freedom of expression, and jurisdiction. Information Technology Law (or IT Law) is a set of recent legal enactments, currently in existence in several countries, which governs the process and dissemination of information digitally. These legal enactments cover a broad gamut of different aspects relating to computer software, protection of computer software, access and control of digital information, privacy, security, internet access and usage, and electronic commerce. These laws have been described as "paper laws" for "paperless environment".

Areas of law
See also: Software law There is intellectual property in general, including copyright, rules on fair use, and special rules on copy protection for digital media, and circumvention of such schemes. The area of software patents is controversial, and still evolving in Europe and elsewhere.[1] The related topics of software licenses, end user license agreements, free software licenses and opensource licenses can involve discussion of product liability, professional liability of individual developers, warranties, contract law, trade secrets and intellectual property. In various countries, areas of the computing and communication industries are regulated often strictly by government bodies. There are rules on the uses to which computers and computer networks may be put, in particular there are rules on unauthorized access, data privacy and spamming. There are also limits on the use of encryptionand of equipment which may be used to defeat copy protection schemes. The export of Hardware and Software between certain states is also controlled. There are laws governing trade on the Internet, taxation, consumer protection, and advertising.

There are laws on censorship versus freedom of expression, rules on public access to government information, and individual access to information held on them by private bodies. There are laws on what data must be retained for law enforcement, and what may not be gathered or retained, for privacy reasons. In certain circumstances and jurisdictions, computer communications may be used in evidence, and to establish contracts. New methods of tapping and surveillance made possible by computers have wildly differing rules on how they may be used by law enforcement bodies and as evidence in court. Computerized voting technology, from polling machines to internet and mobile-phone voting, raise a host of legal issues. Some states limit access to the Internet, by law as well as by technical means.

Cyber Law in INDIA

Why Cyberlaw in India ? When Internet was developed, the founding fathers of Internet hardly had any inclination that Internet could transform itself into an all pervading revolution which could be misused for criminal activities and which required regulation. Today, there are many disturbing things happening in cyberspace. Due to the anonymous nature of the Internet, it is possible to engage into a variety of criminal activities with impunity and people with intelligence, have been grossly misusing this aspect of the Internet to perpetuate criminal activities incyberspace. Hence the need for Cyberlaws in India.

What is the importance of Cyberlaw ?

Cyberlaw is important because it touches almost all aspects of transactions and activities on and concerning the Internet, the World Wide Web and Cyberspace. Initially it may seem that Cyberlaws is a very technical field and that it does not have any bearing to most activities in Cyberspace. But the actual truth is that nothing could be further than the truth. Whether we realize it or not, every action and every reaction in Cyberspace has some legal and Cyber legal perspectives.

Does Cyberlaw concern me ?

Yes, Cyberlaw does concern you. As the nature of Internet is changing and this new medium is being seen as the ultimate medium ever evolved in human history, every activity of yours in Cyberspace can and will have a Cyberlegal perspective. From the time you register your Domain Name, to the time you set up your web site, to the time you promote your website, to the time when you send and receive emails , to the time you conduct electronic commerce transactions on the said site, at every point of time, there are variousCyberlaw issues involved. You may not be bothered about these issues today because you may feel that they are very distant from you and that they do not have an impact on your Cyber activities. But sooner or later, you will have to tighten your belts and take note of Cyberlaw for your own benefit.

Cyber Laws in India In May 2000, both the houses of the Indian Parliament passed theInformation Technology Bill. The Bill received the assent of the President in August 2000 and came to be known as the Information Technology Act, 2000. Cyber laws are contained in the IT Act, 2000.

This Act aims to provide the legal infrastructure for e-commerce in India. And the cyber laws have a major impact for e-businesses and the new economy in India. So, it is important to understand what are the various perspectives of the IT Act, 2000 and what it offers. The Information Technology Act, 2000 also aims to provide for the legal framework so that legal sanctity is accorded to all electronic records and other activities carried out by electronic means. The Act states that unless otherwise agreed, an acceptance of contract may be expressed by electronic means of communication and the same shall have legal validity and enforceability. Some highlights of the Act are listed below: Chapter-II of the Act specifically stipulates that any subscriber may authenticate an electronic record by affixing his digital signature. It further states that any person can verify an electronic record by use of a public key of the subscriber. Chapter-III of the Act details about Electronic Governance and provides inter alia amongst others that where any law provides that information or any other matter shall be in writing or in the typewritten or printed form, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied if such information or matter is rendered or made available in an electronic form; and accessible so as to be usable for a subsequent reference

The said chapter also details the legal recognition of Digital Signatures. Chapter-IV of the said Act gives a scheme for Regulation of Certifying Authorities. The Act envisages a Controller of Certifying Authorities who shall perform the function of exercising supervision over the activities of the Certifying Authorities as also laying down standards and conditions governing the Certifying Authorities as also specifying the various forms and content of Digital Signature Certificates. The Act recognizes the need for recognizing foreign Certifying Authorities and it further details the various provisions for the issue of license to issue Digital Signature Certificates. Chapter-VII of the Act details about the scheme of things relating to Digital Signature Certificates. The duties of subscribers are also enshrined in the said Act. Chapter-IX of the said Act talks about penalties and adjudication for various offences. The penalties for damage to computer, computer systems etc. has been fixed as

damages by way of compensation not exceeding Rs. 1,00,00,000 to affected persons. The Act talks of appointment of any officers not below the rank of a Director to the Government of India or an equivalent officer of state government as an Adjudicating Officer who shall adjudicate whether any person has made a contravention of any of the provisions of the said Act or rules framed there under. The said Adjudicating Officer has been given the powers of a Civil Court. Chapter-X of the Act talks of the establishment of the Cyber Regulations Appellate Tribunal, which shall be an appellate body where appeals against the orders passed by the Adjudicating Officers, shall be preferred. Chapter-XI of the Act talks about various offences and the said offences shall be investigated only by a Police Officer not below the rank of the Deputy Superintendent of Police. These offences include tampering with computer source documents, publishing of information, which is obscene in electronic form, and hacking. The Act also provides for the constitution of the Cyber Regulations Advisory Committee, which shall advice the government as regards any rules, or for any other purpose connected with the said act. The said Act also proposes to amend the Indian Penal Code, 1860, the Indian Evidence Act, 1872, The Bankers' Books Evidence Act, 1891, The Reserve Bank of India Act, 1934 to make them in tune with the provisions of the IT Act.

