University

Strictly as per the New Revised Syllabus (Rev. 2016) of Mumbai

CYBER SECURITY
and Grading System)
w.e.f. academic year 2019-2020 (As per Choice Based Credit

AND LAWS |
(Tretitiutoa
(Institute
lava
Level
ai mal
Uptional
Caure
Ut USE)
ra:
(Code .

Semester VII - Common to All Branches

Suvarna Shirke - Pansambal

ee TechKnowledge
“BP publications

an ee ETE EEE PELE ELE SEEN SO ee

Scanned by CamScanner
 WEA
a4) ¥; jee
SYLLABUS
esse
SSE

”
emer PEKTIELANRY OETA T e y" aie
Course Code Course Name Credits

ILO 7016 Cyber Security and Laws 03

Objectives:
1. To understand and identify different types cybercrime and cyber law

2. To recognized Indian IT Act 2008 and its latest amendments

3. To leam various types of security standards compliances

Outcomes : Learner will be able to...

Understand the concept of cybercrime and its effect on outside world

_

Interpret and apply IT law in various legal issues

N

Distinguish different aspects of cyber law

Y

Apply Information Security Standards compliance during software design and development
>

Hrs
Sr. No. 5 eetais

Introduction to Cybercrime:

and origins of the world, Cybercrime and information security,

01 Cybercrime definition
global Perspective on
Classifications of cybercrime, Cybercrime and the Indian ITA 2000, A
(Refer Chapter - 1)
cybercrimes.

Cyber offenses & Cybercrime:

Social Engg, Cyber stalking, Cyber café and Cybercrimes,

How criminal plan the attacks,
of Mobile and Wireless Devices, Trends in
Botnets, Attack vector, Cloud computing, Proliferation
ing Era, Security Challenges Posed
02 Mobility, Credit Card Frauds In Mobile and Wireless Comput
Authentication Service Security, Attacks
by Mobile Devices, Registry Settings for Mobile Devices,
tions for Organizations, Organizational
on Mobile/Cell Phones, Mobile Devices: Security Implica
Issues, Organizational Security Policies
Measures for Handling Mobile, Devices-Related Security
(Refer Chapter - 2)
and Measures in Mobile Computing Era, Laptops

Tools and Methods Used In Cyberline :

es, Virus and Worms, Steganography, 6
03 Phishing, Password Cracking, Key loggers and Spywar
Attacks on Wireless Networks,
DoS and DDoS Attacks, SQL Injection, Buffer Over Flow,
(Refer Chapter -3)
Phishing, Identity Theft (ID Theft)

(Book Code ; MO137A)

Scanned by CamScanner
 Table of Contents
Wy cyber Security and Laws (MU-Sem 7)
1

[vat]
1-1 to 1-13
Chapter 1: Ir to Cybercrime
‘The Concept
of Cyberapace ©
Security Aspoct of Cyber Law, The
E-Commerce , The Contract Aspects In Cyber Law ,The :
‘syllabus:
security, Classifications of cybercrime,
Law , The Criminal e and Information
Law, The Evidence Aspect In Cyber Cybererim 8 dofinition and origins of the world, Cybercrim
smncnectval Property Aspect in Cyber Data on cybercrimes
= Aspect in Cyber Law, Global Trends in Cyber Law
for Electronic
, Legel Framework Cybercrime and the Indian ITA 2000, A global perspective
Cybercrime Definition and Origins of the World.
Cyber Law
Banking, The Need lor an indian
Interchange Law Relating to Electronic 4.1. 13
(Refer Chapter - 4) Security
1.2 Cybercrime and | 15
13 «Cl of Cybereri
indian
IT Act : 1s
2000, 6 131 Oy against
os Cyber Crime and Criminal Justice: Penalties, Adjudication and Appeals Under tha IT Act, 5) 16
(Refer Chapter -
TT Act. 2008 and tts Amendments 4.3.2 Cybercrime against Property
17
Information
Securtty Standard compllances : 133 © against O
6 1-9
(Refer Chapter- 6)
“ SOX, GLBA, HIPAA, ISO, FISMA, NERC, PCI. 1.3.4 Cybercrime against Society

1.3.5 Crimes Emanating from Usenet Newsgroup...

goog 14 Cybercrime and the Indian ITA 2000
1.8 AGlobal Perspective on Cy

[view]
2-1 to 2-34
Chapter 2: Cyber Offenses and Cybercrime

[Syllabus =
How criminal plan the attacks, Social engg, Cyber stalking, Cyber café and cybercrimes, Bomne's, Attack vector, Cloud
in Mobile and wireless
computing, Proliferation of mobile and wireless devices, Trends in mobility, Credit card trauds Authentication service
Computing era, Security challenges posed by mobile devices, Registry settings for mobile devices,
security, Attacks on mobile/cell phones, Mobile devices: Security implications for organizations, Organizational measures
for handling mobile, Devices-related security issues, Organizational security policies and measures in mobile computing
era, Laptops.
241
24 How Criminals Plan the Attacks

Engi 24
2.2 Social
23° 268

2.4 Cyber Cate and Cy 26

28
25 Botnets

2-10
26 Attack Vector

27 Cloud C 241

(Book Code : MO137A)

Scanned by CamScanner
 3
W cytes Bocunty and Laws (MU-Ser7) - Wy _cypar Security and Laws (AU-Sem7) Table
of Contents
Computing ——
2.7.1 Types of Attacks on Cloud
ss Devices a-nnsmrmm nr
28 Profilerabon of Mobile and Wirele
Chapter 3: Tools and Methods used In Cyberline 3-110 3-27
[syttebus :
Phishing, Password cracking, Key loggers and spywares, Virus and worms, Steganography, DoS and DDoS atlacks, SQL |
Injection, Bufler over flow, Attacks on wireless networks, Phishing, Identity Thett (IO Thett) |
31 Phish Ee)
3.1.1 Features of Phishing Mail a
3.1.2 Phishing Techniques 32
>. 3.1.3 1g Phishing Attack 33
2.13.3 RAS Secumty for Mobile Devices 3= 32 Password Cracking ss
2.13.4 Media Player Control Security -20
3.2.1. Prevention and Ri 4
2.13.5 Networking AP! Security for Mobile Computing Applications.
3.22 Protecting the Network against Social Engineers
2.14 Aflacks on Mobila/Cell Phones at
3.2.3 Password Cracking Tools 35
2.14.1 Mobile Phone Thett 2-21
t
3.3 Key Loggers and Spy 25
2142 Mobile Viruses 2-22
3.3.1 Key- Loggers 35
2143 Hacking Bluetooth. 2-22 |
| 3.3.1(A) Types of Keylogger 36
2164 Mishing 2-24
3.3.1(B) Spreading 37
2.14.5 Vishing 2-24 \
3.3.1(C) Preventior 38
2.14.6 Smishing 2-25
3.3.1(0) Keylogger Tools 38
218 Mobile Devices: Security for Or 2-26
3.32 Spy 38
2.15.1 Managing Diversity and Proliferation of Hand-Held Devices .....
\ 34 Virus and Worms. 310
2.15.2 Educating the Laptop Users 2-26 \
3.4.1 Virus. 3-10
2.15.3 Protecting Data on Lost Devices 2-26 t
3.4.2. Worms a1
2.154 L Storage Devices. ; -27 |
3.4.3 Difference between Virus and Worms...
2.15.5 Threats through Lost and Stolen Devices. 2-27 |
| 35 312
2.16 — Organizational Measures lor Handling Mobile Devices-Related Security Issues... aut a31
5. ry
2.17 Organizational Security Policies and Measures in Mobile Computing Era.
3.5.2 Difference between Steganography and Cryptography
218 Laptops. 231
36 DoS and DDoS Attacks 314

3.6.1 DoS Attack B14

ve

Scanned by CamScanner
 Table of Contents

Wy_Cyber Security and Laws (MU-Sem 7) 5 Table of Contents

Wy cyper Security and Laws (MU-Sem7)
3-15

DD08 Attach .... sen

4.6.1 Characteristics of Electronic Records... 4-22
362

36.3 s Attacks «=~

cf DDOS
Type 462 of Electronic Records 4-23

37 SQL Injection...
463 and 424

38 Buffer Overflow ..... “ 4.6.3(A) for Cc y 425

.
38 Attacks on W! ireless Networks
..." 4.6.3(B) Authorship of an Electronic Record.

3.10 Identity Theft (1D Theft) 4.6.4 — Probative Value of Electronic Evidence...

3.10.1 Typ esTheft

of Kienttty 47 The Criminal Aspect In Cyber Law. 427

3.10.2 Techni used forque Thef..

Kdentty s 47.41 — Strategy for 1g Computer Crime.
3.10.3 Wam of Identity The?
Signsing 4.7.2. Amendments ta Indian Penal Code 1860.....

3.10.4 Rec ove

from identity Thefl....
ry 48 Global Trends in Cyber Law.

4.8.1. The Contract Aspect

4-1 to 4-47
4.8.2 The Security Aspect
Chapter
4: The Concept of Cy
48.3 The Property Aspects
[eytabus : 49 Legal Framework for Electronic Data Interchange...
cyber law, The intellectual property aspect In cyber|
IE-Commerce, The contract aspects in cyber law ,The security aspect of 4.9.1 The Electronic Data Interchange Scenario in India .
law, Legal framework for
law, The evidence aspect in cyber law, The criminal aspect in cyber law, Global trends in cyber 4.10 Law Relating to Electronic Banking. 4-39
Jelectronic data interchange law relating to electronic banking, The need for an indian cyber law
4.11. The Need for an Indian Cyber Law. 444
41° E-Con a1
42 > Aspects in Cyber Law
The Contract 42
421 of Contract 4-3
Chapter 5: Indian IT Act 5-1 to 5-22
422 Legal site of an E- Contract 4-4
46 {Syllabus :
42.3 Click and Wrap Contracts
Wrap Contract 46 Cyber crime and criminal justice: Penalties, Adjudication and appeals under the IT Act, 2000, IT Act. 2008 and tts
424 — Shrink
lamendments
425 Difference between Click and Wrap Contract and Shrink and Wrap Contract... 51
5 Cyber Crime and Criminal Justice.
43 ‘The Security Aspect of Cyber Law
5.1.1 Concept of ‘Cyber Crime’ and the IT Act, 2000
44° Certitying Authorities and Liability in the Event of Digital Signatura Compromise ....
5.1.2 Hacking 52
4.4.1 Recognition of Foreign Certifying Authorities ...
5.1.3 Teenage Web Vandals 54
442 Commencement of Operation by Licensed Certifying Authorities
(Rule 20 of certifying Authority's Rules 2000)... 5.1.4 Cyber Fraud and Cyber Cheating...

45 The Intellectual Property Aspect in Cyber Law... 5.1.4(A) Fraud 55

46 The Aspect in Cyber Law. 4-20 5.1.4(B) Section 415 : Cheating 55

veo

eat

Scanned by CamScanner
—————___er

Table of Contants

Wr Cyber Securty and Laws (MUSED7)

5.1.5 Virus
on the Internet =
5.1.6 Detamasion, Harnesment and E- mal Abuse Introduction to Cybercrime
517 Cyber Pomography.--——

5.2 Monetary Penalties, Adjudication

and Appeals
under IT Act 2000...
53 IT Act 2008 and ts Amendments...
Syllebus
531 IT Act 2008 Amendments
Cybercrime dofinition and origins of the world, Cybercrime and information security, Classifications of cybercrime,
Cybercrime and the Indian ITA 2000, A global perspective on cybercrimes
C 6-1 to 6-11
Chapter 6 : Security Standard 1.1. Cybercrime Definition and Origins of the World

Syllabus:
The definition of cybercrime is not defined in Information Technology Act, 2000 and also its expressions are not used.
The IT Act, 2000 only gives the definitions of certain offences and punishments for certain offences.
SOX. GLEA, HIPAA, {SO. FISMA_ NERC, PCI
6-1 If we define cyber crime narrowly, then cybercrime is defined as the crimes which are mentioned in information
61 sox Ontey Act) Co Technology Act, 2000. The cybercrimes are restricted to tamper done with the computer source code, cyber
6-2 pornography, hacking, email abuse, harassment, defamation, IPR theft, cyber fraud etc.
GLBA C

62.1 Working
of GLBA Comp!
63 If we define cyber crime broadly, then cybercrime is any act of commission committed on of via or with the help of
internet, whether connected directly or indirectly, which is prohibited by law and for which punishment, monetary
63 HIPAA Cor
6-4 and/or corporal is provided. This definition is applied for and punishes only certain cyber offences and is not
exhaustive of all the cyber crimes.
64 sO
65
For example, if a person is giving death threat through the internet, he is liable for offence of criminal intimidation
6-7 under Section 506 of Indian penal code 1860 and no offence under the IT Act this, offence Is still known as cyber crime
es FISMA Compliance

65 NERC Compliance . 6-8 as per the broad definition.

In the 70s, we saw criminals taking advantage of the tone system used on phone networks. The attack was called
67 — PCI (Payment Card Industry) Compliance phreaking, where the attacker reverse-engineered the tones used by the telephone companies to make lang distance
calls.
67.1 GOALS
of PCI 6-10
In 1988, the first computer warm made its debut on the internet and caused a great deal of destruction ta
‘organizations. This first worm was called the Morris worm, after its creator Robert Morris. While this worm was not
goa riginally intended to be malicious it still caused a great deal of damage. The U.S. Government Accountability Office in
1980 estimated that the damage could have been as high as $10,000,000.00.
1989 brought us the first known ransom ware attack, which targeted the health care industry. Ransom ware is a type
‘of malicious software that locks a user’s data, until a small ransom is paid, which will result in the issuance of a
cryptographic unlock key. In this attack, an evolutionary biologist named Joseph Popp distributed 20,000 floppy disks
across 90 countries, and claimed the disk contained software that could be used to analyze an individual's risk factors
for contracting the AIDS virus, The disk however contained a malware program that when executed, displayed a
message requiring the user to pay for a software license. Ransom ware attacks have evolved greatly over
the years
with the health care field still beinga very large target.
The 90s brought the web browser and email to the masses, which meant new tools for cyber criminals to exploit.
This
allowed the cyber criminal to greatly expand their reach. Up till this time, the cyber criminal needed to initiate a
Physical transaction, such as providing a floppy disk. Now cyber criminals could transmit virus code over the internet
in these new, highly vulnerable web browsers. Cyber criminals took what they had learned previously and modified it
to operate over the internet, with devastating results. Cyber criminals were also able to reach out and con people
from a distance with phishing attacks. No longer was it necessary to engage with individuals directly. You could
attempt to trick millions of users simultaneously. Even if only a small Percentage of people took the bait you stood to
make a lot of money as a cyber criminal.

Scanned by CamScanner
————_

a
Introduction to Cybercrime
1-2 WY cyber Security and Laws (MU-Sem 7) 1-3 Introduction to Cybercrime
Wr cyber Secunty and Laws (MU-Sem7) criminahel
d f ne berv saty the
ls with
theft. A bullseye 2% painte
saw the rise of Kdentity Identif
brough Personal iable Information (Pt),
making ¢. Hacking into medical Institution databases and changing or deleting facts that could result in incorrect, risky
teen A es contain
y n of databas
the creatio
anesing ™! ja of users’ _ remedy of a patient or sutferers,
the world.
new financial piggy bank for
criminal organizations around
ds A
cyber criminals to
of dothers
blicameallowe d. Disrupting the electric power grid, this will motive lack of air conditioning in summer and warmth in iciness or
ess
coupled with a lack of cybersecurity awaren * <
This informa tion
account s and result in the dying of folks.
commit all typ esal fraud such as opening bank
of financi gotten faster and more
AS computer systems have
has only gotten worse. Today we have botnets,
Cyberpunk
Today we see that cyber criminal activity ticate d and harder to catch,
has becom e more sophis
complex we see that the cyber criminal l element to
ous software ani \d allow the crimina The term, combining "cyber" and punk, possibly originated in 1980 with Bruce Bethke's short story, "Cyberpunk." The
that are infected with malici
which are a network of private computers s allow the er iminal element to overload
across¢ he globe. These botnet people who are specialized in cryptography and crackers are those people who crack into computer security system.
control millions of infected computer systems Several categories of groups associated with cyberpunk :
origin of the criminals:
organizational networks and hide the
see constant ransom ware attacks across all sectors of the economy. o Hacker, who represent the best kind of cyberpunk
© We
constantl y on the lookout for identity theft and financial fraud. © Cracker, who attempt to break into computer systems
© People are hospitality
point of sale attack against major retailers and
Continuous news reports regarding the latest © Phreaker, who attempt to break into telephone systems
°

organizations. co Cyber-punks, who attempt to break codes and foil security systems.
5 from/of cyberspace are used as a vehicle to
Cybercrime is crime committed within cyberspace or where element:
(Cyberwarfare
commit a crime, and so on for other derived terms.
it Is not always clear what exactly that term describes and
Today, the word “cyberspace” is used in many contexts, but Cyberwarfare is computer- or network-based conflict involving politically motivated attacks by a nation-state on
is that all other terms (e.g., cyber security,
what it means. The reason why the term “cyberspace” Is chosen another nation-state. In these types of attacks, nation-state actors attempt to disrupt the activities of organizations or
derived from, cyberspace itself. So, it is necessary to
cybercrime, cyberwarfare, cyberterrorism, etc.) are based on, or nation-states, especially for strategic or military purposes and cyber espionage.
cyberpunk. Let’s see It one by one.
know what Is cyberspace, cybersquatting, cyberterrorism, cyber warfare, Although cyberwarfare generally refers to cyber attacks perpetrated by one nation-state on another, It can also
Cyberspace describe attacks by terrorist groups or hacker groups aimed at furthering the goals of particular nations. Cyberwarfare
He defined the term can take many forms, including :
The term ‘Cyberspace’ was coined by William Gibson In his book ‘Neuromancer' written in 1984.
as a consensual hallucination experienced daily by billions of legitimate operators, in every nation, by children being Viruses, computer worms and malware that can take down water supplies, transportation systems, power grids,
°

q does not have a d, obje Instead, it is used to critical infrastructure and military systems.
taught
of data floating around
describe the virtual world of computers. For example, an object in cyberspace refers to a block Denial-of-Service (DoS) attacks, cyber security events that occur when attackers take action that prevents
°

a computer system or network. With the advent of the Internet, cyberspace now extends to the global network of legitimate users from accessing targeted computer systems, devices or other network resources.
cyberspace.
computers. So, after sending an e-mail to your friend, you could say you sent the message to her through Hacking and theft of critical data from Institutions, governments and businesses.
°

However, use this term sparingly, as it is a popular newble term and is well overused. Ransomware holds computer systems hostage until the victims pay ransom.
Cybersqustting
1.2 Cybercrime and Information Security
Cybersquatting is registering, selling or using @ domain name with the Intent of profiting from the good will of
of Cybercrimes are increasing due to Lack of Information security. From an Indian viewpoint, the new ITA 2008 gives a
someone else's trademark. It generally refers to the practice of buying up domain names that use the names
new focus on Information Security in India.
existing businesses with the Intent to sell the names for a profit to those businesses.
Cybersecurity means protecting Information, communication device, equipment, devices, computer, computer
Cyberterrorism resource, and information stored in that from unauthorized access, use, revelation, interruption, alteration or
of the usage of damage.
Cyberterrorism is committed and planned activity In cyberspace via computer networks. It consists
well as
e-mail for communications among co-conspiratars to communicate records for use In violent activities as Cybersecurity includes both the physical security of devices and the information stored in that. It covers protection
recruiting terrorist institution Individuals through Internet sites. from unauthorized access, use, disclosure, disruption, modification and destruction.
Where financial losses to the organization due to insider crimes are concerned for example, leaking customer data,
It also includes :
often some difficulty Is faced In estimating the losses because the financial impacts may nat be detected by the
a. Airvisitors control computer systems, which reason the planes to collide or crash. victimized organization and no direct costs may be associated with the data theft.

b. it ie water plant compi ta reason of water supplies. Cybercrimes take up a vital space in information security domain because of their Impact. For anyone trying to
Compile data on business Impact of cybercrime, there are number of challenges.
¥:

Scanned by CamScanner
 y>S>>——E—E————

e Introduction to Cy rime
Iction to Cybercrim WW Cyber Socuntty and Laws (MU-Sem7)
15

1-4 oriety of
t majee Classifications of Cybercrime
2 the cos! t of the vas 1.3
urity icitly incorpo! om
Woe Sec jons do not expl for the shr ink age Of BO
1.3.1 Cybercrime against Individual
i an account
@ s opp osed .d to, to, say,
into e thelr accounting E-mall spoofing and other online frauds
‘com pute securityI incidentsS
rr sto have originated from someone or
corporate data
the he corp ‘©. Email spoofing is the forgery of an email header so that the message appear
e e
tary value to
culty in attaching
2 quantifiable mone
somewhere ath ‘er than the actual source. Email spoofing
is a popular tactic used In phishing and spam campaigns
s from he diffi
lenge come thi ey think it has been sent by a legitimate or familiar
2 ‘Thereeother chal negative because people are more likely to open an email when
attempt to avold to open, and possibly even respond to, a solicitation, Spoof
oximate. In an a. source, The goal of email spoofing is to get recipients
losses often mains appr s Including cybercri
me.
= to these reasonaa
Due aaa s, a nnerfinancial ling facts andi" figur es about security Incl ident 7 emails sometimes contain attachments that install
malware such a s Trojans or viruses when opened. In many
s 3 from revea by pee spread to your entire network.
publicity, most organi zation
bea rent than that made out cases, the malware Is designed to go beyond infecting your computer and
s percep tion al bout insid er attacks seems tO be diffe s. When we spea k of financial “ere engin eering the ability to convince a human user to believethat
Usually, organization tends to be low In most
organization by the This aspect of spoofing relies heavily on social
vendor. Awareness about data privacy toocrimes, such as leaking customer data, such crimes cannot
be detected to take action and open an attachment, transfer money, et
9
what they're seeing Is legitimate, prompting them
the organization and significant insidercosts may be linked with the theft. cetera.
victimized organization and no direct Phishing, spear phishing
to you Into performing a specific
Cybereriminals
| © Phishing and spear phishing are very common forms of email attack designed a matter of
are :
‘The activities carried out by cybercriminals action typically clicking on a mi alicious link or attachment. The difference between them is primarily
= Password trafficking targeting.
the expectation that
= sound recording) piracy
Copyright (software, movie, Phishing e-mails are sent to very large numbers of recipients, more or less at random, with
company mught
only a small percentage will respand. An apparently official email from, say, 2 well-known delivery
°

