CONTENTS

INTRODUCTION

HISTORY AND EVOLUTION

DEFINITION OFCYBER CRIME

CLASSIFICATION OF CYBER CRIME

SAFETY IN CYBER SPACE

CYBER CRIME IN INDIAN SCENARIO

CYBER LAWS

CONCULSION

BIBLIOGRAPHY
Abstract

As we all know that this is the era where most of the things are done usually over the internet
starting from online dealing to the online transaction. Since the web is considered as worldwide
stage, anyone can access the resources of the internet from anywhere. The internet technology
has been using by the few people for criminal activities like unauthorized access to other’s
network, scams etc. These criminal activities or the offense/crime related to the internet is termed
as cyber crime. In order to stop or to punish the cyber criminals the term “Cyber Law” was
introduced. We can define cyber law as it is the part of the legal systems that deals with the
Internet, cyberspace, and with the legal issues. It covers a broad area, encompassing many
subtopics as well as freedom of expressions, access to and utilization of the Internet, and online
security or online privacy. Generically, it is alluded as the law of the web.
1. INTRODUCTION

The invention of Computer has made the life of humans easier, it has been using for various
purposes starting from the individual to large organizations across the globe. In simple term we
can define computer as the machine that can stores and manipulate/process information or
instruction that are instructed by the user. Most computer users are utilizing the computer for the
erroneous purposes either for their personal benefits or for other’s benefit since decades 1 [1].
This gave birth to “Cyber Crime”. This had led to the engagement in activities which are illegal
to the society. We can define Cyber Crime as the crimes committed using computers or computer
network and are usually take place over the cyber space especially the Internet2 [2]. Now comes
the term “Cyber Law”. It doesn’t have a fixed definition, but in a simple term we can defined it
as the law that governs the cyberspace. Cyber laws are the laws that govern cyber area. Cyber
Crimes, digital and electronic signatures, data protections and privacies etc are comprehended by
the Cyber Law3 [3]. The UN’s General Assembly recommended the first IT Act of India which
was based on the “United Nations Model Law on Electronic Commerce” (UNCITRAL) Model.

We can define “Cyber Crime” as any malefactor or other offences where electronic
communications or information systems, including any device or the Internet or both or more of
them are involved . We can define “Cyber law” as the legal issues that are related to utilize of
communications technology, concretely "cyberspace", i.e. the Internet. It is an endeavor to
integrate the challenges presented by human action on the Internet with legacy system of laws
applicable to the physical world4.

DEFINITION OF CYBER CRIME

Cyber Crime Sussman and Heuston first proposed the term “Cyber Crime” in the year 1995.
Cybercrime cannot be described as a single definition, it is best considered as a collection of acts
or conducts. These acts are based on the material offence object that affects the computer data or
systems. These are the illegal acts where a digital device or information system is a tool or a

1
2
3
4
target or it can be the combination of both5. The cybercrime is also known as electronic crimes,
computer-related crimes, e-crime, hightechnology crime, information age crime etc. In simple
term we can describe “Cyber Crime” are the offences or crimes that takes place over electronic
communications or information systems. These types of crimes are basically the illegal activities
in which a computer and a network are involved. Due of the development of the internet, the
volumes of the cybercrime activities are also increasing because when committing a crime there
is no longer a need for the physical present of the criminal6. The unusual characteristic of
cybercrime is that the victim and the offender may never come into direct contact.
Cybercriminals often opt to operate from countries with nonexistent or weak cybercrime laws in
order to reduce the chances of detection and prosecution. There is a myth among the people that
cyber crimes can only be committed over the cyberspace or the internet. In fact cyber crimes can
also be committed without ones involvement in the cyber space, it is not necessary that the cyber
criminal should remain present online. Software privacy can be taken as an example.

HISTORY OF CYBER CRIME

The first Cyber Crime was recorded within the year 1820. The primeval type of computer has
been in Japan, China and India since 3500 B.C, but Charles Babbage’s analytical engine is
considered as the time of present day computers. In the year 1820, in France a textile
manufacturer named Joseph-Marie Jacquard created the loom. This device allowed a series of
steps that was continual within the weaving of special fabrics or materials. This resulted in an
exceeding concern among the Jacquard's workers that their livelihoods as well as their traditional
employment were being threatened, and prefer to sabotage so as to discourage Jacquard so that
the new technology cannot be utilized in the future7 [7].