Advantages of Cyber Laws The IT Act 2000 attempts to change outdated laws and provides ways to deal with cyber crimes. We need such laws so that people can perform purchase transactions over the Net through credit cards without fear of misuse. The Act offers the much-needed legal framework so that information is not denied legal effect, validity or enforceability, solely on the ground that it is in the form of electronic records. In view of the growth in transactions and communications carried out through electronic records, the Act seeks to empower government departments to accept filing, creating and retention of official documents in the digital format. The Act has also proposed a legal framework for the authentication and origin of electronic records / communications through digital signature. From the perspective of e-commerce in India, the IT Act 2000 and its provisions contain many positive aspects. Firstly, the implications of these provisions for the e-businesses would be that email would now be a valid and legal form of communication in our country that can be duly produced and approved in a court of law. Companies shall now be able to carry out electronic commerce using the legal infrastructure provided by the Act. Digital signatures have been given legal validity and sanction in the Act. The Act throws open the doors for the entry of corporate companies in the business of being Certifying Authorities for issuing Digital Signatures Certificates.

The Act now allows Government to issue notification on the web thus heralding egovernance. The Act enables the companies to file any form, application or any other document with any office, authority, body or agency owned or controlled by the appropriate Government in electronic form by means of such electronic form as may be prescribed by the appropriate Government. The IT Act also addresses the important issues of security, which are so critical to the success of electronic transactions. The Act has given a legal definition to the concept of secure digital signatures that would be required to have been passed through a system of a security procedure, as stipulated by the Government at a later date. Under the IT Act, 2000, it shall now be possible for corporates to have a statutory remedy in case if anyone breaks into their computer systems or network and causes damages or copies data. The remedy provided by the Act is in the form of monetary damages, not exceeding Rs. 1 crore

IT Act of India 2000

In May 2000, both the houses of the Indian Parliament passed the Information Technology Bill. The Bill received the assent of the President in August 2000 and came to be known as the Information Technology Act, 2000. Cyber laws are contained in the IT Act, 2000. This Act aims to provide the legal infrastructure for e-commerce in India. And the cyber laws have a major impact for e-businesses and the new economy in India. So, it is important to understand what are the various perspectives of the IT Act, 2000 and what it offers. The Information Technology Act, 2000 also aims to provide for the legal framework so that legal sanctity is accorded to all electronic records and other activities carried out by electronic means. The Act states that unless otherwise agreed, an acceptance of contract may be expressed by electronic means of communication and the same shall have legal validity and enforceability. Some highlights of the Act are listed below: Chapter-II of the Act specifically stipulates that any subscriber may authenticate an electronic record by affixing his digital signature. It further states that any person can verify an electronic record by use of a public key of the subscriber. Chapter-III of the Act details about Electronic Governance and provides inter alia amongst others that where any law provides that information or any other matter shall be in writing or in the typewritten or printed form, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied if such information or matter is rendered or made available in an electronic form; and accessible so as to be usable for a subsequent reference. The said chapter also details the legal recognition of Digital Signatures. Chapter-IV of the said Act gives a scheme for Regulation of Certifying Authorities. The Act envisages a Controller of Certifying Authorities who shall perform the function of exercising supervision over the activities of the Certifying Authorities as also laying down standards and conditions governing the Certifying Authorities as also specifying the various forms and content of Digital Signature Certificates. The Act recognizes the need for recognizing foreign Certifying Authorities and it further details the various provisions for the issue of license to issue Digital Signature Certificates. Chapter-VII of the Act details about the scheme of things relating to Digital Signature Certificates. The duties of subscribers are also enshrined in the said Act.

Chapter-IX of the said Act talks about penalties and adjudication for various offences. The penalties for damage to computer, computer systems etc. has been fixed as damages by way of compensation not exceeding Rs. 1,00,00,000 to affected persons. The Act talks of appointment of any officers not below the rank of a Director to the Government of India or an equivalent officer of state government as an Adjudicating Officer who shall adjudicate whether any person has made a contravention of any of the provisions of the said Act or rules framed there under. The said Adjudicating Officer has been given the powers of a Civil Court. Chapter-X of the Act talks of the establishment of the Cyber Regulations Appellate Tribunal, which shall be an appellate body where appeals against the orders passed by the Adjudicating Officers, shall be preferred. Chapter-XI of the Act talks about various offences and the said offences shall be investigated only by a Police Officer not below the rank of the Deputy Superintendent of Police. These offences include tampering with computer source documents, publishing of information, which is obscene in electronic form, and hacking. The Act also provides for the constitution of the Cyber Regulations Advisory Committee, which shall advice the government as regards any rules, or for any other purpose connected with the said act. The said Act also proposes to amend the Indian Penal Code, 1860, the Indian Evidence Act, 1872, The Bankers' Books Evidence Act, 1891, The Reserve Bank of India Act, 1934 to make them in tune with the provisions of the IT Act. Advantages of Cyber Laws The IT Act 2000 attempts to change outdated laws and provides ways to deal with cyber crimes. We need such laws so that people can perform purchase transactions over the Net through credit cards without fear of misuse. The Act offers the much-needed legal framework so that information is not denied legal effect, validity or enforceability, solely on the ground that it is in the form of electronic records. In view of the growth in transactions and communications carried out through electronic records, the Act seeks to empower government departments to accept filing, creating and retention of official documents in the digital format. The Act has also proposed a legal framework for the authentication and origin of electronic records / communications through digital signature. From the perspective of e-commerce in India, the IT Act 2000 and its provisions contain many positive aspects. Firstly, the implications of these provisions for the e-businesses would be that email would now be a valid and legal form of communication in our country that can be duly produced and approved in a court of law. Companies shall now be able to carry out electronic commerce using the legal infrastructure provided by the Act. Digital signatures have been given legal validity and sanction in the Act. The Act throws open the doors for the entry of corporate companies in the business of being Certifying Authorities for issuing Digital Signatures Certificates. The Act now allows Government to issue notification on the web thus heralding e-governance. The Act enables the companies to file any form, application or any other document with any office, authority, body or agency owned or controlled by the appropriate Government in electronic form by means of such electronic form as may be prescribed by the appropriate Government. The IT Act also addresses the important issues of security, which are so critical to the success of electronic transactions. The Act has given a legal definition to the concept of secure digital signatures that would be required to have been passed through a system of a security procedure, as stipulated by the Government at a later date. Under the IT Act, 2000, it shall now be possible for corporates to have a statutory remedy in case if anyone breaks into their computer systems or network and causes damages or copies data. The remedy provided by the Act is in the form of monetary damages, not exceeding Rs. 1 crore.

