1.

INTRODUCTION
The world of Internet today has become a parallel form of life and living. Public are now capable of doing things which were not imaginable few years ago. The Internet is fast becoming a way of life for millions of people and also a way of living because of growing dependence and reliance of the mankind on these machines. Internet has enabled the use of website communication, email and a lot of any time anywhere IT solutions for the betterment of human kind. The term cyber crime is a misnomer. This term has nowhere been defined in any statute Act passed or enacted by the Indian Parliament. The concept of cyber crime is not radically different from the concept of conventional crime. Both include conduct whether act or omission, which cause breach of rules of law and counterbalanced by the sanction of the state. Before evaluating the concept of cyber crime it is obvious that the concept of conventional crime be discussed and the points of similarity and deviance between both these forms may be discussed. Conventional Crime-Crime is a social and economic phenomenon and is as old as the human society. Crime is a legal concept and has the sanction of the law. Crime or an offence is a legal wrong that can be followed by criminal proceedings which may result into punishment. The hallmark of criminality is that, it is breach of the criminal law. Per Lord Atkin the criminal quality of an act cannot be discovered by reference to any standard but one: is the act prohibited with penal consequences. Cyber Crime-Cyber crime is the latest and perhaps the most complicated problem in the cyber world. Cyber crime may be said to be those species, of which, genus is the conventional crime, and where either the computer is an object or subject of the conduct constituting crime. Any criminal activity that uses a computer either as an instrumentality, target or a means for perpetuating further crimes comes within the ambit of cyber crime. A generalized definition of cyber crime may be unlawful acts wherein the computer is either a tool or target or both. The computer may be used as a tool in the following kinds of activity- financial crimes, sale of illegal articles, pornography, online 1

gambling, intellectual property crime, e-mail spoofing, forgery, cyber defamation, cyber stalking. The computer may however be target for unlawful acts in the following casesunauthorized access to computer/ computer system/ computer networks, theft of information contained in the electronic form, e-mail bombing, data diddling, salami attacks, logic bombs, Trojan attacks, internet time thefts, web jacking, theft of computer system, physically damaging the computer system. Reasons for cyber crime In The Concept of Law Mart said that there should be a set rules of law that protect people as human beings are so susceptible, there are certain guidelines laid down to protect and safe guard to avoid computer being a medium in somebodys hands to perform unlawful acts, this is because of the matter of fact that computer is the most common data storage device and the efficiency of storage capacity the computer is very high, the ease of access that cyber criminals have to any computer with the most sophisticated technology like the bio-metrics, retina scan are failing to stop their access as they are always coming with a new cheat access to get the information from the computer. Due to the complexity of the operating systems people who are not aware may commit errors which lay road to the criminals of successfully accessing our computer and misusing them they phish your bank accounts and personal e-mails, and other important data for unlawful usages, this may end up publishing confidential information, losing money and some severe may lead to criminal prosecution. Who are responsible? There are quite a wide variety of people who are involved in cyber crimes they are children or adolescents who actually want make other children in the group feel that they have excellent skills or to tease somebody among the group. Organized hackers are responsible for fulfilling certain aims or goals which may be either fundamental or political partiality towards one state, there is a frequent issue with the hackers to Microsoft and NASA, hacking is now becoming a profession where in professional hackers are involved in hacking official sites of the rivals to get information which is very useful and they are not partial to anybody, the only thing they are obedient to is money, displeased employees who want to take a revenge on their employee using information they have. 2. LITERATURE REVIEW 2

