CYBER LAW

of India
Presented by: Gaurav (11) Sumit (41)

CONTENTS
Introduction Cyber Crimes Types Of Cyber Crimes Common Scenarios Kind Of Hackers Frequency Of Incidents Advantages Of Cyber Law Provisions Given By IT ACT Handling Of Evidence Challenges Faced By Law Enforcement Conclusion

CYBER LAW
Cyber law is a term used to describe the legal issues related to use of communications technology, particularly "cyberspace", i.e. the Internet. It is less a distinct field of law in the way that property or contract are as it is an intersection of many legal fields, including intellectual property, privacy, freedom of expression, and jurisdiction. In other words cyber law is an attempt to integrate the challenges presented by human activity on the Internet with legacy system of laws applicable to the physical world.

Cyber Crimes

CYBER CRIME
Cyber crimes can involve criminal activities that are traditional in nature, such as theft, fraud, forgery, or mischief, all of which are subject to the Indian Penal Code. The abuse of computers has also given birth to a gamut of new age crimes that are addressed by the Information Technology Act, 2000

TYPES OF CYBER CRIMES

CYBER CRIMES AGAINST PERSONS e.g. melissaand lovebug virus CYBER CRIMES AGAINST PROPERTY e.g. computer vandalism

CYBER CRIMES AGAINST GOVERNMENT e.g. Al-Qaeda

CYBER CRIMES

Common scenarios in Cyber Crime

Unauthorized access: This occurs when a user/hacker deliberately gets access into someone elses network either to monitor or data destruction purposes Denial of service attack: It involves sending of disproportionate demands or data to the victims server beyond the limit that the server is capable to handle and hence causes the server to crash

Virus, Worms and Trojan attacks: Viruses are basically programs that are attached to a file which then gets circulated to other files and gradually to other computers in the network. Worms unlike Viruses do not need a host for attachments they make copies of themselves and do this repeatedly hence eating up all the memory of the computer. Trojans are unauthorized programs which functions from inside what seems to be an authorized program, thereby concealing what it is actually doing.

Email Bombing It refers to sending a large number of emails to the victim resulting in the victim's email account (in case of an individual) or mail servers (in case of a company or an email service provider) crashing Internet Time Thefts This connotes the usage by an unauthorized person of the Internet hours paid for by another. Web Jacking This occurs when someone forcefully takes control of a website (by cracking the password and later changing it). The actual owner of the website does not have any more control over what appears on that website Theft and Physical damage of computer or its peripherals This type of offence involves the theft of a computer, some parts of a computer or a peripheral attached to the computer. and physically damaging a computer or its peripherals

CYBER CRIMES
Unauthorized access & Hacking Trojan Attack Virus and Worm attack E-mail & IRC related crimes Pornography Forgery Cyber Terrorism Banking/Credit card Related crimes E-commerce/ Investment Frauds Sale of illegal articles Online gambling Identity Theft Data diddling Theft of Internet Hours Breach of Privacy and Confidentiality

HACKERS

White Hat Hackers

Ethical Hacker Focuses On Securing IT Systems Help The Owners Of The System Called Also As Sneakers Claims To Observe Ethical Principles

Black Hat Hackers

A black hat is a person who compromises the security of a computer system without permission from an authorized party, typically with malicious intent.
maliciously or criminally in nature called crackers reason for insecurity

make threats to do so as extortion

Gray Hat Hackers

A Grey Hat in the computer security community, refers to a skilled hacker who sometimes acts legally, sometimes in good will, and sometimes not. They are a hybrid between white and black hat hackers. They usually do not hack for personal gain or have malicious intentions, but may or may not occasionally commit crimes during the course of their technological exploits. e.g. - A person who breaks into a computer system and simply puts their name there whilst doing no damage (such as in wargaming see) can also be classified as a grey hat.

Frequency of incidents of Cyber crimes in India

Denial of Service:Sec: 43 Virus: Section: 66, 43 Data Alteration:Sec. 66 U/A Access Section 43 : Email Abuse Sec. 67, : 500, Other IPC Sections Data Theft: Sec 66, 65

Source: Survey conducted by ASCL FY 2007-2008

IT ACT PROVISIONS
email would now be a valid and legal form of communication in our country that can be duly produced and approved in a court of law. Companies shall now be able to carry out electronic commerce using the legal infrastructure provided by the Act. Digital signatures have been given legal validity and sanction in the Act.

IT ACT PROVISIONS
The Act now allows Government to issue notification on the web thus heralding egovernance statutory remedy in case if anyone breaks into companies computer systems or network and causes damages or copies data

Handling of Evidences by Cyber Analysts

Identify
Collect, Observe & Preserve Analyze and Organize

Verify

Four major tasks for working with digital evidence

Identify: Any digital information or artifacts that can be used as evidence. Collect, observe and preserve the evidence

Analyze, identify and organize the evidence.

Rebuild the evidence or repeat a situation to verify the same results every time. Checking the hash value.

ADVANTAGES OF CYBER LAW

Overcome from fear Legal framework Growth in transaction Empower government departments Implications of the E-Businesses Digital signatures have been given legal validity Allow Govt. to issue notifications as egovernance

Challenges faced by Law Enforcement

Awareness: Technology is changing very rapidly. So does the increase in Cyber crimes, No proper awareness shared with regard to crime and latest tools. People are so ignorant that makes it effortless for cyber criminals to attack. People fear to report crimes and some crimes are not properly recorded. The reason behind this is that the victim is either scared of police harassment or wrong media publicity. For minority and marginalised groups who already bear the brunt of media bias, reporting online harassment to the police may simply draw further unwanted attention. The public is not aware of the resources and services that law enforcement could provide them if being a victim of crime or witness.

Technical Issues: Large amount of storage space required for storing the imaged evidences and also for storing retrieved evidence after analysis. Retrieved evidence might contain documents, pictures, videos and audio files which takes up a lot of space. Technical issues can further be categorised into software and hardware issues.

Software and Hardware Issues: The growth of Cyber crime as given rise to numerous Forensic software vendors. The challenge being to choose among them and no single forensic tool solves the entire case, there are loads of third party tools available. So is the case with Hardware tools, Most common and liable h/w tool is the FRED. But when it comes to Mobile forensics it is a challenge to decide the compatibility of different phones and which h/w to rely on..
Recently China has been manufacturing mobile phones that have cloned IME numbers which is a current challenge faced in Mobile forensics. Information sharing: Information sharing is a best practice and can be accomplished by a variety of means such as interacting with industry groups, attending briefings, meetings, seminars and conferences, and working actively with forensic bodies like CDAC..

Inadequate Training and Funds: Due to the growing of cyber forensic tools law enforcement does not get adequate training and awareness on innovative tools. Training bodies are limited and are pricey. Insufficient funding in order to send officers for training and investing on future enhancements. Transfers and recruiting officers adds to the loss of experienced staff and spending for training the newcomers. Cases become pending in such circumstances. Global Issues: Most of the IP addresses retrieved during investigation leads to servers or computers located abroad which have no identity, hence further investigations are blocked and closed. Correspondence with bodies such as Google, Yahoo, Hotmail is quite time consuming and prolong the investigations. Wireless or Wi-Fi, Bluetooth, Infrared Issues: Latest wireless technologies which provide internet connections causes exploitation especially when it is not secured. This is the present technology terrorists and radical activists exploit. This is another vulnerability that law enforcement faces.

CONCLUSION
CYBER LAWS_ ESSENTIAL FEATURE IN TODAYS WORLD OF INTERNET ACHIEVING GLOBAL PEACE AND HARMONY