Cyber Law of India : Introduction

In Simple way we can say that cyber crime is unlawful acts wherein the computer is either a tool or a target or both

Cyber crimes can involve criminal activities that are traditional in nature, such as theft, fraud, forgery, defamation and mischief, all of which are subject to the Indian Penal Code. The abuse of computers has also given birth to a gamut of new age crimes that are addressed by the Information Technology Act, 2000.
We can categorize Cyber crimes in two ways The Computer as a Target :-using a computer to attack other computers. e.g. Hacking, Virus/Worm attacks, DOS attack etc. The computer as a weapon :-using a computer to commit real world crimes. e.g. Cyber Terrorism, IPR violations, Credit card frauds, EFT frauds, Pornography etc. Cyber Crime regulated by Cyber Laws or Internet Laws. Technical Aspects Technological advancements have created new possibilities for criminal activity, in particular the criminal misuse of information technologies such as a. Unauthorized access & Hacking:Access means gaining entry into, instructing or communicating with the logical, arithmetical, or memory function resources of a computer, computer system or computer network. Unauthorized access would therefore mean any kind of access without the permission of either the rightful owner or the person in charge of a computer, computer system or computer network. Every act committed towards breaking into a computer and/or network is hacking. Hackers write or use readymade computer programs to attack the target computer. They possess the desire to destruct and they get the kick out of such destruction. Some hackers hack for personal monetary gains, such as to stealing the credit card information, transferring money from various bank accounts to their own account followed by withdrawal of money. By hacking web server taking control on another persons website called as web hijacking b. Trojan Attack:The program that act like something useful but do the things that are quiet damping. The programs of this kind are called as Trojans. The name Trojan Horse is popular. Trojans come in two parts, a Client part and a Server part. When the victim (unknowingly) runs the server on its machine, the attacker will then use the Client to connect to the Server and start using the trojan. TCP/IP protocol is the usual protocol type used for communications, but some functions of the trojans use the UDP protocol as well.

c. Virus and Worm attack:A program that has capability to infect other programs and make copies of itself and spread into other programs is called virus. Programs that multiply like viruses but spread from computer to computer are called as worms. d. E-mail & IRC related crimes:1. Email spoofing Email spoofing refers to email that appears to have been originated from one source when it was actually sent from another source. Please Read 2. Email Spamming Email "spamming" refers to sending email to thousands and thousands of users - similar to a chain letter. 3 Sending malicious codes through email E-mails are used to send viruses, Trojans etc through emails as an attachment or by sending a link of website which on visiting downloads malicious code. 4. Email bombing E-mail "bombing" is characterized by abusers repeatedly sending an identical email message to a particular address. 5. Sending threatening emails 6. Defamatory emails 7. Email frauds 8. IRC related Three main ways to attack IRC are: "verbal 8218;? #8220; attacks, clone attacks, and flood attacks. e. Denial of Service attacks:Flooding a computer resource with more requests than it can handle. This causes the resource to crash thereby denying access of service to authorized users.
Our support will keep you aware of types of Cyber crimes while companies such as www.Lifelock.com can give you the right protection against them.

Examples include attempts to "flood" a network, thereby preventing legitimate network traffic attempts to disrupt connections between two machines, thereby preventing access to a service attempts to prevent a particular individual from accessing a service

attempts to disrupt service to a specific system or person.

MORE (PAGE 2)
Distributed DOS A distributed denial of service (DoS) attack is accomplished by using the Internet to break into computers and using them to attack a network. Hundreds or thousands of computer systems across the Internet can be turned into zombies and used to attack another system or website. Types of DOS There are three basic types of attack: a. Consumption of scarce, limited, or non-renewable resources like NW bandwith, RAM, CPU time. Even power, cool air, or water can affect. b. Destruction or Alteration of Configuration Information c. Physical Destruction or Alteration of Network Components e. Pornography:The literal mining of the term 'Pornography' is describing or showing sexual acts in order to cause sexual excitement through books, films, etc. This would include pornographic websites; pornographic material produced using computers and use of internet to download and transmit pornographic videos, pictures, photos, writings etc. Adult entertainment is largest industry on internet.There are more than 420 million individual pornographic webpages today. Research shows that 50% of the web-sites containing potentially illegal contents relating to child abuse were PayPer-View. This indicates that abusive images of children over Internet have been highly commercialized. Pornography delivered over mobile phones is now a burgeoning business, driven by the increase in sophisticated services that deliver video clips and streaming video, in addition to text and images. Effects of Pornography Research has shown that pornography and its messages are involved in shaping attitudes and encouraging behavior that can harm individual users and their families. Pornography is often viewed in secret, which creates deception within marriages that can lead to divorce in some cases. In addition, pornography promotes the allure of adultery, prostitution and unreal expectations that can result in dangerous promiscuous behavior. Some of the common, but false messages sent by sexualized culture.