2.1 GENERAL This Literature Review was commissioned by the National Audit Office in February 2009 and completed in March 2009. Its purpose was to support NAOs review of UK Government initiatives in reducing the impact of such crimes. Professor Peter Sommer is a Visiting Professor in the Information Systems and Innovation Group of the Department of Management at the London School of Economics and Political Science. He is also a Visiting Reader, Faculty of Mathematics, Computing and Technology, at the Open University. In a first phase on 10 February 2009 Professor Peter Sommer facilitated a workshop at NAO offices to assist NAO staff in establishing the scope of their project, to identify a range of definitional problems and to determine the precise remit of the existing statistical, qualitative and background research they wished him to cover. After the workshop Professor Sommer provided a suggested remit in terms of the key questions driving the Review, the basic information needed the main sources and an outline structure. After some discussion agreement was reached. This Review is the product. 2.2 COMPUTER CRIME AND ABUSE REPORT The Computer Crime & Abuse Report (India) 2001-02 has come out with startling data related to these crimes. The report analyses 6,266 incidents of computer crime and abuse that affected 600 organisations spanning IT, manufacturing financial services, education, telecommunications, healthcare and other services sectors in India during this period. The report has been published by the Computer Emergency Response Team of the Asian School of Cyber Laws.

This data is only the tip of the proverbial iceberg. Like most crimes, these largely go unreported, mainly because people are not aware of laws governing cyber crimes. Says a deputy commissioner of police in Kolkata: Most people are not aware that there are laws governing cyber crime. Therefore a good many of them go unreported. If reported, these cases are taken very seriously. The reasons for not reporting are also varied. The report says that 23 per cent of the organisations did not know that the police were equipped to handle cyber crime, 8 per cent had no awareness of the cyber law, and 9 per cent feared further attacks, while a good 60 per cent wanted to avoid negative publicity. The passages of the Information Technology Act 2000 and subsequent amendments to the Indian Penal Code and the Evidence Act have paved the way for stringent penalties for computer crimes. The law envisages imprisonment up to 10 years and damages in crores of rupees for various computer crimes. Cyber crime investigation cells have been set up in various cities. Bangalore has a dedicated cyber crime police station. The above figures give the percentage break-up of incidents and categories of crime. Almost 60 per cent of the incidents in the year were reported in the first six months of the year and the maximum number of incidents were reported in September and the minimum in August. Another interesting fact is that almost 60 per cent were reported on Mondays, Fridays and Saturdays and a minimum number on Sundays. 4

The perpetrator-wise break-up shows that the largest number of incidents was attributable to former employees (31 per cent) and the second slot was by business rivals (29 per cent). What is interesting is that more than half the incidents are attributable to employees (current as well as former). Those attacks where sophisticated techniques and methodologies were used have been classified as hacker, constituting 11 per cent, while those done by persons with relatively low knowledge are classified as script kiddies; these constitute 8 per cent of the perpetrators of crime. What is disturbing is that the script kiddies have successfully penetrated organisational networks using freely available hacking tools. Various categories of crime have been enumerated along with data related to them. Data theft This category accounted for 33 per cent of the total reported incidents. These included theft and misappropriation of electronic information and records. Incidents of unauthorised access where no data was stolen have not been included. In the category of data theft, stealing of source code topped the list with 37 per cent, followed by those of credit card details (29 per cent). Theft of details of business plans accounted for 20 per cent and the rest was 14 per cent. E-mail abuse This refers to three categories of abuse obscene e-mails (60 per cent), threatening ones (25 per cent) and defamatory matter (15 per cent).

Data alteration (on the rise) One of the potentially most dangerous kinds of cyber crimes constituted 14 per cent of the incidents reported in 2001. It rose to 17 per cent of the incidents reported in 2002. This category relates to incidents where unauthorised alteration of vital information has taken place and data has been doctored or tampered with, in order to misrepresent facts. Such crimes include alteration of hospital records, unauthorised changes made to quotations, financial accounts and bank records. Interestingly, there were many instances where persons having authorised access to the data made the unauthorised alteration. Unauthorised access This category accounted for 19 per cent of the total incidents. Methods employed for unauthorised access included malicious code (38 per cent), social engineering (29 per cent), remote dial-in (18 per cent) and Internet-based methods (15 per cent). Virus This category referred only to those incidents where viruses were sent deliberately to particular victims. This category reflected 14 per cent of the total incidents, but is significant because of the damage potential. Denial of service These included denial of service attacks on web and mail servers, FTP servers and printers. This category accounted for 3 per cent of the incidents reported. In 95 per cent of the cases these attacks appeared to originate from outside India. According to an abstract prepared by the Asian School of Cyber Laws, incidents of data theft, data alteration and unauthorised access can be eliminated by the proper use of public key infrastructure (PKI). PKI is the super system that puts in place policies, people, processes and technology to harness the power of cryptography and its applications like digital signatures. The Indian law specifically recognises digital signatures as being the only accepted mode of authentication of electronics records. While India is one of the first countries to have granted legal recognition to PKI, its use remains minimal primarily because of a lack of awareness about its benefits. It is clear that there is a crying need to spread awareness about cyber laws and how to tackle cyber crimes. It is time we put up a tough battle for cyber criminals. 6