— Trademark counterfering and matware might be

arrive, saying that “Your package has been delayed, lick here for details.” Click the link
= Countertesting
of currency your name, address,
downloaded onto your device, or you might go to a fake website where you're asked to enter
- Data transfer theft | and social-security number. That information would then be sold on the black martet or used for fraud of Wentiny
- Misuseof computer time | theft.
- Computer intrusion (Le. hacking) Spear phishing emails are carefully designed to get a single recipient to respond. Criminals select an individual
°

- Computer output theft target within an organization, using social media and other public information and craft a fake e-mail tallored for
that person. For example, share online that you will be traveling to Manali soon, and you might get an email from
- Desktop forgery
2 colleague (apparently), saying “Hey, while you're in Manali you've got to eat at Harry's Grill, check out thelr
menu.” Click the link, and while you're studying the menu, malware is inserted into your computer. Another
- — Ohid pornogra phy
or exptoitat ion. version might apparently come from your CEO, who's travelling abroad and says his phone and wallet and brief
= Child explotation and internet fraud matters that have a mail nexus. case have been stolen, can you wire five thousand dollars to this pumber right away ?
- internet fraud. Spamming
= Internet harassment. ~
© Spamming uses electronic messaging systems, most commonty e-mails in sending mezsages that host matware,
- Ofverstaling fake links of and other mal progr » Email is very popular. L bute
Cybercremmnals are those wha conduct such acts. They can be categorized into three groups that reflect their from unfamiliar organizations, companies, a and roups are sent to large numbers of users. deals, pane,
and other attractive components to deceive users. ween ,
meta
onals, politically motivated Cyber defamation
L Hungry for recognition ; These are the cybercriminals which are Hobby hackers, IT professi
hackers, terrorist orpararations. © Cyber defamationjnereiplanereaieesdieniedneal punted eemrriigleiiemialinde-aeedind
2 Not in arese
2 The the cybercriminals which are Derverts, " " or amy ng any person to harm, oF o
hackers, state- spo
hacking organizered
ardrsa d creranals. a [eason to believe that such imputation will harm, the reputation of such person, ts sad, except in the cases
3. The insiders. These are the cytercriminais which are unhappy or ex- employees seeking revenge, rival companies einatter expected, to detame that person . in simple language defamation means damage Core to the
using explores to get exoecrma: strertage through Camage oF theft. " aadetad os deienaee Battie Cee ermal Gerogatory of Mecta 4 6 not
Sie, the usual purpose betand c(uercrime teem to be preed, want to get power or publicity, desire for revenge, a sense ' consider as defamation. ae Meena is wrring a mail to Meets which contains Gerogstory comments about
Of admemeare, i seardh of hel to access prohioted information, Gestructive mindset and desire to well network security
wereces.
—
wr

Scanned by CamScanner
 Introduction to Cybercrime WY _cybor Socurity and Laws (MU-Sem 7) 17 Introduction to Cybercrime
16
W cyber Securty and Laws (MU-Sem7) 4.3.3. Cybercrime against Organization

Cyberstalking and harassment er is subjected to & ‘embarrassment of online Unauthorized accessing of computer
ssment where the us a user
© This kind of cybercrime Involves online hara use social media, we! psites and search engines to intimidate
for
o Unauthorized access is when someone gains access to a website, program, server, service, or ather system using
messages and e-mails. Typically cyberstal Ikers
s the pers! ‘on feel afraid or concerned someone else's account or other methods. For example, if someone kept guessing a password or username for an
their victim and make
‘and instill fear. Usually, the cyberstalker knows account that was nat theirs until they gained access, it is considered unauthorized access,
their safety. Password sniffing
Computer sabotage functloning of a computer
r system
ti
© Password sniffingis a technique used to gain knowledge of passwords that involves monitoring traffic on a
Internet to hamper the normal
Computer sabotage mean: s, making use of the network to pull out information. There are several software's available for automatic password sniffing.
OF logical bo mbs.
through the introduction of worms, viruses
Denial-Of-Service attacks (DoS attacks)
Pornographic offenses or
create, display, distribu te, Import, or publish pornography © A Denial-of-Service (DoS) attack is an explicit attempt by attackers to deny service to intended users of that
© Cyber pornography is the act of using cybers| ace to aphic content has now been largely
obscene materials. With the advent of cyli"berspace, traditional pornogr service. It involves flooding a computer resource with more requests than it can handle consuming its available
bandwidth which results in server overload.
replaced by online/digital pornographic content.
ion Technology
legalized In some. In India, under the Informat
© Cyber pornography is banned in many countries ‘and This causes the resource (e.g. a web server) to crash or slow down significantly so that no one can access it. Using
but not legalized either.
°

‘Act, 2000, this is a grey area of the law, where it is not prohibited this technique, the attacker can render a web site inoperable by sending massive amounts of traffic to the
The following are the pornographic offences: targeted site. A site may temporarily malfunction or crash completely, in any case resulting in the inability of the
a. Publication : Which would include uploading on a website, what's app
group or any other digital portal where system to communicate adequately. DoS attacks violate the acceptable use policies of virtually all internet service
third parties can have access to such content. providers,
what's app or
b. Transmission : This includes sending obscene photos ar images to any person via email, messaging, Another variation to a denial-of-service attack is known as a “Distributed Denial of Service” (DDoS) attack where in
a number of geographically wide spread perpetrators flood the network traffic. Denial-of-Service attacks typically
°

up making the
& Causing to be published or transmitted : This is a very wide terminology which would end
content. The
intermediary portal liable, using which the offender has published or transmitted such obscene target high profile web site servers belonging to banks and credit card payment gateways. Websites of companies
provider
intermediary guidelines under the information technology act put anonus on the Intermediary/service such as Amazon, CNN, Yahoo, Twitter, and eBay! are not spared either.

to exercise due diligence to ensure their portal is not being misused. Virus attack/dissemination of viruses
Password sniffing © Computer viruses are small software programs that are designed to spread from one computer to another and to
© Password sniffing is a technique used to gain knowledge of passwords that involves monitoring traffic on a interfere with computer operation. A virus might corrupt or delete data on the victims computer, use the victims
network to pull out information. There are several softwares available for automatic password sniffing. e-mail program to spread itself to other computers, or even erase everything on the victim's hard disk. Viruses are
13.2 Cybercrime against Property easily spread through email attachment or instant messages. Viruses can be disguised as attachments of funny
images, greeting cards, or audio and video files. Worms unlike the viruses do not need the host to attach
Credit card frauds
themselves. They merely make functional copies of themselves and do this repeatedly till they bring the system or
© Credit card fraud is when someone uses your credit card or credit account to make a purchase you didn't
authorize. This activity can happen in different ways. a application to halt.
Hf you lose your credit card or have it stolen, it can be used to make purchases or other transactions, either in E-mail bombing/mail bombs
person or online. © Email bombing is characterized by an abuser sending huge volumes of e-mail to a target address resulting in the
Fraudsters can also steal your credit card account number, PIN and security code to make unauthorized victim's e-mail account or mail servers crashing. The message is meaningless and excessively long in order to
transactions, without needing your physical credit card. (Unlawful transactions like these are known as consume network resources.
card-not-present fraud.) If multiple accounts of a mail server are targeted, it may have a denialof-service impact. Such mail arriving
°

Intellectual property (IP) crimes frequently in your inbox can be easily detected by spam filters. E-mail bombing is commonly carried out using
These include piracy, copyright infr ks vie theft of source codes etc. botnets (private internet-connected computers whose security has been compromised by malware and under the
Internet time theft attacker's cantrol) as a DDoS attack.
© Internet time theft is a crime where the internet connection of one person is used by an unauthorized person. This © This type of attack is more difficult to control due to multiple source addresses and the bots, which are
is usually done by getting access to the user's internet account details, such as user name and password, given by Programmed to send different messages to defeat spam fiers.
internet service provider. This access can be given voluntarily by the user fora stipulated time period, or it can be
gained fraudulently. Wireless internet has made this theft more prevalent. It is easy to commit this crime if the
victim is using an open Wi-Fi connection for internet access.

Scanned by CamScanner
 Introduction to Cybercrime
——
LW Oper Securty and Laws (MU-Sem 7) 18
W_cybor Security and Laws (MU-Sem 7) 1-9
Salami attack/salami technique
ation of systems either by Introduction to Cybercrime
fraudulentte action by altern
(© Salam Attack [also known as Salami Sticing) refers to as : of this for financial gain. A salami attack is Crimes emanating from usenet newsgroup
modifica Insertion of malicious program and the main purpo: ed to as stealing of specific Usenet Is a trendy means of sharing and distributing information
@ minor attack that can be repeated
consideredean ny time, a simple ex ample is referr
many time, on the web with respect to Specific subjects or topic.
small amount of money trom every customer's bank account in a particular bank. The Usenet Is used for following crimes :
- and such attack a by crime
k a} are reportedly mostly conducted :
6s very hard ve for such attack acktoto be notice by customers
ae © To distribute or sale pornographic material
© .d unnoticed because of nature and form of the
cyber crime usually gO undetected and unt
minded bank's officials. This To distribute or sale pirated software package
crime, because only small amounts are deduct severally in a specific period of time.

°
To distribute hacking software

°
Logic bomb
of code which Is intentionally Inserted Into software
© A logic bomb, also inown as “slag code", isa malicious piece
To sale stolen credit card number

°
a virus, although It usually behaves Ina To sale stolen data/stolen property
to execute a malicious task when triggered by a specific event. It’s not

°
until specified conditions are met.
similar manner. ft is steatthily inserted into the program where It lies dormant Industrial spying/industrial espionage
triggered at a specific payload
Malicious software such as viruses and worms often contain logic bombs which are
‘© Industrial espionage is the covert and sometimes illegal practice of investigating competitors to gain a business
Or at a predefined tne.
advantage. The target of investigation might be a trade secret such as a proprietary product specification or
© The payload of a logic bomb is unknown to the user of the software, and the task that it executes unwanted, formula, or information about business plans. In many cases, industrial spies are simply ‘seeking any data that their
Program codes that are scheduled to execute at a particular time are known as “time-bombs”. For example, the
infamous “Friday the 13th" virus which attacked the host systems only on specific dates it “exploded” (duplicated organization can exploit to its advantage.
itself) every Friday that happened to be the thirteenth of a month, thus causing system slowdowns. Logic bombs An industrial spy may be an insider threat, such as an individual who has gained employment with the company
°

are usually employed by disgruntled employees working in the IT sector.
© You may have heard of “disgruntled employee syndrome” wherein angry employees who have been fired use
trading.
logic bombs to delete the databases of their employers, stultify the network for a while or even do insider
‘Triggers associated with the execution of logic bombs can be a specific date and time, a missing entry from a
database or not putting in a command at the usual time, meaning the person doesn’t work there anymore.
© Most logic bombs stay only in the network they were employed in. So in most cases, they’re an Insider Job. This
makes them easier to design and execute than a virus. It doesn’t need to replicate which is a more complex job. To
keep your network protected from the logic bombs, you need constant monitoring of the data and efficient anti-
virus software on each of the computers in the network.
© There’s another use for the type of action carried out in a logic bomb “explosion” to make restricted software
trials. The embedded piece of code destroys the software after a defined period of time or renders it unusable
until the user pays for its further use. Although this piece of code uses the same technique as a logic bomb, it has a
non-destructive, non-malicious and user-transparent use, and Is not typically referred to as one.
with the purpose of spying or a disgruntled employee who trades information for personal gain or revenge. Spies
may also infiltrate through social engineering tactics, for example by tricking an employee into divulging privileged
Information.
Computer network intrusions
© In computer network intrusion the Crackers can break into computer systems from anywhere in the world and
steal data, change username and passwords, create backdoors, plant viruses, insert trojan horse.
Software piracy
© Software piracy means copying of copyrighted software in illegal manner. For example, music, movies, art, books
etc. This act will result in loss of revenue to the legitimate owner of the copyright.
1.3.4 Cybercrime against Society
Forgery:
© Forgery means counterfeit currency notes, postage and revenue stamps, mark sheets, academic certificate, etc are

| :
Trojan horse made by criminals using sophisticated computer, printers and scanners.
© Trojan horse is a program downloaded and installed on a computer that appears harmless, but is, in fact, Cyberterrorism
malicious. Unexpected changes to computer settings and unusual activity, even when the computer should be © Cyberterrorism is committed and planned activity in cyberspace via computer networks. It consists of the usage of
idle, are strong indications that a trojan Is residing on a computer. -mail for communications among co-conspirators to communicate records for use in violent activities as well as
Typically, the trojan horse is hidden in an jinnocent-looking email attachment or free download. When the user recruiting terrorist institution individuals through internet sites. It also Includes :
°

dicks on the email attachment or downloads the free program, the malware that is hidden Inside Is transferred to @. Air visitors control computer systems which reason the planes to collide of crash.
the user's computing device. Once Inside, the malicious code can execute whatever task the attacker designed it
b. _ Infiltrating water treatment plant computer structures to reason infection of water supplies.
to carry out.
© Hacking into medical institution databases and changing or deleting facts that could result in incorrect, risky
Data diddling
remedy of a patient or sufferers.
© Wis a Megal or unauthorized data alteration. These changes can occur before and during data input
or before
output. It has affected banks, payrolls, inventory records, credit records, school transcripts qd. Disrupting the electric power grid, this will motive lack of air conditioning in summer and warmth in iciness or
and virtually all other
form of data processing know. result in the dying of folks.

WY ettmnteayt

Scanned by CamScanner
SRR
aie
Introduction to Cybercrime WH _cyper Security and Laws (MU-Sem 7) 1-11 Introduction to Cybercrime
1:10 Section Offence Punishment
W_cyper Securty and Laws (MU-Sem 7)
hange thi the
of another. He may even change 66-C
A
Identify Theft Impnesnment of ether description up to 3 years
- Web
fences the hacker gains access and contro! over we eer ancy eg recently the Site of
5 Leen and/or fine up to % 1 lakhs.
intormation on the site. This may be done for — pe atistanl hackers and some obscene matter was
had
66-D Cheating by personation by using computer| Imprisonment of either description up to 3 years
ea
ea ae oe ee peo aime ranch was also web jacked. Another nd Hee to 60 . 1 resource. and/or fine upto & 1 lakhs.
othe wold fish’ case. et case the site was hacked and the information pertaining
66-E Violation of privacy Imprisonment up to 3 years and/or fine up to
| £2 lakhs.
1.3.5 Crimes Emanating from Usenet Newsgroup
which can Sian ten
As such, everything |s based on messages
Usenet ts the precursor of discussion forums. hey can download them. These Imprisonment extend to imprisonment for Life.
of binary files. Usenet users can upload or postalsomessages and files as well as they hi the | 66-F Cyber terrorism
are stored on Usenet servers, called news servers. There are numerous servers throughout ; ;
messages and files are will be 67 Publishing or transmitting obscene material in| On first conviction, imprisonment up to 3 years
world and they constantly replicate theit contents with each other, ensuring that 2post done on one server % 5 lakhs. On subsequent
electronic form. andfor fine up to
srlable on other servers. Usenet posts are organizedin newsgroups. There are literally hundreds, possibly thousands conviction imprisonment up to 5 years and/or
material, pirated
of newsgroups and users can add some as they need. Cyber criminals distribute/sale pornographic fine up to Z 10 lakh.
software package, hacking software, stolen credit card number, data or stolen property.
up to 5 years
67-A Publishing or transmitting of material containing} On first conviction Imprisonment
1.4 Cybercrime and the Indian ITA 2000 sexually explicit act, etc... in electronic form. and/or find up to
10 lakh .on subsequent conviction imprisonment
the following offences:
The LT. Act 2000 includes
| up to7 years and/or find up to ® 10 lakh.
Tampering with the computer source documents.
~ Hacking with computer system. 67-8 Publishing or transmitting of material depicting] On first conviction imprisonment of either
— Publishing of information which is obscene in electronic form. children in sexually explicit act ete, in electronic| description up to S years and/or fine up to
form. Z 10 lakh. on subsequent Conviction
~ Power of controller to give directions. imprisonment of either description up to 7 years
= to a subscriber to extend facilities to decrypt information.
Directions of controller
‘ and/or fine up to% 10 lakh.
- Protected system.
— Penalty for misrepresentation. 67-C Intermediary intentionally or —_knowingly| Imprisonment up to 3 years and fine.
re Peni 7 2, beonstofconfi toebisentiaiy al rivacy.
=-
he babes ; contravening the directions about preservation
| — Penalty for publishing Digital Signature Certificate false in certain particulars. and retention of information.
— Publication for fraudulent purpose. Failure to comply with the directions given by| Imprisonment up to 2 years and/or fine upto
ed
outside India confiscation. | 68
= Act to apply for offence or contravention committ
| controller. Bi takh.
’ = or confiscation not to interfere with other punishments.
Penalties
69 Failure to assist the agency referred to In sub| Imprisonment up to 7 years and fine.
— Power to investigate offences.
Teble 148 Section (3) in regard interception or monitoring or
aan : 7 decryption of any information through any
- oe Punishment computer resource.
yoo
65 with computer source code
‘Tampering Imprisonment up to 3 years or fine up to | 69-A Failure of the intermediary to comply with the| Imprisonment up to 7 years and fine.
@2 lakhs. | direction Issued for blocking for public access of
| any Information through any computer resource.
66 ‘Computer related offences Imprisonment up to 3 years or fine up to f
BS lakhs. | 69-8 Intermediary who intentionally or knowingly| Imprisonment up to 3 years and fine.
essay
} con travenes the provisions of sub-Section (2) in
66-A dalle —
a aleninoffensive
Sending a tee Aled rent up to 3 years and/or fine up to regard monitor and collect traffic data or
wna | Information through any computer resource for
eS Dishonesty receiving stolen computer resource or| Imprisonment up to 3 years and/or fine up to| | cyber Secu,
communication device. ZA lakh.

Scanned by CamScanner
 erat ste 2 Tey AD eee
Introduction to Cybercrime,
ieaie =]
WY _Cybor Socurity and Laws (MU:Som 7) 1-43 Introduction to Cybercrime.
The third group called ‘nightman’ hacked websites owned by government and
to 10
website set up by the indian companies,
to imprisonment of either
description up Some of the sites this group has ruined a Blue Star InfoTech, Lal Bahadur Shastri National
Any person who secures access or attempts Administration and Mahindra and Mahindra Academy of
in| years and fino,
secure access to the protected system
Every year indian government Is spending lots of money on e-security. Actions
contravention of provision at Sec. 70. are taken aj igainst
Still day by day it Is growing. the cybercrime but
team to] Imprisonment Up to 1 year and/or fine up to
70-8 Indian computer emergency response The Council of Europe's (CoE‘s) cybercrime treaty,
serve as national agency for incident response. | © 1 lakh. includes the cyber criminal activity like copyright offenses,
computer-related offenses, offenses against computer data and systems, and content offenses,
Any service provider, intermediaries, data centres,
etc, who fails to prove the information called for a Cybercrimes wide definition Is divided Into white-collar crime and economic crime,

1
comply with the direction Issued by the ICERT. There are countries like Argentina, Australia, Brazil, and Canada etc which ara taking action against
spam. These
countries are restricting the use of email spam.
7 Misrepresentation to the controller to the| Imprisonment up to 2 years and/or fine up to®1
Spam legislation Is non-existent in India The existing law in the form of the Information
certitying authority. lakh. Technology Act 2000 does not
contain any provision concerning regulation of spamming, though it does regulate obscenity
which covers publishing,
n Breach of confidentiality
and privacy. Imprisonment up to 2 years and/or fine up to transmitting or causing to be published in electronic form any material which Is lascivious or appeals to the prurient
Ri lakh, interest,

About 30 countries have enacted some farm of anti-spam legislation. The internet service providers and end users
ThA Disclosure of information In breach of lawful] Imprisonment up to 3 years and/or fine up to
have also given some technical solutions. However, yet, until now there has been no important Impact on the
contract. 5 lakh. volume
of spam with spammers sending hundreds of millions of messages per day.
a Publishing electronic signature certificate false In| Imprisonment up to 2 years and/or fine up to The spam activities are leading to the criminal and fraudulent activities like:
certain particulars. Trlakh, © Try to get the financtal information e.g. account numbers and passwords by masquerading messages as originating
“ Publication for fraudulent purpose. Imprisonment up to 2 years and/or fine up to from trusted companies. This Is also known as brand-spoofing or phishing,
ULlakh. © Spreading viruses and worms,
© On mobile networks, bulk unsolicited text messages are sent to generate traffic ta premium-rate numbers.
1.5 A Global Perspective on Cybercrimes The most Important thing is cybercrime has na boundaries it needs International cooperation
between those who
seek to enforce anti-Spam laws.
In Australia, cybercrime has a slender legal meaning as used In the Cyber Crime Act 2001, which
details offenses
against computer data and systems, Thus, there Is a lot to do toward building confidence and security In the use of Information and Communication
Technologies (ICT) and moving toward International cooperation agenda.
At international
level cybercrime has a broad meaning.
The ICT growth and the dependencies leading to shift In perception of cyber security threats.
One example of cybercrime Is, cyber criminals tried to celebrate the valentine 's day In advance Cyber security has
In the year 2000 so become a big Issue in many countries as It Is growing day by day.
they chose the dates 6, 7 and 8 February to greet the e-commerce site happy valentine’s
day in advance that |s before
the 14th of February, the e-commerce sites buy.com, Yahoo, eBay, and amazon.com were slow and shut down
for
hours.
At that time the cyber criminals also send one virus called “I love you” this virus
spread ve ery rapidly and results In a. Write tho of ? What Is cyberspa . cy ¥ a1 cyberpunk and cy
great loss. (Section 1.1)
In year 1999 Melissa virus spread around, this virus affects the e-mail system and Q2
results In a huge loss. Write short note on cybercrime and information security ? (Section 1.2)
In recent time some hackers group were alsa active. One group from Pakistan called ‘G’ hacked and
defeated more a3 Who are cybercriminals 7 (Section 1.2)
than 40 Indian websites.
The websites they hacked were: Agricultural University of Maharashtra, National Research
Centre Aslan Age
a4 Explain the classification of cybercrime In detail ? (Section 1.3)
newspaper, Indian Science Congress, Indian Institute of Management
Ahmadabad, the Gujarat government Indian as Explain cybercrime and Indian ITA 2000. (Section 1.4)
Institute of Technology Madras Centre for electronics design and Technology,
Glaxo welcome, the Gujarat as
government and some other websites, Write a short note on a global perspective on cybercrimes 7 (Section
1.5)
The second group called "Doctor Nuker’ which is
founder of Pakistan hackers club hacked sites of
Indian Parllament,
Ahmadabad telephone exchange, engineering export, Promotion Council,
and United Nations (India). oo09

