Awareness and Prevention of Cyber Crime

By MR. XYZ

PREFACE
To best defend yourself and to defeat your enemies, you must first understand them: who they are, how they operate, and why. Throughout the ages, countless armies have used this strategy of studying and understanding their enemies in order to defeat them. However whereas enemies attempt to compromise, steal, or damage information resources using computers and Internet Protocol packets as their battlefields and weapons. We all know that computers, networks, software applications and the Internet have introduced opportunities to the world that no one thought possible. However, as is true with any technology, these same opportunities also carry risks. Organizations, businesses, and individual computer owners spend millions of dollars each year to protect their computer resources against these attacks. Virus scanners, firewalls, intrusion detection systems (IDs), encryption all of these technologies and techniques are used to protect information systems against attacks. However, the bad guys still succeed, and their success is growing exponentially. One reason for this string of successes is that very few individuals or organizations have taken a step back to better understand who and what the nature of the threats are, how they operate, and why. Only when we are armed with this knowledge, can we better defend against and defeat out enemies. This thesis explains the nature of some of these very real threats and gives you the tools and techniques to better learn who your enemies arc, low they operate, and why they choose to do so.

Awareness and Prevention of Cyber Crime

INDEX PART I WHAT IS CYBER CRIME CHAPTERS 1
o

INTRODUCTION TO CYBER CRIME Introduction to cyber crime o Conventional Crime o Cyber Crime o Distinction between conventional and cyber crime BRIEF HISTORY OF CYBER CRIME o 1971 to 2008 REASONS OF CYBER CRIME o Capacity to store data in comparative small space o Easy to access o Complex o Negligence o Loss of evidence o Computers store huge amounts of data in small spaces CYBER CRIMINALS o Children and adolescents between the age of 16-18 years o Organized hackers o Professional hackers/ crackers o Discontented employees

PAGE NO.

PART II MODE OF COMING CYBER CRIME CHAPTERS 1 2 PARTICULARS HACKING o Purposes of hacking EMAIL RELATED CRIME o Phishing o Cyber Theft o Theft of Information Service o Defamatory emails o Email frauds CHILD PORNOGRAPHY o Child pornography o Pedophiles CYBER TERRORISM o Tools of Cyber Terrorism o Hacking o Cryptography o Trojan Virus o DoS o Email related crime o Email bombing o Threatening emails o Defamatory emails o Email frauds COMPUTER VIRUSES o Viruses o Typical action of a virus o The main types of pc virus o Stealth virus o Polymorphic virus o Fast and slow infectors o Sparse infector PAGE NO.

o Companion virus o Armored virus o Macro virus o Virus hoax o Major virus incidents melissa o Chernobyl o VBS_LOVELETTER o Pakistani Brain o Jerusalem o Cascade o Michelangelo 6 SPAM o Email spam o Chat Spam o Mobile phone spurn

since

1998

7 8 9 10 11

MALWARE & MALICIOUS CODE o Malware & Malicious Code DENIAL OF SERVICE ATTACK (D0S) o Denial of Service Attack PHREAKTNG o Phreaking CYBER STALKING o Cyber stalking THEFT OF INFORMATION o Theft of Information electronic forms o Email bombing o Data Diddling o Salami Attacks o TROJANS o Trojans contained in

12

PART III CYBER CRIME INVESTIGATION 1 INVESTIGATE CYBER CRIME o What is Computer Forensic o Define the need o Computers can be part of crime 3 ways o Defining incidents response o Process of responding to a computer related incident o Types of incidents TOOLS OF CONTROLLING COMPUTER FORENSIC o Types of Incidents o Criminal Investigations o Corporate investigations o Private / Civil investigation

PART IV PREVENTION CYBER CRIME 1 PREVENTION METHODS o Firewalls o Frequent Password changing o Safe Surfing o Frequent Virus checks o Email filters o Antivirus and Antispyware Software o Cryptography o Cyber Ethics & Laws IMPROVING SECURITY o Improving Securing o Preventive Steps for Individuals o Children o Parents

o General Information o Preventive Steps for Organization and Govt. o Physical Security o Access Control o Passwords o Finding the holes in network o Using network scanning programs o Using intrusion alert programs o Using encryption o Detection o Elementary problem associated with cyber crimes o Switches o Routers o Application frond end hardware o IPS base prevention 3 PREVENTIVE STEPS OF PAKISTAN o Cyber Crime and FIA o Function of FIA Crime Circles o Intellectual Property Rights Crimes o Spurious Drugs o Cyber Crimes o Counterfeit Currencies SPECIAL CYBER CRIME WING o National Response Centre for Cyber Crimes CYBER CRIME ACTIVITY IN PAKISTAN o Cyber Crimes in Pakistan

PART V THE JUDICIARIES o The Pakistani Judiciary o The International Judiciary - Cyber Crime PART VI PREVENTION OF ELECTRONIC CRIMES ACT 2007 1 2 3 o Prevention of Electronic Crimes 2007 o Amendment in Cyber Crime o Reforms o References

AWARENESS & PREVENTION OF CYBER CRIME

PART I
WHAT IS CYBER CRIME
CHAPTER ONE

INTRODUCTION TO CYBER CRIME

INTRODUCTION TO CYBER CRIME
Before evaluating the concept of cyber crime it is obvious that the concept of conventional crime be discussed and the points of similarity and deviance between both these forms may be discussed.

CONVENTIONAL CRIME
Crime is a social and economic phenomenon and is as old as the human society. Crime is a legal concept and has the sanction of the law. Crime or an offence is a legal wrong that can be followed by criminal proceedings which may result into punishment. The hallmark of criminality is that, it is breach of the criminal law. Per Lord Atkin the criminal quality of an act cannot be discovered by reference to any standard but one: is the act prohibited with penal consequences. A crime may be said to be any conduct accompanied by act or omission prohibited by law and consequential breach of which is visited by penal consequences.

CYBER CRIME
Cyber crime, Computer Crime, c-crime, hi-tech crime or electronic crime generally refers to criminal activity where a computer or network is the source, tool, target, or place of a crime. These categories are not exclusive and many activities can be characterized as falling in one or more category. Additionally, although the terms computer crime and cyber crime are more properly restricted to describing criminal activities in which the computer or network is a necessary part of the crime, these terms also sometimes used to include traditional crimes, such as fraud, theft, blackmail, forgery, and embezzlement, in which computers or networks are used to facilitate the illicit activity. As the use of computers has grown, computer crime has become more important. Computer crime can broadly be defined as criminal activity involving an information technology infrastructure, including illegal access (unauthorized access), illegal interception (by technical means of non-public transmissions of computer data to, from or within a computer system), data interference (unauthorized damaging, deletion, deterioration, alteration or suppression of computer data), systems interference (interfering with the functioning of a computer system by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data), misuse of devices, forgery (ID theft), and electronic fraud.

DISTINCTION BETWEEN CONVENTIONAL AND CYBER CRIME

There is apparently no distinction between cyber and conventional crime. However on a deep introspection we may say that there exists a fine line of demarcation between the conventional and cyber crime, which is appreciable. The demarcation lies in the involvement of the medium in cases of cyber crime. The sine qua non for cyber crime is that there should be an involvement, at any stage, of the virtual cyber medium.

CHAPTER TWO

BRIEF HISTORY OF CYBER CRIME

1971 John Draper discovers the giveaway whistle in Capn Crunch cereal boxes reproduces a 2600Hz tone. Draper builds a blue box that, when used with the whistle and sounded into a phone receiver, allows phreaks to make free calls. Esquire publishes Secrets of the Little Blue Box with instructions for making one. Wire fraud in the US escalates.

1972 The Internetworking Working Group is founded to govern the standards of the Internet. Vinton Cerf is the chairman and is known as a Father of the Internet.

1973 Teller at New Yorks Dime Savings Bank uses a computer to embezzle over $2 million.

1978 First electronic bulletin board system (BBS) appears; becomes the primary means of communication for the electronic underground.

1981 Ian Murphy, aka. Captain Zap, becomes first felon convicted of a computer crime. Murphy broke into AT&Ts computers and changed the billing clock so that people receive discounted rates during normal business hours.

1982 Elk Cloner, an Apple II boot virus, is written.

1983 Movie War Games introduces public to the phenomenon of hacking (actually war-dialing). US Secret Service gets jurisdiction over credit card and computer fraud.

1984 Phiber Optik forms Masters of Deception hacking group. US Comprehensive Crime Control Act gives Secret Service jurisdiction over computer fraud. Hacker magazine 2600 begins publication.

1985 Online hacking magazine Phrack established.

1986 Pakistani Brkin, the oldest virus created under unauthorized circumstances, infects IBM computers. After many break-ins into govt. and corporate computers, Congress passes the Computer Fraud and Abuse Act, making this a crime. The law does not cover juveniles.

1987 Computer Emergency Response Team (CERT) created. 1988 Kevin Mitnick secretly monitors the e-mail of MCI and DEC security officials. He is convicted and sentenced to a year in jail. Kevin Poulsen is indicted on phone-tampering charges. He goes on the run and avoids capture for 17 months. First National Bank of Chicago is the victim of $70-million computer theft. Robert T. Morris, Jr., graduate student at Cornell University and son of a chief scientist at the NSA, launches a selfreplicating worm (the Morris Worm) on the governments The worm gets out of hand and spreads to over 6000 networked computers, clogging government and university systems. Morris is dismissed from Cornell, sentenced to three years probation, and fined $ 10K.

1989 First large-scale computer extortion case is investigated under the pretence of a quiz on the AIDS virus, users unwittingly download a program which threatens to destroy all their computer data unless they pay $500 into a foreign account. Hackers in West Germany (loosely affiliated with the Chaos Computer Club) are arrested for breaking into US government and corporate computers and selling operatingsystem source code to the KGB.

1990 The Electronic Frontier Foundation (EFF) is formed. Legion of Doom and Masters of Deception engaged in online warfare - jamming phone lines, monitoring calls, trespassing in each others private computers. After a prolonged sting investigation, Secret Service agents swoop down on organizers and members of BBSs in 14 US cities, including the Legion of Doom. The arrests are aimed at cracking down on credit card theft and telephone and wire fraud.

1991 Poulsen is captured and indicted for selling milita secrets.

1992 Dark Avenger releases 1st polymorphic virus.

1993 During radio station call-in contests, hacker-fugitive Kevin Poulsen and friends rig the stations phone systems to let only their calls through. They win two Porsches, vacation trips and $20,000. First DefCon hacker conference held in Vegas.

1994 16-year-old student, nicknamed Data Stream, arrested by UK police for penetrating computers at the Korean Atomic Research Institute, NASA and several US govt. agencies.

Five members of the Aum Shinri Kyo cults Ministry of Intelligence break into Mitsubishi Heavy Industrys and steal Megabytes of sensitive data.

Hackers adapt to emergence of the World Wide Web, moving all their how-to information and hacking programs from the old BBSs to new hacker Web sites.

1995 Russian crackers steal $10 million from Citibank. Vladimir Levin, the ringleader, uses his work laptop after hours to transfer the funds to accounts in Finland and Israel. He is tried in the US and sentenced to 3 years in prison. All but $400K of the money is recovered. The French Defence Ministry admits Hackers succeeded in stealing acoustic codes for aircraft carriers and submarines. Movies The Net and Hackers released. Hackers deface federal web sites. Macro viruses appear. Kevin Mitnik arrested again for stealing credit card numbers. He is jailed on charges of wire fraud and illegal possession of computer files stolen from Motorola and SUN. He remains in jail for 4 years without trial.

1996 John Deutsh, CIA director, testifies foreign organized crime groups behind hacker attacks against the US private sector. US Communications Decency Act (CDA) passed makes it illegal to transmit indecent/obscene material over Internet. Canadian hackers (the Brotherhood) break into CBC. South Korean media reports that North Korean government officials are engaging in efforts to obtain foreign proprietary technology through indirect methods. Bell Research Labs in the US announce they have found a way to counterfeit the electronic money on smart cards. The US General Accounting Office reports hackers attempted to break into Defense Dept. computer files 250,000 times in 1995. About 65% of these attempts were successful.

1997 Freeware tool AOHell is released - allows unskilled hackers to wreak havoc on America Online. US Supreme Court strikes down Communications Decency Act (CDA). America On-line (AOL), one of the largest Internet service providers in the US, cuts direct access for its users in Russia due to the high level of fraud. The German Chaos Computer Club claims it was able to penetrate Microsoffs Internet software and the financial management program Quicken, and transfer money between accounts without either the account holder or bank realizing the transaction was unauthorized. FBIs National Computer Crimes Squad reports 85% of companies have been hacked, and most never know it.

1998 Hacking group Cult of the Dead Cow releases a Trojan horse program called Back Orifice at Defcon. Once installed a Windows 9x machine the program allows for unauthorized remote access. Timothy Lloyd is indicted for planting a logic bomb on the network of Omega Engineering, causing millions in damage. Hackers alter The New York Times Web site, renaming it HFG (Hacking for Girlies). During heightened tensions in the Persian Gulf, hackers break-in to unclassified Pentagon computers and steal software programs. Information Security publishes its first annual Industry Survey, finding that nearly three-quarters of organizations suffered a security incident the prior year. Lopht testifies to the senate that it could shut down nationwide access to the Internet in less than 30 mins.

1999 The Melissa worm is released and becomes the most costly malware outbreak to date (Mar). US Defense Dept. acknowledges 60-80 attacks per day (Mar) Kevin Mitnick, detained since 1995 on charges of computer fraud, signs plea agreement (Mar). The April 26 CIH virus strikes individual PC users around the world, Less common than Melissa, CIH was intended to overwrite hardr drives, erasing everything on them (Apr) The US Justice Dept. declines to prosecute former CIA Director John Deutch for keeping 31 secret files on his home computer after he left office in 1996 (Apr) David Smith pleads guilty to creating and releasing the Melissa virus. Its one of the first times a person is prosecuted for writing a virus (Dec).

2000 Russian cracker attempts to extort $ lOOK from online music retailer CD Universe, threatening to expose thousands of customers credit card numbers. He posts them on a website after the attempted extortion fails. Barry Schlossberg (aka. Lou Cipher) is successful at extorting 1 .4M from CD Universe for services rendered in attempting to catch the Russian hacker. (Jan) Denialof Service (DoS) attacks by Mafia Boy on eBay, Yahoo! And other popular sites render them temporarily unavailable to their users (and cause those companies significant financial losses) (Feb). Activists in Pakistan and the Middle East deface Web sites belonging to the Indian and Israeli govts. To protest oppression in Kashmir and Palestine.