Evolution of Cyber Crime The cyber crime is evolved from Morris Worm to the ransomware.
Many countries including India are working to stop such crimes or attacks, but these attacks are
continuously changing and affecting our nation.

1997 Cyber crimes and viruses initiated, that includes Morris Code worm and other.

5
6
7
2004 Malicious code, Torjan, Advanced worm etc.

2007 Identifying thief, Phishing etc.

2010 DNS Attack, Rise of Botnets, SQL attacks etc

2013 Social Engineering, DOS Attack, BotNets, Malicious Emails, Ransomware attack etc.

Present Banking Malware, Keylogger, Bitcoin wallet, Phone hijacking, Anroid hack, Cyber
warfare etc.

CLASSIFICATIONS OF CYBER CRIME

Cyber Crime can be classified into four major categories. They are as follows:

a) Cyber Crime against individuals: Crimes that are committed by the cyber criminals against an
individual or a person. A few cyber crime against individuals are:

Email spoofing: This technique is a forgery of an email header. This means that the message
appears to have received from someone or somewhere other than the genuine or actual source.
These tactics are usually used in spam campaigns or in phishing, because people are probably
going to open an electronic mail or an email when they think that the email has been sent by a
legitimate source8 [8].

Spamming: Email spam which is otherwise called as junk email. It is unsought mass message
sent through email. The uses of spam have become popular in the mid 1990s and it is a problem
faced by most email users now a days. Recipient’s email addresses are obtained by spam bots,
which are automated programs that crawls the internet in search of email addresses. The
spammers use spam bots to create email distribution lists. With the expectation of receiving a
few number of respond a spammer typically sends an email to millions of email addresses.

Cyber defamation: Cyber defamation means the harm that is brought on the reputation of an
individual in the eyes of other individual through the cyber space9 [9]. The purpose of making
defamatory statement is to bring down the reputation of the individual.

8
9
IRC Crime (Internet Relay Chat): IRC servers allow the people around the world to come
together under a single platform which is sometime called as rooms and they chat to each other.

Cyber Criminals basically uses it for meeting.

Hacker uses it for discussing their techniques.

Paedophiles use it to allure small children.

A few reasons behind IRC Crime:

Chat to win ones confidence and later starts to harass sexually, and then blackmail people for
ransom, and if the victim denied paying the amount, criminal starts threatening to upload
victim’s nude photographs or video on the internet.

A few are paedophiles, they harass children for their own benefits.

A few uses IRC by offering fake jobs and sometime fake lottery and earns money10 [10].

Phishing: In this type of crimes or fraud the attackers tries to gain information such as login
information or account’s information by masquerading as a reputable individual or entity in
various communication channels or in email.

Some other cyber crimes against individuals includes Net extortion, Hacking, Indecent exposure,
Trafficking, Distribution, Posting, Credit Card, Malicious code etc. The potential harm of such a
malefaction to an individual person can scarcely be bigger.

b) Cyber Crime against property: These types of crimes includes vandalism of computers,
Intellectual (Copyright, patented, trademark etc) Property Crimes.

Online threatening etc. Intellectual property crime includes:

Software piracy: It can be describes as the copying of software unauthorizedly.

10
Copyright infringement: It can be described as the infringements of an individual or
organization's copyright. In simple term it can also be describes as the using of copyright
materials unauthorizedly such as music, software, text etc.

Trademark infringement: It can be described as the using of a service mark or trademark

unauthorizedly.

c) Cyber Crime against organization: Cyber Crimes against organization are as follows:

Unauthorized changing or deleting of data.

Reading or copying of confidential information unauthorizedly, but the data are neither being
change

nor deleted.

DOS attack: In this attack, the attacker floods the servers, systems or networks with traffic in
order to overwhelm the victim resources and make it infeasible or difficult for the users to use
them11 [11].

Email bombing: It is a type of Net Abuse, where huge numbers of emails are sent to an email
address in order to overflow or flood the mailbox with mails or to flood the server where the
email address is.