Scanned by CamScanner
 WI Cybor Security and Laws (MU-Sem 7) 22 Cyber Offenses and Cybercrime

rime
Cyber Offenses and Cyberc
‘Syflabus
How criminal pian the attacks, Social engg, Cyber stalking, Cyber café and cybercrimes, Botnets, Altack vector, Cloud
Computing. Protiteraton of mobile and wireless devices, Trends in mobility, Credit card frauds in Mobile and wireless
Computing era, Security challenges posed by mobile devices, Registry settings for mobile devices, Authentication service
Securfty, Attacks on modile/cell phones, Mobile devices: Security implications for organizations, Organizational measures
tor handling modiie, Devices-related security issues, Organizational security policies and measures In mobile computing
era. Laptops.
2.1__ How Criminals Plan the Attacks
— There are many methods and tools used by criminals tools to locate the vulnerabilities of their target. The criminals
target can be an individual and/or an organization.
- Griminals plan two types of attacks against the target. They are passive and active attacks. In the active attacks
criminals alter the system (i.e., computer network) and In passive attacks they try to gain information about the
target.
— Active attacks may have an effect on the Integrity, availability, and authenticity of data.
— Passive attacks cause breaches of confidentiality.
— Active and passive attacks are also categorized as inside and outside attack.
Wan attack is originated within the security perimeter of an organization then It Is an inside attack, Usually an Insider
who gains the access to more resources than expected attempts this attack.
— Ian attack is attempted by a source outside the security perimeter then this attack Is known as passive attack. The
attacker can be an insider or outsider who is indirectly connected with the organization. The attack Is attempted
through the Internet or a remote access connection.
Phases Involved In planning Cybercrime
The phases involved in planning cybercrime are as follows ;
1. Reconnaissance
Ouring this phase the hackers find important information such as old asswords,
names of important employees
(such as head of network department) and performs an active investigation
on how the Information flows
through the organization and how the organization performs the functions,
Subsequently, the hacker completes the process called foot printing in which the
hacker collects data on security
policies and focuses on the specific IP addresses and protocols used by the network,
identifies the vulnerabilities
In the target system and draws a network map to know how the network infrastructure works to
break into It
easily,
Foot printing also provides Information about the domain names, system names, active TCP and UDP
services and
passwords. The hacker can also use a search engine to extract information about the organization and use
the
information of current employees for impersonation. The information Is collected in two phases:
2. Passive attack
b. Active attack
Passive Attacks
In passive attack the attacker collect the information about the target without individual for company’s
knowledge. For example, an attacker keep watch on an employee at what time is entering the building and
leaving the premises attacker can also keep watch internet search for by using Google name get the informatian
about an individual, The attacker can also monitor the network traffic for the emails sent using the monitoring
tools. Attacker can get the General Information from the following ways.
Attacker can get the infarmation from the following ways or using the following tools.
{I Search engines - Searching the information about an employee on search engines like Goo;
search engines
(li) Social websites - By Surfing the social websites fike Facebook Instagram, Orkut etc an attacker and get the
Information about an individual,
(lil) Organization website - The also provide about the employ
like their contact details email addresses etc. An attacker can also get the information from blogs, press
releases, newsgroup about the company.
(Iv) Job posting : An attacker can go through the Job posting in a particular job profile for a technical person who
gives Information about the type of Technology, it means, the server and infrastructure devices the company
Is using on Its network.
(v) Network sniffing : In this attack, the attacker gives the information about the internet protocol address
fanges, hidden servers or networks and other services on the system or network. The attacker monitors the
flow of data check at what time certain transactions are taking place and where the traffic is going.
(vi) People search : It gives details about personal information like date of birth, residential address, contact
number, etc.

2. Scanning and scrutinizing collected Information {vil} Domain name confirmation ; To carry out searches for domain names (e.g., website names) using multiple
keywords. It helps to enable to find every registered domain name in “com,” “net,” “org.” “edu,” etc.
3. Launching an attack
Active Attacks

1. Reconnaissance An active attack Includes examining the system or network to find individual hosts to affirm the data (IP
addresses, working framework type and form, and administrations on the system) accumulated in the passive
= _ Reconnaissance (Investigation or inspection) Is the preliminary phase In which the hacker gathers information attack stage.
about the target before planning to taunch an attack and Is completed in Phases before exploring system
vulnerabilities. One of the phases is dumpster diving.

Scanned by CamScanner
 W cyber Security and Laws (MU-Sem 7) 24 Cyber Ottenses and Cy
Cyber Ottenses and Cybercrime
WH Oyber Securty and Laws (MU-Sem 7) 23 Scrutinizing
ally called a tive recon nalss ance. Active reconnalssance can,
= Iinchades the danger of identification and Is addition
measures set up, however the proce dure can likewise expand the This phase Is also known as enumeration in the hacking world. The following are the objective behind this step:
give confirmation to an attacker about security © To identify the valid user accounts or groups.
opportunity of being gotten oF raise a doubt.
0 Toidentify network resources and shared resources.
Tools used during active attacks
Table 2.1.1 — © Toidentify the Operation System as well as different applications that is running on the OS.
3. Launching an attack
Toot Description
. The raw throughput between After the scanning is completed, the hacker designs the blueprint of the network of the target with the help of data
Bing This tool is used for Bandwidth Ping. It measures the point-to-paint bandwidth
throughput on a link by collected during the reconnaissance and scanning phase. This is the phase where the real hacking takes place. The hacker
any two network links can be measured by this tool. Bing determines the real
of the link. gains access to the system, applications, and network, and escalates their user privileges available to control the
measuring ICMP echo requests roundtrip times for different packet sizes for each end
systems connected to it. The attacker launches the following attacks :
Dig This tool Is used to perform detailed queries about DNS records and zones, extracting configuration, and
a. Password cracking
administrative data abouta network or domain.
b. Exploiting the privileges
Arping | This tool is a network tool. It broadcasts ARP packets and receives replies similar to “ping.” This tool Is for
mapping a local network and finding used IP space. To find the arp packet it broadcasts a “who-has ARP c. Executing the malicious code
packet” on the network and prints answers. It can be also used to pick an unused IP fora net to which routing d. Hiding the files
does not exist as yet.
e. Cover the tracks : The hackers which have gained and maintained access, they cover their tracks or activities to avoid
Hping | This tool is able to send custom TCP/IP packets and to display target replies. You can also do firewall resting, detection by security personnel, to continue to use the awned system, to remove evidence of hacking, or to avoid
remote uptime guessing, advanced port scanning etc. legal action. Hackers try to remove all traces of the attack, such as log files or Intrusion Detection System (IDS)
alarms.
Fping | This tool Uses the Internet Control Message Protocol (ICMP) echo request to determine if a target host is
responding. 2.2 Social Engineering
This tool is used for host exploration. It scans the simple vulnerability and banner logger. Social engineering is the art of manipulating users ofa computing system into revealing confidential information that
i

can be used to gain unauthorized access to a computer system. The term can also include activities
Netcat | This tool is used to read and write custom TCP/ UDP(User Datagram Protocol ) data packets across a network such as exploiting
human kindness, greed, and curiosity to gain access ta restricted access bulldings or getting the users to
connection which helps in network debugging or exploration. install e
backdoor software. Knowing the tricks used by hackers to trick users into releasing vital login
information among
Hunt This Is a tool is used to exploit the well-known weaknesses In the TCP/IP protocol suite. others is fundamental in protecting computer systems.
— _ There are two types of social engineering.
Ping This tool is used to send ICMP packets to a target host.
1. Human-based social engineering
2 Scanning and scrutinizing collected Information
2. Computer -based social engineering
‘Scanning involves taking the information gathered during reconnaissance phase and examining the network. There are
three methods for scanning—pre-attack, port sniffing/scanning and information extraction. Each phase gives a specific set Human-based social engineering
=

of vulnerabilities that the attacker can then use to understand the weaknesses and violate security policies. Human-based social engineering involves Person-to-person interaction to gain the required
Information. For example,
a. Pre-attack method - In the pre-attack method, the attacker scans the network based on the data discovered during calling the help desk and trying to find out a password,
the reconnaissance phase,
Impersonating a valid user : Impersonation is a common social engineering attack. In this, it take the
advantage
b. Port scanning - In the port scanning method, scanning Is performed to search for vulnerability scanners, dialers, port of the fact that most people are basically helpful, so it appears to be innocuous to advise somebody who seems,
scanners and other data-gathering equipments. by all accounts, to be lost where the computer room is found, of to give somebody access to the structure
who
© Information extraction - In the information extraction method the hacker collects Information about the ports made “overlooked” his/her identification, and so forth, or Claiming to be a worker or substantial client on
the system.
available during establishing the connection, live machines present to service the requests far the clients
and the
‘operating system used.

Scanned by CamScanner
 aE
cyber Ortenses and Cybercri
25 W_cyber Security and Laws (MU-Sem 7) 26 Cyber Otfenses and Cybercrime
We cyber Security andLaws
Laws (MU-Sem 7 e trained ta help users, when a person
b. Calling technical support : The help di lesk and techn
ical support people ar attacks.
social engineering 2.3 ___Cyberstalking
be good prey for
call for the technical support for assistance they may
authority to in the access to the system, Cyberstalking Is stalking that takes place using electronic devices or the internet. It is the technological harassment
attacker pose himself as a higher
c. Posing as an Important user : The acces s to the syst em The fact Is that many low- directed towards a specific Individual. There are several forms of cyberstalking that can take place Including :
employees for gaini ng
The attacker uses pressure on low level — Placing orders for delivery in someone else's name
.
question to higher position authority
Jevel employees will not ask any = Gathering personal information on the victim
ion through direct
surfing refers to the act of obtaining personal or private Informat
d. Shoulder surfing : Shoulder = Spreading false rumors
over a person's shoulder to gather pertinent Information while the
‘observation. Shoulder surfing involves looking = Encouraging others to join in the harassment
a computer, smartphone or
in crowded places where a person uses
victim is unaware. This is especially effective — Threatening harm through email
AT™. — Creating fear and paranoia for someone else
a system
have permission from the authorized source to use — Hacking into online accounts
@. Using a third person : An attacker can pretend to
when the authorized person is not present and out of reach to contact for verification. Cyberstalking can cause extreme distress for the victim. It can impact their career, personal relationships, and quality
the practice of digging through a of life. Often time’s victims do not know who the perpetrator is and start wondering if they are being watched or followed.
f. Dumpster diving : it is also referred to astrashing. Oumpster diving Is
company’s or individuals trash bins or dumpsters to gain information. This a
ct Is carried out for number reasons, Types of stalkers
to personal Information for social engineering. Dumpster
from seeking passwords for a network attack,
There are two types of stalkers online stalkers and offline stalker
found dumpster diving
diving depends on a human weakness: the lack of security knowledge. Many things can be = Online stalkers : The online stalkers interact with the victim directly with the help of internet. Most of the
(e.g. CDs, DVDs, hard drives, company directories, and so forth). communication medium used by stalkers is email and chat rooms, In online stalking the stalker make sure that the
2 Computer-based social engineering victim recognizes the attack done on him or her. To harass the victim stalker make the use of third party.
using computer — Offline stalkers : In offline stalking the stalker make the use of traditianal methods like following the victim, observing
Computer-based social engineering involves the attempts made to get the required information by the daily routine of the victim, etc. The stalker searches the victim on message boards, personal websites, people
software or Internet. For example, sending a fake E-Mail to the user and asking him to re-enter a password In a webpage to finding services, and on the websites to collect information about the victim.
confirm it.
How stalking works ?
a, Fake e-mails
— The stalkers gather personal information about the victim that is weekends name family background details,
‘The attacker send fake email to many users and the users find this mail as legitimate mail. This Is also known as residential and office address e-mail address and date of birth etc.
phishing. This type of social engineering attack commonly uses emails to trick users in getting credentials to their bank — Then the stalker tries to establish contact with the victim through telephone and make the call to threaten or harass
accounts or maybe email accounts. The email mostly claims ta be from a well known source, a highly reputed the victim.
organization, and asks the user to click on a link that takes the users toa site similar to the organizations web site but — Stalker establishes contact with the victim through e-mail. The letters send this top for me | have the tone of
this site is a fraudulent website that harvests users credentials. The fraudsters use these credentials to gain access to threatening loving or can be sexually explicit. Stalker can use multiple names while contacting the victim.
bank or email accounts and steal important Information and money. — There are few stalkers who can send the repeated mails who the victim for asking different types of favors or threaten
the victim.
b. E-Mail attachments
— Cyberstalker past false information or rumors about an individual to damage the victim's social standing, interpersonal
The attacker sends the email attachment to the users which contains the malicious code. When the user opens the relationships, and/or reputation
email and clicks on the given link the malicious code gets executed. Viruses, worms and Trojans are included cleverly — Afew stalkers subscribe or register the e-mail account of the victim to numerous pornographic and sex sites, because
In the email attachments to attract the victim to open the attachment. of which victim will start receiving such kind of unwanted E-Mails
c Pop-up windows
24 Cyber Cafe and Cybercrimes
Same as email attachments popup windows are used by the attackers. The popup Windows contains special offers or
free stuff which attracts the users to install the malicious software.
Information security and governance is also important in cyber cafe. In past many instances have come in focus where
cyber cafes were used for real or false terrorist communication. in the cyber café, crimes like stealing password sending
‘obscene mails to harass people. There are two types of risk involved In using the cyber cafe computer

Scanned by CamScanner
 Cyber Otfonses and Cybororime
WW Cyr Cecurny and Laws (MU-5e™7) 2 WY Citar Security ared Lavwes (MU-Gom7) 28 Citer Otteraes
ard Osteccrime
s like
on the comput
er, $0 there might be possibility of program
1 The user Is not aware about the programs instalied at possible. Try to perform online transactions from your trusted computers like home and office computers.
spyware and keyloggers install the pystem
on ed Perlodically change passwords of your credit card, net banking and debit card.

2. Shoulder surfing may happen to find out your password. er

co Change passwords : Change your bank account passwords frequently or after transaction.
ls Identify a particular comput
their activities. The cyber crimina
Many cybercriminals prefer cyber cates to perform Jaunch an attack on
0 Virtual keyboard ; Instead of using your keyboard use a virtual keyboard.
programs such as keyloggers or spyware oF
for the use. Then the cyber criminals can install malicious © Security warnings : Whenever you are accessing the website of any bank or financial institution follows the
the target. security warnings.
of cyber cafes in the following things are found :
When the observation
operating systems browsers ‘and other pirated
applications. 2.5 Botnets
Many cyber cafes are making use of pirated
= tn many system anti-virus wer e
not updated. The word botnet is derived from the phrase “network of robots". It is essentially a widespread collection of a large
from malware attack. This software
- Several cyber cafes have installed deep freere software to protect the computer number of Infected computer systems. Each infected system runs a plece of software program called as a “Bot”. This is also
one click on the restart butt lon. Cyber criminals
Gelete details of all the activities carried out on the computer when known as zombie network.
ion when they visit the cyber cafe.
take advantage of this it becomesa challenge for the police in crime Investigat
are not formatted until the Working
of botnet :
= Annual maintenance contract were not done properly as well as hard disk of all computers
r down.
computeis
— Pornographic web sites are not blocked.
~ Cyber cate owners not having necessary knowledge about information security and IT governance.
= It governance guidelines to the cyber owners are not given properly by the government for internet service providers
Of state police.
- Periodic visits to the cyber cafes are not given by police as well as cyber cafe organization.

Some precautions are given for safety and security while using the computer In a cybercafe :

© Always logout :Whenever, you are using any internet service that requires a username and password. Ensure that
you have clicked on sign out or logout button before leaving the system.

© Stay with the system : When you are surfing the internet do not leave your system attended if you are leaving the
system log out first and then leave.

© Gear history and temporary files : The Internet Explorer saves the pages which you have visited. This information
is saved in history folder or in the temporary file folder. It may be possible that you password me also get saved if
the option is enabled in the browser. So before surfing the internet always perform the following things :
1. Go to Tools > Internet options > click the Content tab > click AutoComplete. If the checkboxes for
passwords are selected, deselect them. Click OK twice.
2. To dear the history and temporary Internet files folders.

3. Goto Tools > Internet options again - click the General tab -» go to Temporary Internet Files -> click Delete
Files and then click Delete Cookies.
Fig. 25.1: Botnet Attack Structure
— _ Asshown in Fig 2.5.2 there Is a Bot-Master system which keeps a track of total number of machines infected and the
Under history, click dear history.
tasks they should perform. For carefully arranged systems, which need orchestration between millions of such
Be alert : While browsing the websites on public computer you should be alert as there are chances one may be ‘systems, another layer of Bot-Managers is created too.
able to see your username and password via shoulder surfing. — _ Bot-Managers perform the tasks to accept commands from the master, to spread out those
commands to the bots
and also to report the number of systems Infected under its Jurisdiction. The manager botnets are also
© Try to avoid online financial transactions : It is advisable to avoid the online financial transactions using credit found to be
sending updated software patches to fix bugs or improve functionality, very similar to a security
card or debit card that needs to enter sensitive and confidential information. Try to change the passwords as soon patch management
system.

Wrsemee

Scanned by CamScanner
 Cyber Offenses and Cybercrime
ww Cyber Security
and Lawa (MU-Sem 7) i We Cyber Security and Laws (MU-Sem7) 2-10 Cyber Otfenses and Cybercrime
the hacker js
— to create this army. However since
The Bot-Master is In control of the hacker who has evil Intention: s hee Firewall : Use a firewall when browsing the Internet. This Is easy to do with Mac computers, as they come
ng in g
fware running on it are always operati with
firewall software pre-installed. If you're using a windows-based machine, you might need to install third-party
supposed to be hiding from getting caught, the master systems an foun the master’s role
d to delegate and rotate
stealth mode. In few modern botnet attacks, the botmasters were software.
between its bot-managers, thus making it extremely tough todetect. f presence, in order t Avoid visiting malware websites ; Don’t visit websites that are known distributors of malware. One of the things that
= These role changes were further found to be rotating thelr ownership based on the country Of pt a a Haw ‘o a full-service Internet security suite can do is warn you when you're visiting such sites. When in doubt, check
ensure vast infractions across the globe. Usually botnets are designed for a specific operating 7 , tin ler with Norton Safe Web.
spread has to be achieved, botnets prefer web code, or java language, to Infect all the possible operating system Disconnect the system from the Internet when not In use : It is not possible for the attacker to get into your system
when the system is disconnected from the internet. Firewall, antivirus, and anti-spyware software's are not fool Proof
platforms.
mechanisms to get access to the system,
Take an urgent action if your system Is Infected : if you found that your system got infected then immediately
disconnect It from the internet. Then scan the system using antivirus software and also change the password of your
system.

2.6 Attack Vector

Fig.2.52: Modules of Botnet
There are 4 main modules of a botnet. Command module sends commands to the child botnets, whereas the control
module controls the ownerships, to decide who should listen to whom. The infection module carries
important
responsibility of finding non-patched servers in the network and infecting those with the most updated
copy.
The steaith module is essentially a set of software programs which does the crucial Job such as
disabling antivirus;
achieve root access or kernel access. It also ensures that its own footprint on the Infected
machine is invisible in terms
of running processes and disk space, and also keeps @ watch on new antivirus software being
An attack vector is a method or pathway used by a hacker to access or penetrates the target system. Hackers steal
information, data and money from people and organizations by investigating known attack vectors and attempting to
exploit vulnerabilities to gain access ta the desired system.
Once a hacker gains access to an organization's IT infrastructure, they can install a malicious code that allows them to
remotely control IT infrastructure, spy on the organization or steal data or other resources. Attack vectors incorporate
e-mail attachments, viruses, webpages, Instant messages, pop-up windows, chat rooms, and fraud.
The attack vectors can be blocked using firewalls and antivirus software but they cannot assure total security.
viruses, worms, trojan horses, and spyware are the most common malicious payloads.
The following are the few attack vectors :
© Viruses; Itis a malicious code and it includes e-mail attachments, downloaded files, worms, etc.
E-Mail: The attackers embed the aggressive content in the mail message or link to by the message. Spam is used
°

installed. to carry out frauds and scams.

In some cases, the stealth module and control module work together to fetch a most recent
patch of itself from the
master or manager, and seamlessty upgrades itself. Some stealth modules are also capable Attachments : The files are sent as an attachment in the mail. Search files may contain viruses Trojan
of erasing themselves horse
using a self-destruct mechanism or shutdown the system, to thwart the aggressive
detection techniques. spyware any other kind of Malware.
Preventing botnet attack : Attack by webpage : Fake websites are used to gain the personal information. These websites are the imitation
of
a

the real website.

Most people who are infected with botnets aren’t even aware that their computer's security has become
Sompromised. However, taking simple, common-sense precautions when using the Internet Attack of the worms : A lot of worms are sending E-Mail attachments, however network worms use holes
in
°

can not only remove botnets
that have been installed, it can also prevent them from being
installed on your computer, tablet and Phone in the first
place.
internet security suite - Good security begins with an internet
Security suite that detects malware that has been
°
network protocols directly. Remote access services, such as file sharing, are vulnerable to this
type of worm.
“Many worms install trojan horses. The Infected computer scan the Intemet to infect other computers connected
to the internet. Worms spread very fast.
Foistware/sneakware : Foistware is the software that adds secret components to the system cleverly. Spyware
is

installed removes what's present on your machine and Prevents future

attacks,
— Update your computer's operating system : Always
update your computer's operating system as early as
possible.
Hackers often utilize known flaws in operating system
security to install botnets. You can even set your computer
°
the form of foistware. Foistware is quasHegal software. It comes with the bundled attractive
software. Sneak
software often seizes your browser and redirects you to some “income Opportunity” that the foistware
has set up.
Hackers : Hackers are a terrible attack vector because they use a variety of hacking tocls, heuristics, and social

to
install updates automatically. The same is true of applications on your
computer, gi ig to gain access to and online install a trojan horse to hijack the
computer for their own use.
— Don’t downlaad attach or click on links
men : Do notts
download attachme or click on nts
links from e-mailaddresses
you don’t recognize. This is one of the most common vectors
for all forms of malware.