Hackers break into Microsofts corporate network and access source code for the latest versions of Windows and Office software. A news release issued by Internet Wire, and reported by Bloomberg and other news organizations, causes Emulex stock to plunge from $1 10 a share to $43 on the NASDAQ exchange in minutes. A former Internet Wire employee, believed to have authored the bogus story, faced charges and is alleged to have pocketed $241,000 short-selling Emulex shares that day (Aug). Distributed Denial of Service (DOoS) attacks are launched against: Yahoo, eBay, CNN.com, Amazon.com, Buy.com, ZDNet, E*Trade, etc. The I Love You virus spreads quickly by causing copies of itself to be sent to all individuals on the affected computers address book (by attaching VBScript executable code to emails) (May). SANS releases its first Top 10 Vulnerabilities list, denoting the most prevalent problems exploited by hackers. Kevin Mitnik is released from prison (Jul). FBI establishes fake security start-up company in Seattle and lures two Russian citizens to U.S. soil on the pretense of offering them jobs, then arrests them. The Russians are accused of stealing credit card information, attempting to extort money from victims, and defrauding PayPal by using stolen credit cards to generate cash. (Nov)

2001 Microsoft falls victim of a new type of attack against domain name servers, corrupting the DNS paths taking users to Microsofts Web sites. This is a Denial of Service (DoS) attack. The hack is detected within hours,, but prevents millions of users from reaching Microsoft Web pages for two days. The L10n worm is discovered in the wild attacking older versions of BIND DNS. Dutch cracker releases Anna Kournikova virus, initiating wave of viruses tempting users to open infected attachments by promising a sexy piOture of the Russian tennis star (Feb). FBI agent Robert Hanssen is charged with using his computer skills and FBI access to spy for Russia (Mar). Code Red, the first polymorphic worm, infects tens of thousands of machines (Aug). Spurred by rising tensions in Chinese-American relations, US and Chinese hackers engage Web defacement skirmishes. (May) Antivirus experts identify Sadmind, a new cross-platform worm that uses compromised Sun Solaris boxes to attack Windows NT servers. (May) Russian programmer Dmitry Sklyarov is arrested at the annual Defcon hacker convention. He is the first person criminally charged with violating the Digital Millennium Copyright Act (DMCA). (Jul) The Nimda memory-only worm wreaks havoc on the Internet, eclipsing Code Reds infection rate and recovery costs. (Sept) Napster shuts down after legal challenges recording industry and Metallica. from the

The 9/11 World Trade Center and Pentagon terrorist attacks spark lawmakers to pass a barrage of anti terrorism laws (incl. the Patriot Act), many of which group Hackers with terrorists, and remove many long standing personal freedoms in the name of safety. Microsoft and its allies vow to end full disclosure of security vulnerabilities by replacing it with responsible disclosure guidelines. EU publishes report on its investigation of the ECHELON system, purportedly used by the US, UK, Canada, Australia and NZ to spy on radio, telephone and Internet communications. Meant for military and defense use, there is suspicion it is being used to invade personal privacy and for commercial spying. EU adopts a controversial cyber crime treaty which makes the possession and use of hacking tools illegal (Nov)

2002 Bill Gates decrees that Microsoft will secure its products and services, and kicks off a massive internal training and quality control campaign (trustworthy computing) (Jan) An Information Security survey finds that most security practitioners favor full disclosure since it helps them defend against hacker exploits and puts pressure of software vendors to improve their products. Roger Duronio, UBS PaineWebber sys-admin, plants a logic bomb which costs $3M+ in losses/repairs (Mar) The Klez.H worm becomes the biggest malware outbreak in terms of machines infected, but causes little monetary damage (May). Shadowcrews Web site appears, with forums information on trafficking in personal information (Aug) for

2003 SQL Slammer, targeting MS SQL Server, becomes fastest spreading worm in history (Jan). U.S. convicts Kazakhstan cracker of breaking into Bloomberg L.P.s computers and attempting extortion (Feb). Former employee of View sonic arrested, charged with hacking into companys computer and destroying data. (Feb) MS Blaster worm and variants (Weichia) released, arrests follow (Aug). A worm disables critical safety systems at a nuclear power plant in Ohio (Aug). RIAA (Recording Industry Association of America) sues 261 for distributing MP3s over .P2P networks (Sep). U.S. Justice Department announces more than 70 indictments and 125 convictions or arrests for phishing, hacking, spamming and other Internet fraud as part of Operation Cyber Sweep. (Nov) Microsoft offers $250K each for information leading to the arrest and conviction of those responsible for unleashing the MSBlast. A worm and Sobig virus (Nov) Two men hack into wireless network at Lowes store in Michigan and steal credit card information (Nov).

2004 Brian Salcedo sentenced to 9 years for hacking into Lowes home improvement stores and attempting to steal customer credit card information. Prosecutors said three men tapped into the wireless network of a Lowes store and used that connection to enter the chains central computer system in NC, installing a program to capture credit card information. Multiple variants of MyDoom worm released to launch DoS attacks against SCO and Microsoft. Netsky, Sasser, Bagel, Sober follow (Feb). Secret Service seizes control of the Shadowcrew Web site and arrests 28 people in 8 states and 6 countries. They are charged with conspiracy to defraud the US. Nicolas Jacobsen, is charged with hacking into a T-Mobile computer system, exposing documents the Secret Service had emailed to an agent. (Operation Firewall, Oct) CERT stops tracking number of security incidents. US CAN-SPAM act passed to prosecute spammers. Jeremy & Jessica DeGroot first to be convicted under CAN SPAM act (Jaynes sentenced to 9 years). (Nov)

2005 Netcraft survey estimates more than 60M web sites online. Paris Hiltons T-Mobile phone is hacked, and photos and celebrity private phone numbers posted on Web (Feb). Choice point acknowledges that thieves posing as legitimate businessmen accessed 145K consumer records, including credit reports and Social Security Numbers. (Feb) Bank of America has 1.2M names and Social Security numbers stolen (Feb). Juju Jiang sentenced to 27 months for installing keyloggers at Kinkos locations in NY; used confidential information to access individual bank accounts (Feb) FBIs e-mail system is hacked (Feb) Lexis Nexis announces hackers have stolen information on 32K people, including Social Service Numbers (SSNs) arid passwords (Mar) Undisclosed application security issue on Ciscos site forces global password reset (Mar) DSW/Retail Ventures 100,000 accounts hacked; Boston College 120,000 accounts hacked (Mar) BJs Wholesale Club information on 40K credit cards stolen from outsourcer IBM (Mar). Keystroke loggers are used in heist at Sumitomo Mitsui Bank in London almost nets thieves 220M (Mar) Lexis-Nexis another compromised (Apr). 280,000 account passwords private

Polo Ralph Lauren/HSBC 108,000 accounts hacked; DSW/ Retail Ventures 1.3M more accounts hacked (Apr)

Wachovia/Bank of America/PNC Financial Group/ Commerce Bancorp insiders hack 670K+ accounts (Hackensack) (Apr) The Samy worm at MySpace makes everybody Samys friend (Apr) Tel Aviv Magistrates Court remanded several people from some of Israels leading commercial companies and private investigators suspected of commissioning and carrying out industrial espionage against their competitors, which was carried out by planting Trojan horse software in their competitors computers. (Apr) Card Systems admits hackers planted virus and accessed 14M credit card numbers (potentially 40M); company folds (Jun) College - 120K accounts hacked (Mar); Tufts University 106K accounts hacked (Mar); University of Hawaii insider compromises 150K accounts (Jun); University of Connecticut 72K accounts hacked (Jun); University of Southern California 270K accounts hacked (Jul); University of Utah lOOK accounts hacked (Aug). Allan Carison convicted of computer and identity fraud, sentenced to 48 months; spoofed c-mails complaining about poor performance of Philadelphia Phillies (Jul) Canadas jPrince of Pot, Marc Emery, is arrested on a US indictment charging him with selling millions of dollars worth of marijuana seeds over the Internet to customers throughout the US (Jul) US Air Force 33,300 accounts hacked (Aug) Zotob worm attacks Windows 2000 computers (Aug) Microsoft wins $7M settlement against Span king Scott Richter, plus promise to stop future spamming (Aug) Insufficient authorization on Verizons MyAccount feature allows users to view each others information (Aug).

3,800 customer credit-card numbers stolen in attack on Guidance Software web site (Nov) Janus Mutual Fund uses predictable identifier to authenticate its share holders, enabling them to vote for others (Dec). Breaches at Sams Club, OfficeMax and an unnamed ATM network result in an increase of debit card fraud. Chinese cyber-espionage ring code-named Titan Rain hacks into US military bases, defense contractors and aerospace companies. Equifax and TransUnion, Canadas main credit bureaux, receive an average of 1,600 calls / month regarding the theft of financial or credit information. Information warehousing companies (Choicepoint, Lexis Nexis, CardSystems, Equifax, TransUnion) are popular targets since they possess volumes of information on private individuals. Phone Busters reports I 1K+ Identity Theft complaints in Canada, and total losses of $8.5M, making this the fastest growing form of consumer fraud in North America.

2006 Hackers break into Department of Homeland Security computers, install malware, and transfer files to a remote Chinese-language Web site; Unisys (the contractor) charged with covering up the intrusion. HP Chair Patricia Dunn uses pretexting to obtain home phone records of board of directors. (Sep) Bulk e-mailer Scott Levine of Snipermail.com gets 8 year. prison senfence for stealing more than 1B personal records from Acxiom, a data repository company. Private information of Canadian gun owners exposed on Canadian Federal Gun Registry (Mar).

Stolen Boeing laptop exposes personal information on 3.6K employees (Apr). Ohio University alumni relations server compromised and 137K SSNs stolen (April); separate hacks in May lead to further thefts. Westjet settles with Air Canada for $IS.5M, concluding a lawsuit Air Canada filed in 2004 accusing its rival of illegally accessing confidential data from an employee website (May). US Dept. of Veterans Affairs information stolen from employees home (28M identities stored on laptop) (May); an additional 2.1M added to list in June; laptop recovered in June; FBI claims no data stolen. Personal information of Humana Medicare customers compromised when insurance company employee called up the data through a hotel computer and then failed to delete the file (17K) (June). Hackers access credit card and other personal information of customers who purchased DSL equipment from AT&Ts online store (20K) (Aug). Hacker accesses Linden Labs Second Life database and steals unencrypted account names, real life names and contact information, arid encrypted passwords and payment data. Second Life is a 3-D virtual world. (Sept). Hackers seize control of 78 government computers for two months before being detected. They load porn movies on to the computers, using the governments network as part of a pay-for-porn business. (Feb)

A bank machine in Virginia Beach is reprogrammed to dispense $20 bills in place of $5 bIlls. The machine was left this way for 9 days before someone mentioned the discrepancy to the store clerk. (Aug) Alabama nuclear power plant shut down due to excessive network traffic (Aug) According to a Gartner study, the 1.5M Americans were victims of Identity Theft in 2006 victim. Every minute 28. people become victims, or a new victim aprox. every 2 seconds.

2007 Retailer TJMaxx (Winners, Homesense) notifies consumers that server breaches between July 2005 and January 2007 had exposed personal data (45M+ debit and credit cards, $ 18DM direct cost so far) (Jan). Payment services firm MoneyGram notifies consumers that server breaches exposed personal data (80K) (Jan). Nokia Canada Web Site defaced using an XSS attack (Jan). A priority code used to get a free platinum pass to MacWorld was validated on the client, enabling anyone get free passes (Jan) (A similar hack works in 2008). Online payment services firm E-Gold charged with moneylaundering (Apr) (convicted in 2008) AGs from several US States demand that NcwsCorps social site MySpace provide list of sex offenders who have registered at the site (May). The Chinese government and military are accused of hacking other nations networks, including US pentagon networks, and German and UK government computers.

DoS attacks are launched against various government websites in Estonia, including the countrys police, Mm. of Finance and parliament (May). Oracle files lawsuit against SAP, charging that the companys Tomorrow Now subsidiary had inappropriately downloaded, software patches and documents from Oracles online support service (Mar). Monster.corn and other job sites are hacked and resume information stolen (Aug). Hackers post sensitive information on 1.2K e-Bay users to forum for preventing fraud on the auction site (Sep) TD Ameritrade announces that a compromised company computer had leaked the e-mail addresses of all its 6.3M customers from July 2006 (used for pump and dump spam). E*Trade suffers from similar attack (Sep). US Secret Service arrest security consultant Max Ray Butler (Max Vision) for managing an identity theft ring on the online credit counterfeiting forum, Carders Market (Sep) A known vulnerability in the helpdesk software used by hosting provider Layered Technologies results in information leakage, including names, addresses, phone numbers and email addresses of up to 6,000 of the companys clients (Sep). A hacker exploits a leftover admin function on eBay to block users and close sales (Oct). The Storm Worm (a boot program first spotted in Jan), continues to spread spam, promote pump dump schemes; hides boot computers with DNS fluxing, launches DoS attacks against machines probing its bots. Russian Business Network (RBN) offers bulletproof hosting, allowing sites which host illegal content to stay online despite legal takedown attempts. Septs attack on Bank of India, various MPack attacks use RBN services. (Oct)

A flaw in Passport Canadas website allows access to the personal information - social insurance numbers, dates of birth and drivers licence numbers - of other people applying for new passports (Nov). Infamous Russian maiware gang RBN use SQL injection to penetrate US government sites (Nov). Vulnerability in WordPress allows spammers to penetrate Al Gores web site, modify pages, and post spam comments (Nov) John Schiefer (LA) admits to using botnets to illegally install software on at least 250K machines and steal the online banking identities of Windows users. (Dcc)

2008 FTC settles with Life is good (www.lifeisgood.com), which exposed credit card information due to SQL Injection flaw (Jan) Login page of Italian bank (Banca Fideuram) replaced using XSS (Jan) RIAA website DoSed, then defaced, using SQL Injection & XSS (Jan) CSRF used to hack a Korean e-commerce site (Auction.co.kr) and steal information on iBM users (Feb) MySpace and FaceBook private pictures exposed on-line using URL manipulation (Jan & Mar) Hackers steal 4.2M card numbers of Hannaford shoppers, resulting in over 2000 fraud cases (Mar) SQL and iFrame Injection are used to add Javascript code to websites which then download viruses and other malware from hacker sites when browsed. Search Engine Optimization (SEO) techniques result in infected pages being placed high on Googles search results. Affected sites number in excess of 200K. (Mar)

Just before the Pennsylvania Democratic Primary, XSS is used to redirect users of Barack Obamas website to Hillary Clintons (Apr) US Federal prosecutors charge parent who allegedly badgered a girl to suicide on MySpace with three counts of computer crime (conspiracy and hacking) (May) Radio Free Europe hit by DDoS attack (May) Online payment service E-Gold pleads guilty to money laundering (Jul) Canadian Teachers Federation proposes CyberBullying to Canadian Criminal Code (Jul) adding

Canadian porn site SlickCash pays $500K to Facebook after it tried to gain unauthorized access to Facebooks friendfinder functionality back in June 2007 (Jul) Terry Childs, San Francisco City network admin, refuses to give out passwords, locking other admins out of network (Jul)

CHAPTER THREE

REASONS OF CYBER CRIME

Hart in his work The Concept of Law has said human beings are vulnerable so nile of law is required to protect them. Applying this to the cyberspace we may say that computers are vulnerable so rule of law is required to protect and safeguard them against cyber crime. The reasons for the vulnerability of computers may be said to be

CAPACITY TO STORE DATA IN COMPARATIVELY SMALL SPACE

The computer has unique characteristic of storing data in a very small space. This affords to remove or derive information either through physical or virtual medium makes it much easier.

EASY TO ACCESS
The problem encountered in guarding a computer system from unauthorised access is that there is every possibility of breach not due to human error but due to the complex technology. By secretly implanted logic bomb, key loggers that can steal access codes, advanced voice recorders; retina imagers etc. that can fool biometric systems and bypass firewalls can be utilized to get past many a security system.

COMPLEX
The computers work on operating systems and these operating systems in turn are composed of millions of codes. Human mind is fallible and it is not possible that there might not be a lapse at any stage. The cyber criminals take advantage of these lacunas and penetrate into the computer system.

NEGLIGENCE
Negligence is very closely connected with human conduct. It is therefore very probable that while protecting the computer system there might be any negligence, which in turn provides a cyber criminal to gain access and control over the computer system.

LOSS OF EVIDENCE
Loss of evidence is a very common & obvious problem as all the data are routinely destroyed. Further collection of data outside the territorial extent also paralyses this system of crime investigation.

COMPUTERS STORE HUGE AMOUNTS OF DATA IN SMALL SPACES

Lakhs of pages of written matter can be stored in a CD ROM. Walking out of a godown with one lakh pages would be exceedingly difficult, but walking out of a secure location with a CD ROM containing a lakh of pages would be much simpler.

CHAPTER FOUR

CYBER CRIMINALS
The cyber criminals constitute of various groups / category. This division may be justified on the basis of the object that they have in their mind. The following are the category of cyber criminals.

CHILDREN AND ADOLESCENTS BETWEEN THE AGE GROUP OF 6- 18 YEARS

The simple reason for this type of delinquent behaviour pattern in children is seen mostly due to the inquisitiveness to know and explore the things. Other cognate reason may be to prove themselves to be butstanding amongst other children in their group. Further the reasons may be psychological.

ORGANISED HACKERS
These kinds of hackers are mostly organised together to fulfill certain objective. The reason may be to fulfill their political bias, fundamentalism, etc. The Pakistanis are said to be one of the best quality hackers in the world. Further the NASA as well as the Microsoft sites is always under attack by the hackers.

PROFESSIONAL HACKERS I CRACKERS

Their work is motivated by the colour of money. These kinds of hackers are mostly employed to hack the site of the rivals and get credible, reliable and valuable information. Further they are yen employed to crack the system of the employer basically as a measure to make it safer by detecting the loopholes.

DISCONTENTED EMPLOYEES
This group include those people who have been either sacked by their employer or are dissatisfied with their employer. To average they normally hack the system of their employee.

PART II MODES OF CYBER CRIME

CHAPTER ONE

HACKING
Hacking in simple terms means illegal intrusion into a computer system without the permission of the computer owner/user.

