Module 2-Cybercrime And Cyber Law

Cybercrime or a computer-oriented crime is a crime that includes a computer and a network. The
computer may have been used in the execution of a crime or it may be the target.
Cybercrime is the use of a computer as a weapon for committing crimes such as committing fraud,
identity theft, or breaching privacy.
Cybercrime encloses a wide range of activities, generally be divided into two categories:
1. Crimes that aim at computer networks or devices. These types of crimes involve different
threats (like virus, bugs etc.) and denial-of-service (DoS) attacks.
2. Crimes that use computer networks to commit other criminal activities. These types of
crimes include cyber stalking, financial fraud or identity theft.

*Classification of Cyber Crime:

It can be classified in to 4 major categories as
1. Cybercrime against Individual
2. Cybercrime Against Property
3. Cybercrime Against Organization
4. Cybercrime Against Society

 Against Individuals
• Email spoofing :
A spoofed email is one in which e-mail header is forged so that mail appears to originate from
one source but actually has been sent from another source
• Spamming :
Spamming means sending multiple copies of unsolicited mails or mass e-mails such as chain
letters.
• Cyber Defamation :
This occurs when defamation takes place with the help of computers and / or the Internet. E.g.
someone publishes defamatory matter about someone on a website or sends e-mails
containing defamatory information.
• Harassment & Cyber stalking :
Cyber Stalking Means following the moves of an individual‟s activity over internet. It can be
done with the help of many protocols available such at e- mail, chat rooms, user net groups.

 Against Property:
1. Credit Card Fraud :
Credit card fraud occurs when an unauthorized person gains access to your
information and uses it to make purchases. .Swapping your credit card, such as at a gas
station pump,shopping mall. Calling about fake prizes .
 Here criminals make purchases or obtain cash advances using a credit card account
assigned to you. This can occur through one of your existing accounts, via theft of your
physical credit card or your account numbers and PINs.
Credit card fraud is an inclusive term for fraud committed using a payment card, such
as a credit card or debit card. The purpose may be to obtain goods or services or to make
payment to another account, which is controlled by a criminal. The Payment Card Industry
Data Security Standard (PCI DSS) is the data security standard created to help financial
institutions process card payments securely and reduce card fraud.
Credit card fraud can be authorized, where the genuine customer themselves
processes a payment to another account which is controlled by a criminal, or unauthorized,
where the account holder does not provide authorization for the payment to proceed and the
transaction is carried out by a third party.

2.Intellectual Property crimes :

These include Software piracy: illegal copying of programs, distribution of copies of
software.
  Copyright infringement
 Trademarks violations

 Against Organisation
1.Unauthorized Accessing of Computer:
Accessing the computer/network without permission from the owner.
it can be of 2 forms:
 Changing/deleting data:
Unauthorized person changing of data.
 Computer spy:
The criminal reads or copies confidential or proprietary information, but the data is
neither deleted nor changed.

2.Denial Of Service:
When Internet server is flooded with continuous bogus requests so as to denying legitimate
users to use the server or to crash the server.

3.Computer contamination / Virus attack :

A computer virus is a computer program that can infect other computer programs by
modifying them in such a way as to include a (possibly evolved) copy of it.
Viruses can be file infecting or affecting boot sector of the computer.
Worms, unlike viruses do not need the host to attach themselves to.

4.Email Bombing :
Sending large numbers of mails to the individual or company or mail servers thereby
ultimately resulting into crashing.

5.Salami Attack :
When negligible amounts are removed & accumulated in to something larger. These attacks
are used for the commission of financial crimes.

6.Logic Bomb :
It‟s an event dependent programme , as soon as the designated event occurs, it crashes the
computer, release a virus or any other harmful possibilities.

7.Trojan Horse :
an unauthorized program which functions from inside what seems to be an authorized
program, thereby concealing what it is actually doing.
8.Data diddling :
This kind of an attack involves altering raw data just before it is processed by a computer and
then changing it back after the processing is completed.

4.Against Society
 Forgery: currency notes, revenue stamps, mark sheets etc can be forged using
computers and high quality scanners and printers.
 Cyber Terrorism: Use of computer resources to intimidate or coerce
(pressurize)others.
 Web Jacking(steal): Hackers gain access and control over the website of another,
even they change the content of website for fulfilling political objective or for
money.