Threat Name

What is means?

Mal-ware

Infection to the systems by viruses, worms, Trojans or spy-ware

Phishing

Impersonation of the organisation by email or any other electronic means

Spam

Unsolicited email messages

Denial-of-Service

Attempt to overwhelm or overload the organizations website, network by which it becomes unavailable to the outside world

Unauthorized Access

Unauthorized access of systems resources by outsiders

Vandalism/ Sabotage

Destruction or damage to organizations systems

Extortion

Demands for money or other concessions based on threats

Fraudulent Transactions

Transaction that result loss to the organisation or its customers

Physical Loss

Loss or theft of computers or physical storage media

Unauthorised by Insiders

Successful access by insiders to unauthorized data

Insider Misuse

Unauthorised usage by insider by violating the security polices of the organisation

3. RESEARCH METHODOLOGY The research methodology we will use is the applied research as this is a practical problem that is directly affecting the individuals and organizations, from the above information we have good idea of the cyber crime, and its effects so practical approach will help us in establishing the exact and the required data about the research, it is so important that we bear in mind that the research methodology should be very easy to approach practically and it should give us the exact feedback about what we need making the research to complicated will end up as a disaster. The objectives of the research have to be concluded before the research begins to ensure that they are descriptive which illustrates the problem in a very clear and bisected way, and explanatory which will make us understand the problem, causes of the problem and the relationship between the problem and causes. The approach we are going to take is a structured and qualitative approach as we are determined about the objectives, design, sample and questions. This approach has both strengths and weaknesses of its own, we get the exact and prescribed information needed, the drawback is that we could only know the answers about the questions that we are asking as it is not flexible, we take into consideration of opinions from the internet users on an online survey, we gather and scrutinize information from the articles and we approach officials and the business clients of e-retailing who are frequent victims of the cyber space criminality. The questionnaire for the survey is developed after extensive review of the literature which helps us find stats about the crucial problems, the construction of the questionnaire should be detailed and simple for people to understand and for us to get the best possible answers which will reflect in our statistics, the articles collected and the interviews held should be reflected in the data, so the data collected should be very relevant to the questions on the survey which makes it easy for us to interpret them effectively.

The Process of Research

This is the way in which the research study has been conducted. Identifying the Problem Analyse the problem and identify different kinds of problems that are created cyber crime and the consequences and that the victims or organizations are facing with these criminal acts on their cyber space, there are several different cases of cyber crimes. Finding the Sources The sources of the cyber crime have to be analyzed and the motive of the criminals have to bet raced from the cases identified and the mode of breaching security systems are to be identified, this is to regulate the future security thefts. Scrutinizing the Problem All the cases are understood and the a strategy has been developed to undertake these cases, all the problems are scrutinized and narrowed which made them come on to one platform, this made it very easy for the development of a unanimous solution. Finding articles This helped in finding the latest news articles on cyber crime and the experts comments, articles are also a very important resource in the research, the research which we are following will get on to a higher level when the material from the article is included in concluding the approach, finding News articles which help us in getting world wide information on cyber crime has helped us know the condition of countries and their strategies on cyber crime, this will also help the research to give globalised approach and its adverse effects. Enquiring Victims This research approach will helped us find so much information about the fraud or cheating on some ones personal web space, some victims are ready to tell us what actually happened, that was a big advantage for the research, which give us a realistic approach towards this and assumptions made by us were proved us unrealistic in some cases.