PURPOSES OF HACKING
Greed Power Publicity Revenge Adventure Desire to access forbidden information Destructive mindset Every act committed towards breaking into a computer and/or network is hacking. Hackers write or use ready-made computer programs to attack the target computer. They possess the desire to destruct and they get the kick out of such destruction. Some hackers hack for personal monetary gains, such as to stealing the credit card information, transferring money from various bank accounts to their own account followed by withdrawal of money. They extort money from some corporate giant threatening him to publish the stolen information, which is critical in nature. Government websites are the hot targets of the hackers due to the press coverage they receive.

Hacking or Cracking is a major cyber crime committed today. Hacker makes use of the weaknesses and loop holes in operating systems to destroy data and steal important information from victims computer. Cracking is normally done through the use of a backdoor program installed on your machine. A lot of crackers also try to gain access to resources through the use of password cracking softwares. Hackers can also monitor what you do on your computer and can also import files on your computer. A hacker could install several programs on to your system without your knowledge. Such programs could also be used to steal personal information such as passwords and credit card information. Important data of a company can also be hacked to get the secret information of the future plans of the company.

CHAPTER TWO

E-MAIL RELATED CRIMES

Email has fast emerged as the worlds most preferred form of communication. Billions of email messages traverse the globe daily. Like any other form of communication, email is also misused by criminal elements. The ease, speed and relative anonymity of email has made it a powerful tool for criminals. Some of the major email related crimes are: Email phishing Email bombing Sending threatening emails Defamatory emails Email frauds

PHISHING
In computing, phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. eBay, PayPal and online banks are common targets. Phishing is typically carried out by email or instant messaging, and often directs users to enter details at a website, although phone contact has also been used. Phishing is an example of social engineering techniques used to fool users, Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical measures. A spoofed email is one that appears to briginate from one source but has actually emerged from another source. Falsifying the name and/ or email address of the originator of the email usually does email spoofing. Usually to send an email the sender has to enter the following information:

Email address of the receiver of the email. Email address(es) of the person(s) who will receive a copy of the email (referred to as CC for carbon copy)

Email address(es) of the person(s) who will receive a copy of the email (referred to as CC for carbon copy, but whose identities will not be known to the other recipients of the email (known as 3CC for blind carbon copy) Subject of the message (a short title / description of the message). Message

Certain web-based email services like www.SendFalceMail.com, offer a facility wherein in addition to the above, a sender can also enter the email address of the purported sender of the email. Consider Mr. Kashif whose email address is kashif@hotmail.com. His friend Ayubs email address is ayubyahoo.com. Using SendFakeMail, kashif can send emails purporting to be sent from Ayubs email account. All he has to do is enter ayubyahoo.com in the space provided for senders email address. Ayubs friends would trust such emails, as they would presume that they have come from Ayub whom they trust). Kashif can use this misplaced trust to send viruses, Trojans, worms etc. to Ayubs friends, who would unwittingly download them. The first recorded mention of the term phishing is on the alt.online-service. America-online Usenet newsgroup on January 2, although the term may have appeared earlier in the print edition of the hacker magazine 2600. A phishing technique was described in detail as early as 1987, in a paper and presentation delivered to the International HP Users Group, Interex. The term phishing is a variant of fishing, probably influenced by phreaking, and alludes to the use of increasingly sophisticated baits used in the hope of a catch of financial information and passwords. The word may also be linked to leetspeak, in which ph is a common substitution for f.

CYBER-THEFT
Cyber-Theft is the use of computers and communication systems to steal information in electronic format. Hackers crack into the systems of banks and transfer money into their own bank accounts. This is a major concern, as larger amounts of money can be stolen and illegally transferred. Many newsletters on the Internet provide the investors with free advice recommending stocks where they should invest. Sometimes these recommendations are totally bogus and cause loss to the investors. Credit card fraud is also very common. Most of the companies and banks dont reveal that they have been the victims of cyber -theft because of the fear of loosing customers and share holders. Cyber-theft is the most common and the most reported of all cyber crimes. Cyber-theft is a popular cyber-crime because it can quickly bring experienced cyber-criminal large cash resulting from very little effort. Furthermore, there is little chance a professional cyber-criminal will be apprehended by law enforcement.

THEFT OF INFORMATION SERVICES

The phone phreakers of three decades ago set a precedent for what has become a major criminal industry. Here the perpetrators gain access to the PBX board of an organization, and make their own calls or sell call time to third parties.

COMMUNICATIONS IN FURTHERANCE OF CRIMINAL CONSPIRACIES

Just as legitimate organizations use the information networks for record keeping and communication, so too are the activities of criminal organizations enhanced by the advent of information technology. There is evidence of information systems being used in drug trafficking, gambling, money laundering and weapons trade just to name a few.

TELECOMMUNICATIONS PIRACY
Digital technology permits perfect reproduction and easy dissemination of print, graphics, sound, and multimedia combinations. This has produced the temptation to reproduce copyrighted material either for personal use or for sale at a lower price.

ELECTRONIC MONEY LAUNDERING

Electronic funds transfers have assisted in concealing and moving the proceeds of crime. Emerging technologies make it easier to hide the origin and destination of funds transfer. Thus money laundering comes to the living room.

ELECTRONIC VANDALISM AND TERRORISM

All societies in which computers play a major role in everyday life are vulnerable to attack from people motivated by either curiosity or vindictiveness. These people can cause inconvenience at best and have the potential to inflict massive harm.

SALES AND INVESTMENT FRAUD

As electronic commerce or e-commerce as it is called becomes more and more popular, the application of digital technology to fraudulent crime will become that much greater. The use of telephones for fraudulent sales pitches or bogus investment overtures is increasingly common. Cyberspace now abounds with a wide variety of investment opportunities, from traditional securities such as stocks and bonds to more exotic opportunities like coconut farming. Fraudsters now enjoy access to millions of people around the world, instantaneously and at minimal cost.

ILLEGAL INTERCEPTION OF INFORMATION

Developments in telecommunications as well as data transfer over the net have resulted in greater speed and capacity but also greater vulnerability. It is now easier than ever before for unauthorized people to gain access to sensitive information. Electromagnetic signals emitted by a computer, themselves can now be intercepted. Cables may act as broadcast antennas. To add to this no existing laws prevent the monitoring of remote signals from a computer. Under the circumstances information vulnerable to unauthorized users. is more and more

CHAPTER THREE

CHILD PORNOGRAPHY
Child pornography is a very unfortunate reality of the Internet. The Internet is. being highly used by its abusers to reach and abuse children sexually, worldwide. The Internet is very fast becoming a household commodity in Pakistan. Its explosion has made the children a viable victim to the cyber crime. As more homes have access to Internet, more children would be using the Internet and more are the chances of falling victim to the aggression of pedophiles.

CHILD PORNOGRAPHY
Child pornography means any visual depiction, including

Any photograph Film, video, picture, or Computer or computer-generated image or picture, of sexually explicit conduct, where the production of such visual depiction involves the use of a minor engaging in sexually explicit conduct.

PEDOPHILES
Pedophiles are those persons who physically or psychologically coerce minors to engage in sexual activities, which the minors would not consciously consent to.

Pedophiles use a false identity to trap the children/ teenagers.

Seek child/teen victim in the kids areas on the services, such as the Teens, Games, or chat areas where the kids gather.

Befriend the child/teen.

Extract personal information from the child/teen by winning his/ her confidence.

Get the e-mail address of the child/teen and start making contacts on the victims e-mail address as well. Sometimes, these emails contain sexually explicit language.

They start sending pornographic images/text to the victim including child pornographic images in order to help child/teen shed his/ her inhibitions so that a feeling is created in the mind of the victim that what is being fed to him is normal and that everybody does it;

Going a step further, they information from child/teen.

then

extract

personal

At the end of it, the pedophiles set up a meeting with the child/teen out of the house and then drag him/ her into the net to further sexually assault him/ her or to use him! her as a sex object.

In physical world, parents know the face of dangers and they know how to avoid and face the problems by following simple rules and accordingly they advice their children to keep away from dangerous things and ways. But in case of cyber world, most of the parents do not themselves know about the basics of the Internet and dangers posed by various services offered over the Internet. Hence the children are left unprotected in the cyber world. Pedophiles take advantage of this situation and lure the children, who are not advised by their parents or by their teachers about what is wrong and what is right for them while browsing the Internet.

CHAPTER FOUR

CYBER TERRORISM
Cyber crime and cyber terrorism are both crimes of the cyber world. The difference between the two however is with regard to the motive and the intention of the perpetrator. While a cyber crime can be described simply as an unlawful act wherein the computer is either a tool or a target or both, cyber terrorism deserves a more detailed definition. One can define cyber terrorism as a premeditated use of disruptive activities or the threat thereof, in cyber space, with the intention to further social, ideological, religious, political or similar objectives, or to intimidate any person in furtherance of such objectives. Cyberterrorism or computer terrorism is a dangerous display of technological terrorism. It causes special anxiety of experts due to high vulnerability of computer systems that control critical infrastructure (transport, nuclear power stations, water and energy supply) connected to the Internet. For a terrorist, it would have some advantages over physical methods. It could be conducted remotely and anonymously, it would be cheap, and it would not require handling of explosives or a suicide mission. It would likely garner extensive media coverage, as journalists and the public alike are fascinated by practically any kind of computer attack. One highly acclaimed study of the risks of computer systems began with a paragraph that concludes, The terrorist of tomorrow may be able to do more with a keyboard than with a bomb.

TOOLS OF CYBER TERRORISM

Cyber terrorists use various tools and methods to unleash their terrorism. Some of the major tools are as follows: Hacking Cryptography Trojan Attacks Computer Worms Computer viruses Denial of service attacks Email related crime

HACKING
Hacking or Cracking is a major cyber crime committed today. Hacker makes use of the weaknesses and loop holes in operating systems to destroy data and steal important information from victims computer. Cracking is normally done through the use of a backdoor program installed on your machine. A lot of crackers also try to gain access to resources through the use of password cracking softwares. Hackers can also monitor what you do on your computer and can also import files on your computer. A hacker could install several programs on to your system without your knowledge. Such programs could also be used to steal personal information such as passwords and credit card information. Important data of a company can also be hacked to get the secret information of the future plans of the company.

CRYPTOGRAPHY
Cryptography is the science of encrypting and decrypting information. Encryption is like sending a postal mail to another party with a lock code on the envelope which is known only to the sender and the recipient. A number of cryptographic methods have been developed and some of them are still not cracked.

TROJANS
This term has its origin in the word Trojan horse. In software field means an unauthorized programme, which passively gains control over anothers system by representing itself as an authorised programme. The most common form of installing a Trojan is through e-mail.

VIRUS
A computer virus is a computer program that can infect other computer programs by modifying them in such a way as to include a (possibly evolved) copy of it. Viruses can spread themselves, without the knowledge or permission of the users, to potentially large numbers of programs on many machines. A computer virus from computer to computer like a biological virus passes from person to person.

DoS
A denial-of-service attack (DoS attack) or distributed denial-ofservice attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. The means to, motives for, and targets of a DoS attack may vary, but it generally consists of the concerted, malevolent efforts of a person or persons to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even DNS root servers.

EMAIL RELATED CRIME EMAIL BOMBING

Email bombing refers to sending a large amount of emails to the victim resulting in the victims email account (in case of an individual) or servers (in case of a company or an email service provider) crashing. A simple way of achieving this would be to subscribe the victims email address to a large number of mailing lists. Mailing lists are special interest groups that share and exchange information on a common topic of int&est with one another via email. Mailing lists are very popular and can generate a lot of daily email traffic - depending upon the mailing list. Some generate only a few messages per day others generate hundreds. If a person has been unknowingly subscribed to hundreds of mailing lists, his incoming email traffic will be too large and his service provider will probably delete his account. The simplest email bomb is an ordinary email account. All that one has to do is compose a message, enter the email address of the victim multiple times in the To field, and press the Send button many times. Writing the email address 25 times and pressing the Send button just 50 times (it will take less than a minute) will send 1250 email messages to the victim! If a group of 10 people do this for an hour, the result would be 750,000 emails! There are several hacking tools available to automate the process of email bombing. These tools send multiple emails from many different email servers, which make it very difficult, for the victim to protect himself.

THREATENING EMAILS
Email is a useful tool for technology savvy criminals thanks to the relative anonymity offered by it. It becomes fairly easy for anyone with even a basic knowledge of computers to become a blackmailer by threatening someone via e-mail. Ina recent case, Saira received an e-mail message from someone who called her your friend. The attachment with the e-mail contained morphed pornographic photographs of Saira. The mail message said that if Saira were not to pay Rs. 10,000 at a specified place every month, the photographs would be uploaded to the Net and then a copy sent to her fianc. Scared, Saira at first complied with the wishes of the blackmailer and paid the first Rs. 10, 000. Next

month, she knew she would have to approach her parents. Then, trusting the reasonableness of her fianc she told him the truth. Together they approached the police. Investigation turned up culprit - Sairas supposed friend who wanted that Saira and her fianc should break up so that she would get her chance with hint

DEFAMATORY EMAILS
Cyber-defamatiori or even cyber-slander as it is called can prove to be very hannful and even fatal to the people who have been made its victims.

EMAIL FRAUDS
Email spoofing is very often used to commit financial crimes. It becomes a simple thing not just to assume someone elses identity also to hide ones own. The person committing the crime understands that there is very little chance of his actually being identified. In a recently reported case, a Pune based businessman received an email from the Vice President of the Asia Development Bank (ADB) offering him a lucrative contract in return for Rs 10 lakh. The businessman verified the email address of the Vice President from the web site of the ADB and subsequently transferred the money to the bank account mentioned in the email. It later turned out that the email was a spoofed one and was actually sent by an Indian based in Nigeria. In another famous case, one Mr. Rao sent himself spoofed cmails, which were supposedly from the Euro Lottery Company. These mails informed him that he had won the largest lottery. He also created a website in the name of the Euro Lottery Company, announced n it that he had won the Euro Lottery and uploaded it on to the Internet. He then approached the Income Tax authorities in India and procured a clearance certificate from them for receiving the lottery amount. In order to let people know about the lottery, he approached many newspapers and magazines.

The media seeing this as a story that would interest a lot of readers hyped it up and played a vital role in spreading this misinformation. Mr. Rao then went to many banks and individuals and told them that having won such a large sum of money he was afraid for his safety. He also wanted to move into a better house. He wheedled money out of these institutions and people by telling them that since the lottery prize money would take some time to come to him, he would like to borrow money from them. He assured them that the loan amount would be returned as soon as the lottery money came into his possession, ft was only when he did not pay back the loan amounts to the banks that they became suspicious. A countercheck by the authorities revealed the entire scheme. Mr. Rao was arrested. Later, it was found that some of the money had been donated for philanthropic causes and also to political parties!

CHAPTER FIVE

COMPUTFWR VIRUS
Virus is a computer program designed to copy itself into other programs, with the intention of causing mischief or damage.

VIRUSES
A computer virus is a computer program that can infect other computer programs by modifying them in such a way as to include a copy of it. Viruses can spread themselves, without the knowledge or permission of the users, to potentially large numbers of programs on many machines. A computer virus passes from computer to computer like a biological virus passes from person to person. A program does not have to perform outright damage such as deleting or corrupting files in order to be called a virus. Viruses are very dangerous. Viruses can often spread without any readily visible symptoms. A virus can start on event-driven effects (for example, triggered after a specific number of executions), time-driven effects (triggered on a specific date, such as Friday the 13th) or can occur at random.

TYPICAL ACTION OF A VIRUS

Display a message to prompt an action which may set of the virus Erase files Scramble data on a hard disk Cause erratic screen behavior Halt the PC Just replicate itself

THE MAIN TYPES OF PC VIRUSES

Generally, there are two main classes of viruses. The first class consists of the file infectors, which attach themselves to ordinary program files. These usually infect arbitrary .COM and/or .EXE programs, though some can infect any program for which execution is requested, such as .SYS, .OVL, .PRG, & .MNU files. File infectors can be either direct action or resident. A directaction virus selects one or more other programs to infect each time the program that contains it is executed. A resident virus hides itself somewhere in memory the first time an infected program is executed and thereafter infects other programs when they are executed (as in the case of the Jerusalem 185 virus). The Vienna virus is an example of a direct-action virus. Most other viruses are resident. The second category is system or bootrecord infectors: those viruses that infect executable code found in certain system areas on a disk, which are not ordinary files. On DOS systems, there are ordinary boot-sector viruses, which infect only the DOS boot sector, and MBR viruses which infect the Master Boot Record on fixed disks and the DOS boot sector on diskettes. Examples include Brain, Stoned, Empire, Azusa, and Michelangelo. Such viruses are always resident viruses. Finally, a few viruses are able to infect both (the Tequila virus is one example). These are often called multi-partite or boot-andfile virus. File system or cluster viruses (e.g. Dir-TI) are those that modify directory table entries so that the virus is loaded arid executed before the desired program is.