Scanned by CamScanner
 ERR TET,
WF c.te Secenty ant Les UU Se= > ay
Cyder OFensas
and Cybercrn,
i;

27 __Ctoud Computing WE _Oyter Securty and Laws (MUSen7)

212 Cyber Otenses andCytecime
OoeS Com owes wa mode! to pve uhqute, on-demand access to a shared poo! of resources
and these resOurres eee serve Waask: Ts isthe mice layer
and inthis layer pltform is proved
San De prowsioned aed released wath pumemal managemect effort. etc on which the customer can deveiog whch ncuas APTa pone
their applications.
‘The mutlor acvertages of cloud computng Software as a Service (SaaS): This is the topmost
are: layer. it provides everything ang Simply rent
L Cost-etectve user. out the software to
. .
2.7.1 Types of Attacks on Cloud Computing
GOSS COTSLInY 5 Inown to be a cot effective method to store the data on the cloud. Rather than having desktop
Sctuare busnesses can store the coniential bushess information in the cloud. There's no need to pay the licensing L Goud malware injection attacks
fees Sor muttnie caers One can pay one-time cost of pay-as-yousge for maintenance
ef the dat.
2 Uniimited storage space

See formanon im the clad pres you muita ssace capacty. Hence, cne does not need to worry about running
OM Of Storage when Goud computing is used. You can easly increase your current storage space avalabiity also.
manipu
or stealinglat
data or eavesdroppi
ingng.
x Baciin and recovery
Abuse of cloud services
AS BI your Gata woud be scored in the cloud, backing
up and recovering it 25 when required would be much easier
Hackers can use cheap Cloud services to arrange OcS
Sater San Sarmg & om a physeal device Most of the service providers can handle the restoration of and brite force attacks on target wsent companies,
the data too and even
other Goud providers. For instance, security experts
ans resace De rsis cf onfidertial formation, Bryan and Anderson arranged a DoS attack by exoioting
Capacities of Amazon's EC2 cloud infrastructure in 2010. As a resut
a Seaiahizy they managed to make thes Clert ucaaabie on
the intemet by spending only $5 to rent virtual services.
BSS 53 bites fexare fo Goud deployments
The business owners need to pay forthe applicatio ial of servi
ns and data storage
Sey recare Courts can be scaled 2s per your specific
needs end the ever-changing IT system demands.
Des attacks are designed to overtoad a system and make
a Device Giversity services unavalable to Rs users. These attacks are
e<pecaly
dangerous for Goud computing systems, as many users may sueras
the result of flooding even a snl cloud sever.
Side channel attacks

A'Sce channel attack is arranged by hackers when

they place a malicious virtual machine on the save
host as the
‘target virtual mackine. During a side channel
attack, hackers target system implementatces cf
cygtogruphic
algorithms.

Dunng this type of sttack, hackers intercest and

reconfigure coud semices by exploiting wineshilt
es mm the
Synchronization token system so that during the next synchronizat
ion with the Goud, the syechro=aben taten wal
be replaced with a new one that provides access to the
attackers
7. Work from anywhere 28 Proliferation of Mob andileWireless Devices
WsGoud computing if you've got an internet connection
you can be at work And with most serious doud Today, there is increase in mobile devices. As many smaller devices are having more processing
serwces Hering mabie apps, youre net restricted
by which device you've got to hand. is having the choice
power Now the buyer
between high-end PDAs with integrated wireless moderns
and small phones with wireless web
Ctoud computing models browsing capabilities. Many options are available for the mobile
users.
A simple hand-held mobile device also provides sufficient computing
(Clout Computing
has following Models music, and make voice calls.
power to run small play games, applications, and
\strastructure 25 a Service (laaS): This is the lowest ofall
ayers and in this model customer owns the software and ‘There is a rapid growth of business solutions into hand-held devices.
purchases the wrtual power to execute it.
Mobile computing is taking a computer and all necessary files and software
cut into the field.
‘There are many types of mobile computers are available.

tees

Scanned by CamScanner
 Cyber Offenses and Cyborcrime WY _Ojpor Security and Laws (MU-Sem7) 214
2.19 Cyber Ottenses
end Cyvercrma
WW _ Oper Securty and Laws (MU-Sem 7)
These devices 5 follows
[ Mchity types and ts implications J
1. Personal Digital Assistant (PDA) : PDA is a pocket ured computer, It has limite
d functionality. Virat is the ditterence?
to => User interaction
This computer can be that moved from one place
2. Portable computer ;It is # general-purpose computer.

another easily. This computer needs some setting up and AC power supply so It cant
at be used In transi t,
> Small,
mutica batery driven dervices|
hetatogorenus
k Mobility Network oF offen no network
3. Tablet PC. A tablet PC is a portable PC that Is a hy rybrid between a Personal Digital Assistan ‘d and noteboo
t (PDA)
position
usually has a software application used to r ‘un @ virtual
PC. Cquipped with a touch screen interface, a tablet PC Cite A) p Oatrtaton res
keyboard. However, many tablet PCs support external keyboards.
oi Mocycie
4. Ultra mobile PC: It ts a POA sized computer
with all the fe: es, It runs on the general-purpose Operating Gries BD) > marae srt a
System (05),
are having a broad
$. Smartphone: tt is @ POA with incorporated cell phone functionality, The recent smart phones Fig. 2.9.1: Types of Mobility and Its Implications
range of features and int »pplications. The attacks are done from outside the mobile network or inside the mobile network. For the outside mobile network
6. Carputer: Acarputeris @ computer with specializations to run In a car, such as compact size, low power attack public internet, private network, and other operator's network are used. For the internal attack capable
handset, smart phone, notebook computers, desktop computers connected to 3G network are used.
requirement, and same customized components. The actual computing hardware Is typically based on standard
PCs oF mobile devices. Because they are computer based they typically have many standard Interfaces such as The following are few popular attacks on mobile network are:
Bivetooth, USD, and WiFi. Malware viruses and worms
7. Fly fusion pentop computer: This computing device has pen size and shape, It Is used as MP3 player, writing Overbilling attack
en

Gevice, language translator, calculator and digital storage device, Signaling-level attacks
8. Internet tablet : It is also like a tablet but as compared to tablet PC Internet tablet have low computing power
Spoofed policy development process
yor

and it has limited application suite. The feature of internet tablet Includes web browser, a chat application,
Denial-of-service
picture viewer and MP3 and video player. ‘
Wireless means transferring the Information between computing device and data source without any physical Malwares, viruses and worms:
connection. It Is not necessary that all the wireless communication technology should be mobile .For example when
data is transfer. The mobile devices are prone to malware, virus and worm attack. People should be aware about such type of attack.

Mobile devices are nat restricted to a desktop. Many mobile device: able and they are coming with many The following are examples of malware specific mobile devices :
benefits but there are also becoming threats to enterprise. © Skull Trojan : This virus targeted the new series 60 phones. This Trojan will basically render your phone useless.
It ts not always in mobile computing that wireless communication Is needed. Wireless subset of mobile In many cases Once the virus has taken effect, everything on your phone will not function and you will only be able to make and
even application can be mobile without being wireless. receive calls.
Cablr Worm : It Is designed to infect mobile phones running Symbian OS. It fs believed to be the first computer
°

2.9 Trends In Mobility worm that can Infect mobile phones. When a phone is infected with Cabir, the message “Caribe” is displayed on
the phone's display and is displayed every time the phone Is turned on, The worm then attempts to spread to
There Is a great evolution in mobile computing. New applications and greater network speed Is available now a days. other phones In the area using wireless bluetooth signals.
Examples of today’s trending mobile phone are: Apple, Google, Android etc. The biggest fan of these growing
Lasco Worm ; it’s a Symbian OS worm, based on Cabir source code that spreads itself via Bluetooth. It also has file
°

technology are attackers. Infection functionality. Upon execution, the virus searches for nearby Bluetooth devices and tries to transmit itself
‘The different types of mobility and their implications are shown In the Fig. 2.9.1, to any accessible ones.
There are many challenges In mobility domain, For example, we have come across cases like many mobile phones, Brador Trojan : Brador Is one of the first trojans to affect handhelds. Brador Is sent as an attachment in an e-mail
°

laptops, gadgets are lost. People have to understand that the mobile or hand held devices look harmless but they are
causing the serious cyber security Issues to the organization,
The 3G technology Is completely built with IP data security. But IP data world was new to the mobile operator when
°
or may be downloaded to wince devices. The hand held must have an arm processor for the backdoor to work.
Once It has infected the device, the trojan e-mail the device's IP address back to the attacker and opens TCP port
2989, allowing him or her to access the hand held.
Mosquito Trojan : This virus also affects the Series 60 smart phones and Is a cracked version of Masquitos mobile

compared with the volce centric security threats. Many attacks are performed against mobile network. phone game.

v
Wrenner

Scanned by CamScanner
 Cypor Otfenses and Cybercrime
Wy _cyper Security and Laws (MU-Sem 7) 2.16
SF2. new cram esi wn? = the system unavailable t0 1 the Inte nded users to do this
attack makes
Cyber Ofenses and Cybercrime
Denlal-of-service (Dos): The denial of service and make it unavailable to the Intended user. Distributed Denial of b, Financlal fraud
virus attacks can be used to damage the system
This occurs when an Individual seeks to gain
provider. DD0S are used to flood the more credit than he or she is entitled to. An individual
Service (DDoS) attack is also a common security threat to wired Internet service credit card under his or her own name. The individual in this scenario will give false will apply fora
are used to create information with regards his
target system with the data it results In no response from the target system, Botnets/zombles or her financial status. Most commonly an individual exaggerates income, or under values
that kind of damage his or her outgoings.
Banks try to safeguard themselves from this sort of fraud by requiring the provision of
that are not documents
7 omg wise rn eae the attacker hijacks scribers IP address and use It to Initlate downloads Individuals financial claims. For example, a card issuer may ask an individual to provide 3 months to support an
for the activity which was not of up-to-date
free or and simply use it for his or her own purpose. The legitimate user gets charged account statements, or may ask to see mortgage statements. Banks have also been
known to telephone
done by him or her. employers of individuals to confirm their employment.
4. Spoofed Policy Development Process (PDP): The GTP (General Packet Radio Service (GPRS) Tunneling Protocol) However, the fraudsters have been known to get around all these security procedures, Fraudsters have and
will
vulnerabilities are exploited by this attack. forge documents and even give false telephone numbers, Another security check that card Issuers
carry out to
5. Signaling-level attacks: The SIP (Session Initiation Protocol) is a signaling protocol used in IMS (IP multimedia safeguard themselves is credit checking.
subsystem) networks to offer Voice over Internet Protocol (VoIP) services. The SiP-based VoIP systems have several Credit checking reveals an individuat’s financial status, as well as the individual's current address. It Is already
vulnerabilities. plain to see that card issuers are fighting a difficult battle against fraudsters.
Modern techniques
»

2.10 Credit Card Frauds In Mobile and Wireless Computing Era

There are then the more sophisticated credit card fraudsters, starting with those who
produce fake and doctored
The use of electronic credit cards made the process a lot faster. The terminals could dial banks automatically and cards, there are also those who use skimming to commit fraud. This is where the information held on either the
verify the cards electronically in a matter ofa few seconds. However, the magnetic medium of data storage on credit cards magnetic strip on the back of the credit card, or the data stored on the smart chip
is copied from one card to
proved to have many problems. The magnetic strips can only hold a limited amount of infarmation; also the Information on another. Site cloning and false merchant sites on the internet are becoming a popular
method of fraud for many
the strips ts easy to read with the right electronic devices even easy to copy and erase. criminals with a competent ability for hacking. Such sites are designed to get people
to hand over their credit card
Types and techniques of credit card frauds details without realizing they have been scammed.

1. Traditional techniques Triangulation

The first type of credit card fraud to be identified by this paper is application fraud, where an individual will falsify an Triangulation Is also a new phenomenon. Triangulation is when a merchant offers
@ product at a very cheap price
application to acquire a credit card. Application fraud can be split into assumed identity, where an individual pretends through a web-site. When a customer seeks to buy the product the merchant
tells to customer to pay via e-mail
to be someone else; and financial fraud, where an individual gives false information about his or her financial status to ‘once the item Is delivered.
acquire credit. This investigation then goes on to look at intercept fraud, where a card is applied for legitimately, but is The merchant uses a fraudulent card number to Purchase the product from
a Web site and sends the product to
stolen from the post service before It reaches its final destination. There Is also the illegal use of lost and stolen cards, the consumer, who then sends the merchant his or her credit card details
via e-mail. The merchant goes on
which makes upa significant area of credit card fraud. operating In this way using the credit card numbers that have been sent from the
consumers to purchase
Products, appearing for a short time to be a legitimate merchant before he or she closes
‘Assumed identity . the web site and starts a
fnew one.
Assumed identity is a long-standing traditional form of credit card fraud. Assuming someone else's identity for b. Credit card generators
the purpose of receiving credit cards can be a very effective way of accumulating cards. An Individual uses a false
name with a temporary address. There is also the mare sophisticated fraudsters, who use credit card generators
computer emulation software
The individual may look for someone who has moves recently, so that the electoral register will be out of date. that creates valid credit card numbers and expiry dates.
Banks often check the electoral register to confirm addresses of new customers. The individual may also be friend " These generators are highly reliable at creating valid credit card details
and are available for free download off
an elderly person, of rent an apartment under a false name, In order to give them access to an untraceable the internet. Making them available to many individuals who run fraudulent
operations.
address that mail can be sent to.
2.11 Security Challenges Posed by Moblle Devices
This sort of fraud Is fairly straight forward to conduct. However In recent years banks have become
wary of this sort of fraud. Banks have various systems to safeguard themselves from this type of fraud. Most ‘There are two main challenges brought by the mobility to cybersecurity :
banks require account references for new customers. 1. Due to the use of the hand-held devices, information can be taken outside the physically controlled
environment.
Banks will check these account details to ensure they are not false. Banks may also wish to see a birth certificate,
2. For the protected environment remote access is being granted.
passport or drivers license before handing over any credit cards.

py Featemniadg!

Scanned by CamScanner
 yay dw cb, cre Ot
Cyber Offenses and Cybercrime
v Cyber Securty and Laws (MU-Sem 7) air W cyber Security and Laws (MU-Sem 7) 248
Loy sultabl e
Ie hs Important that the organizations should be aware about these cybersecurity challenges In developing
Cyber Offenses and Cy rime
Fig.2.12.1 shows how some tools allows user to browse
ta a required resistor value on their mobile devices. There
security operating procedure. another element to mobile device security. The new mobile applications Is
two challenges : provide protection against spyware, viruses,
Day by day mobile users are increasing and due to this there are worms, malware and other malicious codes. Microsoft and other companies
are tr rying to build up solutions as fast as
© The first problem is at the device level. It is also known as microchallenges. they can, but the core problem Is still not being addressed. The core
problem i: is baseline security Is not configured

rT De
Properly. When you Install a computer or use the mobile device for the
© The second problem Is at the organizational level. It |s also known as macrochallenges. first time ie It Is hundred percent secure. If you
want to bring the windows computer to the security level then you have to do \dditional
There are few well-known technical challenges in mobile security. a registry changes that are not
exposed through an interface.
© Managing the registry settings and configurations
Different ways are available to do the registry changes every computer out
© Authentication service security, cryptography security of damn few are efficient. When you start
researching or investigate different registry hacks then overall problems become common.
© Lightweight Directory Access Protocol (LDAP) security
© Remote Access Server (RAS) security, media player control security 2.13_ Authentication Service Security
© Networking Application Program Interface (API) security Security In mobile computing has twa components :
The above challenges
are explained in next sections. 1, Security of devices 2, Security in networks,
2.12 Registry Settings for Mobile Devices Asecure network access involves mutual authentication between the device and the base stations or Web servers.
This Is to ensure that only authenticated devices can be connected to the network for getting the requested
services.
Microsoft Activesync is designed for synchronization with windows powered personal computers and Microsoft No Malicious Code can imitate the service provider to trap the device into doing something it does not mean to.
Outlook. Microsoft Exchange ActiveSync is a synchronization protocol that enables users of mobile devices to access Therefore, the networks also play a vital role in security of mabile devices. Some well-known kinds of attacks ta which
email, calendar, contacts, and tasks from thelr organization's Microsoft Exchange server. Exchange ActiveSync Is mobile devices are subjected to are :
based on XML and works on HTTP and HTTPS. Exchange ActiveSync allows users ta access thelr data even when
1. Push attacks
offline. In this situation, registry setting becomes an essential issue given the ease with which varlous applications
allow a free flow of information. 2. Pull attacks
‘Therefore, creating trusted groups through suitable registry settings becomes very Important. The most common 3. Crash attacks
reas where this awareness to security is applicable are within group policy. Group policy Is one of the core operations Authentication services security Is significant specified the typical attacks on mobile devices through
that are performed by the Windows Active Directory. wireless
Networks: eavesdropping, man-in-the-middle attacks, DoS attacks, traffic analysis, and session hijacking.
Modern computer systems provide service to multiple users and require the ability to accurately identity the
user
making a request,
Password based authentication Is not suitable for use on computer network as it can be easily
intercepted by the
eavesdropperto impersonate the user.
There are 2 components of security in mobile computing :
© Security of Devices : A secure network access invalves mutual authentication between the device and the base
station or web servers. So that authenticated devices can be connected to the network to get requested services.
{mn this regard Authentication Service Security Is important due to typical attacks on mobile devices through WAN:
1, DoS attacks
2. Traffic analysis
3. Eavesdropping
4, Man-in-the-middle attacks
© Security In network : Security measures in this regard come from
1. Wireless Application Protocol (WAP)
2, Use of Virtual Private Networks (VPN)
3. MAC address filtering
Fig.2.12.1 roweing of Registry Value

Scanned by CamScanner
 W_ cyto Socunty and Lawa (MU-Som 7) 2.20
WE _ Oper Securty anc Laws (MU-Sem 7)
Cyber Offenses and Cybercrime Cyber Otfonsos and Cybercrime
2 By using a mobile device to impersonate as a registered
user to these systems, a would-be cracker Is then able
data or Compromise to steal
2.13.1 Cryptographic Security for Mobile Devices corporate systems in other ways
Protocol version 6 (IPv6) that ad dresses up to 64 address bits Another threat comes from the practice of port.
Gyptographically Generated Addresses (CGA) is Intemet
thal are created by hashing owner's publickey address. First, attackers use a Domain Name System (ONS) server
to locate the IP address of a connected computer.
domain Is a collection of sites that are related in some sense. A
to sign messages sent from
‘The address the owner uses Is the matching private key to state address ownership and
the address without a Public-Key Infrastructure (PKI) or other security Infrastructure. Second, they scan the ports on this known IP. address, working
their way through its TCP/UDP stack to see what

°
| transactions Initiated from mobile communication ports are unprotected by firewalls. For
Deployment of PKI offers many advantages for users to secure their financial example, File Transfer Protocol (FTP) transmissions are
typically assigned to port 21. if this port Is left unprotected, it can be
misused by the attackers.
Protecting against port scanning necessitate software that
OGA-based authentication Is used to protect IP-layer signaling protocols Including neighbor discovery and mobility can trap unauthorized Incoming data packets and stop a
mobile device from revealing its existence and ID.
Protocols,
A personal firewall on a pocket PC or smart phone device can be an effective
ft can also be used for key exchange in opportunistic Internet Protocol Security (IPSec). protective screen against this form of
attack for the users connecting through a direct internet or RAS connection.
Palms are one of the most common hand-held devices used in mobile computing. Cryptographic security controls are
For situations where all connections ta the corporate network pass
deployed on these devices. For example, the Cryptographic Provider Manager (CPM) in Palm OSS Is a system-wide through a gateway, placing the personal firewall
on the gateway itself could be the simplest solution, because
it avolds the need to place a personal firewall on all
suite of cryptographic services for securing data and resources on a palm-powered device. mobile device.
The CPM expands encryption services to any application written to take benefit of these capabilities, permitting the In any case, deploying secure access techniques that implement strong authenticati
on keys will offer an additional
encryption of only chosen data or of all data and resources on the device. Protection.