Common cybercrimes:--cybercrime targeting computers and mobiles

Cyber Terrorism –
Cyber terrorism is the use of the computer and internet to perform violent acts that result in loss of
life. This may include different type of activities either by software or hardware for threatening life
of citizens.
In general, Cyber terrorism can be defined as an act of terrorism committed through the use of
cyberspace or computer resources.

1. Cyber Extortion –
Cyber extortion occurs when a website, e-mail server or computer system is subjected to or
threatened with repeated denial of service or other attacks by malicious hackers. These hackers
demand huge money in return for assurance to stop the attacks and to offer protection.

2. Cyber Warfare –
Cyber warfare is the use or targeting in a battle space or warfare context of computers, online
control systems and networks. It involves both offensive and defensive operations concerning to
the threat of cyber-attacks, surveillance and obstruct.

3. Internet Fraud –
Internet fraud is a type of fraud or deceit which makes use of the Internet and could include
hiding of information or providing incorrect information for the purpose of deceiving victims
for money or property. Internet fraud is not considered a single, distinctive crime but covers a
range of illegal and illicit actions that are committed in cyberspace.

4. Cyber Stalking –
This is a kind of online harassment wherein the victim is subjected to a barrage of online
messages and emails. In this case, these stalkers know their victims and instead of offline
stalking, they use the Internet to stalk. However, if they notice that cyber stalking is not having
the desired effect, they begin offline stalking along with cyber
stalking to make the victims‟ lives more miserable.

5. Social Engineering Attacks

6.
Social engineering is now common tactics used by cybercriminals to gather user‟s sensitive
information.
Social engineering assaults come in wide range of structures and can be performed in any
place where human collaboration is included.

Social engineering is a manipulation technique that exploits human error to gain private
information, access, or valuables.
• Social engineers are clever and use manipulative tactics to trick their victims into disclosing
private or sensitive information.
 Malware & Ransomware attacks:
 Ransomware is a document encryption programming program that utilizes a special
encryption calculation to scramble records on objective framework.
 It is particular malware disseminated to blackmail cash from targets and is one of most
pervasive and known instances of cyber attacks.
 Assailant disseminates malware as infection to get to objective PC‟s hard drive. It, at that
point, encodes information and makes PC/information unusable for client until they make
the payoff instalment requested by assailant. It is frequently difficult to decode record‟s
substance without anyone else.
 WannaCry and Maze ransomware are ongoing instances of how malware could unleash
devastation, driving numerous enterprises to dish out bitcoins and cash to pay for
recovering their undermined machines and information.

Malware is short for malicious software and refers to any software that is designed to cause harm
to computer systems, networks, or users.
Malware can take many forms. It‟s important for individuals and organizations to be aware of the
different types of malware and take steps to protect their systems, such as using antivirus software,
keeping software and systems up-to-date, and being cautious when opening email attachments or
downloading software from the internet.
Types of Malware
 Viruses –
• A Virus is a malicious executable code attached to another executable file. The
virus spreads when an infected file is passed from system to system. Viruses can be
harmless or they can modify or delete data.
• Opening a file can trigger a virus. Once a program virus is active, it will infect other
programs on the computer.
 Worms –
• Worms replicate themselves on the system, attaching themselves to different files
and looking for pathways between computers, such as computer network that shares
common file storage areas.
• Worms usually slow down networks. A virus needs a host program to run but
worms can run by themselves.
• After a worm affects a host, it is able to spread very quickly over the network.
 Trojan horse –
 • A Trojan horse is malware that carries out malicious operations under the
appearance of a desired operation such as playing an online game.
• A Trojan horse varies from a virus because the Trojan binds itself to non-executable
files, such as image files, and audio files.
 Adware – It displays unwanted ads and pop-ups on the computer. It comes along with
software downloads and packages.
• It generates revenue for the software distributer by displaying ads.
 Spyware – Its purpose is to steal private information from a computer system for a third
party. Spyware collects information and sends it to the hacker.
 Logic Bombs –
• A logic bomb is a malicious program that uses a trigger to activate the malicious
code.
• The logic bomb remains non-functioning until that trigger event happens. Once
triggered, a logic bomb implements a malicious code that causes harm to a
computer.
• Cybersecurity specialists recently discovered logic bombs that attack and destroy
the hardware components in a workstation or server including the cooling fans, hard
drives, and power supplies.
• The logic bomb overdrives these devices until they overheat or fail.
 Backdoors –
• A backdoor bypasses the usual authentication used to access a system
• . The purpose of the backdoor is to grant cyber criminals future access to the system
even if the organization fixes the original vulnerability used to attack the system.
 Keyloggers – Keylogger records everything the user types on his/her computer system to
obtain passwords and other sensitive information and send them to the source of the
keylogging program.