Salami attack: The other name of Salami attack is Salami slicing. In this attack, the attackers
use an online database in order to seize the customer’s information like bank details, credit card
details etc. Attacker deduces very little amounts from every account over a period of time. In this
attack, no complaint is file and the hackers remain free from detection as the clients remain
unaware of the slicing.

Some other cyber crimes against organization includesLogical bomb, Torjan horse, Data
diddling etc.

d) Cyber Crime against society:

Cyber Crime against society includes:

11
Forgery: Forgery means making of false document, signature, currency, revenue stamp etc.

Web jacking: The term Web jacking has been derived from hi jacking. In this offence the
attacker creates a fake website and when the victim opens the link a new page appears with the
message and they need to click another link. If the victim clicks the link that looks real he will
redirected to a fake page. These types of attacks are done to get entrance or to get access and
controls the site of another. The attacker may also change the information of the victim’s
webpage.

SAFETY IN CYBERSPACE

List are some points, one should keep in mind while surfing the internet:

If possible always use a strong password and enable 2 steps or Two-step authentication in the
webmail. It is very important in order to make your webmail or your social media account
secured.

Guideline of strong password:

Password should be of minimum eight characters.

One or more than one of lower case letter, upper case letter, number, and symbol should be
included.

Replace the alike character. Example- instead of O we can use 0, instead of lower case l we can
use I etc. Example of strong password: HelL0 (%there %)

Thing need to avoid while setting the password:

Never use a simple password that can easily be decrypt Example- password

Personal information should never set as a password.

Repeating characters should be avoided. Example- aaaacc

Using of same password in multiple sites should be avoided

What is 2 step or Two-step authentication?

This is an additional layer of security that requires your user name and the password also a
verification code that is sent via SMS to the registered phone number. A hacker may crack your
password but without the temporary and unique verification code should not be able to access
your account.

Never share your password to anyone.

Never send or share any personal information like bank account number, ATM pin, password
etc over an unencrypted connection including unencrypted mail. Websites that doesn’t have the
lock icon and https on the address bar of the browser are the unencrypted site. The “s” stands for
secure and it indicates that the website is secure.

Don’t sign to any social networking site until and unless one is not old enough.

Don’t forget to update the operating system.

Firewalls, anti- virus and anti-spyware software should be installed in ones PC and should be
regularly updated.

Visiting to un-trusted website or following a link send by an unknown or by an un-trusted site

should be avoided.

Don’t respond to spam.

Make sure while storing sensitive data in the cloud is encrypted.

Try to avoid pop-ups: Pop-ups sometimes comes with malicious software. When we accept or
follow the pop-ups a download is performed in the background and that downloaded file contains
the malware or malicious software. This is called drive-by download. Ignore the pop-ups that offer site
survey on ecommerce sites or similar things as they may contain the malicious code.
CYBER CRIME’S SCENARIO IN INDIA(A FEW CASE STUDY)

a) The Bank NSP Case12

In this case a management trainee of a bank got engaged to a marriage. The couple used to
exchange many emails using the company’s computers. After some time they had broken up
their marriage and the young lady created some fake email ids such as “Indian bar associations”
and sent mails to the boy‘s foreign clients. She used the banks computer to do this. The boy‘s
company lost a huge number of clients and took the bank to court. The bank was held liable for
the emails sent using the bank‘s system.

b) Bazee.com case13

In December 2004 the Chief Executive Officer of Bazee.com was arrested because he was
selling a compact disk (CD) with offensive material on the website, and even CD was also
conjointly sold-out in the market of Delhi. The Delhi police and therefore the Mumbai Police got
into action and later the CEO was free on bail.

c) Parliament Attack Case14

The Bureau of Police Research and Development, Hyderabad had handled this case. A laptop
was recovered from the terrorist who attacked the Parliament. The laptop which was detained
from the two terrorists, who were gunned down on 13th December 2001 when the Parliament
was under siege, was sent to Computer Forensics Division of BPRD. The laptop contained
several proofs that affirmed the two terrorist’s motives, mainly the sticker of the Ministry of
Home that they had created on the laptop and affixed on their ambassador car to achieve entry
into Parliament House and the fake ID card that one of the two terrorists was carrying with a
Government of India emblem and seal. The emblems (of the 3 lions) were carefully scanned and
additionally the seal was also craftly created together with a residential address of Jammu and
Kashmir. However careful detection proved that it was all forged and made on the laptop.