2.13.2 LDAP Security for Hand-Held Mobile Computing Devices

LDAP (Ughtweight Directory Access Protocol) is a software protocol for enabling anyone to locate organizations,
individuals, and other resources such as files and devices in a network, whether on the public internet or on a
corporate intranet.
POA
tI
LDAP is a “lightweight” (smaller amount of code} version of Directory Access Protocol (DAP) which is part of X,500, a
standard for directory services in a network. , 1
In a network, a directory tells you where in the network something is located. On TCP/IP networks (including the
internet], the Domain Name System (DNS) is the directory system used to relate the domain name to a specific Phona
Network address (a unique location on the network). Laptop network,
However, you may not know the domain name. LDAP allows you to search for an individual without knowing where 0
they're located (although additional information will help with the search). 8
‘An LDAP directory is organized in a simple “tree” hierarchy consisting of the following levels: WAP Phone
© The root directory (the starting place or the source of the tree), which branches out to
© Countries,each of which branches out to Fig. 2.13.1: Ce from mobile to tion store
© Organizations, which branch out to 2.13.4 Media Player Control Security
© Organizational units (divisions, departments, and so forth), which branches out to (includes an entry for) Today's young generation Is embracing the mobile hand-held
devices as a means for information access, remote
working and entertainment. The most important aspect for the young
2 Individuals (which includes people, files, and shared resources such as printers) generation is music and video.
It ls easy to understand how this can be a source for cybersecurity
2.13.3 RAS Security for Mobile Devices breaches. Potential security attacks are done on
mobile devices through music gateways
RAS is an important consideration for protecting the business-sensitive data There are many examples to show how a media player
that may reside on the employees’ can turn ‘Out to be a source of threat to information held
mobile devices. Mobile devices, For example, in the year 2002,
Microsoft
on
Corporation had cautioned individuals that a series
in Its windows media player could enable a malicious of aws
hacker to hij
In terms of cybersecurity, mobile devices are sensitive. Figure shows how access
to an Organization's sensitive data variety of actions. As indicated by this notice from microsoft, in 'ejack individuals ‘computer systems and carry out a
can happen through mobile hand-held devices carried by employees. Capture a computer system and perform any commission the coth mputer’s majority severe exploit of a flaw, a hacker could
owner Is permitted to do, for example,
As mobile devices are vulnerable to unauthorized access on
their own, mobile devices also offer a route into the Opening files or accessing specific parts ofa network.
systems with which they connect.
Wy Tcteieags

Scanned by CamScanner
 Cybar Offenses and Cybercrimy
WF Cyber Secunty and Laws (MU-Sem 7) 2.21 W_cybor Socurity and Lawa (MU-Som 7) 2.22 Cyber Otfenses and Cy rime
There are three vulnerabilities : 2. Adequat functionality : Mobile devices are equipped with office functionality and it
remote JavaScript can be also carries sensitive data
ser’s browser from where
{a} Files could be produced that will open a website on th
eu and applications, which are time and again not protected sufficiently or not at
all. The extended functionality also
operated
Increases the possibility of malware.
ne or
use the code on a user's machi
(b) Files could be produced which permit the attacker to download and 3. Adequate connectivity : several communication options are offered by smart phones for example, SMS,
MMS,
synchronization, bluetooth, infrared and WLAN connections. So, the Increased amount of freedom
roduced that will create buffer overrun rrors. also offers
essential to configure the system for more options for virus writers.
Registry of a computing device Is a vital I concept; It stores Information
apenenege
devices. It too has Information that the OS repeatedly mentions during an operation. Inside
applications and hardware 2.14.2 Mobile Viruses
a few keys control the behavior of the Windows Medla PI ayer control. Microsoft, through Its developer
the registry, A mobile virus is same as a computer virus that targets mobile phone data or applications or software
network MSDN, describes details of registry value settings on the mobile devices. installed in it.
Total 40 mobile virus families and more than 300 mobile viruses have been Identified.
2.13.5 Networking API Security for Mobile Computing Applications First mobile virus was identified in 2004 and it was the beginning to understand that mobile devices can
act as vectors
ical marvel
payments are turning Into a typical to enter the computer network.
With the start of e-commerce and its further result in m-commerce, online
with the payment gateways got to remotely and perhaps wireless! ly. Mobile viruses get spread through two dominant communication protocols :
applications, the API turns into a
Moreover, with the coming of Web services and thelr utilization in mobile computing 1. Bluetooth
significant thought. 2. MMS
Already, organizations are declaring the advancement of different APIs to empower software and harcore
the Bluetooth virus can easily spread within a distance of 10-30 m, through bluetooth-activated phones.
developers to compose single applications that can be utilized to focus on numerous security platforms present in
scope of gadgets, for example, mobile telephones, compact media players, set-top boxes and home gateways. MMS virus can send a copy of itself to all mobile users whose numbers are available in the infected mobile phones
The majority of these improvements are focused on explicitly at verifying a scope of inserted and buyer items,
address book.

including those running OSs, for example, Linux, Symbian, Microsoft Windows CE, and Microsoft Windows Mobile. The mobile phone virus hoax messages will be sent through e-mail or through SMS to the mobile users. For example,
Technological advancements, for example, give the capacity to altogether improve the cybersecurity of a wide scope “All mobile users poy attention IINIIIII If you receive a phone call and your mobile
phone displays (XALAN) on the
of customers just as mobile gadgets. Giving a typical software framework, APIs will turn into a significant empowering screen don’t answer the call, END THE CALL IMMEDIATELY, if you answer the call, your phone
will be infected bya
‘agent of new and higher value services. virus. This virus WILL ERASE all IMEI and IMS! information from both your phone and your SIM card, which
will make
your phone unable to connect with the telephone network. You will have to buy a new
2.14 Attacks on Mobile/Cell Phones phone. This Information has
been confirmed by both Motorola and Nokia. There are over 3 Million mobile phones
being infected by this virus in oll
2.14.1 Mobile Phone Theft around the world now. You can also check this news in the CNN website.
PLEASE FORWARD THIS PIECE OF
INFORMATION TO ALL YOUR FRIENDS HAVING A MOBILE PHONE.”
Now a day's mobile phone is an integral part of everyone's life. Due to this there is increase in mobile phones"
Mobile phone theft has also risen aver the past few years. The theft occurs in public transport, bus stops, rallway How to protect from mobile malwares attacks :
stations and traffic signals. Following are some tips to protect mobile from mobile malware
attacks :
Due to the large number of false claim many insurance companies have stopped affering mobile theft insurance. Download or accept programs and content from a trusted source.
The stolen mobile phones may contain personal information that really matter. fa mobile is equipped with Bluetooth, turn it OFF or set it to non-discoverable mode when
itis not in use or not
Cell phones are also often attacked by viruses. Necessaryto use.
3. If a mobile Is equipped with beam that is infra red let it to receive incoming
There Is increase in cell phone user due to the availability of internet, demand for Wi-Fi zones and wide usage of cell beams only from the trusted source.
4 Download and install antivirus software for mobile devices,
phones in the youths with lack of knowledge about the vulnerabilities of the technology.
The following factors contribute for outburst on mobile devices : 2.14.3 Hacking Bluetooth

1. Adequate target terminals : When the palm OS devices reached 15 million then the first Palm OS virus was seen. Bluetooth is an. open wireless technology standard used for communication
. tt is used to exchange over small
distances using short length radio waves between fixed and mobile
During June 2004 the first incidence of mobile virus was noticed. An organization “Ojam” had engineered an devices.
antipiracy trojan virus in older versions of their mobile phone game known as Mosquito. This virus used to sent Bluetooth uses the 2.4-GHz frequency range for Its transmission orcommunicatio
n.
SMS text messages to the organization without the users awareness. Bluetooth 1.0 has 1 Mbps transfer speed. Bluetooth 2.0 has 3 Mbps
transfer speed.

Wwe

Scanned by CamScanner
 _ Cyber ererime
Offenses and Cybercrime WF _Cyper Security and Laws (MU-Sem 7) 2:24 Cyber Otfenses and Cybercnme
w Cyber Security and Laws (MU-Sem 7) any other
and I'm able to connect” to Bluetooth is implemented on a mobile phone, an attacker can access information for example, the user's calendar,
basica! ty broadcasts “I'm here, ight forward, and It also makes easler
— When bluetooth is enabled on a device, it h use simple and stral contact list and e-mail and text messages without leaving any evidence of the attack
within range. This makes bluetoot!
bluetooth-based device
to identify the target for attackers. 3. Bluebugging : If a hacker Bluebugs your phone, they gain total access and control of your device.
stalls a bluetooth antenna. This makes it capable
software for them to access all info including phatos, apps., contacts, etc. Bluebugging can happen when your device is left
installed on laptop constantly scans the nearby in
= veo ee around a cata oreare the discoverable state. From here hackers gain access to your phone at the same point they do when performing.
by the attacker finds and
oon connections. Once the software tool used
” aie peur book information, Bluejacks. This is a much harder form of hacking than Bluesnarfing and Bluejacking.
eget sirens cell phone, it can do things like download address
bug phone calls and
cr ees! oa ced Soke make long-distance phone calls using the hacked device, 4, Car Whisperer: It is a hacking technique which can be used by attackers to hack handsfree Bluetooth in-car system
much more. and connect it to a Linux system to inject audio to or record audio from a bypassing car. Car Whisperer
can easily be
used by the attackers to invade privacy and listen to conversation inside a car and exploit that to illegitimate purposes
Bluetooth hacking tools :
Table 214.1 2.14.4 Mishing
Sr.No. | Name of the Too! Description — Mishing is a blend of cell phones and Phishing.
1 BlueSniff This is a GUI-based utility used to discover bluetooth device. — Mishing attacks are endeavored to utilize cell phone technology.

2 BlueScanner This tool enables ta search for Bluetooth enable device and will try to extract as - M-Commerce is quick turning into a piece of regular day to day existence. In the event that you utilize your cell phone
much information as possible for each newly discovered device after connecting it for acquiring merchandise/administrations and for banking, you could be progressively vulnerable to a mishing scam.
with the target. — Ausual mishing attacker uses call named as vishing or message (SMS) known as smishing.
The buggers exploit the vulnerability of the device and access the Images, ~The attacker will profess to be a representative from your bank or another association and will guarantee a
phonebook, messages and other personal Information. requirement for your own subtleties. Assailants are inventive and they would attempt to persuade you with different
Incase, Bluetooth of a device Is switched ON, then bluesnarfing makes it possible to reasons why they need this data from you.
connect to the phone without changing the owner and to gain access to restricted 2.14.5 Vishing
portions of the stored data.
— Mishing, is short form of ‘voice phishing’. In vishing, attacker try to extract your confidential information over the
S| BlueDiving Bluediving is testing Bluetooth access. The attacks like bluebug and blueSnarf are
implemented by blueDiving. phone,
Attacker ‘phish’ (seek to extract) for your confidential information like passwords, Personal Identification Number
‘The common attacks that appeared as bluetooth-specific security issues are ; Bluejacking, Bluesnarfing, Bluebugging {PIN), CW and OTP. They then use this information to defraud you. While phishing happens over e-mail, ‘vishing’
and Car Whisperer happens over the phone and SMiShing (also called SMiShing) happens through SMS.
1. Bluejacking : How Vishing works ?
= Bluejacking is a hacking method that allows an individual to send anonymous messages to Biuetooth-enabled A confident voice at the other end of the phone line claims to call from your bank, card company, the RBI or some
devices within a certain radius. First, the hacker scans his surroundings with a Bluetaoth-enabled device, ‘such powers-that-be. He or she may possess some of your basic personal details, and uses this to convince
you about
searching for other devices. the genuineness of the call, and to part with critical details.
= The hacker then sends an unsolicited message to the detected devices. Bluejacking Is also known as blue hacking. Similarly, the messages purporting to be from your bank or from the RBI can goad you to share such confidential
Bluejacking exploits a basic Bluetooth feature that allows devices to send messages to contacts within range. information. Some messages may also carry malicious links or phone numbers that you are egged on to click or call.
Bluejacking does not involve device hijacking, despite what the name implies. The bluejacker may send only
The excuses employed by fraudsters are many. They may say that the information is needed ta claim your windfall or
unsolicited messages. special offer, keep your card or account active or verify details as part of regulatory procedure.
- Hijacking does not actually occur because the attacker never has control of the victim's device. At worst,
If you part with your confidential data, you could see your card being charged or your account being debited in quick
bluejacking Is an annoyance. Bluejacking Is harmless, as bluejacked users generally do not know what has
time.
happened and hence they may think that their phone is not working.
Prevention
2 Bluesnarfing : Bluesnarfing Is the theft of information from awirelessdevice through a Bluetooth — Primarily, never share your details such as passwords, PIN, CVV and OTP with anyone. Be on the alert, and don’t pass
connection. Bluetooth is a high-speed but very short-range wireless technology for exchanging data between desktop on this eritical Information in a weak moment.
and mobile computers, Personal Digital Assistants (PDAs), and other devices, By exploiting a vulnerability in the waY

Scanned by CamScanner
 Ca

2-25 Cyber Offenses and Cyborcrime

wv Cyber Security and Laws (MU-Sem 7) — W Cyber Security and Laws (MU-Sem 7) 2-26 Cyber Offenses and Cybercrime
should
Information. Nor will the RBI So, such calls ill ie
Your bank or card provider will never ask for such nts that come from unknown or 2.15
and ignore them. Keep off links or attachme Mobile Devices: Security Implications for Or
Immediately raise a red flag. Cut them off
your bank, card company or the RBI.
suspicious sources. Report such instances to 2.15.1 Managing Diversity and Proliferation of Hand-Held Devices
2.14.6 Smishing — There are securities threats to information system through the use of mobile
devices, the organizations need to setup
a tr ‘ojan horse, virus or other malware onto security practices at level appropriate to their security objectives, subject to legal and
SMiShing is a security attack in which the user Is tricked into downloading other external constraints. Few
organizations implement security procedures and tools extensively where other organizations less more value on cost
his cellular phone or other mobile device. SMiShing is short form of "SMS phishing. and convenience are.
or Individual being impersonated by criminals,
You receive a fraudulent text claiming to be from a trusted organization — The chief executive officer president or director should start the efforts of policy making. If there is no organization
including the following: policy about the security then best security technology features will also worthless to the organization. Sometimesin
of funds.
© Your bank, informing you that there is a problem with your account such as irregular activity or lack an organization senior executive have given some special access rights to the corporate network which can be
circumvent standard security procedures.
©. Aretailer, offering vouchers or gift cards.
Most of the time it happens that organizations fail checks the long term significance of keeping track of owns what
© Atechnology provider such as Apple or Google, notifying that you need to validate an account.
kind of mobile device. It is necessary to register mobile devices of employees in corporate asset register irrespective of
© Aparcel delivery company, notifying you that you need to confirm that you want a parcel to be delivered. whether or not the device has been provided by the organization. Close monitoring of these devices Is needed in
© HMRC, informing you that you are due a tax refund. terms of their uses. When an employee leaves it is necessary to remove his or her logical as well as physical access to
corporate resources because employees may use their mobile devices to connect into the corporate network.
What all smishing messages have In common Is 7
If the mobile device is belongs to the company then it should be returned to IT department and after that this device
‘They instruct you to either go to a website or make a phone call to a specified number. should be deactivated and cleansed. Organizations ta encourage the employees to register any device they use to the
IT department. Does the access can be provision in a controlled manner and provision appropriately when the
They play on your basic human emotions and needs, such as trust, safety, fear of losing money, getting something for
employee leaves the organization.
nothing, eagerness to find a bargain or desire to find love or popularity/status.
Many young employees of the enterprises embrace the mobility solutions. This employee prefers instant messaging
‘They generally state or Imply the need for your urgent action to either avoid an issue or take advantage of an offer. instead of e-mail and very often uses social networking services like Facebook, Twitter. These employees also prefer
Websites you visit via smishing messages generally either request confidential details or cause your internet use personal consumer oriented devices in the work environment and adapt quickly new technology. On the other
hand the old employees are slow in accepting mobility solutions most probably they rely on voice communication and
connected mobile device to be infected with malware. Phone calls you make in response can either result in confidential
e-mail. Different points of view between ald employees young employees give rise to mobility generation gap.
details being requested, or be to a premium rate number resulting in very high charges being added to your phone bill.
2.15.2 Educating the Laptop Users
How to avold becoming a victim of smishing ?
Corporate laptop users could be put their company’s networks at risk by downloading the non work related software
Do not click on links in text messages unless you are 100% certain that they are genuine and welt-intentioned.
which spreads viruses and spyware. This is due to the software accessing on laptops become more complex as more
- Take time to consider your actions before responding to text messages. applications are used on an increasingly sophisticated operating system with various connectivity options.
Ask yourself if the sender, if genuine, would really contact you via this text. It has been observed that many employees are using their laptops for downloading illegal music and movies and also
Recognize threats of financial issues or offers that seem too good to be true, for what they really are.
accessing peer to peer web sites that influence their laptop as well as the business network when they connect to the
corporate system.
If in doubt, call the correct number of the organization or individual from whom the text claims to have been sent, to
— Despite of these, only half of the companies are using tools to manage internet access on laptop. The policies and
check its authenticity. procedures related to laptop have been evolved over the years to be able to cope with managing laptops connected
Remember that even if the text message seems to come from someone you trust, their number may have been by wireless means.
hacked or spoofed. 2.15.3 Protecting Data on Lost Devices
Do not respond to the text message. Doing so could result in your details being added to a ‘suckers’ list’ and you will
Protection of the data mobile android device is Important. Cyber security need to address this issue because there is
be inundated with similar messages.
some data on the devices stored is persistent and always running application. Protect the data stored on persistent
Generating spam : including scam texts on their networks, and report them to the regulators. device. There are two precautions that an individual can take to prevent the disclosure of the data stored in the
mobile device :
— Report spam text messages directly to your mabile phone provider.
© Encrypt the sensitive data
© Encrypt the entire file system
v Toh Lerten

Scanned by CamScanner
 ty 9!
a” Cyber Offenses and Lydererime
Wr Cyber Secunty and Laws (MU-Sem 7) 7
There are many third party tools available to W cyber Seourity and Laws (MU-Sem 7)
Seaatiane files stored on the server. An individual can 2.28
lemory rected.
Cyber Offenses and Cybercrime
= The Geta oe on ap de Tot
judinging encryption
Protect data on the lost a privilege data0! on lost device using suitable tool. The important Pe li = here 2.16 Organizational Measures for Handling Moblle Devices-Related Security
—— capumaits co gn how to respond ta the loss of a device whether It is data 7 Bs +2POA
Issues

la fee fare de be ope ona ons for the device owners too quickly report the loss and dev! re ee ould
It Is also important for the to their system in mobile puting.
awaere na pina One can also write emergency contact Information on the device itself that wil be also 1. Encrypt organizational database
helpful. ~ _ Database stores critical and sensitive information and it is not difficult to access this information using hand held
2.15.4 Unconventional/Stealth Storage Devices devices,

drives. With the advancement of the technology — Encryption is required to prevent the organizations data loss.
— The employees use Compact Disc (CD) and Universal Serial Bus (USB)
the size of the storage devices Is decreasing. It is very difficult to detection devices
for organizational security. So, it Is — Two algorithms are used for strong encryption, they are :
advisable employee not to use these devices. Rijndael : it is a block encryption algorithm, selected as the new Advanced Encryption Standard (AES) for
and trojans
- Antivirus software's and firewalls are no defense against the threat of open USB port. The viruses, worms block ciphers by the National Institute of Standards and Technology (NIST).
enter into the organizational network and destroy the valuable data in organization network.
b. Multi-Dimensional Space Rotation (MDSR) algorithm , this algorithm is developed by Casio.
— Organization has the policy to block this phone when they issue asset to the employee. Sometimes Windows — The Database file encryption algorithm AES and MOSR makes the database file inoperable without the key
operating system's standard access controls do not permit the assignment of permission for USB ports and restricting
(password).
these devices becomes next to impossible.
— When the database is encrypted the information of the main database file i.e. temporary and transaction log file
- An unhappy employee can connect USB or small digital camera or MP3 player to USB part of any unattended
is get scrambled. So, the information cannot be deciphered by looking at the files using a disk utility.
computer and will be able to download confidential data or upload harmful viruses. If the malicious attack launched
within the organization then Firewall and antivirus software are not altered. — If the weak form of encryption is used then its performance impact is negligible. On the other hand, the
performance impact of strong encryption is high.
- The device lock software can be used to control the unauthorized access to plug and play devices the features of the
— When you are using the strong encryption then do not store the key on the mobile device. If you lose the key,
software permits system administrator
to :
your data are completely inaccessible.
‘© Monitor which users can access USB ports, Wi-Fi and bluetooth adaptor CD read only e memories and other
removable devices. ~The key should be entered correctly ta access the database as it is case-sensitive. The key is needed whenever
you are accessing the database or you want to use service on your database.
0 Devices in read only mode.
— To provide the greater security the database server display a dialog box where the user can enter the encryption
it protect disk from accidental formatting. key.
°

it creates a y list of USB devices which permits you to authorise only specific devices that will nat be locked — An additional security measures are used to enforce a self-destruct policy that is controlled from the server to
°

regardless of any other settings. Protect from the attack or stealing through the mobile device that is connected to the corporate databases.
© Itcontrols the access of devices based on the time of the day and day of the week. — When a device that is identified as lost or stolen connects to the organization server, IT department can have the
aeeeereieaenene

~ One mare aspect in cyber security complications is the falling prices af the mobile devices. The modern mobile device server send a package to destroy privileged data on the device.
is good productivity tools. So, many organizations are allowing employees use the mobile devices. The device
2. Include mobile devices In security strategy
management should include user awareness education and as they should encourage the employees to take some
Personal respansibility for physical security of their devices. — Now a day's mobile workforce is increasing and organizational IT departments have to take the responsibility for
cyber security threats that are coming from wrong access to organizational data from mobile device user
2.15.5 Threats through Lost and Stolen Devices employees.
‘When the people are travelling it happens that mobile hand-held devices get lost. Lost mobile devices are a larger — By using security as an excuse many organizations do not want to include mobile devices in their environments.
security risk to corporations. This lost or stolen device put the company on serious risk of damage, exploitation or damage
The organization says that they fear loss of sensitive data that could result from a PDA being stolen or in
Unsecured wireless connection being used.
to its professional integrity. Many lost devices have wireless access to a corporate network and have very little security. It
— But to secure the mobile devices many jes are available and for many i these
makes them a weak link and a main headache for security administrators. If the lost device is personal, then it results in are enough. There are many ways to lock the devices or to destroy the lost data by sending a special message to
Brivacy exposure. Many people store large amounts of sensitive Information with very few concerned
about backing it uP the machine. There are few mobile devices available that have high powered processors, these processors
of protecting it. Support 128 bit encryption.
— To handle the cyber security challenges users can use integrated security programs for mobile and wireless
systems into the overall security blueprint.

wv

Scanned by CamScanner
 a /iy terns ge
2-20 Cyber Offenses and Cybercrime
or Offenses and Cybercrime Wy _cyber Security and Laws (MU-Sem 7)

and Laws (MU-Ser. 2

29
2. Operating guidelines for Implementing moblie device security policies
asset being stored on mobile devices, but
virus checking, strong Inthe situations given above, the solution Is ban all confidential data from
= Enterprises can also use the following things: corrupted data Implement practically it is not completely possible. Organizations can, on the other hand,
decrease the risk that confidential

coopera gemenrermren mS TNT TNT TELL NN

ytry ofof cor
a. To prohibit unauthoriz ed access ems. steps :
mobile information will be accessed from lost/stolen mobile devices through the following
oe panama data through a firewall for example, — Decide If the workers In the organization need to utilize mobile computing
devices by any stretch of the
b. Study atternatives that permit Imagination, in light of their dangers and advantages inside
the organization, business, ve
and administrati
VPNs. security audits.
recurrent and thorough } condition.
For mobile devices develop 2 system of more a wareness program. re-appointing those devices to
. in the mobile training and
support program Include security closely for a a. Expel information from computing devices that are not being used or before
an