Literature Review 9

Literature review helped us in knowing the technical details of the problem, we got to know the terminology which also very important in the research, reviewing the literature has helped us learn the view points of different authors, who have experienced many cases of cyber crimes, they gave the approach to one point in many different ways at different stages and in different modes. Developing Approach All the above points put together and solved gave us the approach that we should be following to obtain details from different people in different modes, this approach developed has to be very constructive. Conducting Surveys Before conducting the surveys we are aiming to use two methods of conducting surveys, they are 1. Internet based research 2. Conducting interviews with experts There are many other ways of conducting surveys after going through all the above stages welcome to a decision of conducting the research in these modes, we have both advantages and disadvantages in these kinds of surveys. Internet Based research An online quick questionnaire is developed of 6 questions which will give to ask people which we will host through surveying sites. Most of the top companies while conducting surveys will approach surveying sites which have the technology to reach the target costumers, there are many online surveying sites

4. REASONS FOR CYBER CRIME: 10

Hart in his work The Concept of Law has said human beings are vulnerable

so

rule of law is required to protect them. Applying this to the cyberspace we may say that computers are vulnerable so rule of law is required to protect and safeguard them against cyber crime. The reasons for the vulnerability of computers may be said to be: a) Capacity to store data in comparatively small spaceThe computer has unique characteristic of storing data in a very small space. This affords to remove or derive information either through physical or virtual medium makes it much easier. b) Easy to accessThe problem encountered in guarding a computer system from unauthorised access is that, there is every possibility of breach not due to human error but due to the complex technology. By secretly implanted logic bomb, key loggers that can steal access codes, advanced voice recorders, retina imagers etc. that can fool biometric systems and bypass firewalls can be utilized to get past many a security system. c) ComplexThe computers work on operating systems and these operating systems in turn are composed of millions of codes. Human mind is fallible and it is not possible that there might not be a lapse at any stage. The cyber criminals take advantage of these lacunas and penetrate into the computer system. d) NegligenceNegligence is very closely connected with human conduct. It is therefore very probable that while protecting the computer system there might be any negligence, which in turn provides a cyber criminal to gain access and control over the computer system. e) Loss of evidenceLoss of evidence is a very common & obvious problem as all the data are routinely destroyed. Further collection of data outside the territorial extent also paralyses this system of crime investigation. 5. CYBER CRIMINALS: 11

The cyber criminals constitute of various groups/ category. This division may be justified on the basis of the object that they have in their mind. The following are the category of cyber criminalsa) Children and adolescents between the age group of 12 18 yearsThe simple reason for this type of delinquent behaviour pattern in children is seen mostly due to the inquisitiveness to know and explore the things. Other cognate reason may be to prove them to be outstanding amongst other children in their group. Further the reasons may be psychological even. E.g. the Bal Bharati (Delhi) case was the outcome of harassment of the delinquent by his friends. b) Organised hackersThese kinds of hackers are mostly organised together to fulfil certain objective. The reason may be to fulfil their political bias, fundamentalism, etc. The Pakistanis are said to be one of the best quality hackers in the world. They mainly target the Indian government sites with the purpose to fulfil their political objectives. Further the NASA as well as the Microsoft sites is always under attack by the hackers. c) Professional hackers /crackersTheir work is motivated by the color of money. These kinds of hackers are mostly employed to hack the site of the rivals and get credible, reliable and valuable information. Further they are van employed to crack the system of the employer basically as a measure to make it safer by detecting the loophole. d) Discontented employeesThis group include those people who have been either sacked by their employer or are dissatisfied with their employer. To avenge they normally hack the system of their employee.