12
13
14
d) Andhra Pradesh Tax Case15

The owner of the plastics firm in Andhra Pradesh was arrested and cash of Rs. 22 was recovered
from his house by the Vigilance Department. They wanted evidence from him concerning the
unaccounted cash. The suspected person submitted 6,000 vouchers to prove the legitimacy of
trade, however when careful scrutiny the vouchers and contents of his computers it unconcealed
that every one of them were made after the raids were conducted. It had been concealed that the
suspect was running 5 businesses beneath the presence of 1 company and used fake and
computerized vouchers to show sales records and save tax. So the dubious techniques of the
businessman from the state were exposed when officials of the department got hold of computers
utilized by the suspected person.

e) SONY.SAMBANDH.COM CASE16

India saw its 1st cybercrime conviction. This is the case where Sony India Private Limited filed
a complaint that runs a website referred to as www.sony-sambandh.com targeting the NRIs. The
website allows NRIs to send Sony products to their friends and relatives in India after they pay
for it online. The company undertakes to deliver the products to the involved recipients. In May
2002, somebody logged onto the web site underneath the identity of Barbara Campa and ordered
a Sony colour television set and a cordless head phone. She requested to deliver the product to
Arif Azim in Noida and gave the number of her credit card for payment.

The payment was accordingly cleared by the credit card agency and the transaction processed.
After the related procedures of dues diligence and checking, the items were delivered to Arif
Azim by the company. When the product was delivered, the company took digital pictures so as
to indicate the delivery being accepted by Arif Azim. The transaction closed at that, but after one
and a half months the credit card agency informed the company that this was an unauthorized
transaction as the real owner had denied having made the purchase.

The company had filed a complaint for online cheating at the CBI that registered a case under the
Section 418, Section 419 and Section 420 of the IPC (Indian Penal Code). Arif Azim was
arrested after the matter was investigated. Investigations discovered that Arif Azim, whereas

15
16
acting at a call centre in Noida did gain access to the number of the credit card of an American
national which he misused on the company’s site. The CBI recovered the color television along
with the cordless head phone. In this matter, the CBI had proof to prove their case so the accused
admitted his guilt. The court had convicted Arif Azim under the Section 418, Section 419 and
Section 420 of the IPC, this being the first time that a cybercrime has been convicted. The court,
felt that since the defendant was a boy of 24 years and a firsttime convict, a compassionate view
needed to be taken. Thus, the court discharged the defendant on the probation for one year.

Some , Section 67 and Section 70 of the IT Act are also applied. In this case the hackers hacks
ones webpage and replace the homepage with pornographic or defamatory page.

Introducing Viruses, Worms, Torjan etc

 Anyone who introduce any sort of malicious programs that can gain access to other’s electronic
device without victim’s permissions, provisions applicable for such offences are under Section
63, Section 66, Section 66A of the IT Act and Section 426 of the IPC.

Cyber Pornography

 Though pornography is banned in some countries, it is can be considered as the largest

business on the internet. Provisions Applicable for such crimes are under Section 67, Section
64A and Section 67B of the IT Act.

Source Code Theft

Provisions applicable for such crimes are under Section 43, Section 66 and Section 66B of the
IT Act17

17
12
 CYBER LAWS

Cyber Law took birth in order to take control over the crimes committed through the internet or
the cyberspace or through the uses of computer resources. Description of the lawful issues that
are related to the uses of communication or computer technology can be termed as Cyber Law.

3.2.1 What is the importance of Cyber Law?

Cyber law plays a very important role in this new epoch of technology. It is important as it is
concerned to almost all aspects of activities and transactions that take place either on the internet
or other communication devices. Whether we are aware of it or not, but each action and each
reaction in Cyberspace has some legal and Cyber legal views18 [13].

3.2.2 Cyber Law awareness program

Once should have the following knowledge in order to stay aware about the cyber crime:

One should read the cyber law thoroughly.

 Basic knowledge of Internet and Internet’s security

. Read cyber crime’s cases. By reading those cases one can be aware from such crimes.