STEALTH VIRUS
A stealth virus is one that hides the modifications it has made in the file or boot record, usually by monitoring the system functions used by programs to read files or physical blocks from storage media, and forging the results of such system functions so that programs which try to read these areas see the original uninfected form of the file instead of the actual infected form. Thus the viral modifications go undetected by anti-viral programs. However, in order to do this, the virus must be resident in memory when the anti-viral program is executed.

The very first DOS virus, Brain, a boot-sector infector, monitors physical disk I/O and redirects any attempt to read a Braininfected boot sector to the disk area where the original boot sector is stored. The next viruses to use this technique were the file infectors Number of the Beast and Frodo.

POLYMORPHIC VIRUS
A polymorphic virus is one that produces varied (yet fully operational) copies of itself, in the hope that virus scanners will not be able to detect all instances of the virus. The mOst sophisticated form of polymorphism discovered so far is the MtE Mutation Engine written by the Bulgarian virus writer who calls himself the Dark Avenger.

FAST AND SLOW INFECTORS

A typical file infector (such as the Jerusalem) copies itself to when a program infected by it is executed, and then infects other programs when they are executed. A fast infector is a virus which, when it is active in memory, infects not only programs which are executed, but also those which are merely opened. The result is that if such a virus is in memory, running a scanner or integrity checker can result in all (or at least many) programs becoming infected all at once. The term slow infector is sometimes used for a virus that, if it is active in memory, infects only files as they are modified (or created). The purpose is to fool people who use integrity checkers into thinking that the modification reported by the integrity checker is due solely to legitimate reasons. An example is the Darth Vader virus.

SPARSE INFECTOR
The term sparse infector is infects only occasionally, e.g. files whose lengths fall within less often, such viruses try to discovered by the user. sometimes given to a virus that every 10th executed file, or only a narrow range, etc. By infecting minimize the probability of being

COMPANION VIRUS
A companion virus is one that, instead of modifying an existing file, creates a new program, which gets executed by the command-line interpreter instead of the intended program. On exit, the new program executes the original program so things will appear normal. This is done by creating an infected .COM file with the same name as an existing .EXE file.

ARMORED VIRUS
An armored virus is one that uses special tricks to make the tracing, disassembling and understanding of its code more difficult. A good example is the Whale virus.

MACRO VIRUS
Many applications allow creating macros. A macro is a series of commands to perform an application-specific task. Those commands can be stored as a series of keystrokes, or in a special macro language. A macro virus is a virus that propagates through only one type of program, usually either Microsoft Word or Microsoft Excel. It can do this because these types of programs contain auto open macros, which automatically run when a document or a spreadsheet is opened.

VIRUS HOAX
A virus hoax generally appears as an email message that describes a particular virus that does not exist. These emails almost always carry the same basic story: that if an email with a particular subject line is downloaded; the hard drive will be erased. Such messages are designed to panic computer users. An example of a virus hoax is the Good Times virus -- which was written in 1994 and since then has circled the globe many times over. The best thing to do on receipt of such an email is to ignore and delete it.

MAJOR VIRUS INCIDENTS SINCE 1998 MELISSA

This virus set a benchmark the world over when it was first noticed on 26th March 1999. It was the fastest spreading virus. The Melissa virus is an automatic spamming virus. Its action includes infecting Microsoft Words normal.dot global template, which basically implies that all new documents created by the user would get infected. After that, each time that an infected document is accessed the virus will disable Microsoft Words macro warning feature so that it is allowed to be activated. Its next action is to access Microsoft Outlook address book and email the infected Word file as an attachment to the first fifty e-mail addresses entered there. As soon as the receivers of such an email message open the attachment their computers also get infected. The virus then sends the infected file to another 50 email addresses. This is the reason for the extensive spread of the virus in a short while. The virus by itself, installed in the victims computer, was rather harmless. It merely inserted some text into a document at a specified time of the day. What caused the maximum harm was that the volume of traffic, due to the numerous e-mail attachments being sent, was more than could be borne by most servers around the world.

CHERNOBYL
The Chernobyl, or PE CIH, virus activates itself every year on the 26th of April on the anniversary of Chernobyl, Ukraine nuclear power plant tragedy. It was allegedly written by a Taiwanese citizen in 1998. The virus wipes the first

VBS LOVELETTER
The VBS LOVELETTER virus (better known as the Lye Bug or the ILOVEYOU virus) was reportedly written by a Filipino undergraduate. In May 2000, this deadly virus beat the Melissa virus hollow it became the worlds most prevalent virus. It struck one in every five personal computers in the world. When the virus was brought under check the true magnitude of the losses was incomprehensible. Losses incurred during this virus attack were pegged at US $ 10 billion. The e-mail which was sent out had ILOVEYOU in its subject line. The attachment file was named

YOU. TXT .vbs. VBSLOVELETER first selects certain files and then inserts its own code in lieu of the original data contained in the file. This way it creates ever-increasing versions of itself.

JERUSALEM
The Jerusalem virus a.k.a. Israeli and Friday the 13th has several versions including the Jerusalem-B virus. It starts by infecting the .COM and .EXE files in a computer. After existing or being resident in a computer for half an hour, it slows down the system processes by a factor of ten, On a pre-set date, Friday the 13th, the Jerusalem virus deletes all the infected files from the users computer

CASCADE
The Cascade virus originally appeared between September and December during the years 1980 and 1988. Its basic target were with colour monitors. This virus is also called Falling Letters or 1701. It initially appeared as a Trojan horse in the form of a program designed to turn off the Num-Lock light on the keyboard. In fact, what it actually did was to make the characters on the screen drop in a heap to the bottom of the screen.

CHAPTER SIX

SPAM
Spamming is the abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages. While the most widely recognized form of span is e-mail Spain, the term is applied to similar abuses in other media: instant messaging spam, Usenet newsgroup spam, Web search engine spam, spam in blogs, wiki spam, mobile phone messaging spam, Internet forum spam and junk fax transmissions. Spamming is economically viable because advertisers have no operating costs beyond the management of their mailing lists, and it is difficult to hold senders accountable for their mass mailings. Because the barrier to entry is so low, spammers are numerous, and the volume of unsolicited mail has become very high. The costs, such as lost productivity and fraud, are borne by the public and by Internet service providers, which have been forced to add extra capacity to cope with the deluge. Spamming is widely reviled, and has been the subject of legislation in many jurisdictions. The people that create electronic spam are called spammers.

SPAMMING IN DIFFERENT MEDIA

E-MAIL SPAM E-mail spam, also known as unsolicited bulk email (UBE) or unsolicited commercial email (UCE), is the practice of sending unwanted e-mail messages, frequently with commercial content, in large quantities to an indiscriminate set of recipients. Spain in, e-mail started to become a problem when the Internet was opened up to the general public in the mid- l990s. It grew exponentially over the following years, and today comprises some 80 to 85% of all the email in the world, by conservative estimate; some sources go as high as 95%.

Pressures to make e-mail spam illegal has been successful in some jurisdictions, but less so in others. Spammers take advantage of this fact, and frequently outsource parts of their operations to countries where spamming will not get them into legal trouble. Increasingly, e-mail spam today is sent via zombie networks, networks of virus- or worm-infected personal computers in homes and offices around the globe; many modem worms install a backdoor which allows the spammer access to the computer. At the same time, it is becoming clear that malware authors, spammers, and phishers are learning from each other, and possibly forming various kinds of partnerships. E-mail is an extremely cheap mass medium, and professional spaminers have automated their processes to a high extent. Thus, spamming can be very profitable even at what would otherwise be considered extremely low response rates. An industry of e-mail address harvesting is dedicated to collecting email addresses and selling compiled databases. Millions of email addresses can be cheaply purchased.

CHAT SPAM
Chat spam can occur in any live chat environment like IRC and ingame multiplayer chat of online games, and in any other form of chat the masses arc able to view. It consists of repeating the same word or sentence many times to get attention or to interfere with normal operations. It is generally considered very rude and may lead to swift exclusion of the user from the used chat service by the owners or moderators. The application of the name Spain to unwanted communication originates in Chat-room spam. Specifically, it was developed in the chat-rooms of People-Link in the early 1980s as a technique for getting rid of unwelcome newcomers. When someone would enter a chat-room full of friends who were in mid-conversation, and when the newcomer tried to turn the conversation in an unwelcome direction, two veteran members of the room would begin typing in the Monty Python Spam routine at high speed. They would fill the screen with Spain Spam Spain eggs Spam Spain and Spain etc, and make all other communication impossible. The other members of the room would just wait quietly until the newcomer got disgusted and moved on to a different room.

MOBILE PHONE SPAM

Mobile phone spam is directed at the text messaging service of a mobile phone. This can be especially irritating to customers not only for the inconvenience but also because of the fee they may be charged per text message received in some markets. The term SpaSMS was coined at the adnews website Adland in 2000 to describe spams SMS.

CHAPTER SEVEN

MALWARE & MALICIOUS CODE

Malware is software designed to infiltrate or damage a computer system without the owners informed consent. It is a portmanteau of the words malicious and software. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code. Many normal computer users are however still unfamiliar with the term, and most never use it. Instead, computer virus is used in common parlance and often in the general media to describe all kinds of malware, though not all malware is a virus. Another term that has been recently coined for malware is badware, perhaps due to the anti-malware initiative Stopbadware. Software is considered malware based on the perceived intent of the creator rather than any particular features. It includes computer viruses, worms, trojan horses, spyware, dishonest adware, and other malicious and unwanted software. In law, maiware is sometimes known as a computer contaminant, for instance in the legal codes of California, West Virginia, and several other American states. Malware should not be confused with defective software, that is, software which has a legitimate purpose but contains harmful bugs.

CHAPTER EIGHT

DOS (DENIAL OF SERVICE ATTACK)

A denia1-ofservice attack (DoS attack) or distributed denial-ofservice attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. The means to, motives for, and targets of a DoS attack may vary, but it generally consists of the concerted, malevolent efforts of a person or persons to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even DNS root servers. One common method of attack involves saturating the target (victim) machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable. In general terms, DoS attacks are implemented by: forcing the targeted computer(s) to reset, or consume its resources so that it can no longer provide its intended service; or, obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately. Usually to make a DDoS attack successful, people are using at least SO PCs with internet connections. Denial-of-service attacks are considered violations of the JABs Internet proper use policy. They also commonly constitute violations of the laws of individual nations.

CHAPTER NINE

PHREAKING
PHREAKING Phreaking is a slang term coined to describe the activity of a subculture of people who study, experiment with, or explore telecommunication systems, like equipment and systems connected to public telephone networks. The term phreak is a portmanteau of the words phone and freak. It may also refer to the use of various audio frequencies to manipulate a phone system. Phreak, phreaker or phone phreak are names used for and by individuals who participate in phreaking. Additionally, it is often associated with computer hacking. This is sometimes called the H/P culture (with H standing for Hacking and P standing for Phreaking).

CHAPTER TEN

CYBER STALKING
CYBER STALKING It has been defined as the use of information and communications technology, particularly the internet, by an individual or group of individuals, to harass another individual, group of individuals, or organization. The behaviour includes false accusations, monitoring, the transmission of threats, identity theft, damage to data or equipment, the solicitation of minors for sexual purposes, and any form of persistent offensive behaviour. The harassment must be such that a reasonable person, in possession of the same information, wrn4d regard it as sufficient to cause another reasonable person. Stalking is a continuous process, consisting of a series of actions, each of which may be entirely legal in itself. Stalking is a form of mental assault, in which the perpetrator repeatedly, unwantedly, and disruptively breaks into the lifeworld of the victim, with whom he has no relationship (or no longer has), with motives that are directly or indirectly traceable to the affective sphere. Moreover, the separated acts that make up the intrusion cannot by themselves cause the mental abuse, but do taken together.

CHAPTER ELEVEN

THEFT OF INFORMATION
THEFT OF INFORMATION ELECTRONIC FORM CONTAINED IN

This includes information stored in computer hard disks, removable storage media etc. Theft may be either by appropriating the data physically or by tampering them through the virtual medium.

EMAIL BOMBING
This kind of activity refers to sending large numbers of mail to the victim, which may be an individual or a company or even mail sewers there by ultimately resulting into crashing.

DATA DIDDLING
This kind of an attack involves altering raw data just before a computer processes it and then changing it back after the processing is completed. The electricity board faced similar problem of data diddling while the department was being computerised.

SALAMI ATTACKS
This kind of crime is normally prevalent in the financial institutions or for the purpose of committing financial crimes. An important feature of this type of offence is that the alteration is so small that it would normally go unnoticed. E.g. the Ziegler case wherein a logic bomb was introduced in the banks system, which deducted 10 cents from every account and deposited it in a particular account. These attacks are used for the commission of financial crimes. The key here is to make the alteration so insignificant that in a single case it would go completely unnoticed. E.g. a bank employee inserts a program, into the banks servers, that deducts a small amount of money (say Rs. 5 a month) from the account of every customer. No account holder will probably notice this

unauthorized debit, but the bank employee will make a sizable amount of money every month. To cite an example, an employee of a bank in USA was dismissed from his job. Disgruntled at having been supposedly mistreated by his employers the man first introduced a logic bomb into the banks systems. Logic bombs are programmes, which are activated on the occurrence of a particular predefined event. The logic bomb was programmed to take ten cents from all the accounts in the bank and put them into the account of the person whose name was alphabetically the last in the banks rosters. Then he went and opened an account in the name of Ziegler. The amount being withdrawn from each of the accounts in the bank was so insignificant that neither any of the account holders nor the bank officials noticed the fault. It was brought to their notice when a person by the name of Zygler opened his account in that bank. He was surprised to find a sizable amount of money being transferred into his account every Saturday.

CHAPTER TWELVE

TROJANS HISTORY
TROJANS HISTORY
In the 12th century BC, Greece declared war on the city of Tray. The dispute erupted then the prince of Troy abducted the queen of Sparta and declared that he wanted to make her his wife. This naturally angered the Greeks (and especially the queen of Sparta). The Greeks besieged Troy for 10 years but met with no success as Troy was very well fortified. In a last effort, the Greek army pretended to be retreating, and left behind a huge wooden horse. The people of Troy saw the horse, and, thinking it was some kind of a present from the Greeks, pulled the horse into their city, unaware that the hollow wooden horse had some of the best Greek soldiers sitting inside it,

TROJAN ATTACKS
This term has its origin in the word Trojan horse. In software field this means an unauthorized programme, which passively gains control over anothers system by representing itself as an authorised programme. The most common form of installing a Trojan is through e-mail. E.g. a Trojan was installed in the computer of a lady film director in the U.S. while chatting. The cyber criminal through the web cam installed in the computer obtained her nude photographs. He further harassed this lady.

PART III CYBER CRIME INVESTIGATION

CHAPTER ONE

INVESTIGATE CYBER CRIME

WHAT IS COMPUTER FORENSIC
Process of investigating computer equipment and associated storage media to determine if it has been used in the commission of a crime or for unauthorized activities. Computer Forensics involves the preservation, acquisition, analysis, discovery, documentation and presentation of evidence. Evidence must be obtained and analyzed in accordance with sound, accepted forensic techniques. Evidence must be handled within legally acceptable standards Computer Forensics personnel must be specially trained in analysis techniques Personnel must knowledge. have a wide variety of computer-related

DEFINING THE NEED

Criminal investigations child pornography, embezzlement, hacking, fraud corporate investigations cover unauthorized access, computer abuse, fraud, industrial espionage.

COMPUTERS CAN BE PART OF CRIME 3 WAYS:

Target of the Crime Tool of the Crime Incidental to the Crime

DEFINING INCIDENT RESPONSE

WHAT IS INCIDENT RESPONSE? TYPES OF INCIDENTS CRIMINAL INVESTIGATIONS CORPORATE INVESTIGATIONS PRIVATE / CIVIL INVESTIGATIONS

PROCESS OF RESPONDING RELATED INCIDENT

TO

COMPUTER

(crime, policy violation) and methodically securing, preserving and documenting digital evidence using a prescribed methodology. Forensics and analysis takes place AFTER response Response could be carried out by an administrative assistant, network adrnin, manager, investigator, or incident response team. Initial response critical to entire case. First responders usually not well-trained in security and evidence preservation.