Sex with anyone, under any circumstances, any way it is desired, is beneficial and does not have negative consequences. Women have one value - to meet the sexual demands of men. Marriage and children are obstacles to sexual fulfillment. Everyone is involved in promiscuous sexual activity, infidelity and premarital sex. Pornography Addiction Dr. Victor Cline, an expert on Sexual Addiction, found that there is a four-step progression among many who consume pornography. 1.Addiction: Pornography provides a powerful sexual stimulant or aphrodisiac effect, followed by sexual release, most often through masturbation. 2.Escalation: Over time addicts require more explicit and deviant material to meet their sexual "needs." 3.Desensitization: What was first perceived as gross, shocking and disturbing, in time becomes common and acceptable. 4.Acting out sexually: There is an increasing tendency to act out behaviors viewed in pornography. g. Forgery:Counterfeit currency notes, postage and revenue stamps, mark sheets etc can be forged using sophisticated computers, printers and scanners. Also impersonate another person is considered forgery. h. IPR Violations:These include software piracy, copyright infringement, trademarks violations, theft of computer source code, patent violations. etc. Cyber Squatting- Domain names are also trademarks and protected by ICANNs domain dispute resolution policy and also under trademark laws. Cyber Squatters registers domain name identical to popular service providers domain so as to attract their users and get benefit from it. i. Cyber Terrorism:Targeted attacks on military installations, power plants, air traffic control, banks, trail traffic control, telecommunication networks are the most likely targets. Others like police, medical, fire and rescue systems etc. Cyberterrorism is an attractive option for modern terrorists for several reasons. 1.It is cheaper than traditional terrorist methods. 2.Cyberterrorism is more anonymous than traditional terrorist methods.

3.The variety and number of targets are enormous. 4.Cyberterrorism can be conducted remotely, a feature that isespecially appealing to terrorists. 5.Cyberterrorism has the potential to affect directly a larger number of people. j. Banking/Credit card Related crimes:In the corporate world, Internet hackers are continually looking for opportunities to compromise a companys security in order to gain access to confidential banking and financial information. Use of stolen card information or fake credit/debit cards are common. Bank employee can grab money using programs to deduce small amount of money from all customer accounts and adding it to own account also called as salami. k. E-commerce/ Investment Frauds:Sales and Investment frauds. An offering that uses false or fraudulent claims to solicit investments or loans, or that provides for the purchase, use, or trade of forged or counterfeit securities. Merchandise or services that were purchased or contracted by individuals online are never delivered. The fraud attributable to the misrepresentation of a product advertised for sale through an Internet auction site or the non-delivery of products purchased through an Internet auction site. Investors are enticed to invest in this fraudulent scheme by the promises of abnormally high profits. l. Sale of illegal articles:This would include trade of narcotics, weapons and wildlife etc., by posting information on websites, auction websites, and bulletin boards or simply by using email communication. Research shows that number of people employed in this criminal area. Daily peoples receiving so many emails with offer of banned or illegal products for sale. m. Online gambling:There are millions of websites hosted on servers abroad, that offer online gambling. In fact, it is believed that many of these websites are actually fronts for money laundering. n. Defamation: Defamation can be understood as the intentional infringement of another person's right to his good name. Cyber Defamation occurs when defamation takes place with the help of computers and / or the Internet. E.g. someone publishes defamatory matter about someone on a website or sends e-mails containing defamatory information to all of that person's friends. Information posted to a bulletin board can be accessed by anyone. This means that anyone can place Cyber defamation is also called as Cyber smearing. Cyber Stacking:-

Cyber stalking involves following a persons movements across the Internet by posting messages (sometimes threatening) on the bulletin boards frequented by the victim, entering the chat-rooms frequented by the victim, constantly bombarding the victim with emails etc. In general, the harasser intends to cause emotional distress and has no legitimate purpose to his communications. p. Pedophiles:Also there are persons who intentionally prey upon children. Specially with a teen they will let the teen know that fully understand the feelings towards adult and in particular teen parents. They earns teens trust and gradually seduce them into sexual or indecent acts. Pedophiles lure the children by distributing pornographic material, then they try to meet them for sex or to take their nude photographs including their engagement in sexual positions. q. Identity Theft :Identity theft is the fastest growing crime in countries like America. Identity theft occurs when someone appropriates another's personal information without their knowledge to commit theft or fraud. Identity theft is a vehicle for perpetrating other types of fraud schemes. r. Data diddling:Data diddling involves changing data prior or during input into a computer. In other words, information is changed from the way it should be entered by a person typing in the data, a virus that changes data, the programmer of the database or application, or anyone else involved in the process of having information stored in a computer file. It also include automatic changing the financial information for some time before processing and then restoring original information. s. Theft of Internet Hours:Unauthorized use of Internet hours paid for by another person. By gaining access to an organisation's telephone switchboard (PBX) individuals or criminal organizations can obtain access to dial-in/dial-out circuits and then make their own calls or sell call time to third parties. Additional forms of service theft include capturing 'calling card' details and on-selling calls charged to the calling card account, and counterfeiting or illicit reprogramming of stored value telephone cards. t. Theft of computer system (Hardware):This type of offence involves the theft of a computer, some part(s) of a computer or a peripheral attached to the computer. u. Physically damaging a computer system:Physically damaging a computer or its peripheralseither by shock, fire or excess electric supply etc.