How To Protect From Malware?

1. Protect your devices.
2. Update your operating system and software. Install updates as soon as they become
available because cybercriminals search for vulnerabilities in out-of-date or outdated software.
3. Never click on a popup‟s link. Simply click the “X” in the message‟s upper corner to close
it and leave the page that generated it.
4. Don‟t install too many apps on your devices. Install only the apps you believe you will
regularly use and need.
5. Be cautious when using the internet.
6. Do not click on unidentified links. If a link seems suspicious, avoid clicking it whether it
comes from an email, social networking site, or text message.
7. Choose the websites you visit wisely. Use a safe search plug-in and try to stick to well-
known and reputable websites to avoid any that might be malicious without your knowledge.
8. Emails requesting personal information should be avoided. Do not click a link in an email
that appears to be from your bank and asks you to do so in order to access your account or reset
your password. Log in immediately at your online banking website.

Advantages of Detecting and Removing Malware

1. Improved Security: By detecting and removing malware, individuals, and organizations
can improve the security of their systems and reduce the risk of future infections.
2. Prevent Data Loss: Malware can cause data loss, and by removing it, individuals and
organizations can protect their important files and information.
3. Protect Reputation: Malware can cause harm to a company‟s reputation, and by detecting
and removing it, individuals and organizations can protect their image and brand.
4. Increased Productivity: Malware can slow down systems and make them less efficient,
and by removing it, individuals and organizations can increase the productivity of their systems
and employees.
Disadvantages of Detecting and Removing Malware
1. Time-Consuming: The process of detecting and removing malware can be time-consuming
and require specialized tools and expertise.
2. Cost: Antivirus software and other tools required to detect and remove malware can be
expensive for individuals and organizations.
3. False Positives: Malware detection and removal tools can sometimes result in false
positives, causing unnecessary alarm and inconvenience.
4. Difficulty: Malware is constantly evolving, and the process of detecting and removing it
can be challenging and require specialized knowledge and expertise.
5. Risk of Data Loss: Some malware removal tools can cause unintended harm, resulting in
data loss or system instability.

Cyber crime against women and children:-

Cybercrime can be defined as unlawful activities conducted through the internet and digital devices
intending to creep into the private space of others and disturb them with objectionable content and
misbehaviour.
Cyber-crime affects women the most by subjecting them to mental and emotional harassment.
Cyber Violence Against Women:
Cyber violence uses Computer Technology to access women‟s personal information and use the
internet for harassment and exploitation.
Cyber crime against women includes gender-based and sexual remarks and activities performed
through a computer network or mobile phones, affecting the dignity of women and causing
emotional distress.
The different types of cyber crime against women are explained as follows:
 Cyber Stalking: It includes attempting to contact the women via social networking sites
without any legitimate purpose, putting threatening messages on the chat page, and constantly
disturbing the victims with objectionable emails and messages to create mental distress.
 Cyber Defamation: This activity involves defaming the victim through blackmailing and
disclosing their details or modified pictures. It often involves extorting and seeking sexual
favors from the victim.
 Cyber Hacking: When asked to click on unauthorised URLs or download apps that leak all
their personal information on their phones, the women became victims of cyber hacking. The
criminals utilise these details for unauthorised monetary transactions and other unlawful
activities.
 Cyber Bullying: It is an act of regular harassment and bullying of the victim through the
digital communication device by posting abusive and misleading content, pictures, or videos
and sending rape and death threats.
 Cyber Grooming: In this case, a person builds a relationship with a woman through an
online platform and pressurizes her for undue favors or doing sexual acts.