CHAPTER TWO

TOOLS OF CONTROLLING COMPUTER FORENSIC

TYPES OF INCIDENTS
Usually divided into three broad categories Criminal Investigations Corporate Investigations Private / Civil Incidents

CRIMINAL INVESTIGATIONS
Criminal investigations crime has been alleged or committed Violation of Local, State, Federal or International laws or statutes Usually conducted by law enforcement Examples include child exploitation, stalking, fraud, embezzlement, hacking Computer could also contain evidence of non-computer crime

CORPORATE INVESTIGATIONS
Usually violation of a corporate policy or directive, or commission of a crime may turn into a criminal investigation usually investigated by corporate security division Law Enforcement called in when necessary Examples include online gambling, gaming, chat, accessing prohibited web sites, harassment, corporate espionage, invasions of privacy, sabotage.

PRIVATE/ CIVIL INVESTIGATIONS

Usually between individuals or as part of a civil suit investigated by private investigators, law firm investigators, computer security companies. Examples include divorce cases, child custody battles, law suits, small claims. Evidence usually provided to individual requesting investigation or law firm.

PART IV PREVENTION CYBER CRIME

CHAPTER ONE

PREVENTIVE METHODS
PREVENTION An important question arises that how can these crimes be prevented. A number of techniques and solutions have been presented but the problems still exists and are increasing day by day. Prevention methods: 1. Firewalls 2. Frequent password changing 3. Safe surfing 4. Frequent virus checks 5. Email filters

FIREWALLS
A firewall protects a computer network from unauthorized access. Network firewalls may be hardware devices, software programs, or a combination of the two, A network firewall typically guards an internal computer network against malicious access from outside the network. These are programs, which protect a user from unauthorized access attacks while on a network. They provide access to only known users, or people who the user permits. Firewalls have simple rules such as to allow or deny protocols, ports or IP addresses. Some DoS attacks are too complex for todays firewalls, e.g. if there is an attack on port 80 (web service), firewalls cannot prevent that attack because they cannot distinguish good, traffic from DoS attack traffic. Additionally, firewalls are too deep in the network hierarchy. Your router may be affected even before the firewall gets the traffic. Nonetheless, firewalls can effectively prevent users from launching simple flooding type attacks from machines behind the firewall. Modern stateful firewalls like Check Point FW1 NOX & Cisco PIX have a built-in capability to differentiate good traffic from DoS attack traffic. This capability is known as a Defender, as it confirms TCP connections are valid before proxying TCP packets to networks (including border routers). A similar ability is present in OpenBSDs oF, which is available for other I3SDs as well. In that context, it is called synproxy. Comodo Firewall Pro has a built-in Emergency Mode which is activated when the number of incoming packets per seconds exceed a set value for more than the specified time, for example, more than 20 packets/sec for more than 20 seconds. If this happens, the firewall classifies it as a DoS attack and switches to Emergency Mode. In this mode, all inbound traffic is blocked except previously established and active connections, but outbound traffic is allowed. The packet number threshold and the time needed for verifying an attack can be adjusted by the user separately for TCP, UDP and ICMP. The firewall also has some other attack prevention mechanisms, like protocol analysis, checksum verification (so that the packets arent altered since

transmission) and NDIS protocol monitoring for attempts at making a DoS attack by using own protocols, thus outmaneuvering older firewalls.

FREQUENT PASSWORD CHANGING

With the advent of multi-user systems, security has become dependent on passwords. Thus one should always keep passwords to sensitive data secure. Changing them frequently and keeping them sufficiently complex in the first place can do this.

SAFE SURFING
Safe surfing involves keeping ones e-mail address private, not chatting on open systems, which do not have adequate protection methods, visiting secure sites. Accepting data from only known users, downloading carefully, and then from known sites also minimizes risk.

FREQUENT VIRUS CHECKS

One should frequently check ones computer for viruses and worms. Also any external media such as floppy disks and CD ROMS should always be virus checked before running.

EMAIL FILTERS
These are programs, which monitor the inflow of mails to the inbox and delete automatically any suspicious or useless mails thus reducing the chances of being bombed or spoofed.

ANTIVIRUS AND ANTI SPYWARE SOFTWARE

Antivirus software consists of computer programs that attempt to identify, thwart and eliminate computer viruses and other malicious software. Anti spy wares are used to restrict backdoor program, trojans and other spy wares to be installed on the computer.

CRYPTOGRAPHY
Cryptography is the science of encrypting and decrypting information. Encryption is like sending a postal mail to another party with a lock code on the envelope which is known only to the sender and the recipient. A number of cryptographic methods have been developed and some of them are still not cracked.

CYBER ETHICS AND LAWS

Cyber ethics and cyber laws are also being formulated to stop cyber crimes. It is a responsibility of every individual to follow cyber ethics and cyber laws so that the increasing cyber crimes shall reduce. Security softwares like anti viruses and anti spy wares should be installed on all computers, in order to remain secure from cyber crimes. Internet Service Providers should also provide high level of security at their servers in order to keep their clients secure from all types of viruses and malicious programs.

CHAPTER TWO

IMPROVING SECURITY
IMPROVING SECURITY

Recommended security practices that can minimize network intrusions: o Ensure all accounts have passwords that are difficult to guess. One time passwords are preferred. o Use cryptography o Use secure programming techniques when writing software o Regularly check for updates, fixes and patches o Regularly check for security alerts

PREVENTWE STEPS FOR INDIVIDUALS CHILDREN

Children should not give out identifying information such as Name, Home address, School Name or Telephone Number in a chat room. They should not give photographs to anyone on the Net without first checking or informing parents guardians. They should not respond to messages, which are suggestive, obscene, belligerent or threatening, and not to arrange a face-to-face meeting without telling parents or guardians. They should remember that people online might not be who they seem.

PARENTS
Parent should use content filtering software on PC to protect children from pornography, gambling, hate speech, drugs and alcohol. There is also software to establish time controls for use of limpets (for example blocking usage after a particulars time) and allowing parents to see which site item children have visited. Use this software to keep track of the type of activities of children.

GENERAL INFORMATION
Dont delete harmful communications (emails, chats etc). They will provide vital information about system and address of the person behind these.

Try not to panic. If you feel any immediate physical danger contacts your local police. Avoid getting into huge arguments online during chat and discussions with other users. Remember that all other Internet users are strangers; you do not know who you are chatting with. So be careful. Be extremely careful about how you share personal information about yourself online. Choose your chatting nickname carefully so as others. Do not share personal information in public space online; do not give it to strangers. Be extremely cautious about meeting online introduced person. If you choose to meet, do so in a public place along with a friend.

If a situation online becomes hostile, log off and if a situation places you in fear, contact local police. Save all communications for evidence. Do not edit it in any way. Also, keep a record of your contacts and inform law enforcement officials.

PREVENTIVE STEPS FOR ORGANISATIONS GOVERNMENT PHYSICAL SECURITY

AND

Physical security it most sensitive component, as prevention from cyber crime Computer network should be protected from the access of unauthorized persons.

ACCESS CONTROL
Access control system is generally implemented using firewalls, which provide a centralized point from which to permit or allow access. Firewalls allow only authorized communications between the internal and external network.

PASWORD
Proof of identity is an essential component to identify intruder. The use of passwords in the most common security for network system including servers, routers and firewalls. Mostly all the systems are programmed to ask for username and password for access to computer system. This provides the verification of user. Password should be charged with regular interval of time and it should be alpha numeric and should be difficult to judge.

FINDING THE HOLES IN NETWORK

System managers should track down the holes before the intruders do. Many networking product manufactures are not particularly aware with the information about security holes in their products. So organization should work hard to discover security holes, bugs and weaknesses and report their findings as they are confirmed.

USING NETWORK SCANING PROGRAMS

There is a security administrations tool called UNIX, which is freely available on Internet. This utility scans and gathers information about any host on a network, regardless of which operating system or services the hosts were running. It checks the known vulnerabilities include bugs, security weakness, inadequate password protection and so on. There is another product available called COPS (Computer Oracle and Password System). It scans for poor passwords, dangerous file permissions, and dates of key files compared to dates of CERT security advisories. -

USING INTRUSION ALERT PROGRAMS

As it is important to identify and close existing security holes, you also need to put some watchctogs into service. There are some intrusion programs, which identify suspicious activity and report so that necessary action is taken. They need to be operating constantly so that all unusual behaviour on network is caught immediately.

USING ENCRYPTION
Encryption is able to transform data into a from that makes it almost impossible to read it without the right key. This key is used to allow controlled access to the information to selected people. The information can be passed on to any one but only the people with the right key are able to see the information. Encryption allows sending confidential documents by E-Mail or save confidential information on laptop computers without having to fear that if someone steals it the data will become public. With the right encryption/ decryption software installed, it will hook up to mail program and encrypt/ decrypt messages automatically without user interaction.

DETECTION
Cyber crime is the latest and perhaps the most specialized and dynamic field in cyber laws. Some of the Cyber Crimes like network Intrusion are difficult to detect and investigation even though most of crimes against individual like cyber stalking, cyber defamation and cyber pornography can be detected and investigated through following steps:

After receiving such type of mail

Give command to computer to show full header of mail. In full header find out the IP number and time of delivery of number arid this IP number always different for every mail. From this IP number we can know who was the Internet service provider for that system from which the mail had come. To know about Internet Service Provider from IP numbers take the service of search engine like nic.com, macffvisualroute. Corn, apnic.com, arin.com. After opening the website of any above mentioned search engine, feed the IP number and after some time name of ISP can be obtained. After getting the name of ISP we can get the information about the sender from the ISP by giving them the IP number, date and time of sender. ISP will provide the address and phone number of the system, which was used to send the mail with bad intention. After knowing the address and phone number criminal can be apprehended by using conventional police methods.

ELEMENTARY PROBLEMS ASSOCIATED WITH CYBER CRIMES

One of the greatest lacunae in the field of Cyber Crime is the absence of comprehensive law any where in the world. The problem is further aggravated due to disproportional growth ratio of Internet and cyber laws.
1.

Jurisdiction is the highly debatable issue as to the maintainability of any suits, which has been med. Today with the growing arms of cyber space the territorial boundaries seem to vanish. Loss of evidence is a very common & expected problem as all the data are routinely destroyed. Further, collection of data outside the territorial extent also paralyses the system of crime investigation. Cyber Army: There is also an imperative need to build a high technology crime & investigation infrastructure, with highly technical staff at the other end. A law regulating the cyber-space, which India has done.

2.

3.

4.

Perfect is a relative term. Nothing in this would is perfect. The persons who legislate the laws and by-laws also are not perfect. The laws therefore enacted by them cannot be perfect. They cyber law has emerged from the womb of globalization. It is at the threshold of development. In due course of exposure through varied and complicated issues it will grow to be a piece of its time legislation.

ROUTERS
Similar to switches, routers have some rate limiting and ACL capability. They too, are manually set. Most routers can be easily overwhelmed under DoS attack. IF you add rules to take flow statistics out of the router during the DoS attacks, they further slow down and complicate the matter. Cisco IOS has features that prevents flooding, i.e. example setting.

APPLICATION FRONT END HARDWARE

Application front end hardware is intelligent hardware placed on the network before traffic reaches the servers. It can be used on networks in conjunction with routers and switches. Application front end hardware analyzes data packets as they enter the system, and then identifies them as priority, regular, or dangerous. These are more than 25 bandwidth management vendors. Hardware acieration is key to bandwidth management. Look for granularity of bandwidth management, hardware acceleration, and automation while selecting an appliance.

IBS Based Prevention

Instruction prevention systems (IBS) are effective if the attacks have signatures associated with them. However, the tend among the attacks is to have legitimate content but had intent. IPSs which work on content recognition cannot block behavior based DoS attacks An ASIC based IPS can detect and block denial of service attacks because they have the processing power and the granularity to analyze the attacks and act like a circuit breaker in an automated way. A rate based IPS (RBIPS) must analyze traffic granularly and continuously monitor the traffic pattern and determine if there is traffic anomaly. It must let the legitimate traffic flow while blocking the DoS attack traffic.

CHAPTER THREE

PREVENTIVE STEPS OF PAKISTAN

CYBER CRIMES AND AGENCY PAKISTAN FEDERAL INVESTIGATION

The Anti-Corruption and Economic Crime Wings of FIA transferred to National Accountability Bureau (NAB) on 16-08-2004 have been resotred vide notification dated 24-10-2008. The Crimes wing is an important part of FIA, which deals with organized crimes other than terrorism and human trafficking. This wing is headed by a senior police officer as Additional Director General at the HQ who is responsible for assisting the Director General and coordinating operations of the zonal directors. Under the Zonal Directors are Crime Circles who have the following core functions;

FUNCTIONS OF FIA CRIME CIRCLES

1. Intellectual Property Rights (IPR) crimes; a. Business software piracy b. Motion picture piracy (video, TV, satellite, cable) c. Records and music piracy d. Books piracy e. Internet piracy f. Digital piracy (LAN file sharing, mobile, digital stream ripping) g. Fake consumer products, etc 2. Anti-Corruption 3. Economic Crime 4. Spurious Drugs 5. Cyber Crimes 6. Counterfeit Currencies 7. Foreign Exchange Crimes 8. PPC and other Special Laws

INTELLECTUAL PROPERTY RIGHTS CRIMES

Intellectual property is creative work and encompasses branches such as copyright, patents, designs and trademarks. IPR violation is a barrier to foreign direct investment in Pakistan. Copyright piracy has caused $95.7+ million estimated trade loss to Pakistan in 2005. Combating IPR crimes for the purpose of developing the local industries is one of the top priorities set out by the Government of Pakistan. Copyright Ordinance came onto the schedule of FIA in April 2005. FIA registered 34 cases; sealed six illegal manufacturing units of CDs/ DVDs in Karachi; and seized over a million pirated optical discs in the year 2005 and 2006. NAs one year performance has been lauded at national and global levels. Pakistan Federal Investigation Agency (FIA) this week made nine arrests for copyright violations, second over 1000000 pirated CDS and video and cassettes, and most importantly, shut down six factories illegally producing optical media. Steps like these no doubt help Pakistan attract greater investment in innovative industries. The United States is pleased with the recent progress Pakistan demonstrated in fighting optical disc piracy. The efforts made by Pakistan governments under the remarkable leadership of Prime Minister Aziz and the actions of the Federal Investigation Agency to address the rampant copyright had been ravaging their country have been outstanding.

SPURIOUS DRUGS
The illicit trade of production/ supply, distribution, and sale of drugs are posing a serious threat to the lives of the innocent citizens and has serious ramifications such as;

Loss of Government revenue/ tax evasion.

Undermines Government health agendas and regulatory regimes. Undermine legitimate and commerce Defrauds the consumers and health industry Erodes corporate investment and productivity Encourages organized crime

FIAs crime wing has taken up the challenge to eradicate the illicit trade in drugs and has recovered spurious drugs valuing over Rs. 416 million and seized eight illegal manufacturing units. Special durgs units have been established in the provincial headquarter. The FIA has registered 67 cases in the year 2005 and 2006.

CYBER CRIME
FIA is empowered in the Electronic Transaction 2002 to effect deal with the growing computer/ internet crimes in the country. Response centre for cyber crime (NR3C) has been established in the FIA HQ. The crimes circles across the country have started taking action under this law and a total of 57 cases have been registered under the ETO 2002 in the year 2005 and 2006.

COUNTERFEIT CURRENCIES
The increasing instances of counterfeiting of currency in various parts of the country hold serious repercussions for the national economy. FIA crime wing is responsible to deal with the currency counterfeiting. A task force is working led by the Governor, State Bank of Pakistan and the FIA is a member thereof. The FIA is maintaining a database of all the culprits of counterfeit currency cases across the country. The FIA coordinates with the provincial/ local law enforcement agencies in cases registered in their jurisdictions.