v. Breach of Privacy and Confidentiality Privacy Privacy refers to the right of an individual/s to determine when, how and to what extent his or her personal data will be shared with others. Breach of privacy means unauthorized use or distribution or disclosure of personal information like medical records, sexual preferences, financial status etc. Confidentiality It means non disclosure of information to unauthorized or unwanted persons. In addition to Personal information some other type of information which useful for business and leakage of such information to other persons may cause damage to business or person, such information should be protected. Generally for protecting secrecy of such information, parties while sharing information forms an agreement about he procedure of handling of information and to not to disclose such information to third parties or use it in such a way that it will be disclosed to third parties. Many times party or their employees leak such valuable information for monitory gains and causes breach of contract of confidentiality. Special techniques such as Social Engineering are commonly used to obtain confidential information. MYSPACE CATCHES A MURDERER MySpace has played an important role in helping Oakland police apprehend a 19-year old man accused of shooting a San Leandro High School football player Greg "Doody" Ballard, Jr. Oakland police had a street name of a suspect and were able to identify Dwayne Stancill, 19 of Oakland from a picture they found on a gang's MySpace page. Police brought the suspect to their headquarters where detectives say he confessed. What was most troubling to investigators was the lack of motive for the killing. OFFICIAL WEBSITE OF MAHARASTRA GOVERNMENT HACKED MUMBAI, 20 September 2007 IT experts were trying yesterday to restore the official website of the government of Maharashtra, which was hacked in the early hours of Tuesday. Rakesh Maria, joint commissioner of police, said that the states IT officials lodged a formal complaint with the Cyber Crime Branch police on Tuesday. He added that the hackers would be tracked down. Yesterday the website, http://www.maharashtragovernment.in, remained blocked. Deputy Chief Minister and Home Minister R.R. Patil confirmed that the Maharashtra government website had been hacked. He added that the state government would seek the help of IT and the Cyber Crime Branch to investigate the hacking. We have taken a serious view of this hacking, and if need be the government would even go further and seek the help of private IT experts. Discussions are in progress between the officials of the IT Department and experts, Patil added. The state government website contains detailed information about government departments, circulars, reports, and several other topics. IT experts working on restoring the website told Arab News that they fear that the hackers may have destroyed all of the websites contents.

According to sources, the hackers may be from Washington. IT experts said that the hackers had identified themselves as Hackers Cool Al-Jazeera and claimed they were based in Saudi Arabia. They added that this might be a red herring to throw investigators off their trail. According to a senior official from the state governments IT department, the official website has been affected by viruses on several occasions in the past, but was never hacked. The official added that the website had no firewall.

Three people held guilty in on line credit card scam

Customers credit card details were misused through online means for booking air-tickets. These culprits were caught by the city Cyber Crime Investigation Cell in pune. It is found that details misused were belonging to 100 people. Mr. Parvesh Chauhan, ICICI Prudential Life Insurance officer had complained on behalf of one of his customer. In this regard Mr. Sanjeet Mahavir Singh Lukkad, Dharmendra Bhika Kale and Ahmead Sikandar Shaikh were arrested. Lukkad being employeed at a private institution, Kale was his friend. Shaiklh was employed in one of the branches of State Bank of India . According to the information provided by the police, one of the customer received a SMS based alert for purchasing of the ticket even when the credit card was being held by him. Customer was alert and came to know something was fishy; he enquired and came to know about the misuse. He contacted the Bank in this regards. Police observed involvement of many Bank's in this reference. The tickets were book through online means. Police requested for the log details and got the information of the Private Institution. Investigation revealed that the details were obtained from State Bank of India . Shaikh was working in the credit card department; due to this he had access to credit card details of some customers. He gave that information to Kale. Kale in return passed this information to his friend Lukkad. Using the information obtained from Kale Lukkad booked tickets. He used to sell these tickets to customers and get money for the same. He had given few tickets to various other institutions. Cyber Cell head DCP Sunil Pulhari and PI Mohan Mohadikar A.P.I Kate were involved in eight days of investigation and finally caught the culprits. In this regards various Banks have been contacted; also four air-line industries were contacted. DCP Sunil Pulhari has requested customers who have fallen in to this trap to inform police authorities on 2612-4452 or 2612-3346 if they have any problems.

How cyber crime operations work and why they make money
Hackers are no longer motivated by notoriety it's now all about the money. Guillaume Lovet, Threat Response Team Leader at security firm Fortinet, identifies the players, their roles and the returns they enjoy on their investments. Cybercrime which is regulated by Internet Law (Cyber Law) or IT Act has become a profession and the demographic of your typical cybercriminal is changing rapidly, from bedroom-bound geek to the type of organised gangster more traditionally associated with drug-trafficking, extortion and money laundering. It has become possible for people with comparatively low technical skills to steal thousands of pounds a day without leaving their homes. In fact, to make more money than can be made selling heroin (and with far less risk), the only time the criminal need leave his PC is to collect his cash. Sometimes they don't even need to do that. In all industries, efficient business models depend upon horizontal separation of production processes, professional services, sales channels etc. (each requiring specialised skills and resources), as well as a good deal of trade at prices set by the market forces of supply and demand. Cybercrime is no different: it boasts a buoyant international market for skills, tools and finished product. It even has its own currency. The rise of cybercrime is inextricably linked to the ubiquity of credit card transactions and online bank accounts. Get hold of this financial data and not only can you steal silently, but also through a process of virus-driven automation with ruthlessly efficient and hypothetically infinite frequency. The question of how to obtain credit card/bank account data can be answered by a selection of methods each involving their own relative combinations of risk, expense and skill.