Trusted application from trusted site can be used for protection of one’s sensitive information or
data. Technology’s impact on crime.

3.2.3 The Information Technology Act of India, 2000 According to Wikipedia “The Information
Technology Act, 2000 (also known as ITA-2000, or the IT Act) is an act of the Indian Parliament
(no 21 of 2000), it was notified on 17th October 2000. It is the most important law in India that
deals with the digital crimes or cyber crimes and electronic commerce. It is based on the United
Nations Model Law on Electronic Commerce 1996 (UNCITRAL Model) recommended by the
General Assembly of United Nations by a resolution dated 30 January 199719 [14].

18
19
Some key points of the Information Technology (IT) Act 2000 are as follows:

 E-mail is now considered as a valid and legal form of communication.

 Digital signatures are given legal validity within the Act. Act has given birth to new
business to companies to issue digital certificates by becoming the Certifying
Authorities.
 This Act allows the government to issue notices on internet through e-governance.
 The communication between the companies or between the company and the government
can be done through internet.
 Addressing the issue of security is the most important feature of this Act. It introduced
the construct of digital signatures that verifies the identity of an individual on internet.
 In case of any harm or loss done to the company by criminals, the Act provides a remedy
in the form of money to the company 20[15].

CYBER LAW IN INDIA

Following are the sections under IT Act, 2000

1. Section 65- Temping with the computers source documents Whoever intentionally or
knowingly destroy, conceal or change any computer’s source code that is used for a computer,
computer program, and computer system or computer network.

Punishment: Any person who involves in such crimes could be sentenced upto 3 years
imprisonment or with a fine of Rs.2 lakhs or with both.

2. Section 66- Hacking with computer system, data alteration etc

Whoever with the purpose or intention to cause any loss, damage or to destroy, delete or to alter
any information that resides in a public or any person’s computer. Diminish its utility, values or
affects it injuriously by any means, commits hacking.

Punishment: Any person who involves in such crimes could be sentenced upto 3 years
imprisonment, or with a fine that may extend upto 2 lakhs rupees, or both21 [16].

20
21
3. Section 66A- Sending offensive messages through any communication services

Any information or message sent through any communication services this is offensive or has
threatening characters.

Any information that is not true or is not valid and is sent with the end goal of annoying,
inconvenience, danger, insult, obstruction, injury, criminal intention, enmity, hatred or ill will.

Any electronic mail or email sent with the end goal of causing anger, difficulty or mislead or to
deceive the address about the origin of the messages.

Punishment: Any individual found to commit such crimes under this section could be sentenced
upto 3years of imprisonment along with a fine.

4. Section 66B- Receiving stolen computer’s resources or communication devices dishonestly

Receiving or retaining any stolen computer, computer’s resources or any communication devices
knowingly or having the reason to believe the same.

Punishment: Any person who involves in such crimes could be sentenced either description for a
term that may extend up to 3 years of imprisonment or with a fine of rupee 1 lakh or both.

5. Section 66C- Identify theft

Using of one’s digital or electronic signature or one’s password or any other unique
identification of any person is a crime.

Punishment: Any person who involve in such crimes could be sentenced either with a
description for a term which may extend up to 3 years of imprisonment along with a fine that
may extend up to rupee 1 lakh.

6. Section 66D- Cheating by personation by the use of computer’s resources

Whoever tries to cheats someone by personating through any communication devices or

computer’s resources shall be sentenced either with a description for a term that may extend upto
3 years of imprisonment along with a fine that may extend upto rupee 1 lakh.

7. Section 66E- Privacy or violation

Whoever knowingly or with an intention of publishing, transmitting or capturing images of
private areas or private parts of any individual without his/her consent, that violets the privacy of
the individual shall be shall be sentenced to 3 years of imprisonment or with a fine not exceeding
more than 2 lakhs rupees or both.

8. Section 66F- Cyber terrorism

A. Whoever intentionally threatened the integrity, unity, sovereignty or security or strike terror
among the people or among any group of people by

I. Deny to any people to access computer’s resources.

II. Attempting to break in or access a computer resource without any authorization or to exceed
authorized access.

III. Introducing any computer’s contaminant, and through such conducts causes or is probable to
cause any death or injury to any individual or damage or any destruction of properties or disrupt
or it is known that by such conduct it is probable to cause damage or disruptions of supply or
services that are essential to the life of people or unfavorably affect the critical information’s
infrastructure specified under the section 70 of the IT Act.