Monitor the user accounts

the right law enforcement agency. new proprietors. This is to block incidents through which individuals acquire
“old” computing devices that still
fe. Change the password and informactivity.
period of time for any unusual Era t had confidential organization information.
ind Measures In Mobile Computing and the sorts of devices utilized. Most
Execute extra security advances, as fitting to fit both the organization
2.17 Organizational Security Policies b.
many apparatuses as solid
} mobile computing devices should have their local security enlarged with so
relating to mobile computing devices: utilized for authentication and
Significance of security policies encryption, gadget passwords, and physical locks. Biometrics methods can be
the cybersecurity [ssu e bigger than our imagination.
1. |
— As the use of the hand-held devices is increasingit makes | encryption and can possibly dispense with the difficulties related to passwords.
Now 2 day, the youth is using the hand-held devices like wallets. People storing confidential information on c. Standardize mobile computing devices and the related security apparatuses being utilized
with them. As an
= their hand-held devices.
|
mobile computing devices. They are listening isten to music using
become
| Issue of essential guidelines, security breaks down rapidly as the instruments and devices utilized
numbers, passwords, confidential e-mails and
= People should think before storing credit card and bank account also additional Important information that
progressively divergent.
planned information about organization, merger or takeover plans and d. Offer education and awareness training to staff utilizing mobile devices. Individuals can't be required to
could impact stock values in the mobile devices. properly verify their data in the event that they have not been told How.
lost and it reveals the sensitive custome! r information
If an employee's laptop, USB, pluggable drive get stolen or It will be a e. Build up a particular structure for utilizing mobile computing devices, including rules for data syncing, the
the business.
tke credit report, contact information, soclal security numbers, it will highly impact | utilization of firewalls and hostile malware software and the kinds of data that can be stored on them.
Public Relation (PR) failure and also violate laws and regulations. | f. Set up fixing methodology for software on mabile devices. This can regularly be improved by incorporating
there are no controls
There will be a very big legal trouble to the public companies whose data got stolen. If information on } fixing with syncing or fix the executives with the centralized stock database.
implemented for data protection then way out is to prevent users from storing proprietary but, it will be } g. Setup techniques to debilitate remote access for any mobile devices announced as lost or taken, Numerous
platforms considered to be inadequately secure. It is difficult to enforce such type of policy,
be | devices enable the clients to store usernames and passwords for online interfaces, which could enable a
effective if user awareness get increased. Policies related to the information handling and classification should | cheat to access significantly more data than on the gadget itself.
defined dearly that what kind of data should be store on mobile device. If there are no controls available then
avoid to store confidential data on mobile devices. f hh. Unify the administration of your mobile computing devices. Keep up a stock with the goal that you realize
involved | who is utilizing what type of devices.
— Cell phone voice call interception Is putting many businesses are putting at risk. There are 6 situations
the use of cell phones to sensitive and ion occurring in . i. Mark the devices and register them with appropriate assistance that helps return recovered devices to the
proprietors,
- The situations illustrated the following :
© A CEO's executive assistant utilizes a POA to orchestrate ground transportation that uncovers the CEO's | 3. Organizational policies for the use of mobile hand-held devices
identity and location.
| — Creating devices devices iiss thethi first step in securing
mobile company policies that deal with the uni ique issues of the mobilei le devices
© Acall center s representative helps a client utilizing a phone to set up a record and gathers individual data
(counting SSN). | — Using different ways policy creation for mobile devices can be handled.
© Ateam lead directing business in Asia utilizes his /her mobile phone to speak with the home office, | a. Create a distinct mobile computing policy.
0 The
pict finance
ita and accounting i staff staf talks about profit of official statement and one member on the call is utilizing | b. Include such devices under existing policy.
- ore js
Onea sores his ss te ° check whether mobile devices fall under both existing general policies and anew one
A
© Aconference call among senior lor pioneers i in the organization in which mobile phones are now and again - ybrid approach is used to create the policy related to the specific nee mobi
| what to do If they are lost or stolen. és of the mobile device. For example,
‘An outer legal advisor requests restrictive and secret data while utilizing his mobile
phone. |

——

Scanned by CamScanner
 esiny
and Cyberer
cyber Offens
WW Cyper Seauty and Laws (MU-Sem
7) 2.22 Cyper Ottenses
and Orerrme
We Sect ors Law S07) sm
— The other disadvantage cf security cables is when the laptop is locked to an object that is not fred or & weak
= te Fr potcy many generat tesves are covered. enough for anyone to break it. In certain cases of laptop thefts, the thief dismantled or smashed the fixed Rem to
ite 6 mae = fee " + written network policy can which
the laptop was attached to.
— Few eceapeat ase patcy separate polices 32
- Rare can ect wae area Nerwcrt (WAN) gneeds mobile and wireles s Laptop safes
cone of conmectra to the company éata, courtin policy, however, they find over
- The compamees that are new to mobile devices
may accept the challenges posed by diverse kinds of mobile Use the safe made up of polycarbonate. This material is also used to riot shields, bulletproof windows, and Bank
match
tome that they wal require to change ther polices to devices are different than non-wireless devices, security screens. This material can be used to protect the laptop.
hamd-held devices For example, the chatenges posed by wireless polides for the mobile devices on the Motion sensors and alarms
es may require creating separate
= he may happen that eventually, compani
of differen ces for devicesthat connect
to WANs and
tests of whether they connect wirelessiy and by means
One can also use alarms and motion sensors to track missing laptops in crowded places. These alarms and
mation sensors are loud and due to their loud rature, they help in deterring thieves. Modern alarm systems are
LANs. its uses,
- Ris ster al an ewe cf ree for many organizations. By neck designedfor laptops. This alarm device is attached ta the laptop transmits radio signals to a certain range around
how their competitors wi ft
may thick of ways they can use & and, maybe st 25 significant,
the laptop.
| The proprietor of the laptop has a key ring device that communicates with the laptop alarm device. When the
218 Laptops distance between the laptop and the key ring device crosses the specified range then the atarm gets triggered.
The PCMQA cards that act as a motion detector, an alarm system, and too have the ability to lockdown the
pose large threat as they are portable. Due to wireless
= Now 2 day, Laptop use has become very comemon. Laptops | laptop if the laptop is moved out of the selected range. They in addition secure the passwords and encypucn
is increased as it is difficult to detect. So,
abacy cy] seurty worry to the information that is transmitted keys and avoid access to the OS. Batteries are used in the card for power on even when the system is shutdown.
broad: spreading use of laptops. Laptop theft is
crpmicstions have to take some measures for cyber securty by the |
:
‘Warning labels and stamps
the major sue.

|
the black market. There are very ‘Warning labels containing tracking information and identification details can be fared onto the laptop to Geter
Cyber creminais target the expensive lactngs to enable them to fetch a quick profit in
have sensitive aspiring thieves. These labels cannot be removed easily and are a low-cost solution to a laptop theft.
few theeves who are accualy interested in the information that is contained in the laptop. Many laptops
and personal Cyber crimnals misuse this i i These labels have an identification number that is stored in 2 universal database for verification, which in turn

|
that makes the resaleof stolen laptops a difficult process.
Many senior managers ir the organization do not protect the information stored in the laptop as they think Such lables are highly recommended for the laptops issued to top executives and/or key employees of the
ieformaton stored im the laptop is only or them.
organizations.
Physical security courtermeasures
Other measures
for protecting laptops are as follows=
— Ongertzations ave heaviy dependent upon a mobile workforce with access to information, no matter where they } — Carve the laptop with personal details.
travel. However, this mobility is putting organizations at risk of having a data breach if a laptop containing sensitive
ieformationis lex or stolen. — Try tokeep the laptop near you wherever possible.
Carry the laptopin a unusualand barely visible bag making it barely visible to potential thieves.
Hence, physca! seaurty courtermeasures are becoming very vital to protect the information on the employees’
laptops and to reduce the Ekellhood that employees will lose laptops. Management also has to take care of creating Create the awareness among the employees to understand the responsibility of carrying a laptop and also about
awareness among the employees about physical security countermeasures by continuous training and stringent the sensitivity
of the information stored
in the laptop.
monzoning of organizational policies and procedures about these physical security countermeasures. ~ Prepare a copy of laptop serial number, purchase receipt and the description of the laptop.
L Cables and hartwired
locks = To protect the information in laptop install encryption software.
— and invasion.
use personal firewall software for blocking unnecessary access
Make the use of cables and locks that are specially designed for laptops. Kensington cables are one of the most
popstar brands in laptop security cables. These cables are made of aircraft-grade steel and Kevlar brand fiber. — Regularly update the antivirus software.
thus making these cabtes 40% stronger than any other conventional security cables. Keep the laptops in security lockers when not in use and tight the office security.
One end of the security cable is fit into the universal security slot of the laptop and the other end is locked around Do not leave the laptop unattended in public places, for example, parking lot, conferences, car etc.
cards.
any fixed furrature or Rem, thus making a loop. These cables come with a variety of options such as number If laptop is not in use then disable the IR ports and wireless cards and remove PCMCIA
focks, key locks and alarms. [private or corporate)
Logical access controls are also there for information systems security. As information
However, the downside of the security cables Bes in the fact that one can easily remove detach: able bays such as needs high security as it is the most major asset of an organization
or an individual.
(CD-ROM bay, iceman Card industry Association (PCMCIA) cards, Hard Disk Drive (HOD) bay
and other removable devices laptop as the cable only secures the laptop from being stolen,

wii

Scanned by CamScanner
 eenemenieenas
Cyber Offenses and Cybercrime
We _cyber Securty and Laws (MU-Sem 7) Wr _ Cyber Security and Lawa (MU-Sem 7) 2-34 Cyber Offenses and Cybercrime
‘Some logical access controls are as follows: Q.13 Write @ short note on Authentication Service Security? (Section 2.13)
1. Protect from malicious programs. a4 Explain the Attacks on Mobile/Gell Phones? (Section 2.14)
2. Avoid weak passwords. ais Write a short nota on Vishing? (Section. 2.14.5)
3. Monitor application security and scan for vulnerabilities. 0.16 Write a short note on smishing? (Section 2.14.6)
4. Make sure that unencrypted data/unprotected file systems do not create threats.
Qi7 Write a short note on Security Implications for Organizations in mobile devices? (Section. 2.15)
5. Handle storage mediums/ removable drive/unnecessary ports properly. a8 Explain the Organizational Measures for Handling Mobile Devices-Related Security Issues? (Section 2.16)
6. Use strong password by using suitable passwords rules.
ais Explain the Organizational Security Policies and Measures in Mobile Computing 7 (Section 2.17)
7. Lock unwanted devices or port.
a.20 Write a short note on Laptops? (Section 2.18)
8. Install security patches and updates on regular basis.
9. Install antivirus software/firewalls/intrusion detection system (IDSs).
10. Encrypt important file systems. Q090

Other countermeasures
~ Select a secure operating system
- Take the backup of data on regular basis.
— _ Register the laptop with the laptop manufacturer to track it in case of theft,
- Disable unwanted user accounts and rename the administrator account.
— Disable the display of last logged in username in the login dialog box.
— Take the backup of data on regular basis.

Q.1_ How Criminals Pian the Attacks? (Section 2.1)

Q2 Explain Phases invoived in planning Cybercrime? (Section 2.1)
@3 Tools used during active atiacks
QA White short note on Social Engineering. (Section 22)
Q.5 What is Cyberstaiking? Explain the types of cyberstalking? How stalking works? (Section 2.3)
Q.6 =~ Write shor! note on Cyber café and Cybercrimes? (Section 2.4)
Q.7 Witte short note on Botnets. (Section 2.5)
.8 Write ehon note on Attack vector. (Section. 2.6)
Q.9 Explain attacks on cloud computing? (Section 2.7)

@.10 Woe short note on Protteration of Mobile and Wireiass Devices. (Section 2.8)
Q.11 Explain the Trends in Mobitity? (Section 2.9)

2.11 Explain the techniques used for Credit Card Frauds In Moblla and Wireless Computing? (Section 2.10)
Q.12 Explain
the Seourty Challenges Posed
by Mobile Devices {Section 2.11)

Scanned by CamScanner
 See asst aisha Seay
W_ cyber Security and Laws (MU-Se
m 7) 32 Tools and Methods used in Cyberfine
3.1.2 Phishing Techniques

1. Spear phishing

Tools and Methods used Traditional

ra i phishing uses a ‘ ‘spray and Pray’ / approach, meaning mass
emails are sent to as many people as
in Cyberline Possible, spear phishing Is a
organization they are after.
much more targeted attack in which the hacker knows which
specific individual or
They do research on the target in order to make the attack more
personalized and
increase the likelihoodof the target falling Into their trap.
2. Session hijacking
Syllabus {n session hijacking, the phisher exploits the web session control mechanism to steal
information fram the user. In a
DoS and DDoS attacks, SQL.
Phishing, Password cracking, Key loggers and spywares, Virus and worms, Steganography, simple session hacking procedure known as session sniffing, the
phisher can use a sniffer to intercept relevant
Injection, Butter over flow, Attacks on wireless networks, Phishing, Identity Theft (ID Theft) Information so that he or she can access the Web server illegally.

3. E-mall/spam
3.1 Phishing
Phishing is a technique used to gain victim’s personal information generally for the purpose of identity theft. Phishing
involves using a form of spam to fraudulently gain access to victim's online banking details such as credit card details
online
etc. As well as it also involves targeting online banking customers, sending phishing emails. It may also aim
sell-off sites or other online payment facilities. 4.
An example of a phishing e-mail will be where the mail asks a net-banking customer to visit a link In order to update
his/her
Personal bank account details. When the user visits the link the victim downloads a program which seizes
banking login details and sends them to a third party.
3.1.1 Features of Phishing Mall
1 Too good to be true - Lucrative offers and eye-catching or attention-grabbing statements are designed to attract 5.
people’s attention immediately. For instance, many claim that you have won an iPhone, a lottery, or some other lavish
prize. Just don't click on any suspicious e-mails. Remember that if it seems to good to be true, it probably is.
super deals are only
2 Sense of urgency - A favorite tactic amongst cyber criminalsis to ask you to act fast because the
for a limited time. Some of them will even tell you that you have only a few minutes to respond. When you come 6.
across these kinds of emails, it's best to just ignore them. Sometimes, they will tell you that your account will be
suspended unless you update your personal details immediately. Most reliable organizations give ample time before
When in doubt,
they terminate an account and they never ask patrons to update personal details over the Internet.
visit the source directly rather than clicking a link In an e-mail.
7.
Hyperlinks - A link may not be all it appears to be. Hovering over a link shows you the actual URL where you will be
directed upon clicking on it. It could be completely different or it could be a popular website with a misspelling, for
Instance www.bankofarnerica.com - the 'm' Is actually an 'r' and an 'n', so look carefully,
Attachments - If you see an attachment in an email you weren't expecting or that doesn't make sense, don't open It! 8.
‘They often contain payloads like ransomware or other viruses. The only file type that is always safe to click on is a .txt
file.
Unusual Sender - Whether It looks like it's from someone you don't know or someone you do know, if anything seems
‘out of the ordinary, unexpected, out of character or just suspicious in general don't click on itl
Using the most common phishing technique, the same e-mail is sent to millions of users with a request
to fill in
Personal details. These details will be used by the phishers for their illegal activities. Most of the messages have an
urgent note which requires the user to enter credentials to update account information, change details,
or verify
accounts. Sometimes, they may be asked to fill out a form to access a new service through a link which is
pravided in
the e-mail.
Web based delivery
Web based delivery is one of the most sophisticated phishing techniques, Also known as “man-in-the-middle,*
the
hacker Is located in between the original website and the phishing system. The phisher traces details during a
transaction between the legitimate website and the user, As the user continues to pass information, It Is gathered by
the phishers, without the user knowing about it.
Link manipulation
Link manipulation is the technique in which the phisher sends a link to a malicious website. When the user clicks on
the deceptive link, it opens up the phisher’s website instead of the website mentioned in the link, Hovering the mouse
over the link to view the actual address stops users from falling for link manipulation,
Keyloggers
Keyloggers refer to the malware used to identify inputs from the keyboard. The Information Is sent to the hackers who
will decipher passwords and other types of information. To prevent key loggers from accessing personal information,
secure websites provide options to use mouse clicks to make entries through the virtual keyboard.
Trojan
A trojan horse Is a type of malware designed to mislead the user with an action that looks legitimate, but actually
allows unauthorized accessto the user account to collect credentials through the local machine. The acquired
information is then transmitted to cyber criminals.
Malvertising
Malvertising Is malicious advertising that contains active scripts designed to download malware or force unwanted
content onto your computer. Exploits In Adobe PDF and Flash are the most common methods used in
malvertisements.
¥

Scanned by CamScanner
 Tools and Mi ethods used in Cyber;
yberling
WW _cyber Securtty and Laws (MU-Sem 7) = W cyber Security and Laws (MU-Sem
7)
3.1.3 Preventing Phishing Attack ©
Tools and Methods used inCyberiine
Series of letters “QWERTY”
he filters
Tene assess the origi jin of the message, spar
t's spam, Cecaslonaly,
the
To protect against spam mails, spam filters can be used. Generally, tl a Name of favourite celebrity
mn
software used to send the message and the appearance of the message to
filters may even block emails from legitimate sources so It isn’t always 100% accurate. Exploitation of stored Passwords
a list
keepThe of fake
felifes‘f
The browser. settings should be changed to prevent fraudulent websites from opening. Browsers
is shown, Guessing a password is a tedious
Job. If the attackers list of the password
websites and when you try to access the website, the address Is blocked or an alert messagt computer. Some people use differen which may be on the hard disk of a
t password in
the browser should only allow reliable websites to open up. Password on the systems hard disk or somewhere, thi '¢ Organization for different purposes so they store there
where they can get it in case if they lost
of system may be
Many websites require users to enter login information while the user image Is displayed. This type
the system. The cracker just has to acquire the stored copy on
these fil les.
basis, and ree u . the
open to security attacks. One way to ensure security Is to change passwords on & regular Some people do not store the Passwor
d in the plain text format they store the Password
ta use a CAPTCHA system for added security, in encrypted or hashed
Same password for multiple accounts. It’s also a good idea for websites format. If the cracker can Get the encrypt
ed Password file then the attacker use a
Program uses all the hash function the system software Program. This
Banks and financial organizations use monitoring systems to prevent phishing. Individuals can report phishing to uses and encrypts possible passwords,
with the encrypted passwords in the Password then compare the result
industry groups where legal actions can be taken against these fraudulent websites. Organizations should provide file. This method is known as comporative onolysis.
security awareness training to employees to recognize the risks. 3. Interception of passwords.
‘Changes in browsing habits are required to prevent phishing. If verificatian is required, always contact the company Crackers every time do not capture the Password file
Personally before entering any details online.
or guess thePassword. When the password send across the
network through the remote access connection in the form of plain text,
then that password may get intercepted
ff there is a link in an e-mail, hover over the URL first. Secure websites with a valid Secure Socket Layer (SSL) certificate by the attacker. They use sniffer software for interception. Another
technique to intercept the Password Is
begin with “https". Eventually all sites will be required to have a valid SSL. keystroke logger. The keystroke logger is hardware device
or a software program, it Captures and records the
every character including password.
3.2__ Password Cracking A device time domain reflect meter (TDR) is used to detect the unauthorized
packet sniffer on the wire. It sends
the pulse down the cable and generates a graph of reflections that are returned.
Many times people use name and password to get the access of particular system. Passwords can be cracked by the
— By reading the graph we can find where the unauthorized devices are attached to the cable.
‘attacker and the attacker can use that password to impersonate the legitimate user. There are many ways to crack the
There are also some techniques like PING, DNS and ARP also help to catch
password : the unauthorized sniffers.
Password decryption software
Use the brute force
>

L
~ One byte patching -The one byte patching technique is used to decrypt the program. it decrypts
2. Recover and exploit the password stored on the system the password
simply by changing one byte in the program.
3 Make use of password decryption software Known plain-text method - In this technique is used with algorithms. The attackers already
have obtained one or
4. Social engineering more decrypt files the attacker use same methods to decrypt the other files which
contains the same algorithm.
This technique is used to attack the password protected files like ip, .rar, and .arj files.
5. Social engineering
Brute force
— Social engineering requires the social abilities and the individual communication to make
somebody to uncover
In the brute force attack the attacker will try all the possible combinations to crack the password until the Security related data and maybe even to accomplish something that allows an attack.
attacker get the success. The brute force attack is performed manually. This attack Is also known as dictionary
The fundamental thought process behind the social engineering is to convince the victim to be useful.
attack. Password cracking is also used for legitimate use, for example, an employee make left the Job suddenly,
an employee may die and it may be possible an employee may forget his/her password. 6. Man-in-the-middle attacks
So, to retrieve the important file password cracking is used. This Is also known as password recovery, It is advised Man-in-the-middle attacks affect traffic being sent between communicating parties, and can include interception,
to create ling and complex password. There are some tools available which allow dividing the task into parts and Insertion, deletion, and modification of messages, reflecting messages back at the sender, replaying old messages and
also using many machines simultaneously to work on it, this technique Is called distributed attack. redirecting messages.
- WMbrute force attack the attacker guess the password. The examples of guessable password are :
3.2.1. Prevention and Response
° Blank
9 Users birth place, DOB Password Is the main and the first line of defence in some system and networks. To prevent the password from
o Vehide number cracking:
© Users name or login name ~__Uselong
Wy Matemsarys

Scanned by CamScanner
 aaa
Toots and Methods used In Cyberline
35
W_oyter Secunty and Laws (MU-Sem7) W_cyter Security and Laws (Mu-Sem7) 36 Tools and Methods used in Cyberline
= Use special characters ~ A keylogger recorder can record instant messages, e-mail, and any information you type at any time using your
- Avoid actual names and words keyboard. The log file created by the keylogger can then be sent to a specified receiver. Some keylogger programs will
- Donot tell your password to anyone also record any e-mail addresses you use and Web site URLs you visit.
- Donot write the password 3.3.1(A) Types of Keylogger
= Change the password regularty
There are two types of keyloggers available ::
322 Prot Network st Social Engineers
s eople on the network are vulnerable to the network, 1. Software based
jecting the aan
~ Social engineering is a big challenge tothe administrator. Some PROF AT ads extra time far verifying
The intruder may woe the user by telling the stories of extra cost A software keylogger is a Software made up of dedicated programs designed to track and log keystrokes that needs to
their identity. ne company and he may threaten the employee with loss of be installed on the computer. Once the keylogger is installed on a PC, it starts operating in the background (stealth
prevention comes through the mode) and captures every keystroke of the target computer.
= ,Yeaisttacker may inpove hopin ooo areolart rate. i social engineering
vate
job or any other action if the employee doesn’t cooper
education rather than technical solution. Advantages
3.2.3 Password Cracking Tools There are lots of advantages of installing tis software program. They're as follows :
raha — You can monitor the websites that the person visits. You can also view all the talks on the social media websites
contributing to the trade associated with e-mails. You may also expose the actual passwords as well as be aware of
Tools Description details of the online buying.
Brutus is one of the most popular remote online password cracking tools. It beLaerhin the — The software automatically information all the keystrokes in a log document as well as submits this towards the host.
Brutus fastest and most flexible password cracking tool. This tool is free and is only av ft can be as a contact or the destination drive chasen by the user,
Windows systems. - The actual logs have been in the actual encoded type therefore it is very a hardship on an individual apart from the
une for consumer to comprehend.
Rainbow Crack is a hash cracker tool that uses a large-scale time-memory trade
i trade of is a
faster password cracking than traditional brute force tools. Time-memory tr — When
selected
the person gets the record, they're instantly decrypted and obtain them in the form of htm! file or the source
computational process in which all plain text and hash pairs are calculated by using a selected
computation, results are stored in the rainbow table, This process is very ed.
Rainbow Crack — | pach algorithm. After
time consuming. But, once the table is ready, it can crack a password must faster than brute force ~ _ Installing the software Is an extremely easy process as well as within couple of days, you will get used to this.
tools. ol
\Wfuzz is another web application password cracking tool that tries to crack passwords with et Software keyloggers have a disadvantage as they do not begin logging from the moment a computer is turned on and
forcing. It can also be used to find hidden resources like directories, servlets and mete te are therefore not able to collecta BIOS password for instance.
Wut i ton, XSS Injection, Injection,
can also ety different kind of injections Including SAI. Injection i — Software keyloggers s can be easily detected by some anti-keylogger softwares.
etc in Web applications.

