By Harpreet Kaur, Advocate
- The term ‘cyber crime’ has nowhere been defined in any statute /Act passed or enacted by the Indian Parliament. Well, the concept of cyber crime is not very much different from the concept of ordinary crime. Both include an act or omission, which cause breach of rules of laws.
- As per Lord Atkin “the criminal quality of an act cannot be discovered by reference to any standard but one is the act prohibited with penal consequences”. Hence, a crime may be said to be any conduct accompanied by act or omission prohibited by law and consequential breach of which is visited by penal consequences.
- Cyber crime is the latest and perhaps the most complicated problem in the cyber world. It may be defined as “Any criminal activity that uses a computer either as an instrumentality, target or a means for perpetuating further crimes comes within the ambit of cyber crime” or as “unlawful act wherein the computer is either a tool or target or both”.
- Thus, we can say that the sine qua non for cyber crime is that there should be an involvement, at any stage, of the virtual cyber medium.
- Another definition of cyber crime can be, “Cyber crime encompasses any criminal act dealing with computers and networks (called hacking). Additionally, cyber crime also includes traditional crimes conducted through the Internet. For example; hate crimes, telemarketing and Internet fraud, identity theft, and credit card account thefts are considered to be cyber crimes when the illegal activities are committed through the use of a computer and the Internet.”
- The first recorded cyber crime took place in the year 1820. That is not surprising considering the fact that the abacus, which is thought to be the earliest form of a computer, has been around since 3500 B.C. in India, Japan and China. In 1820, Joseph-Marie Jacquard, a textile manufacturer in France, produced the loom. This device allowed the repetition of a series of steps in the weaving of special fabrics. This resulted in a fear amongst Jacquard’s employees that their traditional employment and livelihood were being threatened. They committed acts of sabotage to discourage Jacquard from further use of the new technology. This is the first recorded cyber crime!
In the light of above statements, we can say that Cyber crimes take place in two ways: The Computer as a Target:– using a computer to attack other computers. E.g. Hacking, Virus/Worm attacks, DOS attack etc. The computer as a weapon:- using a computer to commit real world crimes. E.g. Cyber Terrorism, IPR violations, Credit card frauds, EFT frauds, Pornography etc.
TYPES OF CYBER CRIMES:
- Unauthorized access: Unauthorized access to computer systems or networks means any person who secures access or attempts to secure access to a protected system.
- Email bombing: Email bombing refers to sending a large amount of emails to the victim resulting in the victim’s email account (in case of an individual) or mail server (in case of a company or an email service provider) crashing.
- Data diddling: This kind of an attack involves altering the raw data just before it is processed by a computer and then changing it back after the processing is completed.
- Salami attack: This attack is used for the commission of financial crimes. The key here is to make the alteration so insignificant that in a single case it would go completely unnoticed, e.g. a bank employee inserts a program into the bank’s servers, that deducts a small amount of money (say Rs.5 a month) from the account of every customer. No single account holder will probably notice this unauthorized debit, but the bank employee will make a sizable amount of money every month.
- Internet time theft:This connotes the usage by an unauthorized person of the Internet hours paid for by another person.
- Logic bomb: This is event dependent program. This implies that this program is created to do something only when a certain event (known as a trigger event) occurs, e.g. some viruses may be termed logic bombs because they lie dormant all through the year and become active only on a particular date (like the Chernobyl virus).
- Virus / worm attack: Virus is a program that attach itself to a computer or a file and then circulate itself to other files and to other computers on a network. They usually affect the data on a computer, either by altering or deleting it. Worms, unlike viruses do not need the host to attach themselves to. They merely make functional copies of themselves and do this repeatedly till they eat up all the available space on a computer’s memory.
- Trojan attack: A Trojan, the program is aptly called an unauthorized program which functions from inside what seems to be an authorized program, thereby concealing what it is actually doing.
- Denial of service attack: This involves flooding a computer resource with more requests than it can handle. This causes the resource (e.g. a web server) to crash thereby denying authorized users the service offered by the resource.
- Distributed denial of Service attack: This is a denial of service attack wherein the perpetrators are many and are geographically widespread. It is very difficult to control such attacks.
- Cyber pornography:This would include pornographic websites; pornographic magazines produced using computers (to publish and print the material) and the Internet (to download and transmit pornographic pictures, photos, writings etc.)
- Email spoofing: A spoofed email is one that appears to originate from one source but actually has been sent from another source.
- Intellectual Property Crime: This includes software piracy, copyright. infringement, trademarks violations etc.
- Cyber Stalking: The Oxford dictionary defines stalking as “pursuing stealthily”. Cyber stalking involves following a person’s movements across the Internet by posting messages (sometimes threatening) on the bulletin boards frequented by the victim, entering the chat-rooms frequented by the victim, constantly bombarding the victim with emails etc.
CYBER CRIMINALS: The cyber criminals constitute of various groups/ category. This division may be justified on the basis of the object that they have in their mind. The following are the category of cyber criminals-
- Children and adolescents between the age group of 6 – 18 years –The simple reason for this type of delinquent behaviour pattern in children is seen mostly due to the inquisitiveness to know and explore the things. Other reason may be to prove themselves to be outstanding amongst other children in their group. Further the reasons may be psychological even.