Legal Provisions Related to Cyber Crime Against Women:

All users of cyberspace are subject to specific laws applicable worldwide. Cyber laws deal with
legal issues arising from networked computer technology and digital platforms. These laws protect
the victims against cyber crimes and help them address the issues and get justice.
The following acts under the Indian Penal Code (IPC, 1860) section 354 mention the following
crimes as punishable under the law with rigorous imprisonment and fines.
 Section 354A: Demand for sexual favors or displaying objectionable pictures against a
woman‟s consent or making sexual remarks and sexual harassment will cause the imprisonment
of up to 3 years with fines.
 Section 354C: An act of photographing or publishing a picture of a woman engaged in a
private act without her consent will lead to imprisonment of 3 to 7 years.
 Section 354D: Contacting a woman online and sending irrelevant emails/messages despite
the woman‟s evident disinterest will cause the imprisonment of 5 years with fines.

The Information Technology Act, 2000 also has provisions for punishment under the following
sections:
 Section 66C-Identify cyber hacking is a punishable offense with imprisonment of 3 years
and fines of Rs. 1 lakh.
 Section 66E- Deals with the offense of capturing, publishing, or sending pictures of women
in circumstances that violate privacy. This causes imprisonment of 3 years.
 Section 67A- Makes it illegal to publish and transmit sexually explicit content and is
punishable with imprisonment of up to 5 to 7 years.
The Cyber Crime Prevention against Women and Children (CCPWC) scheme is introduced to
develop effective measures to handle cyber crimes against women and children in India.
It allows a cyber crime victim to file a complaint through an online cyber crime reporting platform.
The platform also provides details of law enforcement and regulatory agencies at the local and
national levels.
The CCPWC also conducts awareness programs starting from the school level as a proactive
measure to mitigate cyber crimes.

Social Engineering – The Art of Virtual Exploitation

Social engineering uses human weakness or psychology to gain access to the system, data, personal
information, etc.
It is the art of manipulating people. It doesn‟t involve the use of technical hacking techniques.
Attackers use new social engineering practices because it is usually easier to exploit the victim‟s
natural inclination to trust.
For example, it is much easier to fool someone to give their password instead of hacking their
password. Sharing too much information on social media can enable attackers to get a password or
extracts a company‟s confidential information using the posts by the employees. This confidential
information helped attackers to get the password of victim accounts.
How do Social Engineering Attacks Take Place?
Phishing scams are the most common type of Social Engineering attacks these days. Tools such as
SET(Social Engineering Toolkit) also make it easier to create a phishing page but luckily many
companies are now able to detect phishing such as Facebook. But it does not mean that you cannot
become a victim of phishing because nowadays attackers are using iframe to manipulate detection
techniques. An example of such hidden codes in phishing pages is cross-site-request-forgery
“CSRF” which is an attack that forces an end user to execute unwanted actions on a web
application.
examples of social engineering attacks that are used to be executed via phishing:
 Banking Links Scams
 Social Media Link Scams
 Lottery Mail Scams
 Job Scams
Purpose
The purpose of social engineering attacks is typically to steal sensitive information, such as login
credentials, credit card numbers, or personal information.
Attackers can use this information for identity theft, financial fraud, or other malicious purposes.
Another purpose of social engineering attacks is to gain unauthorized access to secure areas or
systems.
How to prevent phishing attacks
• Watering hole attacks
Watering hole attacks are a very targeted type of social engineering. An attacker will set a trap by
compromising a website that is likely to be visited by a particular group of people, rather than
targeting that group directly.
An example is industry websites that are frequently visited by employees of a certain sector, such as
energy or a public service. The perpetrators behind a watering hole attack will compromise the
website and aim to catch out an individual from that target group.
They are likely to carry out further attacks once that individual's data or device has been
compromised.

• Business email compromise attacks

Business email compromise (BEC) attacks are a form of email fraud where the attacker masquerades
as a C-level executive and attempts to trick the recipient into performing their business function, for
an illegitimate purpose, such as wiring them money. Sometimes they go as far as calling the
individual and impersonating the executive.