CHAPTER FOUR NATIONAL RESPONSE CENTRE FOR CYBER

SPECIAL CYBER CRIME WING

PAKISTAN HAS CREATED CYBER CRIME WING
A Pakistani security agency has launched a special wing to combat cyber crimes in part because the country had to rely on U.S. investigators to trace e-mails sent by the kidnappers of American journalist Daniel Pearl a year ago. The purpose of establishing the National Response Center for Cyber Crimes is to stop misuse of the Internet and trace those involved in cyber-related crimes. The importance of this special wing was felt when Daniel Pearl was kidnapped, and his captors started sending c-mails to newspapers, The Wall Street Journal correspondent disappeared on Jan. 23, 2002, from Pakistans southern city of Karachi. On Jan. 27, 2002, the Journal and other media received an e-mail from a group calling itself the National Movement for the Restoration of Pakistani Sovereignty. The e-mail contained a photo of Pearl, 38, with a gun to his head. The FBI traced the c-mails, and police captured those who allegedly sent them to the newspapers, but, on Feb. 21, 2002, the U.S. Embassy received a videotape showing Pearl was dead. The National Response Center for Cyber Crimes will play a key role in the days to come in tracing those terrorists who often use the Internet or prepaid telephone cards to communicate messages to their associates for carrying out acts of terrorism and other purposes. The special wing has been established at the headquarters of an intelligence agency in Islamabad, Pakistan.

CHAPTER FIVE

CYBER CRIME ACTIVITY IN PAKISTAN

CYBER CRIMES IN PAKISTAN Although the Internet provides many facilities, it also carries many risks. Most common is the risk of Internet fraud. This crime affects the entire world and victims include individuals, companies and even countries. In Pakistan, leading international and local banks have suffered huge losses from credit card fraud, despite the expensive and extensive security measures they have in place. Victims include Citibank, American Sank, Union Bank, Askari Bank, the Muslim Commercial Bank. Cyber criminals often attack official government websites, hack into security systems, send obnoxious e-mails, damage information systems and send viruses. These days, even terrorists use the Internet to collect information on targets and build worldwide contacts and sympathizers. It is widely accepted that there is a need to establish a policy to curb cyber crime. The government of Pakistan has established a Cyber Crime Wing, a joint venture of the Ministry of Interior, Ministry of Information Technology and Telecommunications to combat the hazard of cyber crime. The hackers manage to hack information systems, official websites and get access to unauthorised official data which is a hidden threat to the government. Cyber Crime wing will coordinate efforts to stop increasing cyber crimes in Pakistan, the threats and the measures to counter them. It will focus on criminals communications, make fair online business, protect official websites from hackers and make solid security policy for networks and Online Official Documents.

The new wing will also regulate Internet cafes in the country as the terrorist use these cafes for communication. 1-Zowever, very few people and officials know about the existence of this wing. Even the Islamabad police official deputed at the police exchange inquiry (9203333) expressed ignorance about the existence of this wing. The IT Ministry has also finalised a draft bill for the Electronic Crime Act 2004 which is an important legislation to give legal cover to the anti-cyber crime efforts. One of the most common frauds involves distance selling. If you are going to buy something from the Internet, you should make sure that the seller provides the price of the item, arrangements for delivery, contact information so questions can be asked and the terms .of cancellation. Anyone who fails to provide this basic information is probably trying to run a scam. Another common fraud is the Nigerian Advance Fee Scam, also known internationally as the 4-1-9 fraud. The sender claims to be a government official who needs to move a large sum of money. For some reason, they heed you to pay a fee and claim the money on their behalf. They say they will pay you a percentage of the total sum for your help. They request personal and banking details from you and a goodwill or advande fee payment. Your information is used for illegal activities and the money you submit is never seen again. Online auction frauds are also becoming common. These include the advance lottery fee scams, business opportunities, work from home scams and international modem dialing schemes. Another common scam invites people to claim prizes by calling a hotline number. Usually, the hotlines charge a high fee per minute and the calls last many minutes.

Some competitions invite you to claim your allocated prize by telephoning a hotline number and this could be charged at a premium rate and last many minutes. Also be cautious when offered free holidays or cheap property. You may be being invited to attend a presentation and conned into signing an agreement that forces you to pay egorbitantly high prices for deals. Despite general knowledge that these schemes exist, people continue to become victims. According to one website on Internet fraud, there were at least 124,509 people complained about being scammed in 2003. Many more people are often too embarrassed to report that they were scammed. Of the reports on the website, Internet auction frauds accounted for 61 percent of the complaints, undelivered merchandise despite fee payment accounted for about 21 percent of complaints, and credit card fraud accounted for 7 percent of complaints. Check fraud, identity theft, business fraud and investment fraud were other top complaint categories.

PART V THE JUDICIARIES

CHAPTER ONE

THE PAKISTANI JUDICIARY

THE PAKISTANI JUDICIARY
What is promising is to see how our judiciary has made initial strides in the direction suggested. Some examples of new world thinking by our Judges,, despite their being unassisted by fully enabling policies and legislations, can be found in the following reported judgments of the Pakistani Courts. The most notable of these is the judgment of the High Court of Lahore of Mr. Justice Tassaduq Hussain Jillani and Mr. Justice Abdul Shakoor Paracha, JJ (P L D 2003 Lahore 213) when dealing with a dispute under the Representation of the People Act (LXXXV of 1976). Though this judgment predated the knowledge bf the promulgation of the Electronic Transactions Ordinance, 2002 and hence it could not take advantage of the enabling provisions therein, its ingenuity in dealing with the advanced Cyber law concepts of identity, non-repudiation, evidential value and recognizing as well as enforcing the nature of Cyberspace is truly remarkable: Learned counsel for the respondent has raised objection to the admissibility of reports received from Fax or Internet in these proceedings on the ground that unless the documents/reports are verified by an official of the Pakistan High Commission in USA, those cannot be considered.

This Objection of the learned counsel loses site of Article 164 of the Qanun-e-Shahadat Order which mandates that the Court may allow and use any evidence that is available through modern devices or techniques. The Computer technically is a modern technique and is well within the ambit of the afore referred Article which reads as under:164. Production of evidence that has become available because of modern devices, etc. In such cases as the Court may consider appropriate the Court may allow to be produced any evidence that may have become available because of modem devices or techniques. In Halsburys Laws of England, 4th Edn., para. 59, admissibility of statement received through Computer was commented upon in terms as under: In any civil proceedings a statement contained in a document produced by a Computer is, subject to rules of Court, admissible as evidence of any fact, stated in it of which direct oral evidence would be admissible if;
1.

The document containing the statement was produced by the computer during a period over which the computer was used regularly to store or process information for the purposes of any activities regularly carried on over that period whether for profit or not, by anybody, whether corporate or not, or by any individual; Over that period there was regularly supplied to the computer in the ordinary course of those activities information of the kind contained in the statement or of the kind from which the information so contained is derived; Throughout the material part of that period the computer was operating properly or, if not, that any respect ;in which it was not operating properly or was out of operation during that part of that period was not such as to affect the production of the document or the accuracy of its contents; and The information contained in the statement reproduces or is derived from information supplied to the computer in the ordinary course of those activities.

2.

3.

4.

The evidence collected through Tape Recordings was held admissible by the august Supreme Court of Pakistan in Islamic Republic of Pakistan v. Abdul Wall Than (PU) 1.976 SC 56). There is no cavil to the proposition that the enquiry in these proceedings is summary in nature. But if the basic Degree has been challenged, the relevant information with regard to its genuineness or otherwise is available on Internet and it is not seriously disputed that the information so received is from the competent authority of the institution concerned, no verification from Pakistan High Commission in U.S.A would be necessary. We, therefore, see no reason to discount it from consideration. Moreover, the information received has been further verified through the Commission appointed by this Court. The objection raised, therefore, has no substance and is accordingly repelled. Taking into account the afore-referred a documents and the report of the Commission we are left with no manner of doubt that the respondent was never issued a Degree of Bachelor of Business Administration the so-caned degree produced before the Returning Officer is a fake document and the respondent is not eligible to contest the elections as he lacks the basic educational qualification i.e. Bachelors Degree in terms of section 99 (1)(cc) of the Representation of the People- Act, 1976. As can be seen that due to the unavailability at the time of the specific legislative rules on electronic documentation and their admission into evidence the judgment relied upon Halsburys laws thereby incorporating international best practice, comity of nations and recognizing and enforcing the global nature of the Internet. This example is an illustration a. how advanced and new world the Judiciary can be but tends to regretfully remain unassisted due to the lack of enabling and new world policies and legislations. To a great extent the latent problems faced in this judgment were remedied by the promulgation of the Electronic Transactions Ordinance, 2002 (ETO 2002).

Another promising judgment on internet related issues came from the High Court at Karachi of Mr. Justice Khilji Arif Hussain, (2004 C L D 1131) ACER, INC. Versus ACER COMPUTERS in which his Lordhsip upheld the international rights to the domain name www.acer.com and held that www.acer.com.pk was not only a cyber squatted domain but was being used by a domestic company to violate and take advantage of the Acer trademark and trade name. Here once again, though the Trade Marks Ordinance, 2002 mentions domain names it does not provide a holistic or internationally compatible framework for domain name dispute resolution under ICANN rules. Nonetheless, in order to make up for the lack of legislative and policy framework, our judiciary supplemented and decided the situation in consonance with international best practice and keeping in mind Pakistans international commitments and upholding the global new world nature of the Internet and Cyberspace. A similar matter came up yet again before the High Court at Karachi for interim relief before Mr. Justice Maqbool Baqar, (2006 C L D 580) TELEBRANDS CORPORATION Vs. TELEBRANDS PAKISTAN (PVT.) LIMITED, where the Tradename of an internationally recognized company was alleged to have been illegally established under the domain name Telebrandspakistan.com. This matter involved the implementation of an ICANN award. Although the Court did not completely apply the ICANN decision it seems to have had some persuasive value. It is however, hoped that the recognition and enforcement of such internationally accepted decisions will be followed in keeping with the concepts expressed above as part of a continuing and progressive tradition of our esteemed judicial institution.

Electronic Transactions Ordinance, 2002 (ETO 2002). At the close of the first period of President Pervaiz Musharrafs advanced Good Governance, in September 2002, the President promulgated the Electronic Transactions Ordinance, 2002 (ETO 2002). Having authored this piece of legislation, it was a singular honour and a privilege for me to see it promulgated. It provided the Road Map and brought with it the conceptual revolution in policy and legislative drafting that since its promulgation has not revisited most of the Ministries, especially the MoITT.

CHAPTER TWO

THE INTERNATIONAL JUDICIARY CYBER CRIME

CASE STUDIES
The following are examples of cyber crime committed in the last few years, which gained notoriety among the electronic community.

Legion of Doom (LOD)

Members: Arrested: Charged: Convicted: Crime: Franklin Darden. The Leftist, Adam Grant. The Urvile, Robert Riggs) July 21, 1989 1989 1990 Cracking into Bell Souths Telephone (including 911) Networks - possessing proprietary BellSouth software and information, unauthorized intrusion, illegal possession of phone credit card numbers with intent to defraud, and conspiracy. From the Governments Sentencing Memorandum: BellSouth spend approximately $1.5 million in identifying the intruders into their system and has since then spent roughly $3 million more to further secure their network. Frank Darden: 14 months, Adam Grant: 14 months, Robert Riggs: 21 months. Collectively restitution. ordered to pay $233,000.00 in

Sentences:

MASTERS OF DECEPTION (MOD)

Members: Mark Abene. Phiber Optik and II Duce, Eli Ladopoulos. Acid Phreak, Paul Stira. Scorpion, John Lee: Corrupt and John Farrington, Julio Fernandez) Arrested: Charged: Convicted: Crime: 1992 July 1992 July 1993 Multiple computer hacking related charges including conspiracy, wire fraud, unauthorized access to computers, unauthorized possession of access devices, interception of electronic communication. Institutions involved included Southwestern Bell, BT North America, New York Telephone, ITT, Information America, TRW, Trans Union, Pacific Bell, the University of Washington, New York University, U.S. West, Learning Link, Tymnet, Martin Marietta Electronics Information arid Missile Group, AT&T, Bank of America, and the US National Security Agency. The crime was widely publicized, and resulted in at least one book being written, chronicling the events. Mark Abene: 12 months + probation and 600 hours of community service John Lee: 6 months + probation Eli Ladopoulos: 6 months + probation Paul Stira: 6 months + probation Julio Fernandez cooperated and received no sentence.

Sentences:

MITNICK, KEVIN DAVID (ALIAS: GLENN CASE)

Arrested: Charged: Convicted: Crime: February 15, 1995 September 26, 1996 March 18, 1999 From the September 26, 1996 court record: obtaining unauthorized access to computers belonging to numerous computer software and computer operating systems manufacturers, cellular telephone manufacturers, Internet Service Providers, and educational institutions; and (b) stealing, copying, and misappropriating proprietary computer software from Motorola, Fujitsu, Nokia, Sun, Novell, and NEC. After being incarcerated, awaiting full trial for 4 years,, Kevin served 10 additional months and was released on conditional probation - He may not use a computer, cellular phone, or any other Internet device until 2003, nor profit from his crimes in any way. Total time spent in prison for this offense was 4 years, 11 months, and 6 days. January 21, 2000

Sentence:

Release Date:

Previous Conviction: Arrested: Charged: Convicted: Crime: 1989 1989 1989 Stealing $1 million worth of software from Digital Equipment Corporation, and theft of long distance codes from MCI Sentence: 1 year imprisonment with conditional probation thereafter, stating that he could not use a computer or associate with other computer criminals.

PART VI
CYBER LAW IN PAKISTAN
CHAPTER ONE

PREVENTION OF ELECTRONIC CRIMES ACT, 2007

To make provision for prevention of the electronic crimes WHEREAS it is expedient to prevent any action directed against the confidentiality, integrity and availability of electronic system, networks and data as well as the misuse of such system, networks and data by providing for the punishment of such actions and to provide mechanism for investigation, prosecution and trial of offences and for matters connected therewith or ancillary thereto: It is hereby enacted as follows:
1.

Short title, extent application and commencement. (1) This Act may be called the Prevention of Electronic Crimes Act, 2007. It extends to the whole of Pakistan. It shall apply to every person who commits an offence under this Act irrespective of his nationality or citizenship whatsoever or in any place outside or inside Pakistan, having detrimental effect on the security of Pakistan or its nationals or national harmony or any property or any electronic system or data located in Pakistan or any electronic system or data capable or being connected, sent to, used by or with any system in Pakistan. It shall come into force at once. Definitions. (1) In this Act, unless there is anything repugnant in the subject or context, a. access means gaining access to any electronic system or data held in an electronic system or by

2.
3.

4.
5.

causing the electronic system to perform any function to achieve that objective;
b.