The most straightforward is to buy the finished product. In this case well use the example of an online bank account. The product takes the form of information necessary to gain authorised control over a bank account with a six-figure balance. The cost to obtain this information is $400 (cybercriminals always deal in dollars). It seems like a small figure, but for the work involved and the risk incurred its very easy money for the criminal who can provide it. Also remember that this is an international trade; many cyber-criminals of this ilk are from poor countries in Eastern Europe, South America or South-East Asia. The probable marketplace for this transaction will be a hidden IRC (Internet Relay Chat) chatroom. The $400 fee will most likely be exchanged in some form of virtual currency such as e-gold. Not all cyber-criminals operate at the coalface, and certainly dont work exclusively of one another; different protagonists in the crime community perform a range of important, specialised functions. These broadly encompass: Coders comparative veterans of the hacking community. With a few years' experience at the art and a list of established contacts, coders produce ready-to-use tools (i.e. Trojans, mailers, custom bots) or services (such as making a binary code undetectable to AV engines) to the cybercrime labour force the kids. Coders can make a few hundred dollars for every criminal activity they engage in. Kids so-called because of their tender age: most are under 18. They buy, trade and resell the elementary building blocks of effective cyber-scams such as spam lists, php mailers, proxies, credit card numbers, hacked hosts, scam pages etc. Kids will make less than $100 a month, largely because of the frequency of being ripped off by one another. Drops the individuals who convert the virtual money obtained in cybercrime into real cash. Usually located in countries with lax e-crime laws (Bolivia, Indonesia and Malaysia are currently very popular), they represent safe addresses for goods purchased with stolen financial details to be sent, or else safe legitimate bank accounts for money to be transferred into illegally, and paid out of legitimately. Mobs professionally operating criminal organisations combining or utilising all of the functions covered by the above. Organised crime makes particularly good use of safe drops, as well as recruiting accomplished coders onto their payrolls. Gaining control of a bank account is increasingly accomplished through phishing. There are other cybercrime techniques, but space does not allow their full explanation. All of the following phishing tools can be acquired very cheaply: a scam letter and scam page in your chosen language, a fresh spam list, a selection of php mailers to spam-out 100,000 mails for six hours, a hacked website for hosting the scam page for a few days, and finally a stolen but valid credit card with which to register a domain name. With all this taken care of, the total costs for sending out 100,000 phishing emails can be as little as $60. This kind of phishing trip will uncover at least 20 bank accounts of varying cash balances, giving a market value of $200 $2,000 in e-gold if the details were simply sold to another cybercriminal. The worst-case scenario is a 300% return on the investment, but it could be ten times that. Better returns can be accomplished by using drops to cash the money. The risks are high, though: drops may take as much as 50% of the value of the account as commission, and instances of ripping off or grassing up to the police are not uncommon. Cautious phishers often separate themselves from the physical cashing of their spoils via a series of drops that do not know one another. However, even taking into account the 50% commission, and a 50% rip-off rate, if we assume a single stolen balance of $10,000 $100,000, then the phisher is still looking at a return of between 40 and 400 times the meagre outlay of his/her phishing trip. In large operations, offshore accounts are invariably used to accumulate the criminal spoils. This is more complicated and far more expensive, but ultimately safer. The alarming efficiency of cybercrime can be illustrated starkly by comparing it to the illegal narcotics business. One is faster, less detectable, more profitable (generating a return around 400 times higher than the outlay) and primarily non-violent. The other takes months or years to set-up or realise an investment, is cracked down upon by all almost all governments internationally, fraught with expensive overheads, and extremely dangerous. Add phishing to the other cyber-criminal activities driven by hacking and virus technologies such as carding, adware/spyware planting, online extortion, industrial spying and mobile phone dialers and youll find a healthy community of cottage industries and international organisations working together productively and trading for impressive profits. Of course these people are threatening businesses and individuals with devastating loss, financial hardship and troubling uncertainty and must be stopped. On top of viruses, worms, bots and Trojan attacks, organisations in particular are contending with social engineering deception and traffic masquerading as legitimate applications on the network. In a reactive approach to this onslaught, companies have been layering their networks with stand alone firewalls, intrusion prevention devices, anti-virus and anti-spyware solutions in a desperate attempt to plug holes in the armoury. They're beginning to recognise it's a failed strategy. After all, billions of pounds are being spent on security technology, and yet security breaches continue to rise. To fight cybercrime there needs to be a tightening of international digital legislation and of cross-border law enforcement co-ordination. But there also needs to be a more creative and inventive response from the organisations under threat. Piecemeal, reactive security solutions are giving way to strategically deployed multithreat security systems. Instead of having to install, manage and maintain disparate devices, organisations can