• Physical social engineering

. Certain people in the organization--such as help desk staff, receptionists, and frequent travellers--are
more at risk from physical social engineering attacks, which happen in person.
the organization should have effective physical security controls such as visitor logs, escort
requirements, and background checks.
Employees in positions at higher risk for social-engineering attacks may benefit from specialized
training from physical social engineering attacks.

• USB baiting
In USB baiting cybercriminals install malware onto USB sticks and leave them in strategic places,
hoping that someone will pick the USB up and plug it into a corporate environment, thereby
unwittingly unleashing malicious code into their organization.

Zero day and zero click attacks:-

Zero-day exploit:-
it is a type of cyber security attack that occur on the same day the software, hardware or firmware
flaw is detected by the manufacturer.
As it‟s been zero days since the security flaw was last exploit, the attack is termed as zero-day
exploit or zero-day attack.
This kind of cyber-attacks are considered dangerous because the developer have not had the chance
to fix the flaw yet. Zero-day exploit typically targets large organizations, government departments,
firmware, hardware devices, IoT, users having access to valuable business data, etc.

Working of Zero-day Exploit:

A software is developed and released without knowing the fact that it has a security vulnerability.
An attacker identifies or exploits this vulnerability before the developers identifies or fixes the
same. While still the vulnerability is open and unpatched, exploiting the vulnerability, the hacker
attacks and compromises the software which can lead to data theft, unauthorized access or crashing
of the software itself. After the attacker attacks the target, the public or developer identifies the
attack and tries to figure out the patch. The developer identifies the fix and releases the update to
safe guard its new user.
Zero-day Exploit Detection:
Probability of detecting zero day exploit is rare or in other words, the attack leaves no opportunity
for detection. But there are a few ways to identify the existing known vulnerabilities.
1. Signature Based – In this method, the occurrence pattern of known vulnerability can be
detected with the help of pattern matching. Even though this method cannot detect the malware
code used for zero-day exploit, it is capable of detecting known attacks like SQL injection that
may lead to zero-day vulnerability. While a developer may not be able to detect zero-day attack,
the system firewall may be able to detect and protect against few known specific attack types
such as XSS , SQL injection, etc.
2. Statistical Techniques – By monitoring the normal activity, this technique learns the
normal behaviour of the network. When the system identifies any deviation from normal profile
it will detect a probability of vulnerability.
3. Behaviour Based – The implementation of behaviour based detection typically depends on
a „honeypot‟. A honeypot is a security mechanism that is developed to detect the presence of
hackers or hacking attempts.
4. Hybrid Techniques – This hybrid technique use the advantage of statistical, behavioural
and traditional signature based defence mechanism. They are comparatively more effective as
the weaknesses of any single detection technique will not break the security.
Zero-day Exploit Prevention : As zero-day exploits cannot be easily discovered, prevention of the
zero-day exploit becomes difficult. We can reduce the level of risk opting any of the following
strategies:
 Implementation of IP security protocol ( IPSec).
 Usage of virtual local area networks.
 Deployment of intrusion detection system (IDS) or intrusion prevention system (IPS).
 Usage of network access control protocols.
 Usage of security schemes such as Wi-Fi Protected Access 2.
 Keeping all systems up to date.
 Performing periodic vulnerability scanning.
Example Cases of Zero-day Exploit :
Zero-day exploit refers to a security vulnerability that is unknown to the software vendor or the
public, allowing attackers to exploit it before it can be patched. Here are some examples of zero-
day exploits:
 Stuxnet: Stuxnet is a well-known example of a zero-day exploit that was discovered in
2010. It was a sophisticated piece of malware that was specifically designed to target
industrial control systems, particularly those used in Iranian nuclear facilities. Stuxnet
exploited several zero-day vulnerabilities in Windows and Siemens software to gain
access to the systems and cause physical damage.
 WannaCry:
WannaCry is a ransomware attack that was first discovered in 2017.
It spread rapidly across the globe, infecting hundreds of thousands of computers in over
150 countries.
 The attackers exploited a zero-day vulnerability in Microsoft Windows to infect the
systems with the ransomware.
 Pegasus:
Pegasus is a spyware developed by the Israeli company NSO Group.
It was used to target the mobile phones of journalists, activists, and government
officials in several countries.
The attackers used a zero-day vulnerability in Apple‟s iOS to install the spyware on the
victims‟ phones.
 Heartbleed:
Heartbleed is a vulnerability in the OpenSSL cryptographic software library that was
discovered in 2014.
It allowed attackers to access sensitive information, including passwords and encryption
keys, from servers running the affected software.
The vulnerability was present in the software for over two years before it was discovered.
 Dirty COW:
Dirty COW is a vulnerability in the Linux operating system kernel that was discovered in
2016.
It allowed attackers to gain root access to the system by exploiting a race condition in the
copy-on-write (COW) mechanism of the kernel.
The vulnerability affected millions of systems running the Linux operating system.
 Meltdown and Spectre:
Meltdown and Spectre are two vulnerabilities in modern computer processors that were
discovered in 2018.
They allow attackers to access sensitive information, including passwords and encryption
keys, from the memory of other running programs.
The vulnerabilities affect almost all modern computer processors, including those used in
smartphones and cloud servers.