Authority means the Pakistan Telecommunication Authority established under section 3 of the Pakistan Telecommunication (Re-organization) Act 1996 (XVII of 1996);

c. Code means the Code of Criminal Procedure, 1898 (Act V of 1898); d. Constitution means Republic of Pakistan; Constitution of the Islamic

e. data means representations of information or of

concepts that are being prepared or have been prepared in a form suitable for use in an electronic system including but not limited to computer program, text, images, sound, video and information within a database or electronic system; determination made or order passed by the Authority under any of the provisions of the Pakistan Telecommunication (Re-organization) Act 1996 (XVII of 1996) on any matter related to one or more licensed operators in pursuant to the powers conferred upon the Authority by any other law, rules, regulation or directive for the time being in force which includes any interim order passed by the Authority pending final decision;

f. decision of the Authority means decision given,

g. Electronic Certification Accreditation Council means the council established under section 18 of the Electronic Transaction Ordinance 2002 (LI of 2002);
h. electronic includes but not limited to electrical,

digital, analogue, magnetic, optical, biochemical, electrochemical, electromechanical, electromagnetic, radio electric or wireless technology; i. electronic device means any hardware which performs one or more specific functions and operates on any form or combination of electrical energy.

j. electronic mail message means an data generated by an electronic system for a unique electronic mail address:
k. electronic

mail address means a destination, commonly expressed as a string of characters, consisting of a unique user or group name or mailbox, commonly referred to as the local part, and a reference to an internet or intranet domain commonly referred to as the domain part, whether or not displayed, to which an electronic mail message can be sent or delivered or originated from and includes an electric mail address which may be permanent, dynamic or disposable; electronic system means any electronic device or a group of interconnected or related devices, one or more of which, pursuant to a program or manual or any external instruction, performs automatic processing of information or data and may also include a permanent, removable or any other electronic storage medium; data means data which has been transformed or scrambled from its plain version or text to an unreadable or incomprehensible format and is recoverable by an associated decryption or decoding technique, regardless of the technique utilized for such transformation or scrambling and irrespective of the medium in which such data occurs or can be found for the purposes of protecting such data: storage and retrieval and communication or telecommunication to, from or within an electronic system; means Organization; International Criminal Police

l.

m. encrypted

n. function includes logic, control, arithmetic, deletion,

o. Interpol

p. offence includes,

i. an offences punishable under this Act;

ii. an offence punishable under the laws mentioned in the Schedule; or

iii. any other offence punishable under any other

law for the time being in force if committed through or by using any computer, electronic system, electronic means or electronic device as a mean or tool;

q. plain version means original data before it has been transformed or scrambled to an unreadable or incomprehensible format or after it has been recovered by using any decryption or decoding technique r. rules means rules made under this Act; s. Schedule means the Schedule to this Act; t. sensitive electronic system means an electronic system used directly, in connection with or necessary for i. the security, defence or international relations of Pakistan; ii. the existence or identity of a confidential source of information relating to the enforcement of criminal law; iii. the provision of services directly related to communications infrastructure, banking and financial services, public utilities, courts, public transportation, public key infrastructure, payment systems infrastructure or ecommerce infrastructure iv. the protection of public safety including systems related to essential emergency services such as police, civil defence and medical services
v. the purpose declared as such by the Federal

Government in accordance with the prescribed procedure; or

vi. containing any data or database protected as

such, by any other law.

u. service provider includes but not limited to,

i. a person acting as a service provider in relation

to sending, receiving, storing or processing of electronic communication or the provision of other services In relation electronic communication through any electronic system;
ii. a

person who owns, possesses, operates, manages or controls a public switched network or provides telecommunication services; or on behalf of such electronic communication service or users of such service;

iii. any other person who processes or stores data

v. subscriber

information means any information contained in any form that is held by a service provider, relating to subscribers services other than traffic data and by which can be established. i. the type of communication service used, the technical provisions taken thereto and the period of service;
ii. the

subscribers identity, postal, geographic electronic mail address, telephone and other access number; billing and payment information, available on the basis of the service agreement or arrangement; or other information on the site of the installation of communication equipment, available on the basis of the service agreement or arrangement;

iii. any

w. traffic

data means any data relating to a communication by of an electronic system, generated by a electronic system that formed a part in the chain of communication, indicating the communications

origin, destination, route, time, date, size, duration, or type of underlying service; x. Tribunal means the Information and Communication Technologies Tribunal constituted under section 31; and y. unauthorized access means access of any kind by any person to any electronic system or data held in an electronic system or electronic device, without authority or in excess of authority, if he is not himself entitled to control access of the kind in question to the electronic system or electronic device, or data and he does not have consent to such access from any person, so entitled:

CHAPTER II OFFENCES AND PUNISHMENTS

3. Criminal access. Whoever intentionally gains unauthorized access to the whole or any part of an electronic system or electronic device with or without infringing security measures, shall be punished with imprisonment of either description for a term which may extend to two years, or with fine not exceeding three hundred thousand rupees, or with both. 4. Criminal data access. Whoever intentionally causes any system or electronic device to perform any function for the purpose of gaining unauthorized access to any data held in any electronic system or electronic device or on obtaining such unauthorized access shall be punished with imprisonment of either description for a term which may extend to three years, or with fine or with both. 5. Data damage. Whoever with intend to illegal gain or cause harm to the public or any person, damages any data is shall be punished with imprisonment of either description for a term which may extend to three years, or with fine, or with both. Explanation. For the purpose of this section the expression data damage includes but not limited to modifying, altering, deleting, deterioration, erasing, suppressing, changing location of data or making data temporarily or permanently unavailable, halting electronic system, choking the networks or affecting the reliability of usefulness of data. 6. System damage. Whoever with intend to cause damage to the public or any person interferes with or interrupts or obstructs the functioning, reliability or usefulness of an electronic system or electronic device by inputting, transmitting, damaging, deleting, altering, tempering, deteriorating or suppressing any data or services or halting electronic system or choking the networks shall be punished with imprisonment of either description for a term which may extend b three years, or with fine or, with both.

Explanation. For the purpose of this section the expression services Include any kind of service provided through electronic system. 7. Electronic fraud. Whoever for wrongful gain interferes with or uses any data, electronic system or electronic device or induces any person to enter into a relationship or with intend to deceive any person, which act or omission is likely to cause damage or harm to that person or any other person shall be punished with imprisonment of either description for a term which may extend to seven years, or with fine, or with both. 8. Electronic forgery. Whoever for wrongful gain interferes with data, electronic system or electronic device, with intend to cause damage or injury to the public or to any person, or to make any illegal claim or title or to cause any person to part with property or to enter into any express or implied contract, or with intend to commit fraud by any input, alteration, deletion, or suppression of data, resulting in unauthentic data with the intend that it be considered or acted upon for legal purposes as if it were authentic regardless of the fact that the data is directly readable and intelligible or not shall be punished with imprisonment of either description for a term which may extend to seven years, or with fine or with both. 9. Misuse of electronic system or electronic device. (1) Whoever produces, possesses, sells, procures, transports, imports, distributes or otherwise makes available an electronic system or electronic device, including a computer program, designed or adapted primarily for the purpose of committing any of the offences established under this Act or a password, access code, or similar data by which the whole or any part of an electronic system or electronic device is capable of being accessed or its functionality compromised or reverse engineered with the intent that it be used for the purpose of committing any of the offences established under this Act, is said to commit offence of misuse of electronic system or electronic devices: Provided that the provisions of this section shall not apply to the authorized testing or protection of an electronic system for any lawful purpose.

(2) Whoever commits the offence described in sub-section. (1) shall be punishable with imprisonment of either description for a term which may extend to three years, or with fine, or with both 10. Unauthorized access to code. Whoever discloses or obtains any password, access as to code, system design or any other means of gaining access to any electronic system or data with intend to obtain wrongful gain, do reverse engineering or cause wrongful loss to. any person or for any other unlawful purpose shall be punished with imprisonment of either description for a term which may extend to three years, or with, or with both. 11. Misuse of encryption. Whoever for the purpose of commission of an offence or concealment of incriminating evidence, knowingly and willfully encrypts any incriminating communication or data contained in electronic system relating to that crime or incriminating evidence, commits the offence of misuse of encryption shall be punished with imprisonment of either description for a term which may extend to five years, or with fine, or with both. 12. Malicious code. (l) Whoever willfully, writes, offers, makes available, distributes, or transmits malicious code through an electronic system or electronic device, with intend to cause harm to any electronic system or resulting in the corruption, distribution, alteration, suppression, theft or loss of data commits the offence of malicious code: Provided that the provision of this section shall not apply to the authorized testing, research and development or protection of an electronic system for any lawful purpose. Explanation. For the purpose of this section the expression malicious code includes but not limited to a computer program or a hidden function .in a program that damages data or compromises the electronic systems performance or uses the electronic system resources without proper authorization, with or without attaching its copy to a file and is capable of spreading over electronic system with or without human intervention including virus, worm or Trojan horse.

(2) Whoever commits the offence specified in sub-section (1): shall be punished with imprisonment of either description for a term which may extend to five years, or with fine or with both. 13. Cyber stalking. (1) Whoever with intend to coerce, intimidate, or harass any person uses computer, computer network, internet, network site, electronic mail or any other similar means of communication to (a) (b) (c) (d) (e) communicate obscene, vulgar, profane, lews, lascivious, or indecent language, picture or image; make any suggestion or proposal of an obscene nature; threaten any illegal or immoral act; take of distribute pictures or photographs of any person without his consent or knowledge; display or distribute information in a manner that substantially increases the risk of harm or violence to any other person, commits the offence of syber stalking.

(2) Whoever commits the offence specified in sub-section (1) shall be punishable with imprisonment of either description for a term which may extend to seven years or with fine not exceeding three hundred thousand rupees, or with both: 14. Spamming. (1) Whoever transmits harmful, fraudulent, misleading, illegal or unsolicited electronic messages in bulk to any jerson without the express permission of the recipient, or causes any electronic system to show any such message or involves in falsified online user account registration or falsified domain name registration for commercial purpose commits the offence of spamming. (2) Whoever commits the offence of spamming as described in subsection (1) shall be punishable with fine not exceeding fifty thousand rupees if he commits this offence of spamming for the first time and for every subsequent. Commission of offence of spamming he shall be punished with imprisonment of three months or with fine, or with both.

15: Spooling. Whoever establishes a website, or sends an electronic message with a counterfeit source intended to be belived by the recipient or visitor or its electronic system to be an authentic source with intend to gain unauthorized access or obtain valuable information which later can be used for any unlawful purposes commits the offence of spoafing. (2) Whoever commits the offence of spoofing specified in subsection (1) shall be punished with imprisonment of either description for a term which may extend to three years, or with fine, or with both. 16. Unauthorized interception. (1) Whoever without lawful authority intercepts by technical means, transmissions of data to, from or within an electronic system including electromagnetic emissions from an electronic system carrying such data commits the offence of unauthorized interception. (2) Whoever commits the offence of unauthorized interception described in subsection (1) shall be punished with imprisonment of either description for a term which may extend to five years, or with fine not exceeding five hundred thousand rupees or with both. 17. Cyber terrorism. (1) Any person, group or organization who, with terroristic intend utilizes, accesses or causes to be accessed a computer or computer network or electronic system or electronic device or by any available means, and thereby knowingly engages in or attempts to engage in a terroristic act commits the offence of cyber terrorism. Explanation 1. For the purposes of this section the expression terroristic intend means to act with the purpose to alarm, frighten, disrupt, harm, damage, or carry out an act of violence against any segment of the population, the Government or entity associated therewith. Explanation 2. For the purposes of this section the expression terroristic act includes, but is not limited to (a) altering by addition, deletion, or change or attempting to alter information that may result in the imminent injury, sickness, or death to any segment of the population;

(b)

transmission or attempted transmission on a harmful program with the purpose of substantially disrupting or disabling any computer network operated by the Government or any public entity aiding the commission of or attempting to aid the commission of an act of violence against the sovereignty of Pakistan, whether or not the commission of such act of violence is actually completed; or stealing or copying, or attempting to steal or copy, or secure classified information or data necessary to manufacture any form of chemical, biological or nuclear weapon, or any other weapon of mass destruction.

(c)

(d)

(2) Whoever commits the offence of cyber terrorism and causes death of any person shall be punishable with death or imprisonment for life, and with line and in any other case he shall be punishable with imprisonment of either description for a term which may extend to ten years, or with fine not less than ten million rupees, or with both. 18. Enhanced punishment for offences involving sensitive electronic systems. (1) Whoever causes criminal access to any sensitive electronic system in the course of the commission of any of the offences established under this Act shall, in addition to the punishment prescribed fro that offence, be punished with imprisonment of either description for a term which may extend to ten years, or with fine not exceeding one million rupees, or with both. (2) For the purposes of any prosecution under this section, it shall be presumed, until contrary is proved, that the accused had the requisite knowledge that it was a sensitive electronic system. 19. Of abets, aids or attempts to commits offence (1) any person who knowingly and willfully abets the commission of dr who aids to commit or does any act preparatory to or in furtherance of the commission of any offence under this Act shall be guilty of that

offence and shall be liable on conviction to the punishment provided for the offence. (2) Any person who attempts to commit an offence under this Act shall be punishable for a term which may extend to onehalf of the longest term of imprisonment provided for that offence. Explanation. For aiding or abetting an offence to be committed under this section, it is immaterial whether the offence has been committed or not. 20. Other offences. Whoever commits any offence, other than those expressly provided under this Act, with the help of computer electronic system, electronic device or any other electronic mean; shall be punished, in addition to the punishment provided for that offence with imprisonment of either description for a term which may extend to two years, or with fine not exceeding two hundred thousand rupees, or with both. 21. Offences by corporate body. A corporate body shall be held liable for an offence under this Act if the offence is committed on its instructions or for its benefit. The corporate body shall be punished with fine not less than one hundred thousand rupees or the amount involved in the offence whichever is the higher: Provided that such punishment shall not absolve the criminal liability of the natural person who has committed the offence. Explanation. For the purposes of this section corporate body, includes a body of persons incorporated under any law such as trust, waqf, an association, a statutory body or a company.

CHAPTER - III PROSECUTION AND TRIAL OF OFFENCES

22. Offences to be compoundable and non-cognizable. All offences under this Act shall be compoundable, non-cognizable and bailable except the offences punishable with imprisonment for seven years or more. 23. Prosecution and trial of offences. (1) The Tribunal shall take cognizance of and try any offence under this Act. (2) In all matters with respect to which no procedure has been provided in this Act or the rules made there under, the provisions of. the Code shall, matatis mutandis, apply for the trial. (3) All proceedings before the Tribunal shall be deemed to be judicial proceedings within the meanings of sections 193 and 228 of the Pakistan Penal Code 1860 (XLV of 1860) and the Tribunal shall be deemed to be a Court for the purposes of sections 480 and 482 of the Code. 24. Order for payment of compensation. The Tribunal way, on awarding punishment of imprisonment or fine or both for commission of any offence, make an order for payment of any compensation to the victim for any damage caused to his electronic system or data by commission of the offence and the compensation so awarded shall be recoverable as arrears of land revenue; Provided that the compensation awarded by the Tribunal shall not prejudice any right to a civil remedy for the recovery of damages beyond the amount of compensation awarded.

CHAPTER IV ESTABLISHMENT OF INVESTIGATION AND PROSECUTION AGENCIES

25. Establishment of investigation agencies and prosecution. The Federal Government shall establish a specialized investigation and prosecution cell within Federal Investigation Agency to investigate and prosecute the offences under this Act. Provided that till such time any agency is so established, the investigation and prosecution of an offence shall be conducted in accordance with the provisions of the Code: Provided further that any police officer investigating an offence under this Act may seek assistance of any special investigation agency for any technical in put, collection and preservation of evidence. 26. Powers of officer. (1) Subject to obtaining search warrant an investigation officer shall be entitled to, (a) (b) have access to an inspect the operation of any electronic system; use or cause to be used any such electronic system to search any data contained in or available to such electronic system; have access to or demand any information, code or technology which has the capability of transforming or unscrambling encrypted data contained or available to such electronic system into readable and comprehensible format or plain version; require any person by whom or on whose behalf, the investigating officer has reasonable cause to believe, any electronic system has been used; require any person having charge of, or otherwise concerned with the operation of such electronic system to provide him reasonable technical and other

(c)

(d)

(e)

assistance as he may require for the purposes of clauses (a), (b) and (c); (f) require any person who is in possession of decryption information of under investigation electronic system, device or data to grant him access to such decryption information necessary to decrypt data required for the purpose of investigating any such offence.

Explanation. Decryption information means information or technology that enables a person to readily retransform or unscramble encrypted data from its unreadable and from cipher text to its plain text. (2) The police officer may, subject to the proviso, require a service provider to submit subscriber information relating to such services in respect of a person under investigation in that service providers possession or control necessary for the investigation of the offence: Provided the investigating officer shall get prior permission to investigate any service provider from the licensing authority where prior permission of the licensing authority is required under any law to investigate the licensed service provider. (3) Any person who obstructs the lawful exercise of the powers under sub-sections (1) or (2) shall be liable to punishment with imprisonment of either description for a term which may extend to one year, or with fine not exceeding one hundred thousand rupees, or with both. 27. Real-time collection of traffic data. (1) The federal government require a licensed service provider, within its existing or required technical capability, to collect or record through the application of technical means or to co-operate and assist any law enforcement or intelligence agency in the collection or recording of traffic data or data, in real-time, associated with specified communications transmitted by means of an electronic system. (2) The Federal Government may also require the service provider to keep confidential the fact of the execution of any power provided for in this section and any information relating to it.

28. Retention of traffic data. (1) A service provider shall, within its existing or required technical capability, retain its traffic data minimum for a period of ninety days and provide that data to the investigating agency or the investigating officer when required. The Federal Government may extend the period to retain such date as and when deems appropriate: (2) The service providers shall retain the traffic data under sub section (1) by fulfilling all the requirements of data retention and its originality as provided under sections 5 and 6 of the Electronic Transaction Ordinance 2002 (LI of 2002). (3) Any person who contravenes the provisions of this section shall be punished with imprisonment for a term of six months or with fine or with both. 29. Trans-border access. For the purpose of investigation the Federal Government or the investigation agency may, without the permission of any foreign Government or international agency access publicly available electronic system or data notwithstanding the geographically location of such electronic system or data, or access or receive, through an electronic system, data locate din foreign country or territory, if it obtains the lawful and voluntary consent of the person who has the lawful authority to disclose it: Provided that such access is not prohibited under the law of the foreign government or the international agency. Provided further the that investigating agency shall inform in writing to the Ministry of Foreign Affairs of Government of Pakistan I other relevant agencies as the case may be about the investigation conducted under the section.