6. MODE AND MANNER OF COMMITING CYBER CRIME 12

4.1 Unauthorized access to computer systems or networks / HackingThis kind of offence is normally referred as hacking in the generic sense. However the framers of the information technology act 2000 have no where used this term so to avoid any confusion we would not interchangeably use the word hacking for unauthorized access as the latter has wide connotation. 4.2 Theft of information contained in electronic formThis includes information stored in computer hard disks, removable storage media etc. Theft may be either by appropriating the data physically or by tampering them through the virtual medium. 4.3 Email bombingThis kind of activity refers to sending large numbers of mail to the victim, which may be an individual or a company or even mail servers there by ultimately resulting into crashing. 4.4 Data diddlingThis kind of an attack involves altering raw data just before a computer processes it and then changing it back after the processing is completed. The electricity board faced similar problem of data diddling while the department was being computerised. 4.5 Salami attacksThis kind of crime is normally prevalent in the financial institutions or for the purpose of committing financial crimes. An important feature of this type of offence is that the alteration is so small that it would normally go unnoticed.E.g.The Ziegler case wherein a logic bomb was introduced in the banks system, which deducted 10 cents from every account and deposited it in a particular account. 4.6 Denial of Service attackThe computer of the victim is flooded with more requests than it can handle which cause it to crash. Distributed Denial of Service (DDoS) attack is also a type of denial of service attack, in which the offenders are wide in number and widespread. E.g. Amazon, Yahoo. 4.7 Virus / worm attacks13

Viruses are programs that attach themselves to a computer or a file and then circulate themselves to other files and to other computers on a network. They usually affect the data on a computer, either by altering or deleting it. Worms, unlike viruses do not need the host to attach themselves to. They merely make functional copies of themselves and do this repeatedly till they eat up all the available space on a computer's memory. E.g. love bug virus, which affected at least 5 % of the computers of the globe. The losses were accounted to be $ 10 million. The world's most famous worm was the Internet worm let loose on the Internet by Robert Morris sometime in 1988.Almost brought development of Internet to a complete halt. 4.8 Logic bombsThese are event dependent programs. This implies that these programs are created to do something only when a certain event (known as a trigger event) occurs. E.g. even some viruses may be termed logic bombs because they lie dormant all through the year and become active only on a particular date (like the Chernobyl virus). 4.9 Trojan attacksThis term has its origin in the word Trojan horse. In software field this means an unauthorized programme, which passively gains control over anothers system by representing itself as an authorised programme. The most common form of installing a Trojan is through e-mail. E.g. a Trojan was installed in the computer of a lady film director in the U.S. while chatting. The cyber criminal through the web cam installed in the computer obtained her nude photographs. He further harassed this lady. 4.10 Internet time theftsNormally in these kinds of thefts the Internet surfing hours of the victim are used up by another person. This is done by gaining access to the login ID and the password. E.g. Colonel Bajwas case- the Internet hours were used up by any other person. This was perhaps one of the first reported cases related to cyber crime in India. However this case made the police infamous as to their lack of understanding of the nature of cyber crime.

7. CLASSIFICATION: 14

The subject of cyber crime may be broadly classified under the following three groups. They are-

Classification

Against Individuals
5.1 Against Individuals: i. ii. iii. iv. v. vi. vii. viii. Harassment via e-mails. Cyber-stalking.

Against organization Or Company

Against society At Large

Dissemination of obscene material. Defamation. Unauthorized control/access over computer system. Indecent exposure Email spoofing. Cheating & Fraud

Against Individual Property: i. ii. iii. iv. v. Compute vandalism. Transmitting virus. Unauthorized control/access over computer system. Intellectual Property crimes Internet time thefts

5.2 Against Organization: 15

i. ii. iii. iv.

Unauthorized control/access over computer system. Possession of unauthorized information. Cyber terrorism against the government organization. Distribution of pirated software etc.