consolidate their security capabilities into a commonly managed appliance. These measures combined, in addition to greater user education are the best safeguard against the deviousness and pure innovation of cyber-criminal activities. ACCUSESD IN RS 400 MILLION SMS SCAM ARRESTED IN MUMBAI MUMBAI: The alleged mastermind behind a Rs 400 million SMS fraud that duped at least 50,000 people has been arrested along with an associate more than two months after the scam was unearthed. Jayanand Nadar, 30, and Ramesh Gala, 26, were arrested late on Monday from a hotel in Mira Road in the western suburbs. Nadar, a first year college dropout, along with his brother Jayaraj had allegedly duped at least 50,000 people of Rs.400 million, said officials in the city police's Economic Offences Wing (EOW). The two brothers along with Gala allegedly took help of SMS technology and launched the first-of-its- kind SMS fraud in India. According to EOW sources, in August 2006 the duo launched an aggressive and catchy advertisement campaign in the print media that read: "Nothing is impossible. The word itself is: I M Possible." As part of the attractive scheme, the Nadar brothers messaged random numbers, asking people interested in 'earning Rs.10,000 per month' to contact them. "The modus operandi adopted by the brothers was alluring," an EOW official said Tuesday. "Interested 'subscribers' were asked to deposit Rs.500 each. The conmen duo claimed to be working with a USbased company named Aropis Advertising Company, which wanted to market its client's products through SMS'," senior inspector A Thakur said. "The brothers even put up a website (www.getpaid4sms. com) to promote their scheme. Subscribers who registered with them received about 10 SMS' every day about various products and were promised handsome commissions if they managed to rope in more subscribers by forwarding the messages," Thakur said. In return, the Nadars promised to pay Rs.10,000 over 16 months to the investors. The amount was to be paid in instalments of Rs.1,000 every few months. The brothers are said to have told the subscribers that their American clients wanted to conduct a study about local response to their advertisement and were using SMS as it was the latest medium of communication. The duo invited people to become agents and get more members for the scheme. Gala reportedly looked after the accounts. Initially, the brothers paid up small amounts. But when cheques and pay orders of larger sums issued by the duo were not honoured, the agents got worried. The SMSes too suddenly stopped. On November 30, one of the duped agents approached the DN Road police station and lodged a complaint after a bank failed to honour a pay order amounting Rs.2.17 million issued by the Nadar brothers. Then suddenly, the Nadars and Gala disappeared, leaving their agents and investors in the lurch. By December, the police were flooded with similar complaints. The DN Road police station registered a case against the brothers and Gala and later transferred it to the EOW. "By December 2006 the scheme had an over 50,000 membership in Mumbai alone. And we suspect that hundreds of thousands from across the country were also hooked to the scheme, thanks to a massive agent network and a doorto-door campaign carried out by the firm's now duped agents," Thakur said. "We suspect that the fraud amount may be over Rs.1 billion. With the extent of the scam spread across the country, we are still trying to get the details." During investigations, the EOW came to know that the Nadars, residents of the upmarket Juhu-Tara Road, owned a fleet of imported sport utility vehicles and sedans. "The brothers led an extravagant life. They would stay in top five star hotels, throw massive parties for investors and were also known faces in the city's Page-3 circuit," Thakur revealed. "We are now looking for Jayaraj, who has eluded arrest. Gala, who is believed to have looked after the accounts, and Jayanand have been remanded to police custody till March 5." CITY PRINCIPAL SEEKS POLICE HELP TO STOP CYBER CRIME Principals across the city seem to be taking a cue from principal of Bombay Scottish School, Mahim. After students began posting insults against him on Orkut, instead of punishing them he decided to call in cyber cell cops to talk to students. Now, other school principals have decided to bring in the cyber cell police to speak at their schools. They feel students and parents need to be educated against the legal and moral consequences of cyber crime.

Admitting to the existence of some mischievous students who misuse the internet and also stray into restricted sites due to lack of supervision, principals feel the cyber cell can play a huge role in educating students and warning them. Principal Rekha Vijaykar, GHK School, Santacruz, said that with more and more exposure to the internet, students had started misusing the freedom and hence needed to be monitored. "Monitoring and educating students against the pitfalls of visiting restricted sites is the responsibility of parents. However, the school too has to play an active role," she said. Principal Alka Lokre of J M Bajaj School, Nagothane concurred. "Students need to be oriented with soul searching and conscience questioning which will help restrain them from misusing modern amenities," she said. As a solution, Principal Fr Dr Francis Swamy of Holy Family School, Andheri, said that apart from educating students, parents and teachers also needed to be roped in for the success of any initiative against internet abuse. "Without the support of parents, no awareness programme can succeed. Parents need to be sensitised to the problem on hand and should be active in stopping their children from maligning anyone," he said. Principal Paul Machado of Campion School went a step further, highlighting the longterm effect of such uncontrolled freedom to students. "Parents must understand that today their children are misusing the internet to abuse others. Tomorrow, they may become victims of it too. Hence, parents need to be taken into confidence too to stem this rot." Apart from the above, all principals lauded the move by Dr D P N Prasad, Bombay Scottish principal, to invite the cyber cell to speak on cyber crime and said that they would also be inviting the cell officials to speak on the subject in their schools. UTI BANK HOOKED UP IN A PISHING ATTACK Fraudsters of cyberspace have reared its ugly head, the first of its kind this year, by launching a phishing attack on the website of Ahmedabad-based UTI Bank, a leading private bank promoted by India' s largest financial institution, Unit Trust of India (UTI). A URL on Geocities that is almost a facsimile version of the UTI Bank's home page is reported to be circulating amongst email users. The web page not only asks for the account holder's information such as user and transaction login and passwords, it has also beguilingly put up disclaimer and security hazard statements. " In case you have received any e-mail from an address appearing to be sent by UTIBANK, advising you of any changes made in your personal information, account details or information on your user id and password of your net banking facility, please do not respond. It is UTI Bank's policy not to seek or send such information through email. If you have already disclosed your password please change it immediately, " the warning says. The tricky link is available on http://br.geocities If any unsuspecting account holder enters his login id, password, transaction id and password in order to change his details as 'advised' by the bank, the same info is sent vide mailform.cz (the phisher's database). After investigation, we found that Mailform is a service of PC Svet, which is a part of the Czech company PES Consulting. The Webmaster of the site is a person named Petr Stastny whose e-mail can be found on the web page. Top officials at UTI Bank said that they have reported the case to the Economic Office Wing, Delhi Police. The bank has also engaged the services of Melbourne-based FraudWatch International, a leading anti-phishing company that offers phishing monitoring and take-down solutions. "We are now in the process of closing the site. Some of these initiatives take time, but customers have been kept in the loop about these initiatives, " said V K Ramani, President - IT, UTI Bank. As per the findings of UTI Bank's security department, the phishers have sent more that 1,00,000 emails to account holders of UTI Bank as well as other banks. Though the company has kicked off damage control initiatives, none of the initiatives are cent percent foolproof. " Now there is no way for banks to know if the person logging-in with accurate user information is a fraud," said Ramani. However, reliable sources within the bank and security agencies confirmed that the losses due to this particular attack were zilch. The bank has sent alerts to all its customers informing about such malicious websites, besides beefing up their alert and fraud response system. "Engaging professional companies like FraudWatch help in reducing time to respond to attacks," said Sanjay Haswar, Assistant Vice President, Network and Security, UTI Bank. ONLINE CREDIT CARD FRAUD ON E-BAY