THC Hydra is a fast network logon password cracking tool. When it is compared with other similar Detection
THC Hydra tools, it shows why it is faster. New weal ae aay 7 ea bh ee ee The anti-keyloggers are used to detect software keyloggers. Anti-Keylogger softwares examples are :
modules and enhance the features. . ItIt isIs available for Windows, 5 . a yEetaAMiie
‘Aircrack-NG is 2 WIFI password cracking tool that can crack WEP or WPA passwords. It analyzes 2
wireless encrypted packets and then tries to crack passwords via its cracking algorithm. It uses the EMANA ANTILOGGER
Aircrack-NG FMS attack along with other useful attack techniques for cracking password. It is available for # KL-DETECTOR
Linux and Windows systems. A live CD of Alrcrack is also available. Baste

3.3 _Key Loggers and Spywares ~ Security - It makes sure that confidential information would not be stolen from hard disk and prevents us from
becoming the victim of the cyber crime and thefts. The main targets of keyloggers are financial institutes.
3.3.1 Key- Loggers = Remove Keylogger - It will remove the keyloggers that are running in your computer.
= Keyloggers are also known as keystroke loggers. This Is a program that runs all the time on your computer from the — Privacy Protection
- Anti-keylogger prevents your data from being revealed through keyloggers. Your all the activities
minute that you start it up. The keylogger will either record every keystroke you make or just those made in specific like, file download, email, website visits, messages, calls and videos remain private unless you would reveal them
fields on websites to a log file, usually encrypted. yourself.

vem +

Scanned by CamScanner
 ELL
Tools and Methods used In Cybariing
WW _Oyter Securty arc Lava (Mu-Som 7) bas er a key
wy Cyber Security Lawa (MU-Sem 7) 38 Tools and Methods used
fe ature It also provides a warning whenev
In Cyberline
— Keylogger Detector. Anti - keylogger not only provides disabling
- A keylogger can be installed via a web
Page script which exploits a bro Mt MMity.
logging Is being launched In your computer, automatically be launched whe
a user
n visi
a infecte
tsd site ser ners THe program
wi
— _ Rellable- The Anti-keyloggers are easy to use that ls they are user friendly. A keylogger can be Installed by another Malicious
program already present on the victim machine,
capable of downloading and Installing if the program Is
2 Hardware based other malware to the system.

capacity ranging fram 3.3.1(C) Prevention

A Hardware keyloggers comes in USB models. Hardware keyloggers commonly have storage for
any of the software program
64KB to MB. Unlike the software keylogger, # hardware keylogger do not depend on - Use caution when opening attachments - files received via
ernail, P2P networks, chat, social networks, or even text
as an Interface between the messages (for mobile devices) can be embedded with malicious
Its operation as they function at the hardware level Itself. A hardware keylogger acts software that has a keylogger.
= * Watch your passwords - Consider usi Ing one-time
computer and the computers keyboard. The device has a built-in memory In which all the recorded
keystrokes are passwords and make sure key sites you log into offer two-step
verification,
stored. They are designed to work with PS/2 keyboards, and more recently with USB keyboards. = Try an alternative keyboard layout - Most of the keylogger software
available is based on the traditional QWERTY
Advantages layout so if you use a keyboard layout such as DVORAK, the captured
keystrokes does not make sense unless
converted.
— Hardware keyloggers are easy to install and uninstall.
- Using anti-Keylogging softwares - Some antispyware programs detect keyloggers.
— Since It operates st the hardware level itself, It Is fully compatible with all the operating systems like windows and
UNDE - A final defense against keyloggers Is a firewall that detects outbound traffic A firewall
can alert the user to
unauthorized attempts to transmit data to the Internet
— Unlike a software keylogger, it cannot be detected by ant-spywares and anti-keyloggers.
- Hardware keyloggers are also known to come in the form of a spy keyboard where the keylogger unit Is built into the 3.3.1(D) Keylogger Tools
keyboard Itself. This will eliminate the need to install a separate device between the keyboard and the computer.
Table 33.1
Disadvantages : a
ool le ae Al
— Hardware keyloggers are only limited to capturing keystrokes while a high-end software keylogger can capture
Kidlogger Kidlogger provides attackers with keystroke info. Kidlogger captures periodic screenshots and
screenshots, browser activities, IM conversations and many more.
- Physical access to the target computer is a must in order to Install the hardware keylogger, whereas some software
webcam images when using chat programs like Skype, while simultaneously logging application
keyloggers come with a remote install/uninstall feature. and webpage usage info.
— Incase of a software keylogger, it is possible to access the logs remotely as they are emailed on a regular basis while Revealer Revealer Keylogger records every keystroke typed on a target computer, regardless of the
this Is not possible in case of a hardware keylogger. Keylogger Programs that are used, while also allowing you to customize the application’s startup settings.
Detection
Spyrix Keylogger | Spyrix gives you the ability to capture any keystrokes that are typed on a target computer, with
Hardware keyloggers cannot be detected by software. If you suspect a hardware keylogger Is present on your system, the option to take periodic screenshots as well.
the key tothe r, oF replacing
the key will solve the problem.
3.3.2 Spyware
3. Acoustic keylogger
— Spyware Is any software that obtains Information from a PC without the user's knowledge. It performs certain
- Acoustic cryptanatysis can be used to monitor the sound created by someone typing on a computer, Each key on behaviors, generally without appropriately obtaining your consent first, such as :
the keyboard makes a subtly different acoustic signature when struck.
1. Advertising
— It bs then possible to identity which keystroke signature relates to which keyboard character via statistical
methods such as frequency analysis. 2. Collecting personal information
~ The repetition frequency of similar acoustic keystroke signatures, the timings between different keyboard strokes 3. Changing the configuration of your computer
used In this analysis — Spyware Is often associated with software that displays advertisements (called adware) or software that tracks
Personal or sensitive Information.
~ — Affairty long recording (1000 or more heystrokes) Is required s0 that
a big enough sample is collected. Working
3.3.1(B) Spreading = Once downloaded on the computer, spyware can monitor the keystrokes, scan through the files on the hard drive,
— Akeylogger can be installed when a user opens a file attached to an e-mail, read cookles or open applications and transfer Information over the Internet to an unknown third party. Profiles set
up by the spyware allow for pop-up advertisements to appear on the computer without a browser being open.
- A keylouger can be installed when a file fs launched from an
open-access directory on a P2P network,
1H tat tametaagi

Scanned by CamScanner
 Tools and Met!hods used In Cyberting
Cybert
W creer Securty and Laws (MU-Sem 7) td
relay Information ov ert Wr Cyber Security and Laws (MU-Sem 7)
on, collect collect da} data a nd relay
compptuterto0 functifunction,
310 Tools and Methods used in Cyberline
ve vemory end id resoulrces on the 3.4 Virus and Worms
Internet. This results In a loss of system stability on the computer.

Spreading 3.4.1 Virus

might
programs OF content consumers Virus is a plece of self-replicating code embedded within another program (host). Viruses are associated with program
Downloading online content : Some spyware comes attache dt 10 free identity thieves may prey on that desire
download from the web in order to get around paying for a legitimate copy. files like Hard disks, floppy disks, CD-ROMS and Email attachments.
and Include any manner of malware along with these programs. Virus spread through Diskettes or CDs, Email or Files downloaded from Internet.
Virus deletes or modifies files.
External devices : It’s possible to load spyware onto a computer by plu yeging In a USB drive that has the malware Sometimes a virus also changes the location of files. Virus is slower than worm.
Installed, : Some types of viruses are :
a hacker looks to decelve computer users
Phishing : Phishing is a broad term designed to describe instances in which © File Infector
through deceptive emails, websites or other content.
Resident Program Infector
There are four main types of spyware. Each uses unique strategy to track you. °
© Boot Sector Infector
Adware : This type of spyware tracks your browser history and downloads, with the intent of predicting what products
‘oF services you're interested in. The adware will display advertisements for the same or related products or services to Multi-Partite Virus
°

entice you to click or make a purchase. Adware is used for marketing purposes and can slow dawn your computer. © Dropper
Trojan : This kind of malicious software disguises itself as legitimate software. For example, Trojans may appear to be
Stealth Virus
2 Java or Flash Player update upon dawnload. Trojan malware is controlled by third parties. It can be used to access
9

‘sensitive information such as Social Security numbers and credit card information.
© Companion Virus

Tracking cookies : These track the user's web activities, such as searches, history, and downloads, for marketing Polymorphic Virus
°

Purposes. Mutation Engine

°

‘Systern monitors: This type of spyware can capture just about everything you do on your computer. System monitors Application or program viruses
o

tan record all keystrokes, emails, chat-room dialogs, websites visited, and programs run. System monitors are often
Macro viruses
disguised as freeware.
°

Time bombs
Spyware Tools
°

Active X and Java control

1 File Infector ; File infector acts on executable files. File infector insert their code at the starting
of the executable files.
Every time the program executes, the different codes place a copy of themselves in another
executable file, because
Remotespy It does remote computer monitoring, silently and invisibly.It monitors and records users’ PC without of which a large number of files get infected.
any need for physical access. It also records keystrokes, screenshots, E-Mail, passwords, chats, instant Resident Program Infector : A resident program infector starts by infecting an executable file. Virus Is
placed in the
messenger conversations and websites visited. memory when the host file is executed and from then until the computer is rebooted, the virus will
infect each
Flexispy ‘This tool can be installed on a cell/mobile phone. This tool secretly records and send the conversation executable file that executes on the computer. The only difference between file infector and resident program
infector resides in memory.
that happens on the phone to a specified E-Mail address,
Boot Sector Infector : It infects the hard drive’s master boot record. After infecting the boot record it will also
Wiretap ft Is used for monitoring and capturing all activities on the system. It captures the entire Internet infect
the boot sector of any floppy disk placed in the floppy drive. Through the vector of the floppy disk
Professional activity. This spy software can monitor and record E-Mail, chat Messages and boot sector
websites visited. infectors spread between computers. So any infected floppy disk will infect the boot sector
Moreover, it also monitors and record keystrokes, passwords entered and of the hard drive of any
all documents, pictures ‘computer it Is used in.
and folders viewed.
Multi-Partite Virus : A multi-partite virus is a combination of boot sector and file infector characteristics.
PC It can infect
This software tracks and locates lost or stalen laptop both the other files and boot sector.
and desktop computers. Every time a computer
PhoneHome system on which PC PhoneHome has been
installed, connected to the Internet, a stealth Dropper : Droppers are nothing but small infected files. Dropper infects the boot sector. When Dropper execute
toa specified E-Mail address of the user's choice E-Mail Is sent it
and to PC PhoneHome Product Company. replicates its virus code to the host's boot sector. Dropper may be considered ta be a mult-partite virus
as it also is a
file infector.

Wy ts tng

Scanned by CamScanner
 au ee
Wi cpter securty and tava mu.son 7)
Tools and Methods used in Cyberiing W cyber Security
and Laws (4U-Sem 7) 312
hide Itself from not getting detected It uses differen,
6 Steatth Virus ; It is a virus which cannot get detected. To
- Some examples of worm are ;

methods like 1, Instant message worms ; This type of computer worms

the code emerges in instant Messaging applications and sends
The scanner, therefore, never knows that links of infected sites to your contacts,
© It “hooks” an Interrupt and misguides # scanner sround Itself,
exists. 2. Flle-tharing network worms ; These types of worms copy
themselves into shared folders and they appear as a
It places the copy In another part of
© Make a copy of the portion of the legitimate program code the virus replaces. safe name, When the file get Spread on the network simultaneously the
code Instead of Itself. Stealth viruses
the host program and, when scanned, directs the scanner to the legitimate
worm also spreads and infect other
systems in a similar fashion.
are very hard to detect.
3. IRC worms ; IRC means Internet Relay Chat. it targets chat channels by sending
Companion viruses take advantage of links of infected WebPages or files
7. Companion Virus : OOS executes files of the same name In a particular order. to consumers.
The companion Is nothing but
this feature of DOS. So, .com files always execute before .exe files of the same name.
4 Internet worms ; By using the local running System service these worms scan network
simply a .com file with the same name as an .exe file. The .com file Is more than the virus embedded In a small resources to find the
vulnerable machines. After finding the vulnerable machine It tries to connect and gain the complete
executable file. When the program is called by the user, the .com (virus) file executes first and Infects the system. access to
those machines. Besides, scanning the systems with usable exploits, a number of which allow the worm to send
& Polymorphic Virus : Polymorphic viruses morph themselves Into a different virus to evade from detection,
Info packets or request to install itself.
Polymorphic viruses don’t do any change In their code. Instead, they use a sophisticated form of encryption to
3.4.3 Difference between Virus and Worms
disguise themselves.
9. Mutation Engine : Mutation Engine Is Invented by a virus writer calling himself Dark Avenger. It Is a prog im which priparteons: f SO
a Wes ie Dae
can make any virus polymorphic. Meaning The Virus attaches Itself to executable A Worm Is a malicious program that replicates
10. Application or program viruses: prog! are When the program runs files and transfers from one system to the | itself and can spread to different computers
they Infect the system. Viruses are also attached with some harm less program, when these programs get Installed at other. via Network.

the same time the desirable program gets Installed. Human Action Needed Not Required
Ll. Macro viruses: Macro viruses are embedded in documents, which are using macros, for example Microsoft Word Speed of Spreading Slower as compared to Worm Fast
documents. Requirement of host Host Is needed for spreading. It doesn't need a host to replicate from one
12. Time bombs: Viruses that are programmed to “go off “or are activated and destroy data or files on a mentioned date computer to another.
are called time bombs or logic bombs. Removing Malware Antivirus, formatting Virus removal tool, formatting
other word
13. Active X and Java control ; The web page designers use ActiveX and Java for giving effects to web pages In Protect the System using | Antivirus software Antivirus, firewall
the
to animate the web pages. These ActiveX controls and Java applets require gaining the access of hard disk to work
Consequences Corrupt and erase a file or program. Consumes system resources and slows down
‘effects on web page properly. Inadequate memory and bandwidth problems demand this approach. The desktop
It, and can halt the system completely.
access gives beneficial application of these controls and applets, but malicious code developers get the same access.
They use It to access RAM, read and delete or corrupt files, and access files on computers attached via a LAN. 3.5 Steganography
3.4.2 Worms of hiding the by. the secret message Into a fake message. The

The worm Is code that replicate Itself In order ta consume resources to bring It down through computer network. It ‘term steganography has Greek Influences which mean “covered writing”. The main idea behind the steganography Is

exploits security holes In . it exploits a In an or opt g system by to prevent the suspicion about the existence of the Information.
replicating Itself. Earlier, invisible ink, pencil Impressions on the handwritten characters, small pin punctures are the methods used to
hide the message. Simplest technique ‘of hiding a message Is to create a message in which only a few significant
For spreading It can use a network to replicate itself to other computer systems without user Intervention. Usually It
does not infect files, Worms usually only monopolize the CPU and memory. Worm Is faster than virus, characters contains the secret message.
anography technique Involves a cover carrier, secret message, stego key and stego carrier. Text, audio, Image
The worm Is code that replicate Itself in order to consume resources to bring It down through computer network. It — The st
and video behaves as cover carriers wh!
ich contain the hidden Information embedded In It. Stego carrier Is generated
Exploits security holes in networked computers. It exploits a weakness In an application or operating system bY Stego key Is also used as supplementary secret Information like a
replicating Itself. For spreading It can use a network to replicate Itself to other computer systems without use? using a cover carrier and embedded messag
extract the message.
Intervention. Usually it does not Infect files, Worms usually only monopolize the CPU and memory. Warm Is faster password used by the recipient to
than virus. E.g. the code red worm affected 3 lack PCs In just 14 Hrs. Wt

Scanned by CamScanner
jAnuabag 14 guRER RARER EES2 oan
Tools and Mathods used in
Cyberting
313 W_Cyter Security and Lawa (MU-Sem 7) 314 Tools and Methods used in Cyberline
W creer Secunty and Laws (MU-Sem 7)
3.6 DoS and DDoS Attacks
Forms of steganography OF line can be shifted;
hidethe message a word
@ cover media. To the secret message. DoS Attack
1. Text : In this steganography, the text can be used a8 utilis e d to conce al
vowels‘ are
whitespaces can be used, even the number and position 0 f the he help of its digital representation, - ADenial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its
0 file withti
2. Audio : Audio stenography can conceal the secret message In the "3 ‘ Is, and a few levels diffe rence could not be intended users, DoS attacks accomplish this by flooding the target with traffic, or sending it information that triggers a
sound lev
It can be achieved easily as a typical 16-bit file has 216 crash. In both instances, the DoS attack deprives legitimate users (.e. employees, members, or account holders) of the
detectable by the human ear. is a combination service or resource they expected.
large amount of data because it
3. Video : Video steganography brings more possibilities of disguising @ - Victims of DoS attacks often target web servers of high-profile organizations such as banking, commerce, and media
and audio steganography techni iques can also be= employed on the video.
of image and sound. Therefore, image companies, or government and trade organizations.
the reason behind this is hat it causes
least suspicion.
4. image : It is the most pervasively used form of steganography, — Though DoS attacks do not typically result in the theft or loss of significant information or other assets, they can cost
Is a significant amount of overhead it prov duces for hiding a small
The main disadvantage of using the steganography the victim a great deal of time and money to handle.
otherwise it is useless.
amount of information. Additionally, the system must not be discovered ~ There are two general methods of DoS attacks: flooding services or crashing services. Flood attacks occur when the
3.5.1 Cryptography system receives too much traffic for the server ta buffer, causing them to slow down and eventually stop.
communicating i a = The types of DoS attacks are as follows :
The cryptography provides several encoding schemes for achieving the security while
The cryptography can
network. The word cryptography originated from a Greek word, which signifies “secret writing”. 1. Smurf attack : a previously exploited DoS attack in which a malicious actor utilizes the broadcast address of
transmission
understood by an example, where a sender sends a message which Initially exists in the plaintext. Before the vulnerable network by sending spoofed packets, resulting in the flooding of a targeted IP address.
of the message over the network, it is encrypted and converted into the ciphertext. When this message Is received at the 2. Ping flood : this simple denial-of-service attack is based on overwhelming a target with ICMP (ping) packets. By
receiver's end, it is again decrypted back into the plaintext.
inundating a target with more pings than it is able to respond to efficiently, denial-of-service can occur. This
‘Types of the cryptography attack can also be used as a DDoS attack.
- Symmetric key cryptography (Secret key cryptography): This type of cryptography uses a key for encrypting and 3. Ping of Death : often conflated with a ping fload attack, a ping of death attack involves sending a malformed
decrypting the plain text and cipher text respectively. The only condition here Is that it shares the same key for the Packet to a targeted machine, resulting in aeleterious behavior such as system crashes.
encryption and decryption and it also consumes less execution time. 4. Buffer overflow attacks : the most common DoS attack. The concept Is to send more traffic to a network address
— Asymmetric key cryptography (Public key cryptography): This scheme uses two keys named as a private key and than the programmers have built the system to handle. tt Includes the attacks listed below, in addition to others
i public key. The public key is provided by the receiver to the sender to encrypt the message while the private key Is that are designed to exploit bugs specific to certain applications or networks
applied by the receiver itself to decrypt the message. The keys can be reused with other entities. 5. SYN flood : sends a request to connect to a server, but never completes the handshake. Continues until all open
3.52 Difference between Steganography and Cryptography Ports are saturated with requests and none are available for legitimate users to connect to.
6. Teardrop Attack : The teardrop attack exploits flaws in a manner similar to how older operating systems handled
____ Basis
of Comparison Steganography ‘Cryptography - fragmented Internet Protocol packets. The IP specification allaws packet fragmentation when the packets are too
| Basic Itis known as cover writing. It means secret writing. large to be handled by intermediary routers, and it requires packet fragments to specify fragment offsets. In
Goal Secret communication Data protection teardrop attacks, the fragment offsets are set to overlap each other. Hosts running affected OSes are then unable
to reassemble the fragments and the attack can crash the system.
| Structure of the message Not altered Altered only of the transmission.
7. TeP attacks : This attack occur when an attacker targets the State tables held In firewalls, routers and other
Popularity Less popular More commonly used. network devices by filling them with attack data. When these devices incorporate stateful inspection
of network
Relies on Key No parameters. circuits, attackers may be able to fill the state tables by opening more TCP circuits than
the victim system can
PI security fe handle at once, preventing legitimate users from accessing the network resource.
and C ial data _ integrity,
authentication, and non-repudiation. Signs of a DoS Attack
Techniques Spacial domain, transform domain, model- | Transposition, The United States Computer Emergency Readiness Team (US-CERT) Provides some guidelines
substitution, stream to determine when a
based and ad-hoc. cipher, block ciphers. DoS attack may be underway. US-CERT states that the following may indicate such an attack :
Implemented on Audio, video, image, text. Only on text files. — Degradation in network performance, especially when attempting to open files stored on the network or when
Types of attack Steganalysis accessing websites;
Cryptanalysis
~ An inability to reach a particular website;