Zero click attacks:-

 zero-click attacks require no action from the victim – meaning that even the most advanced
users can fall prey to serious cyber hacks and spyware tools.
 Zero-click attacks are typically highly targeted and use sophisticated tactics. They can have
devastating consequences without the victim even knowing that something is wrong in the
background. The terms „zero-click attacks‟ and „zero-click exploits‟ are often used
interchangeably. They are sometimes also called interaction-less or fully remote attacks.
 once a device is compromised, an attacker can choose to install surveillance software, or they can
choose to enact a much more destructive strategy by encrypting the files and holding them for
ransom. Generally, a victim can‟t tell when and how they‟ve been infected through a zero-click
attack, which means users can do little to protect themselves.
 the software can be installed on a device without the victim clicking on any link. As a result,
zero-click malware or no-click malware is much more dangerous.
 Messaging apps are often targeted in zero-click attacks because they receive large amounts of
data from unknown sources without requiring any action from the device owner. Most often, the
attackers exploit a flaw in how data is validated or processed.
 The reduced interaction involved in zero-click attacks means fewer traces of any malicious
activity. This – plus the fact that vulnerabilities which cybercriminals can exploit for zero-
click attacks are quite rare – make them especially prized by attackers.
 Even basic zero-click attacks leave little trace, which means detecting them is extremely
difficult. Additionally, the same features which make software more secure can often make
zero-click attacks harder to detect.
 remote infection of a target‟s mobile device requires some form of social engineering, with
the user clicking on a malicious link or installing a malicious app to provide the attacker with
 an entry point. This is not the case with zero-click attacks, which bypass the need for social
engineering entirely.
 A zero-click hack exploits flaws in your device, making use of a data verification loophole to
work its way into your system. Most software uses data verification processes to keep cyber
breaches at bay. However, there are persistent zero-day vulnerabilities that are not yet
patched, presenting potentially lucrative targets for cybercriminals. Sophisticated hackers can
exploit these zero-day vulnerabilities to execute cyber-attacks, which can be implemented
with no action on your part.
 Often, zero-click attacks target apps that provide messaging or voice calling because these
services are designed to receive and interpret data from untrusted sources. Attackers generally
use specially formed data, such as a hidden text message or image file, to inject code that
compromises the device.
How to protect yourself from zero-click exploits

Because zero-click attacks are based on no interaction from the victim, it follows that there isn‟t much
you can do to protect yourself. While that is a daunting thought, it‟s important to remember that, in
general, these attacks tend to be targeted at specific victims for espionage purposes or perhaps
monetary gain.
That said, practicing basic cyber hygiene will help to maximize your online safety. Sensible
precautions you can take include:
 Keep your operating system, firmware, and apps on all your devices up to date as prompted.
 Only download apps from official stores.
 Delete any apps you no longer use.
 Avoid „jailbreaking‟ or „rooting‟ your phone since doing so removes protection provided by
Apple and Google.
 Use your device password protection.
 Use strong authentication to access accounts, especially critical networks.
 Use strong passwords – i.e., long and unique passwords.
 Regularly backup systems. Systems can be restored in cases of ransomware, and having a
current backup of all data speeds the recovery process.
 Enable pop-up blockers or prevent pop-ups from appearing by adjusting your browser
settings. Scammers routinely use pop-ups to spread malware.
 Using a comprehensive antivirus will also help keep you safe online