B. By intention or by knowingly tries to go through or tries to gain access to computer’s

resources without the authorization or exceeding authorized access, and by such conducts obtains
access to the data, information or computer’s database which is limited or restricted for certain
reason because of the security of the state or foreign relations, or any restricted database, data or
any information with the reason to believe that those data or information or the computer’s
database obtained may use to cause or probably use to cause injury to the interest of the
independence and integrity of our country India.

Punishment: Whoever conspires or commits such cyber crime or cyber terrorism shall be
sentenced to life time imprisonment.

9. Section 67- Transmitting or publishing obscene materials in electronic form

Whoever transmits or publishes or cause to publish any obscene materials in electronics form.
Any material that is vulgar or appeal to be lubricious or if its effect is for instance to tends to
corrupt any individual who are likely to have regard to all relevant circumstances to read or to
see or to hear the matter that contained in it, shall be sentenced on the first convict with either
description for a term that may extend upto five years of imprisonment along with a fine which
may extend upto 1 lakh rupee and in the second or subsequent convict it can be sentenced either
description for a term that may extend upto ten years along with a fine that may perhaps extend
to two lakhs rupees.

10. Section 67A- Transmitting or publishing of materials that contains sexually explicit contents,
acts etc in electronics form

Whoever transmits or publishes materials that contains sexually explicit contents or acts shall be
sentences for either description for a term which may extend upto 5 years or imprisonment along
with a fine that could extend to 10 lakhs rupees in the first convict. And in the event of the
second convict criminal could be sentenced for either description for a term that could extend
upto 7 years of imprisonment along with a fine that may extend upto 20 lakhs rupees.

11. Section 67B- Transmitting or publishing of materials that depicts children in sexually explicit
act etc in electronics form

Whoever transmits or publishes any materials that depict children in sexually explicit act or
conduct in any electronics form shall be sentenced for either description for a term which may
extend to 5 years of imprisonment with a fine that could extend to rupees 10 lakhs on the first
conviction. And in the event of second conviction criminals could be sentenced for either
description for a term that could extend to 7 years along with a fine that could extend to rupees
10 lakhs.

12. Section 67C- Retention and preservation of information by intermediaries

I. Intermediaries shall retain and preserve such information that might specify for such period
and in such a format and manner that the Central Government may prescribe.

II. Any intermediaries knowingly or intentionally contravene the provision of the sub-section.

Punishment: Whoever commits such crimes shall be sentenced for a period that may extend upto
3 years of imprisonment and also liable to fine.
13. Section 69- Power to issue direction for monitor, decryption or interception of any
information through computer’s resources

I. Where the Central government’s or State government’s authorized officers, as the case may be
in this behalf, if fulfilled that it is required or expedient to do in the interest of the integrity or the
sovereignty, the security defence of our country India, state’s security, friendly relations with the
foreign states for preventing any incident to the commission of any cognizable offences that is
related to above or investigation of any offences that is subjected to the provision of sub-section
(II). For reasons to be recorded writing, direct any agency of the appropriate government, by
order, decrypt or monitor or cause to be intercept any information that is generated or received or
transmitted or is stored in any computer’s resources.

II. The safeguard and the procedure that is subjected to such decryption, monitoring or
interception may carried out, shall be such as may be prescribed.

III. The intermediaries, the subscribers or any individual who is in the charge of the computer’s
resources shall call upon by any agencies referred to the sub-section (I), extends all services and
technical assistances to:

a) Providing safe access or access to computer’s resources receiving, transmitting, generating or

to store such information or

b) Decrypting, intercepting or monitoring the information, as the case might be or

c) Providing information that is stored in computer.

IV. The intermediaries, the subscribes or any individual who fails to help the agency referred in
the sub-section (III), shall be sentenced for a term that could extend to 7 years of imprisonment
and also could be legally responsible to fine22 [17].