5.3 Against Society at large: i. ii. iii. iv. v. vi. Pornography Trafficking. Financial Sale of illegal articles. Online gambling. Forgery

The above mentioned offences may discuss in brief as follows: a) Harassment via e-mailsHarassment through e-mails is not a new concept. It is very similar to harassing through letters. Recently I had received a mail from a lady wherein she complained about the same. Her former boy friend was sending her mails constantly sometimes emotionally blackmailing her and also threatening her. This is a very common type of harassment via emails. b) Cyber-stalkingThe Oxford dictionary defines stalking as "pursuing stealthily". Cyber stalking involves following a person's movements across the Internet by posting messages (sometimes threatening) on the bulletin boards frequented by the victim, entering the chatrooms frequented by the victim, constantly bombarding the victim with emails etc. c) Dissemination of obscene material/ Pornography (basically child

pornography) / Polluting through indecent exposurePornography on the net may take various forms. It may include the hosting of web site containing these prohibited materials. Use of computers for producing these obscene materials. Downloading through the Internet, obscene materials. These obscene matters 16

may cause harm to the mind of the adolescent and tend to deprave or corrupt their mind. Two known cases of pornography are the Delhi Bal Bharati case and the Bombay case wherein two Swiss couple used to force the slum children for obscene photographs. The Mumbai police later arrested them. d) DefamationIt is an act of imputing any person with intent to lower the person in the estimation of the right-thinking members of society generally or to cause him to be shunned or avoided or to expose him to hatred, contempt or ridicule. Cyber defamation is not different from conventional defamation except the involvement of a virtual medium. E.g. the mail account of Rohit was hacked and some mails were sent from his account to some of his batch mates regarding his affair with a girl with intent to defame him. e) Unauthorized control/access over computer systemThis activity is commonly referred to as hacking. The Indian law has however given a different connotation to the term hacking, so we will not use the term "unauthorized access" interchangeably with the term "hacking" to prevent confusion as the term used in the Act of 2000 is much wider than hacking. f) E mail spoofingA spoofed e-mail may be said to be one, which misrepresents its origin. It shows it's origin to be different from which actually it originates. Recently spoofed mails were sent on the name of Mr. Na.Vijayashankar (naavi.org), which contained virus. Rajesh Manyar, a graduate student at Purdue University in Indiana, was arrested for threatening to detonate a nuclear device in the college campus. The alleged e- mail was sent from the account of another student to the vice president for student services. However the mail was traced to be sent from the account of Rajesh Manyar. g) Computer vandalismVandalism means deliberately destroying or damaging property of another. Thus computer vandalism may include within its purview any kind of physical harm done to the computer of any person. These acts may take the form of the theft of a computer, some part of a computer or a peripheral attached to the computer or by physically damaging a computer or its peripherals. h) Intellectual Property crimes / Distribution of pirated software17

Intellectual property consists of a bundle of rights. Any unlawful act by which the owner is deprived completely or partially of his rights is an offence. The common form of IPR violation may be said to be software piracy, copyright infringement, trademark and service mark violation, theft of computer source code, etc. The Hyderabad Court has in a land mark judgement has convicted three people and sentenced them to six months imprisonment and fine of 50,000 each for unauthorized copying and sell of pirated software. i) Cyber terrorism against the government organizationAt this juncture a necessity may be felt that what is the need to distinguish between cyber terrorism and cyber crime. Both are criminal acts. However there is a compelling need to distinguish between both these crimes. A cyber crime is generally a domestic issue, which may have international consequences; however cyber terrorism is a global concern, which has domestic as well as international consequences. The common form of these terrorist attacks on the Internet is by distributed denial of service attacks, hate websites and hate emails, attacks on sensitive computer networks, etc. Technology savvy terrorists are using 512-bit encryption, which is next to impossible to decrypt. The recent example may be cited of Osama Bin Laden, the LTTE, and attack on Americas army deployment system during Iraq war. Cyber terrorism may be defined to be the premeditated use of disruptive activities, or the threat thereof, in cyber space, with the intention to further social, ideological, religious, political or similar objectives, or to intimidate any person in furtherance of such objectives . Another definition may be attempted to cover within its ambit every act of cyber terrorism. A terrorist means a person who indulges in wanton killing of persons or in violence or in disruption of services or means of communications essential to the community or in damaging property with the view to (1) Putting the public or any section of the public in fear; or (2) Affecting adversely the harmony between different religious, racial, language or regional groups or castes or communities; or (3) Coercing or overawing the government established by law; or 18