Reporting of cybercrime remedial and mitigation measures:

The legal Perspective
 Cybercrime is a crime done with the misuse of information technology for unauthorized or
illegal access, electronic fraud; like deletion, alteration, interception, concealment of data,
forgery etc.
 Cybercrime is an international crime as it has been affected by the worldwide revolution in
information and communication Cybercrime is a growing concern to countries at all levels of
developments and affects both, buyers and sellers.
 Need of Cyber Law In today‟s techno-savvy environment, the world is becoming more and
more digitally sophisticated and so are the crimes.
 Internet was initially developed as a research and information sharing tool and was in an
unregulated manner. As the time passed by it became more transactional with e-business, e-
commerce, e governance and e-procurement etc.
 All legal issues related to internet crime are dealt with through cyber laws. As the number of
internet users is on the rise, the need for cyber laws and their application has also gathered
 great momentum. In today‟s highly digitalized world, almost everyone is affected by cyber
law.
For example:
 Almost all transactions in shares are in demat form.
 Almost all companies extensively depend upon their computer networks and keep their valuable
data in electronic form.
 Government forms including income tax returns, company law forms etc. are now filled in
electronic form.
 Consumers are increasingly using credit/debit cards for shopping.
 Most people are using email, phones and SMS messages for communication.
 Even in “non-cyber crime” cases, important evidence is found in computers/cell phones eg: in cases
of murder, divorce, kidnapping, tax evasion, organized crime, terrorist operations, counterfeit
currency etc.
 Cybercrime cases such as online banking frauds, online share trading fraud, source code theft, credit
card fraud, tax evasion, virus attacks, cyber sabotage, phishing attacks, email hijacking, denial of
service, hacking, pornography etc. are becoming common.
 Digital signatures and e-contracts are fast replacing conventional method of transacting business.
Need for Cyber Law
in India Cyber-law is important in a country like India where the internet is used to a large extent. The
law is enacted to save people and organizations from cybercrime and other internet-related crimes.
As per rules and regulations of the Cyber-law, a person who commits cybercrime is liable to get
punishment. If anyone violates and breaks the provisions of the law, then it allows another person or
organization to take legal action against that person.
Cyber Law also called IT Law is the law regarding Information-technology including computers and
internet. It is related to legal informatics and supervises the digital circulation of information,
software, information security and e commerce.
 The Information Technology Act, 2000 (also known as ITA-2000, or the IT Act) is an Act of the
Indian Parliament (No 21 of 2000) notified on17th October 2000.
• The Information Technology Act, 2000 provides legal recognition to the transaction done via
electronic exchange of data and other electronic means of communication or electronic
commerce transactions.
• This also involves the use of alternatives to a paper-based method of communication and
information storage to facilitate the electronic filing of documents with the Government
agencies.
• this act amended the Indian Penal Code 1860, the Indian Evidence Act 1872, the Bankers‟
Books Evidence Act 1891, and the Reserve Bank of India Act 1934.
The objectives of the Act are as follows:
 Grant legal recognition to all transactions done via electronic exchange of data or other
electronic means of communication or e-commerce, in place of the earlier paper-based
method of communication.
 Give legal recognition to digital signatures for the authentication of any information or
matters requiring legal authentication.
 Facilitate the electronic filing of documents with Government agencies and also departments
 Facilitate the electronic storage of data.
 Give legal sanction and also facilitate the electronic transfer of funds between banks and
financial institutions.
  Grant legal recognition to bankers under the Evidence Act, 1891 and the Reserve Bank of
India Act, 1934, for keeping the books of accounts in electronic form.
Features of the Information Technology Act, 2000
i. All electronic contracts made through secure electronic channels are legally valid.
ii. . Legal recognition for digital signatures
iii. Security measures for electronic records and also digital signatures are in place
iv. A procedure for the appointment of examining officers for holding inquiries under the Act is
finalized.
v. Provision for establishing a Cyber Regulatory Appellant Tribunal under the Act. Further, this
tribunal will handle all appeals made against the order of the Controller or
Adjudicating(examining) Officer.
vi. An appeal against the order of the Cyber Appellant Tribunal is possible only in the High
Court
vii. Digital Signatures will use an asymmetric cryptosystem and also a hash function.
viii. Provision for the appointment of the Controller of Certifying Authorities (CCA) to license
and regulate the working of Certifying Authorities. The Controller to act as a repository
of all digital signatures.
ix. The Act applies to offences or contraventions committed outside India.
x. Senior police officers and other officers can enter any public place and search and arrest
without warrant .
xi. Provisions for the constitution of a Cyber Regulations Advisory Committee to advise the
Central Government and Controller.
Amendments in Indian IT act A major amendment was made in 2008. It introduced Section 66A
which penalized sending "offensive messages".
It also introduced Section 69, which gave authorities the power of "interception or monitoring or
decryption of any information through any computer resource"
"The Act has provided Indian government with the power of surveillance, monitoring and blocking
data traffic.
Cyber Crime and Punishment in India:-
The IT Act 2000, ensures legal recognition of e-commerce within India. Due to this most provisions
are mainly concerned with establishing digital certification processes within the country.
Penalties under Cyber Crimes:-
a) Section 43 and 66 –
Section 43 and 66 of the IT Act punishes a person committing data theft, transmitting virus into a
system, hacking, destroying data, or denying access to the network to an authorized person.
Maximum imprisonment up to 3 years or a fine of rupees 5 lacs or both.
At the same time data theft is also punishable under Section 378 and Section 424 of IPC with
maximum imprisonment of 3 years or fine or both; and imprisonment of 2 years or fine or both
respectively.
Denying access to an authorized person or damaging a computer system is penalized under Section
426 of IPC with imprisonment of up to 3 months or fine or both.
b)66E –
Tampering with computer source documents is a punishable offence under Section 65 of the IT Act.
Section 66E provides the punishment for violation of privacy. It states that if any person captures,
publishes, or distributes an image of a private area of a person without his/her consent has committed
a breach of privacy and is punishable with imprisonment up to 3 years or a fine up to 2 lacs or both.
66F
 Section 66F covers a crucial matter which is cyber terrorism and prescribes punishment for the same.
It provides the acts which constitute cyber terrorism like denial of access or penetrating through a
network or transmitting virus/malware utilizing which he is likely to cause death or injury to any
person, which is all done with the purpose to threat the integrity, sovereignty, unity, and security of
India or create terror in the minds of its citizen.