There are many other sections in the IT Act, 2000 among them a few important sections one
should know are as follows:

Table: A few important sections one should know

22
 OFFENCES SEC. UNDER IT ACT, 2000
Damage to Computer, Computer System etc Section 43
Power to issue direction for blocking from public access of Section 69A
any information through any computer’s resources.
Power to authorize to collect traffic information or data and to Section 69B
monitor through any computer’s resources for cyber security.
Un-authorized access to protected system. Section 70
Penalty for misrepresentation Section 71
Breach of confidentiality and privacy Section 72
Publishing False digital signature certificates. Section 73
Publication for fraudulent purpose. Section 74
Act to apply for contravention or offence that is committed Section 75
outside India.
Compensation, confiscation or penalties for not to interfere Section 77
with other punishment
Compounding of Offences Section 77A
Offences by Companies. Section 85

Sending threatening messages by e-mail. Section 503 IPC

Sending defamatory messages by e-mail. Section 499 IPC

Bogus websites, Cyber Frauds. Section 420 IPC

Web Jacking. Section 383 IPC

E-mail Abuse. Section 500 IPC

Criminal intimidation by anonymous communications Section 507 IPC
Online sale of Drugs. NDPS Act
Online sale of Arms Arm Act
CHALLENGES OF FIGHTING CYBER CRIME

GENERAL CHALLENGES

Number of users

The popularity of the Internet and its services is growing fast, with over 2 billion Internet users
worldwide by 201023. Computer companies and ISPs are focusing on developing countries with
the greatest potential for further growth24.

In 2005, the number of Internet users in developing countries surpassed the number in industrial
nations25,while the development of cheap hardware and wireless access will enable even more
people to access the Internet. With the growing number of people connected to the Internet, the
number of targets and offenders increases. It is difficult to estimate how many people use the
Internet for illegal activities. Even if only 0.1 per cent of users committed crimes, the total
number of offenders would be more than one million. Although Internet usage rates are lower in
developing countries, promoting cyber security is not easier, as offenders can commit offences
from around the world.

Availability of devices and access

Only basic equipment is needed to commit computer crimes. Committing an offence requires
hardware, software and Internet access. With regard to hardware, the power of computers is
growing continuously. There are a number of initiatives to enable people in developing countries
to use ICTs more widely. Criminals can commit serious computer crimes with only cheap or
second-hand computer technology – knowledge counts for far more than equipment. The date of
the computer technology available has little influence on the use of that equipment to commit
cybercrimes. Committing cybercrime can be made easier through specialist software tools.
Offenders can download software tools designed to locate open ports or break password

23
According to ITU, there were over 2 billion Internet users by the end of 2010, of which 1.2 billion in developing
countries. For more information see: ITU ICT Facts and Figures 2010, page 3, available at:
www.itu.int/ITUD/ict/material/FactsFigures2010.pdf.
24
See Wallsten, Regulation and Internet Use in Developing Countries, 2002, page 2.
25
See: Development Gateway’s Special Report, Information Society – Next Steps?, 2005, available
at:http://topics.developmentgateway.org/special/informationsociety.
protection. Due to mirroring techniques and peer-to-peer exchange, it is difficult to limit the
widespread availability of such devices.

Availability of information

The Internet has millions of web pages of up-to-date information. Anyone who publishes or
maintains a webpage can participate. One example of the success of user-generated platforms is
Wikipedia26, an online encyclopedia where anybody can publish. The success of the Internet also
depends on powerful search engines that enable users to search millions of web pages in seconds.
This technology can be used for both legitimate and criminal purposes. “Googlehacking” or
“Googledorks” describes the use of complex search-engine queries to filter many search results
for information on computer security issues. For example, offenders might aim to search for
insecure password protection systems. Reports have highlighted the risk of the use of search
engines for illegal purposes. An offender who plans an attack can find detailed information on
the Internet that explains how to build a bomb using only chemicals available in regular
supermarkets27.