(4) Endangering the sovereignty and integrity of the nation And a cyber terrorist is the person who uses the computer system as a means or ends to achieve the above objectives. Every act done in pursuance thereof is an act of cyber terrorism. j) Trafficking Trafficking may assume different forms. It may be trafficking in drugs, human beings, arms weapons etc. These forms of trafficking are going unchecked because they are carried on under pseudonyms. A racket was busted in Chennai where drugs were being sold under the pseudonym of honey. h) Fraud & Cheating Online fraud and cheating is one of the most lucrative businesses that are growing today in the cyber space. It may assume different forms. Some of the cases of online fraud and cheating that have come to light are those pertaining to credit card crimes, contractual crimes, offering jobs, etc.

8. INFORMATION TECHNOLOGY ACT 2000 CHAPTER XI OFFENCES 66. Hacking with computer system. 19

(1) Whoever with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person destroys or deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means, commits hack. (2) Whoever commits hacking shall be punished with imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both. Information Technology (Amendment) Act 2008 - Chapter XI 65. Tampering with Computer Source Documents 66. Computer Related Offences 66A. Punishment for sending offensive messages through communication service, etc 66B. Punishment for dishonestly receiving stolen computer resource or communication device 66C.Punishment for identity theft 66D. Punishment for cheating by personating by using computer resource 66E. Punishment for violation of privacy 66F. Punishment for cyber terrorism 67. Punishment for publishing or transmitting obscene material in electronic form 67A. Punishment for publishing or transmitting of material containing sexually explicit act, etc. in electronic form 67B. Punishment for publishing or transmitting of material depicting children in sexually explicit act, etc. in electronic form

9. SOME CASES STUDIES:

1. Pune Citi bank MphasiS Call Center Fraud20

US $ 3, 50,000 from accounts of four US customers were dishonestly transferred to bogus accounts. This will give a lot of ammunition to those lobbying against outsourcing in US. Such cases happen all over the world but when it happens in India it is a serious matter and we can not ignore it. It is a case of sourcing engineering. Some employees gained the confidence of the customer and obtained their PIN numbers to commit fraud. They got these under the guise of helping the customers out of difficult situations. Highest security prevails in the call centers in India as they know that they will lose their business. There was not as much of breach of security but of sourcing engineering. The call center employees are checked when they go in and out so they can not copy down numbers and therefore they could not have noted these down. They must have remembered these numbers, gone out immediately to a cyber caf and accessed the Citibank accounts of the customers. All accounts were opened in Pune and the customers complained that the money from their accounts was transferred to Pune accounts and thats how the criminals were traced. Police has been able to prove the honesty of the call center and has frozen the accounts where the money was transferred. . There is need for a strict background check of the call center executives. However, best of background checks can not eliminate the bad elements from coming in and breaching security. We must still ensure such checks when a person is hired. There is need for a national ID and a national data base where a name can be referred to. In this case preliminary investigations do not reveal that the criminals had any crime history. Customer education is very important so customers do not get taken for a ride. Most banks are guilt of not doing this. 2. Parliament Attack CaseBureau of Police Research and Development at Hyderabad had handled some of the top cyber cases, including analyzing and retrieving information from the laptop recovered from terrorist, who attacked Parliament. The laptop which was seized from the two terrorists, who were gunned down when Parliament was under siege on December 13 2001, was sent to Computer Forensics Division of BPRD after computer experts at Delhi failed to trace much out of its contents. . 21

The laptop contained several evidences that confirmed of the two terrorists motives, namely the sticker of the Ministry of Home that they had made on the laptop and pasted on their ambassador car to gain entry into Parliament House and the fake ID card that one of the two terrorists was carrying with a Government of India emblem and seal. The emblems (of the three lions) were carefully scanned and the seal was also craftily made along with residential address of Jammu and Kashmir. But careful detection proved that it was all forged and made on the laptop. 3. Andhra Pradesh Tax CaseDubious tactics of a prominent businessman from Andhra Pradesh was exposed after officials of the department got hold of computers used by the accused person. The owner of a plastics firm was arrested and Rs 22 crore cash was recovered from his house by sleuths of the Vigilance Department. They sought an explanation from him regarding the unaccounted cash within 10 days. The accused person submitted 6,000 vouchers to prove the legitimacy of trade and thought his offence would go undetected but after careful scrutiny of vouchers and contents of his computers it revealed that all of them were made after the raids were conducted. It later revealed that the accused was running five businesses under the guise of one company and used fake and computerized vouchers to show sales records and save tax.