CHAPTER V INTERNATIONAL COOPERATION

30. International co-operation. (1) The federal government may cooperate with any foreign government, Interpol or any other international agency with whom it has or establishes reciprocal arrangements for the purposes of investigations or proceedings concerning offences related to electronic system and data, or for the collection of evidence in electronic form of an offence or obtaining expeditious preservation and disclosure of traffic data or data by means of a electronic system or real-time collection of traffic data associated with specified communications or interception of data. (2) The Federal Government may, without prior request, forward to such foreign government, Interpol or other international agency, any information obtained from its own investigations if it considers that the disclosure of such information might assist the other government or agency in initiating or carrying out investigations or proceedings concerning any offence. (3) The Federal Government may require the foreign Government, Interpol or other international agency to keep the information provided confidential or use it subject to some conditions. (4) The investigating agency shall, subject to approval of the Federal Government, be responsible for sending and answering requests for mutual assistance, the execution of such requests or their transmission to the authorities competent for their execution. (5) The Federal Government may refuse to accede to any request made by such foreign government, Interpol or international agency if the request concerns an offence which is likely to prejudice its sovereignty, security, public order or other essential interests. (6) The federal government may postpone action on a request if such action would prejudice investigations or proceedings conducted by its investigation agency;

CHAPTER VI INFORMATION AND COMMUNICAITON TECHNOLOGIES TRIBUNAL

31. Information and Communication Technologies Tribunal. (1) As soon as possible alter the commence of this Act, the Federal Government shall, by notification in the official Gazette, constitute the Information and Communication Technologies Tribunal whose principal seat shall be at Islamabad. 12) The Tribunal may hold its sittings at such place or places as the federal government may decide. (3) The Tribunal shall consist of a chairman and as many members as the Federal Government may determine but not more than seven members. (4) The Chairman may constitute Benches of the Tribunal and otherwise directed by him a. Bench shall consist of not less than two members. A Bench shall exercise such powers and discharge such functions as may be prescribed. There shall be established at least one Bench in each province. (5)The Federal government shall appoint the chairman and members of the Tribunal. 32. Qualifications for appointment. (1) A person shall not be qualified for appointment as Chairman unless he is, or has been, or is qualified for appointment as a Judge of the High Court. (2) A personal shall not be qualified for appointment as a Member unless he (a) (b) has for two years served as a District and Sessions Judge; or has for a period of not less than ten years been an advocate of a High Court; or

(c)

has special knowledge of legislation and professional experience of not less than ten years in the field of telecommunication and information technologies.

33. Salary and allowances, and other terms and conditions of services. The salary, allowances, privileges, and other terms and conditions of service of the Chairman and member of the Tribunal shall be such as the Federal Government may, by notification in official Gazette, determine. 34. Resignation and removal. (1) The Chairman or a member of the Tribunal may, by writing under his hand addressed to the Federal Government, resign his office: Provided that the Chairman or a member shall, unless he is permitted by the Federal Government to relinquish his, office sooner, continue to hold office until the expiry of three months from the date of receipt of such resignation or until a person duly appointed as his successor enters upon his: office whichever is earlier. (2) The Chairman or a member of the Tribunal shall not be removed from his office before the expiry of term specified in section 33, by the Federal Government except as may be prescribed. (3) The Federal Government may, by rules, regulate the procedure for the investigation of misconduct or physical or mental incapacity of the Chairman and a member of the Tribunal. 35. Saving Tribunals proceedings. No act or proceedings of the Tribunal shall be called in question in any manner on the ground merely of any defect in the constitution of the Tribunal. 36. Saving Tribunals proceedings. (1) The Federal Government shall provide the tribunal with such employees as the government may deem appropriate in consultation with the Chairman of the Tribunal. (2) The employees of the Tribunal shall perform their duties under general superintendence of the Chairman of the Tribunal.

(3) The salaries, allowances and other conditions of service of the employees of the ICT Tribunal shall be such as may be prescribed by the Federal Government. 37. Right to legal representation. The parties in appeal may either appear in person or authorize one of more legal practitioners, and in case of a corporate body any of its officers, to present the case before the Tribunal. 38. Amicus curiae. (1) The Tribunal may, if it so requires, be assisted in technical aspects in any case by an amicus curiae having knowledge and experience in information communication technologies, finance and economics. (2) The Federal Government shall maintain a list of amicus curiae having relevant qualifications and experience. (3) The Tribunal in consultation with the Federal Government shall the remuneration of the amicus curiae and the Tribunal may decide the party or parties to pay such remuneration, keeping in view the circumstances of each case. 39. Procedure and powers of Tribunal. (1) Subject to the provision of this Act and the rules made there under, the Tribunal, (i) may, where it deems necessary, apply the procedures as provided in the Code or, as the case may be, in the Code of Civil Procedure, 1908 (Act V of 1908); in the exercise of its civil jurisdiction, shall have powers vested in the civil court under the Code of Civil Procedure, 1908; and in the exercise of its criminal jurisdiction, shall have the same powers as are vested in the Court of Session under the Code.

(ii)

(iii)

40. Appeal to Tribunals. (1) Any person aggrieved by any of the following orders may, within fifteen days from the date of such order, prefer an appeal to the Tribunal, namely: any decision of the Authority; or any decision of the Electronic Certification Accreditation Council: Provided that no appeal shall lie to the ICT Tribunal from an order passed by the Authority or the Electronic Certification Accreditation Council with the consent of the parties. (2) Any appeal against a decision of the Authority shall be accompanied by a court fee, (a) ten thousand rupees where the valuation of the subject matter in issue is not more than five million rupees; fifteen thousand rupees where the valuation of the subject matter in issue is more than five million rupees but not more than ten million rupees; and one hundred thousand rupees where the valuation of the subject matter in is more than ten million rupees.

(b)

(c)

(3) The appeal filed before the Tribunal under sub-section (1) shall be dealt with by it as expeditiously as possible and the Tribunal shall dispose of the appeal finally within ninety days from the date of receipt of the appeal. 41. Powers of Tribunal. The Tribunal while hearing an appeal under section 40 shall have all the powers as are vested in the court of first appeal under the Code in exercise of its civil jurisdiction in respect of appeal against any decision or order of the Authority or the Electronic Certification Accreditation Council. 42. Limitation. The provisions of the Limitation Act 1908 (IX of 1908), shall, mutatis mutandis, apply to the proceedings of ICT Tribunal.

43. Appeal to High Court. (1) Any person aggrieved by (i) any decision or order of the Tribunal made under section 40 may prefer second appeal to the respective High Court within thirty days from the date of the decision or order of the Tribunal. Provided that appeal under this clause shall lie only if the High Court grants leave to appeal; (i) an order of conviction passed by the Tribunal in respect of any offence under this Act may prefer an appeal to the respective High Court within thirty days of the decision or order of the Tribunal.

(2) An appeal against an order of the Tribunal under section 40 or an order of sentence exceeding ten years shall be heard by the Division Bench of the High Court. 44. Civil court not to have jurisdiction. No court shall have jurisdiction to entertain any suit or proceedings in respect of any matter which the Tribunal constituted under this Act is empowered by or under this Act to determine and no injunction shall be granted by any court or other authority in respect of any action taken or to be taken in pursuance of any power conferred by or under this Act. 45. Transitory proceedings. (1) Until the establishment of the Tribunal all cases, proceedings and appeals, subject matter of which is within the jurisdiction of Tribunal, shall continue to be heard and decided by the competent forum existing under any law for the time being in force. (2) On the constitution of the Tribunal all cases, proceedings and appeals shall stand transferred to and heard and disposed of by the Tribunal. (3) On transfer of cases, proceedings and appeals under subsection(2), the Tribunal shall proceed from the stage the proceedings had reached immediately prior to the transfer and shall not be bound to recall any witness or again record any evidence that may have been recalled.

CHAPTER VII MISCELLANEOUS

46. Act of override other laws. The provisions of this Act shall have effect notwithstanding anything to the contrary contained in any other law for the time being in force. 47. Power to amend Schedule. The Federal Government may, by notification in the official Gazette, amend the Schedule so as add any entry thereto or modify or omit any entry therein. 48. Powers to make rules. (1) The Federal Government may, by notification in the official Gazette, make rules for carrying output purposes of the Tribunal. 49. Removal of difficulties. If any difficulty arises in giving effect to the provisions of this Act, the Federal Government may, by order published in the official Gazette, make such provisions not inconsistent with the provisions of this Act as may appear to be necessary for removing the difficulty.

THE FIRST SCHEDULE (Sec section 3 s))

1. The Electronic Transactions Ordinance, 2002 (LI of 2002). 2. The Pakistan Telecommunication (Re-organization) Act, 1996 (XVII of 1996). 3. The Telegraph Act, 1885 (XIII of 1885). 4. The Wireless Telegraphy Act, 1933 (XVII of 1933).

STATEMENT OF OBJECTS AND REASONS

A wide array of new and complex Information Communication Technologies (ICT) related crimes are not and

covered under any of the existing legislation; therefore, to counter the spread of electronic crimes, there is an urgent need for having a legislation for prevention of electronic crimes in Pakistan to check electronic crimes ranging from damage to data and electronic system, electronic fraud and forgery, unauthorized access to code and misuse of encryption, cyber stalking, spamming, spoofing, unauthorized interception and cyber terrorism. This law also provides a comprehensive mechanism for investigation, prosecution and trials procedures for prevention of electronic crimes. 2. By establishing a proper mechanism of investigation, prosecution and trial for electronic crimes in the field of Information and Communication Technologies, inter alia: (a) a sense of security safety and protection will prevail in each and every segment of society that uses or deals with IT and Telecommunication; (b) increasing rate of electronic crimes in the country will be curbed; (a) soft image of Pakistan will be developed in the world;

(b) the confidence of Bankers and their customers in electronic transactions will be enhanced which consequently will boost cBanking and c-Commerce in Pakistan; (c) the IT entrepreneurs will have more secure cyber space which will be friendly and congenial to their business; (d) Pakistan will be able take another step further towards paper free economy; and (e) It will promote the whole ITC sector and build confidence in the society to accept the use of more and more Information and Communication Technologies in their daily lives.

AWAIS LEGHARI

AHMED

KHAN

MINISTER - TN CHARGE PCPPI 328 (07) Information I7-8-2007 - 100.

CHAPTER TWO

AMENDMENTS IN CYBER CRIME LAW

CYBER CRIME LAW PROMULGATED BY PRESIDENT ZARDARI
It has just been reported that President Asif All Zardari has promulgated the Cyber Crime Law with effect from September 29th 2008. Though this is may surely be an important law but the problem with the initial draft as it was presented in 2007 by the Ministry of Information that it literally did not safe guard the interests of the innocents and gave holistic powers to the FIA to implement this law at free will. One now just has to figure out which version of the law has been introduced, are we simply being served up with the old draconian draft or a revised version which was extensively hashed out by Jehan Ara, PASHA President and Cyber Crimes specialist Barrister Zahid Jamil, when they met with the ministry in October 2007 to smooth out the kinks. A cursory glance at the news report as published in Daily Times one feels that it may actually be the old draft with absolutely no revisions to protect and safe guard the rights of the innocent digital savvy surfer. It all started in September 2007 when we initially discussed the Draconian Cyber Crime Law in Pakistan which lead to an awareness campaign Understanding the E-Crime Bill. It early January 2008 the then President General Pervaiz Musharraf promulgated the Cyber Crime Ordinance but it lapsed after a period of 120 days which was also extensively questioned by Reporters without Borders President Asif Ali Zardari promulgated the Prevention of Electronic Crimes Ordinance on Thursday, making cyber-terrorism punishable with death or Imprisonment for life. The penalty is limited to an offence that causes death of any person, according to the ordinance that will be considered effective from September 29, 2008.

Whoever commits the offence of cyber terrorism and causes. death of any person shall be punishable with death or imprisonment for life, and with fine, the new law states. In other cases, he shall be punishable with imprisonment of either description for a term which may extend to 10 years, or with fine not less than Rs 10 million, or with both. Any person, group or organisation who, with terroristic intent, Lutilises, accesses or causes to be accessed a computer or computer network or electronic system or electronic device or by any available means, and thereby knowingly engages in or attempts to engage in a terroristic act commits the offence of cyber terrorism. Terroristic intent has been defined as: To act with the purpose to alarm, frighten, disrupt, harm, damage, or carry out an act of violence against any segment of the population, the government or entity associated therewith. Aiding the commission of or attempting to aid the commission of an act of violence against the sovereignty of Pakistan, whether or not the commission of such act of violence is actually completed; or stealing or copying, or attempting to steal or copy, or secure classified information or data necessary to manufacture any form of chemical, biological or nuclear weapon, or any other weapon of mass destruction also includes cyber terrorism, states the ordinance. Fraud, stalking, spamming: Criminal access to an electronic system will be punishable with up to two years in prison and a Rs. 300,000 fine, according to the ordinance. Criminal data or system damage is punishable with up to three years. Electronic fraud will be punishable with up to seven years of imprisonment and/or fine, misuse of electronic systems with up to three years, unauthorised access to code with up to three years, and producing malicious code with up to five years. Cyber stalking is punishable with up to seven years in prison and a Rs 100,000 fine, and up to 10 years if the victim is a minor. Spamming will be punishable with up to a Rs 50,000 fine for the first offence, and three months in prison for subsequent offences.

CHAPTER THREE

REFORMS
The present scenario with regards to electronic way of crime/ cyber crime wants review and reforms in this regards. The following points may be determined for reforms for better results:

OFFENCE
In the Pakistan Panel Code 1860 offence is defined as an act or omission which is punishable under the law is called offence but this definition could not covered the cyber crime definition in this act. It is therefore need more explanation i.e. which act and omissions are offences because ail acts / illegal activities in respect of computer are not defined as punishable in this law.

HARSHNESS OF PUNISHMENT
The minimum sentience is provided under this law is three month but the punishment in most offence is seven years which is of punishment. This is not the solution to prevention of crime because it is seen in the case of punishment of dacoity committed on highways when the authority enhanced punishment of dacoity on highway, dacoits have started murder of victims after the committing of robbery. In the field of computer the offender most highly qualified person but they are neglected persons. Therefore they use there efficiency and intelligence in wrong way for focusing themselves and the harshness of punishment is converted them to a psychological patient and they commit offences again and again for satisfaction of theres mind and humiliations, harassment, loss and damage to the others.

In the offence punishable under Prevention of Electronic Crimes Act 2007, the punishment would be two years maximum and the procedure must be provided in the same act for encourage and promoting to first offender and try to use their ability in good way.

TRIBUNAL AND COMPETENT PERSON

According to section 32 of Prevention of Electronic Crimes Act 2007 the qualification of a Chairman is a Judge of High Court which is not sufficient because a Judge of High Court is not necessary to a technical person in the field of computer. The non technical person could not be judged perfectly the offence under Prevention of Electronic Crimes Act 2007. The Chairman must be Computer literate and competent person which has a complete knowledge regarding Computer and communication technology.

REFERENCES
1. 2. 3.
4.

What is Cyber Crime? By Napgal R. Computer Crime and Computer Fraud By Michael Kunz & Patrick Wilson Cyber Crime Field Handbook By Bruce Middleton Defining Cyber Terrorism by Nagpal R Crime and Punishment By Fyodor Dostoevsky Cyber Crime and Punishment? By McConnell International The Internet: Legal Dimensions By Duggal Pawan Cyber Crime Investigation By Kevin OShea, Jim Steele, Jon R. Hansen Cyber Crime Middleton Investigators Field Guide By Bruce

5. 6. 7. 8. 9.
10.

Understanding Cyber crime Prevention By Syngress & Co. Is this Treaty a Treat? By Duggal Pawan Cyber bullying By Shaheen Shariff, Dianne L. Hoff Cybercrime By Duggal Pawan Byte by Byte By Kapoor G.V. Winning the Battle against Cyber Crime By Kumar Vinod Cyber Crime and Digital Forensic By Anthony Reyes, Jack Wiles Login in Computer Science By Michael Huth and Mark Ryan. Cyber Crime (article), Silicon Times, Vol. 2, Issue 12, Dcc, 2002. Computer Vulnerabilities, Eric Knight, CISSP, Electronic Edition, March 2000, release 4.

11. 12. 13.

14.

15. 16. 17. 18. 19.

20.

An Unofficial guide to Ethical Hacking, Ankit Fadia, Macmillan India Ltd., 2001. The Little Black Book of Computer Viruses, Mark Ludwig, Electronic Edition, American Eagle Publications, 1996.

21.