LEGAL CHALLENGES

Challenges in drafting national criminal laws

Proper legislation is the foundation for the investigation and prosecution of cybercrime.
However, lawmakers must continuously respond to Internet developments and monitor the
effectiveness of existing provisions, especially given the speed of developments in network
technology. Historically, the introduction of computer-related services or Internet-related
technologies has given rise to new forms of crime, soon after the technology was introduced.
One example is the development of computer networks in the 1970s – the first unauthorized
access to computer networks occurred shortly afterwards.843 Similarly, the first software
offences appeared soon after the introduction of personal computers in the 1980s, when these

26
Regarding the necessary steps to improve cybersecurity, see: World Information Society Report 2007,page 95,
available at: www.itu.int/osg/spu/publications/worldinformationsociety/2007/WISR07_full-free.pdf.
27
World Information Society Report 2007, ITU, Geneva, available at: www.itu.int/wisr/
systems were used to copy software products. It takes time to update national criminal law to
prosecute new forms of online cybercrime28.

Indeed, some countries have not yet finished with this adjustment process. Offences that have
been criminalized under national criminal law need to be reviewed and updated. For example,
digital information must have equivalent status as traditional signatures and printouts.844
Without the integration of cybercrime-related offences, violations cannot be prosecuted. The
main challenge for national criminal legal systems is the delay between the recognition of
potential abuses of new technologies and necessary amendments to the national criminal law.
This challenge remains as relevant and topical as ever as the speed of network innovation
accelerates. Many countries are working hard to catch up with legislative adjustments.845 In
general, the adjustment process has three steps: adjustment to national law, identification of gaps
in the penal code, and drafting of new legislation.

New offences

In most cases, crimes committed using ICTs are not new crimes, but scams modified to be
committed online. One example is fraud – there is not much difference between someone
sending a letter with the intention to mislead another person and an e-mail with the same
intention.849 If fraud is already a criminal offence, adjustment of national law may not be
necessary to prosecute such acts. The situation is different if the acts performed are no longer
addressed by existing laws. In the past, some countries had adequate provisions for regular fraud,
but were unable to deal with offences where a computer system was influenced, rather than a
human. For these countries, it has been necessary to adopt new laws criminalizing computer-
related fraud, in addition to the regular fraud. Various examples show how the extensive
interpretation of existing provisions cannot substitute for the adoption of new laws.

Developing procedures for digital evidence

Especially due the low costs857 compared to the storage of physical documents, the number of
digital documents is increasing.858 Digitization and the emerging use of ICTs has a great impact

28
The fact that the offenders are not only based in western countries is proven by current analysis that suggests for
example that an increasing number of phishing websites are hosted in developing countries. For more details, see:
Phishing Activity Trends, Report for the Month of April 2007, available at:
www.antiphishing.org/reports/apwg_report_april_2007.pdf. Regarding phishing, see above: § 2.9.4.
on procedures related to the collection of evidence and its use in court. As a consequence of this
development, digital evidence has been introduced as a new source of evidence29. It is defined as
any data stored or transmitted using computer technology that supports the theory of how an
offence occurred. Handling digital evidence is accompanied with unique challenges and requires
specific procedures. One of the most difficult aspects is to maintain the integrity of the digital
evidence. Digital data are highly fragile and can easily be deleted or modified. This is especially
relevant for information stored in the system memory RAM that is automatically deleted when
the system is shut down and therefore requires special preservation techniques30.

In addition, new developments can have great impact on dealing with digital evidence. An
example is cloud computing. In the past, investigators were able to focus on the suspects’
premises when searching for computer data. Today, they need to take into consideration that
digital information might be stored abroad and can only be accessed remotely, if necessary.
Digital evidence plays an important role in various phases of cybercrime investigations. It is in
general possible to separate four phases. The first phase is identification of the relevant evidence.
It is followed by collection and preservation of the evidence. The third phase includes the
analysis of computer technology and digital evidence. Finally, the evidence needs to be
presented in court

29
Lange/Nimsger, Electronic Evidence and Discovery, 2004, 1. Regarding the historic development of computer
forensics and digital evidence, see: Whitcomb, An Historical Perspective of Digital Evidence: A Forensic Scientist’s
View, International Journal of Digital Evidence, 2002, Vol.1, No.1.
30
Regarding the difficulties of dealing with digital evidence on the basis of traditional procedures and doctrines, see:
Moore, To View or not to view: Examining the Plain View Doctrine and Digital Evidence, American Journal of
Criminal Justice, Vol. 29, No. 1, 2004, page 57 et seq.