Bhubaneswar: Rourkela police busted a racket involving an online fraud worth Rs 12.5 lakh. The modus operandi of the accused was to hack into the eBay India website and make purchases in the names of credit cardholders. Two persons, including alleged mastermind Debasis Pandit, a BCA student, were arrested and forwarded to the court of the subdivisional judicial magistrate, Rourkela. The other arrested person is Rabi Narayan Sahu. Superintendent of police D.S. Kutty said the duo was later remanded in judicial custody but four other persons allegedly involved in the racket were untraceable. A case has been registered against the accused under Sections 420 and 34 of the Indian Penal Code and Section 66 of the IT Act and further investigation is on, he said. While Pandit, son of a retired employee of Rourkela Steel Plant, was arrested from his Sector VII residence last night, Sahu, his associate and a constable, was nabbed at his house in Uditnagar. Pandit allegedly hacked into the eBay India site and gathered the details of around 700 credit cardholders. He then made purchases by using their passwords. The fraud came to the notice of eBay officials when it was detected that several purchases were made from Rourkela while the customers were based in cities such as Bangalore, Baroda and Jaipur and even London, said V. Naini, deputy manager of eBay.The company brought the matter to the notice of Rourkela police after some customers lodged complaints.Pandit used the address of Sahu for delivery of the purchased goods, said police. The gang was involved in train, flight and hotel reservations. The hand of one Satya Samal, recently arrested in Bangalore, is suspected in the crime. Samal had booked a room in a Bangalore hotel for three months. The hotel and transport bills rose to Rs 5 lakh, which he did not pay. Samal was arrested for non-payment of bills, following which Pandit rushed to Bangalore and stood guarantor for his release on bail, police sources said.

Cyber Law in INDIA

Why Cyberlaw in India ? When Internet was developed, the founding fathers of Internet hardly had any inclination that Internet could transform itself into an all pervading revolution which could be misused for criminal activities and which required regulation. Today, there are many disturbing things happening in cyberspace. Due to the anonymous nature of the Internet, it is possible to engage into a variety of criminal activities with impunity and people with intelligence, have been grossly misusing this aspect of the Internet to perpetuate criminal activities in cyberspace. Hence the need for Cyberlaws in India. What is the importance of Cyberlaw ? Cyberlaw is important because it touches almost all aspects of transactions and activities on and concerning the Internet, the World Wide Web and Cyberspace. Initially it may seem that Cyberlaws is a very technical field and that it does not have any bearing to most activities in Cyberspace. But the actual truth is that nothing could be further than the truth. Whether we realize it or not, every action and every reaction in Cyberspace has some legal and Cyber legal perspectives. Does Cyberlaw concern me ? Yes, Cyberlaw does concern you. As the nature of Internet is changing and this new medium is being seen as the ultimate medium ever evolved in human history, every activity of yours in Cyberspace can and will have a Cyberlegal perspective. From the time you register your Domain Name, to the time you set up your web site, to the time you promote your website, to the time when you send and receive emails , to the time you conduct electronic commerce transactions on the said site, at every point of time, there are various Cyberlaw issues involved. You may not be bothered about these issues today because you may feel that they are very distant from

you and that they do not have an impact on your Cyber activities. But sooner or later, you will have to tighten your belts and take note of Cyberlaw for your own benefit. Cyberlaw Awareness program Are your electronic transactions legally binding and authentic? Are you verifying your customers' identities to prevent identity theft? Does your online terms and conditions have binding effect? Are you providing appropriate information and clear steps for forming and concluding your online transactions? How are you ensuring data protection and information security on your web site? Are you recognising the rights of your data subjects? Transacting on the Internet has wide legal implications as it alters the conventional methods of doing business. To build enduring relationships with your online customers the legal issues of e-transactions need to be addressed from the onset. This Awareness program will cover the basics of Internet Security basic information on Indian Cyber Law Impact of technology aided crime Indian IT Act on covering the legal aspects of all Online Activities Types of Internet policies required for an Organization. Minium hardware and software, security measures required in an organization to protect data

Advantages of Cyber Laws

The IT Act 2000 attempts to change outdated laws and provides ways to deal with cyber crimes. We need such laws so that people can perform purchase transactions over the Net through credit cards without fear of misuse. The Act offers the much-needed legal framework so that information is not denied legal effect, validity or enforceability, solely on the ground that it is in the form of electronic records. In view of the growth in transactions and communications carried out through electronic records, the Act seeks to empower government departments to accept filing, creating and retention of official documents in the digital format. The Act has also proposed a legal framework for the authentication and origin of electronic records / communications through digital signature. * From the perspective of e-commerce in India, the IT Act 2000 and its provisions contain many positive aspects. Firstly, the implications of these provisions for the e-businesses would be that email would now be a valid and legal form of communication in our country that can be duly produced and approved in a court of law. * Companies shall now be able to carry out electronic commerce using the legal infrastructure provided by the Act. * Digital signatures have been given legal validity and sanction in the Act. * The Act throws open the doors for the entry of corporate companies in the business of being Certifying Authorities for issuing Digital Signatures Certificates. * The Act now allows Government to issue notification on the web thus heralding e-governance. * The Act enables the companies to file any form, application or any other document with any office, authority, body or agency owned or controlled by the appropriate Government in electronic form by means of such electronic form as may be prescribed by the appropriate Government. * The IT Act also addresses the important issues of security, which are so critical to the success of electronic transactions. The Act has given a legal definition to the concept of secure digital signatures that would be required to have been passed through a system of a security procedure, as stipulated by the Government at a later date. * Under the IT Act, 2000, it shall now be possible for corporates to have a statutory remedy in case if anyone breaks into their computer systems or network and causes damages or copies data. The remedy provided by the Act is in the form of monetary damages, not exceeding Rs. 1 crore.