Statistical data on Cyber Crime:

22

Snapshot of Important Cyber law Provisions in India Offence Tampering with Computer source documents Hacking with Computer systems, Data alteration Publishing obscene information Un-authorized access to protected system Breach of Confidentiality and Privacy Publishing false digital signature certificates Section under IT Act Sec.65 Sec.66 Sec.67 Sec.70 Sec.72 Sec.73

Computer Related Crimes Covered under Indian Penal Code and Special Laws Offence Sending threatening messages by email Sending defamatory messages by email Forgery of electronic records Bogus websites, cyber frauds Email spoofing Web-Jacking E-Mail Abuse Online sale of Drugs Online sale of Arms Section Sec 503 IPC Sec 499 IPC Sec 463 IPC Sec 420 IPC Sec 463 IPC Sec 383 IPC Sec 500 IPC NDPS Act Arms Act

Arrests & Reports under IT Act

23

Under the IT Act, 966 cybercrime cases were filed in 2010 233 persons were arrested in 2010 33% of the cases registered were related to hacking

420 in 2009)

Arrests & Reports under IPC Under the IPC, 356 cybercrime cases were registered in 2010 (276 cases in 2009)

10. RECOMMENDATION: Any person who operates the net and being exposed to cyber crimes should always abide by and following principles: He should not disclose any personal information to any one and especially to strangers. Updated and latest anti-virus software should be used to protect the computer system against virus attacks. While chatting on the net one should avoid sending photographs to strangers along with personal data as it can be misused.

24

Backup volumes of the data should always be kept to prevent loss from virus contamination. Children should be prevented from accessing obscene sites by the parents to protect them from spoiling their mind and career. A credit card number shall never be sent to an unsecured site to prevent fraud or cheating. Effort shall be made to make a security code and program to guard the computer system from misuse. Routers and firewalls can be used to protect the computer network. A check should be kept on the functioning of cyber cafes and any suspicious activity shall be reported to the concerned authorities. Efforts should be made to discourage misuse of computers and access to unauthorized data. Strict cyber laws should be formulated and implemented to fight against cyber criminals. A guide book of cyber crimes should be made available to common user for the

awareness purpose.

11. CONCLUSION: The onus is on educational institutions to foster best practice in the use of information technology. Most computer crime is not detected and is difficult to quantify. It does seem to be a growing world-wide problem. It is clear that in the area of Information Technology new types of crime have emerged as well as the commission of traditional crimes by means of the new technologies.

25

Although passing laws relating to the Internet is relatively easy, enforcement can be very hard. Perpetrators of computer crime usually exploit weakness in the systems either being used or attacked. Inadequate security procedures - physical, organizational and logical -continue to feature in the vast majority of examples of computer crime

The Pakistan cyber laws are not known to the majority of people and also been termed as inefficient. The most destructive cyber crime prevailing in Pakistan is cyber pornography and hardware viruses. The most obvious reasons of cyber crimes are greed, power, revenge, adventure and publicity. The consequences can be serious threats to the e-business. Communication sector and banking sector. The wide use of pornographic websites is heading to destroy our cultural values

12. References:
1) 2) 3) 4) 5) http://cyberlaws.net/cyberindia/articles.htm http://www.cyberlawsindia.net/ http://satheeshgnair.blogspot.com/2009/06/selected-case-studies-on-cybercrime.html http://www.cybercellmumbai.com/ Kumar Vinod Winning the Battle against Cyber Crime

26