66B and 66 C
Section 66B of the IT Act and Section 411 of IPC deal with the offense of dishonestly receiving
stolen computer resources or devices.
Section 66C of the IT Act prescribes punishment for identity theft and states that any person who uses
the identity credentials of a person for fraud or in a dishonest manner is liable for punishment with
imprisonment up to 3 years and a fine up to Rupees 3 lacs.
Cheating by personation using a computer resource is punishable under Section 66D of the IT Act.
Similar provisions for these offenses are given under IPC under Section 419, 463, 465, and 468. IT
Act not only punishes persons but corporate as well if they fail to implement and maintain a
reasonable and diligent mechanism to protect the sensitive data of any person in their possession.
Such a body corporate is liable to pay compensation to the aggrieved person who has suffered a loss
due to the negligence of the corporation.

Cyber Crime and Punishment in India:-

These acts as defined in Chapter XI of the Act are:
1. Section 43– Illegal access, the introduction of the virus, denial of services, causing damage and
manipulating computer accounts.
2. Section 65– Tampering, destroying and concealing(disguise) computer code.
3. Section 66– Acts of hacking leading to fraudulently accessing computer resource ,loss or damage to
the resource
4. Section 67– Acts related to publishing, transmission or causing publication of indecent/ dirty in
nature
Punishment in Section 65 and 66 is three years or fine up to two lakh rupees or both.
For Section 67 the first time offenders can be punished up to 5 years with a fine up to one lakhs of
rupees. A subsequent offense can lead to ten years of punishment and fine up to two lakhs of rupees.