- Organised hackers-These kinds of hackers are mostly organised together to fulfil certain objective. The reason may be to fulfil their political bias, fundamentalism, etc. e.g. The NASA as well as the Microsoft sites is always under attack by the hackers.
- Professional hackers / crackers –Their work is motivated by the money. These kinds of hackers are mostly employed to hack the site of the rivals and get credible, reliable and valuable information. Further they are employed to crack the system of the employer basically as a measure to make it safer by detecting the loopholes.
- Discontented employees-This group include those people who are dissatisfied with their employer. To avenge they normally hack the system of their employee.
Information Technology Act, 2000: The Indian parliament considered it necessary to give effect to the resolution by which the General Assembly adopted Model Law on Electronic Commerce adopted by the United Nations Commission on Trade Law. As a consequence of which the Information Technology Act 2000 was passed and enforced on 17th May 2000.
- The preamble of this Act states its objective to legalise e-commerce and further amend the Indian Penal Code 1860, the Indian Evidence Act 1872, the Banker’s Book Evidence Act, 1891 and the Reserve Bank of India Act, 1934. The basic purpose to incorporate the changes in these Acts is to make them compatible with the Act of 2000. So that they may regulate and control the affairs of the cyber world in an effective manner.
- The Information Technology Act deals with the various cyber crimes in chapters IX & XI.
- The important sections are Ss. 43,65,66,67. Section 43 in particular deals with the unauthorised access, unauthorised downloading, virus attacks or any contaminant, causes damage, disruption, denial of access, interference with the service availed by a person. This section provide for a fine up to Rs. 1 Crore by way of remedy. Section 65 deals with ‘tampering with computer source documents’ and provides for imprisonment up to 3 years or fine which may extend up to 2 lakhs or both. Section 66 deals with ‘hacking with computer system’ and provides for imprisonment up to 3 years or fine which may extend up to 2 lakhs or both and section 67 deals with publication of obscene material and provides for imprisonment up to a term of 10 years and also with fine up to Rs. 2 lakhs.
PREVENTION OF CYBER CRIME:
Prevention is always better than cure. It is always better to take certain precaution while operating the net. One should make them his part of cyber life. Any citizen should keep in mind the following things–
- To prevent cyber stalking avoid disclosing any information pertaining to oneself. This is as good as disclosing your identity to strangers in public place.
- Always avoid sending any photograph online particularly to strangers and chat friends as there have been incidents of misuse of the photographs.
- Always use latest and up to date antivirus software to guard against virus attacks.
- Always keep back up volumes so that one may not suffer data loss in case of virus contamination
- Never send your credit card number to any site that is not secured, to guard against frauds.
- Always keep a watch on the sites that your children are accessing to prevent any kind of harassment or depravation in children.
- It is better to use a security programme that gives control over the cookies and send information back to the site as leaving the cookies unguarded might prove fatal.
- Web site owners should watch traffic and check any irregularity on the site. Putting host-based intrusion detection devices on servers may do this.
- Use of firewalls may be beneficial.
- Web servers running public sites must be physically separate protected from internal corporate network.
There are lots of suggestions available on various cyber police sites. From one of those sites, some useful suggestions for better security are–
- Use strong passwords. Choose passwords that are difficult or impossible to guess. Give different passwords to all other accounts.
- Make regular back-up of critical data. Back-up must be made atleast once in each day. Larger organizations should perform a full back-up weekly and incremental back-up every day. Atleast once in a month the back-up media should be verified.
- Use virus protection software. That means three things: having it on your computer in the first place, checking daily for new virus signature updates, and then actually scanning all the files on your computer periodically.
- Use a firewall as a gatekeeper between your computer and the Internet. Firewalls are usually software products. They are essential for those who keep their computers online through the popular DSL and cable modem connections but they are also valuable for those who still dial in.
- Do not keep computers online when not in use. Either shut them off or physically disconnect them from Internet connection.
- Do not open e-mail attachments from strangers, regardless of how enticing the subject line or attachment may be. Be suspicious of any unexpected e-mail attachment from someone you do know because it may have been sent without that person’s knowledge from an infected machine.
- Regularly download security patches from your software vendors.
History is the witness that no legislation has succeeded in totally eliminating crime from the globe. The only possible step is to make people aware of their rights and duties (to report crime as a collective duty towards the society) and further making the application of the laws more stringent to check crime. Undoubtedly the Act is a historical step in the cyber world. Judiciary plays a vital role in shaping the enactment according to the order of the day. One such stage, which needs appreciation, is the P.I.L., which the Kerala high Court has accepted through an email. Today with the growing arms of cyberspace the growing arms of cyberspace the territorial boundaries seems to vanish thus the concept of territorial jurisdiction as envisaged under S.16 of C.P.C. and S.2.of the I.P.C. will have to give way to alternative method of dispute resolution. Also the IT Act 2000 does not mention the typical cyber crimes like cyber stalking, morphing and email spoofing as offences. As technology develops, the law needs to respond to these new developments to deter those who would abuse and misuse the new technology.
I would like to conclude with a word of caution that it should be kept in mind that the provisions of the cyber law should not be made so stringent that it may retard the growth of the industry and prove to be counter-productive.
 Vivek Sood, Cyber law simplified, New Delhi: Tata Mc-Graw Hill Publishing Company Ltd., 4th reprint: 2008.