Scanned by CamScanner
 Cyberling
In ed
Tools and Methods us

—
315 MYSec andyLava (MU-Ser7)
cyper urt as Tools and Methods used in Cyberline
Wyte: Securty and Laws (Mu-Sem7)
a SYN Flood
Difficulty accessing a website; and = ASYN Flood Is snalogous to # worker In a supply room receiving requests from the front of the store. The worker
Ahigher than usual volume of spam email.
recelves a request, goes and gets the package, and waits for confirmation before bringing the package out front.
Preventing a DoS attack The worker then gets many more package requests without confirmation until they can’t carry any more
plan well In advance.
an Incident response
To defend against DoS and DDoS attacks, starting with preparing
packages, become overwhelmed, and requests start going unanswered.
provider (ISP) to
Is underway, It 3 hould contact Its Internet service = This attack explolts the TCP handshake by sending a target a large number of TCP “Initial Connection Request”
When an enterprise suspects # DoS attack
of perf orma nce cause d by some other factor.
Is an actual DoS attack of degradation cers to
SYN packets with spoofed source IP addresses. The target machine responds to each connection request and then
etermine whether the incident malicious traffic and using load balan waits for the final step In the handshake, which never occurs, exhausting the target's resources In the process.
mitigation by rerouting of throttling
‘The ISP can help with DoS and DDcS
reduce the effect of the attack. products for DoS
Volumetric Attacks
of-service attack detection
Enterprises may also want to explore the possibility of using denlal- on ‘This category of attacks attempts to create congestion by consuming all available bandwidth between
the target and
systems, pl systems and firewalls offer DoS detecti
some cloud-based anti-DoS the larger Internet. Large amounts of data are sent to a target by using & form ef amplification or ancther
means of
g with a backup ISP and using
functions. Other strategies include contractin creating massive traffic, such as requests from a botnet.
3.6.2 DDos Attack DNS Amplification
computer systems attack a of everything, please call me
is an attack in which multiple compromised ADNS Amplification Is like if someone were to call a restaurant and say “Ill have one
— A Distributed Deniabcf-Service (DDcS) attack service for users of the targeted
~
resource, and cause a denial of back and tell me my whole order,” where the callback phone number they
give Is the target's number. With very
target, such as a server, website or other network d packets to the target system forces Itto
resource. The flood of incoming messages, connection requests OF malforme little effort, along response Is generated.
denying service to legitimate users or systems, By making a request to an open DNS server with a spoofed IP address (the
real IP address of the target), the
gow down or even crash and shut down, thereby =
out an attack. the request such that the DNS:
of a network of online machines In order to carry target IP address then receives a response from the server. The attacker structures
- A.DOeS arzack requires an attacker to gain control one Into a bot [or
devices) are Infected with malware, turning each the target receives an amplification of the
Computers and other machines (such as loT server responds to the target with a large amount cf data. Asa result,
of bets, which Is called a botnet. attacker's Initial query.
pombie). The sttacker then has remote control over the group
Instructions to
is able to direct the machines by sending updated
— Once a bomet has been established, the amacker each bot will
Process for mitigating a DDoS attack
the IP address of a victim Is targeted by the botnet,
each bet via a method of remote control. When capacity, ‘The key concern In mitigating a DD0S attack Is differentiating between
attack and normal traffic. For examole, if
causing the targeted server or network to overflow
respond by sending requests to the target, potentially separating the attack product release has a company's website swamped with eager customers,
cutting off al traffic is a mistake. if that
afte. Because each bot Isa legitimate internet device,
bs a cenai-ct-s erdce to normal efforts to alleviate an attack are probably necessary.
ening company suddenly has a surge In traffic from known bad actors,
walle from normal trafSc can be citficutt. ‘The difficulty lies tt telling apart the real customer and the attack traffic.
single
Tycfpe s
DDoS Attacks In the modern Inter net,
ODeS traffic comes in many forms. The traffic can vary in design from un-spocfed
2.8.3
multivector DDoS sttack uses muttiple attack
source attacks to complex and adaptive mult-vector attacks. A
LL Application
Layer Attacks distracting mitigation efforts an ary one
pathways In order to overwhelm a target In different ways, potentially
such as 2 DMS ampBfication
somezmes referred to as 9 layer 7 DDdS attack (in
reference to the 7th layer of the OS! model), the goal
of these
trajectory, An attack that targets multiple layers of the protocol stack at the same time, DDS.
prracia is to extacet tre resources of the target. The attacks target the layer where web pages are generated on the (targeting layers 3/6) coupled with a HTTP flood (targeting layer 7) Is an example of mutti-vector
and of strategies In order to counter cifferent trajecsories.
single HTTP request ls cheap to execute on the client side, Mitigating a multivector DOOS attack requires » variety
server and Cobvered in response to HTTP requests. A more likely the traffic wil be dificut to separate from normal
often must load multiple files and run database Generally speaking, the more complex the attack, the
can be expensive for the target server to respond to as the server as possible, making mitigation as Inefficient a3 posstie
as the traffic can be difficult to flag as affic - the foal of the attacker Is to blend in at much outwith the bad,
quetes in orter to create a web page. Layer 7 stacks are diffictt to defend Mitigation attempts that Involve cropping or King trafic indiscriminately may throw good trafic
es. in order to overcame » complex at-er™7t
Pico and the attack may also modity and adapt to circumvent countermeasur
the greatest benefit.
LTT? Food at disruption, a layered solution will give
~ large
arcack is semlas to pressing retresh ina web browser over and over on many different computers at once
Black Hole Routing
qh
blackhole route and funnel trafic into that rove.
murbers of HTTP requens flood the server, resutting in Cenial-of-service. one solution avallable to vetually al network admins isto create »
specite restriction ceria, both legate ard
2. Protocel Attacks
Ins simplest form, when blackhole fering bkmplemented withoutdropped from the network. 4n nserret PoPSety
or Blackhole snd
rmalicloys network trafic ls routed toa null route
pronocel stacks, sis known 33 8 Rate-eshaustion attacks, cute a service disruption by consuming all the available prover (67) may send a4 the Sts waMlc io 8
I experiencing 2 DDoS attack, te propenys Intemet service
pate tate capacty Of web appScabon servers or intermediate resources like firewalls and load balancers. Protocol blackhole as a defense .
ue im layer 3 and layer 4 cf the protocel stack to render the target

Scanned by CamScanner
 7 Tools and Methods used in Cyberting We cyper Security ang Laws
W_oyber Security and Lawsws (MU-Sem(MU-Sem 7) (MU-Sem 7)
318 Tools and Mathods used inCyberline
2. Rate Limiting - The following seri
pt is pseudocod, e executed on
a web Server. It is a simple example
and a password. The exam; of authenticating with a username
f mitigating
ee denial-of. ne ple datab: a se has a table
Umiting the number of requests a server will accept over a certain time window Is also a Way or ' named users withwith the the foll
followinging column
column:s :
Is useful in slowing web scrapers from stealing content an an
for4 mitigatin 1g brute
Service attacks. While rate limiting
# Define POST variables
force login attempts, it alone will likely be insufficient to handle a complex DDoS attack effectively. hein cress, rate
limiting Is a useful component in an effective DDoS mitigation strategy. Learn about Cloudflare’s rate limiting | uname = request
POST[ username]
passwd = request. POST[ password]
3. Web Application Firewall
DDoS attack. By putting a WAF {t
A Web Application Firewall (WAF) is a tool that can assist In mitigating a layer 7
server from
between the Internet and a origin server, the WAF may act as a reverse proxy, protecting the targeted # SQL query vulnerable to SQLi
certain types of malicious traffic. By filtering requests based on a series of rules used to identify DDoS tools, layer 7 sql = “SELECT id FROM users WHERE username="" + + ani at ate
attacks can be impeded. One key value of an effective WAF is the ability to quickly Implement custom rules In
response to an attack. Learn about Cloudflare's WAF
| # Execute the SQL statement
4. Anycast Network Diffusion
database.execute(sql)
This mitigation approach uses an Anycast network to scatter the attack traffic across a network of distributed servers
= a ino fields are vulnerable to SQL Injection, An attacker could
to the point where the traffic is absorbed by the network. Like channeling a rushing river down separate smaller use SQL commands in the input in a way that
would alter the SQL statement executed by the database server. For example,
they could use a trick Involving a single
channels, this approach spreads the impact of the distributed attack traffic to the point where It becomes quote and set the passwd field to:
manageable, diffusing any disruptive capability.
[ password’ OR 1=1 ]
Tools used to launch DDoS attack ~— __ Asa result, the database server runs the following SQL query:
1. Tribe Flood- It is a set of computer programs to conduct various DDoS attacks such as ICMP
[setecr id FROM users WHERE AND password='p OR 1=1 ]
2. Network (TFN) —this tool is used for flood, SYN flood, UDP flood and Smurf attack. ~ Because of the OR 1=1statement, the WHERE clause returns the first id from the
users table no matter what
3. Shaft- This is used for a packet flooding attack and the client controls the size of the floading packets and duration of the username and password are. The first userid in a database is very often the administrator.
In this way, the
attacker not only bypasses authentication but also gains administrator Privileges. They can also comment
the attack. out the rest
of the SQL statement to control the execution of the SQL query further:
3.7__ SQL Injection
= MySOL. MssQt, Oracle, PostgreSQL, SQLite
'OR' a
SQL Injection (SQU) is a type of an injection attack that makes it possible to execute malicious SQL statements. These
Statements control a database server behind a web application.
- Attackers can use SQL jilities to bypass li n security They can go around

authentication and authorization of a web page or web application and retrieve the content of the entire SQL

database.
Attackers can also use SQL Injection to add, modify, and delete records in the database.
SQL Injection vulnerability may affect any website or web application that uses an SQL database such as MySQL,
Oracle, SQL Server, or others.
— There
are three types of SQL Injection:
Attackers may use it to gain unauthorized access to your sensitive data: customer Information, personal data, trade
4. In-band SQLI (Classic)
secrets, intellectual property, and more.
2. Inferential SQU (Blind)
SQL Injection Example
3. Out-of-band SQL!
The first example is very simple. It shows, how an attacker can use an SQL Injection vulnerability to go around
r. Wy Fos Lamang
application security and authenticate as the administrato

Woe

Scanned by CamScanner
 Tools and Methods used In Cyberting
318 WH cyber Securty and Laws (MU-Sem7 a20 Tools and Mathods used in Cyberline
W_Oyber Secuntty and Lawe (MU-Sem 7)
- eee teuteniewerble re SQL Injection. The following payload modifies the query to look for an inexistent
1, In-band SQLI (Classic) racks and t0 6 ther thelr results. In-bang futabase: Howes, encexibie ct Query string to -1. Of course, it could be any other value that does not exist in the
— The attacker uses the same channel of comm nication to launch thelr a ttack. There are two sub-varlations of . lue Is a good guess because an identifier In a database Is rarely a negative number.
the most com mon types
of SQL # = In SQL injection, the UNION operator is commonly used to attach a malicious SQL query to the original query intended
SQLs simplicity and efficiency make it one of -
this method: essages . The attacker can to be run by the web application. The result of the injected query will be joined with the result of the original query.
that cause the database to on ihe it This allows the attacker to obtain column values from other tables
= Error-based SQL): the attacker performs actions ructure of the database.

om a an eb
fuses multiple select statements

inn ant acing

Cee vcd
caienieeaereiatcnaan
menathe UNION SQL operator,
— — Union-b:
the attacker, -& > & [DB testpnp.vulnweb.com/artsts phpartist=-1 UNION SELECT Lee

Example of Union besed SQL Injection

attacker to combine the
the UNI ION operator. It allows the
— One of the most common types of SQL Injection uses | TE S1 and Deinemstoation ite for Acuneti Woh Videeraraity Scammer
a single result. The techni que Is called union-based SQL Injection. |
results of two or more SELECT statements Into “home | categories | artists | disclaimer | your cart | guestbook | AJAX Demo
an intentionally vulnerable
pagetestphp.vulnweb.com,
= The following Is an example of this technique. It uses the web E artist:2
website hasted by Acunetix.
would si end:
The following HTTP request Is a normal request that a legitimate user

e7e¢ [D testphp.vulnweb.convartists php7artist=1

[@rccunetix EEE
TEST era! Dersumnirnaon ee ke Acumeik Web Vamerabilty Scanner
nome categories | artists | disciaimer | yourcart | guestbook |AJAX Demo

— The following example shows how an SQL Injection payload could be used to obtain more meaningful data from this
Intentionally vulnerable site ;
=a

2. Inferential SQLI (Blind)

The attacker sends data payloads to the server and observes the response and behavior of the server to learn
more about Its structure. This method is called blind SQU because the data is not transferred from the website
nostra,per inceptos database to the attacker, thus the attacker cannot see information about the attack in-band.
inom’ Meus magne eros, tempor & temper st Raton ah Parton.
Blind SQL injections rely on the response and behavioral patterns of the server so they are typically slower to
as follows:
execute but may be Just as harmful. Blind SQL injections can be classified
ew pictures
of the artist
© Boolean—that attacker sends a SQL query to the database prompting the application to return a result. The
: _comenert on this arthet result will vary depending on whether the query Is true or false. Based on the result, the Information within
—— | out if the message generated a
“[Aboul Us | Privacy Policy | Contact Us | ©2006 Acurets {tt the HTTP response will modify or stay unchanged. The attacker can then work
true or false result.

Scanned by CamScanner
re

‘pols and Methods used In Cyboring

32 z = Lawa (MU-Sem 322
“WO yter Securtty and Laws (MU-Sem 7) Tools and Methods
used in
which makes the database walt (for 8 period in 3.8 Buffer Overflow
: attacker sends @ SQL query [0 the database, time the database takes to respond, whether g
© Timehased
can see
seconds) before it can react. The attacker will be generated instantly or after a waiting
trom Buffer Is a temporary memory with smail size which holds the data. Many software programs use buffer memory to
query Is true or false, Based on the result, an HTTP relying on data
¢ returned true or false, without speed up processing. Buffer Is also used to store changes to data, the Information in the buffer Is copied to the disk. Buffer
period. The attacker can thus work out if the message treyused
from the database. overflow occurs when more information is put Inta the buffer than Its capacity to handle. The hacker deliberately
3 Out-of-band SQL
overflows the buffer and exploits to run the maliciaus code.
se server used
feat tures are enabled on the databa Buffer Overflow attack types:
= The attacker can only carry out this form of attack when certain inferential squ
as anal Iternative to the in-band and
by the web application. This form of attack Is primarily used 1. Stack attack 2 Heap attack
techniques.
use the same channel to launch the attack and gather 3. Arithmetic attack a Format attack
= Out-of-band SQL ts performed when the attacker can’t
to be performed, These techniques count
information, or when a server is too slow or unstable for these actions
to create DNS or HTTP requests to transfer data to an attacker.
on the capacity of the server 1, Stack attacks : The buffer here is the stack, a fairly small chunk of memory that programs use to manage call returns
‘SQU prevention and mitigation {among other things). By overwriting key areas of the stack with too much data, the attacker manages to trick the
Program to return to [that is, execute) his own code, located elsewhere in RAM, as opposed to the correct code. Stack
‘There are several effective ways to prevent SQL attacks from taking place, as well as protecting against them, should
overflows are the most common, well-known of all buffer overflow attacks.
they occur.
2. Heap attacks : The heap is a much larger chunk of memory used to store more complex data such as Images, or text,
= The first step is input validation (a.k.a. sanitization}, which Is the practice of writing code that can identify Illegitimate
user inputs. While input validation should always be considered best practice, it is rarely a foolproof solution. The
that relates to the program. The premise here is similar to the previous, but is trickier for the attacker to implement
because the heap isn’t directly used to determine where in memory executable code is located.
reality is that, in most cases, It is simply not feasible to map out all legal and illegal inputs—at least not without
causing a large number of false positives, which interfere with user experience and an application's functionality. 3. Arithmetic attacks : These buffer overflow attacks emerge from the way C handles signed vs. unsigned numbers.
~ Aweb application firewall (WAF) is commonly employed to filter out SQLI, as welll as other online threats, To do so, a Specifically, it’s possible to convert a negative (signed with -) number that requires little memory space to a much
WAF typically relies on a large, and constantly updated, list of meticulously crafted signatures that allow it ta surgically larger unsigned number that requires much more memory. A crash subsequently occurs and can be leveraged to yield
weed out malicious SQL queries. Usually, such a list holds signatures to address specific attack vectors and is regularly an attack.
Patched to introduce blocking rules for newly discovered vulnerabilities. 4. Format attacks : Text strings, rather like signed numbers, are sometimes converted automatically from a smaller
— _ Imperva cloud-based WAF uses signature recognition, IP reputation, and other security methodologies to identify and format to a larger (such as by operating systems that require Unicode values). This means attackers can design a
block SQL injections, with 3 minimal amount of false positives. The WAF's capabilities are augmented by IncapRules— buffer overflow attack that exceeds the buffer length if the programmer hasn’t been careful to take Into account the
@ custom secunty rule engine that enables granular customization of default security settings and the creation of larger format.
additional case-specific security policies.
Prevention Techniques
‘SQL Injection tools
Some host based mechanisms to prevent Buffer Overflow Attacks are mentioned below :
The following are the most popular SQU Tools :
Lu and : and of the code Is necessary before someone takes
1. SQLMap : Automatic
SQL Injection And Database Takeover Tool advantage of that code. In this technique there are ways In which software searches for some specific type of code.
2 JSQL Injection : Java Tool For Automatic SQL Database injection 2 Complier modifications : A technique to avoid buffer overflow attack Is to modify the way the data is stored in the
3. BBQSQL : A Blind SQL-injection Exploitation Tool memory. StackGuard is a type of a complier which can be used to add gaps in the memory in between, these gaps are
4 NoSQLMap : Automated NoSQL Database Pwnage known as Canaries

5. Whitewidow
: SQL Vulnerability Scanner 3. Array bounds checking : Each time an operation needs to be performed on an array, we can do the boundary

6 DSSS : Damn Small SQU Scanner checking. If boundary is reached it won't allow writing into the array, thus avoiding the buffer overflow.
7. expla : Human And Machine Readable Web Vulnerability Testing Format Non-Executable Stack: marking of the stack as Non-Executable can help stopping Buffer Overflow. But this in tum also
& stops genuine programs from executing directly from the stack.
Billnd-Sql-Bitshifting: Blind SQL-Injection via Bitshifting
9. 4. Address space layout randomization : Earlier the attacker used to Insert a large number of nop instructions, to work
Leviathan : Wide Range Mass Audit Toolkit
10. Bllsqy : Exploit Time-based blind-SQL -injection in HTTP-Header around the memory location. ASLR randomly allocates memory locations to the code and data, thus making it difficult
s (MySQL/MariaDB) for the attacker to find the instructions.

Scanned by CamScanner
 Tools and Methods used In Cyberiing W_Cyper
—
Security and Laws (MU-Sem7)
324 Tools and Methods used in Cyberine
W_oyer Security and Laws (MU-Sem 7) 3:23 ructions. Whenever 2 call Instruction ig Man In the middle attack : I's possible for hackers to trick communicating devices into sending their transmissions
to
on of the normal cal & rets Inst
Ss SmashGuard : This technique uses @ modificati stack another entry on the data stack within th the attacker's system. Here they can record the traffic to wew later (like in packet sniffing) and even change the
encountered along with the actual entry of the return address on the ; If f ft matches
it goes contents of files. Various types of malware can be inserted into these packets, @-mail content could be changed, or the
the rerum, 2jresses.ies aremadetots traffic could be dropped so that communication is blocked.
the ret instruction It matches both
Processor. Then when it encounters
the program. Also
aheod with the execution else a match isnot found them it terminates ns
Jamming : There are a number of ways to jam a wireless network. One method is flooding an AP with
data. This bs a technique which works weil with Brute Force Attack. deauthentication frames. This effectively overwhelms the network and prevents legitimate transmissions from getting
sack through. This attack is a little unusual because there probably isn’t anything in it for the hacker. One of the few
Stack SAS) proposed technique to prevent buts! O¥® tow
Spt sacs Spt Stack or Secure Address Retum Hence examples of how this could benefit someone is through a business jamming their competitors Wifi signal. This is
for control information and another for data information.
In this technique two software stacks are used, one it might need to reag highly illegal (as are all these attacks),so businesses would tend to shy away from it. If they got caught they would be
affect the control stack. Although facing serious charges.
even if an attacker gains access to the data stack, he cannot
and write from 2 stacks it is worth the time. ‘War driving : War driving comes from an old term called war dialing, where people would dial random phone
Write correct code: To avoid any kind of attack if to write good
and correct code. tt is a human’s tendency to write numbers in search of modems. War driving is basically people driving around looking for vulnerable APs to attack.
People will even use drones to try and hack APs on higher floors of a building. A company that owns multiple floors
and forget the code, but that same code can be checked by someone else as well.
around ten stories up might assume nobody is even in range to hack their wireless, but there is no end to the
3.9 Attacks on Wireless Networks creativity
of hackers!
Blueooth attacks : There are a variety of Bluetooth exploits out there. These range from annoying pop up messages.
Wireless attacks have become a very common security Issue when it comes to networks. This is because such attacks to full control over the a victims Bluetooth enabled device.
some crimes in other
an really get a lot of information that is being sent across a network and use it to commit 'WEP/WPA attacks : Attacks on wireless routers can be a huge problem. Older encryption standards are extremely
networks.
vulnerable, and it’s pretty easy to gain the access code in this case. Once someone's on your network, you've lost a
Every wireless network is very vulnerable to such kinds of attacks and it is therefore very important that all the significant layer of security. APs and routers are hiding your IP address from the broader Internet using Netwark
necessary security measures are taken so as to prevent the mess that can be caused by such attacks. These attacks are Address Translation (unless you use IPv6 but that’s a topic for another day). This effectively hides your private IP
Rormally carried out to target information that is being shared through the networks. address from those outside your subnet, and helps prevent outsiders from being able to directly attack you. The
ft is therefore very important to know of such attacks so that ane is in a position to identify it in case tt happens. Some keyword there is that it he/ps prevent the attacks,
but doesn’t stop it completely.
of the common network attacks have been outlined below.
Securing Wifi
Types of wireless attacks
Now that you don’t trust anything on the Internet anymore, let’s build that confidence back up. There are a lot of
Wireless Attacks can come at you through different methods. For the most part you need to worry about WiFi. Some ways to make yourself less susceptibleto wireless attacks.
methods rely on tricking users, others use brute force, and some look for people who don’t bother to secure their Use WPAZ security : This takes enough work to crack that most hackers will lock for an easier target. Make sure WPS
network. Many of these attacks are intertwined with each other in real world use. Here are some of the kinds of attacks is tumed off!
you could encounter : Minimize your networks reach : Try to position your router in the center of your home or building. There are tools
Packet sniffing : When information is sent back and forth over a network, it is sent in what we call packets. Since available to measure the reach of your network, and you can adjust the signal level. Try to make it so that the signal
‘wireless traffic Is sent over the air, it’s very easy to capture. Quite a lot of traffic (FTP, HTTP, SNMP, etc.) is sent in the beyond your walls is degraded enough that it isn't usable. You may also consider using a directional antennae if
central placement is nat an option.
Gear, meaning that there is no encryption and files are in plain text for anyone to read. So using a tool
Use firewalls : Make sure your APs firewall is enabled. If you can afford a hardware firewall and feel you need the
like Wireshark allows you to read data transfers in plain text! This can lead to stolen passwords or leaks of sensitive extra security, ga ahead and install one. Househald networks generally can get away with the standard router firewall,
information quite easily. Encrypted data can be captured as well, but it’s obviously much harder for an attacker to and operating
system firewalls.
decipher the encrypted data packets. have this
Use a VPN on open networks : If you really must use public WiFi, set up a VPN. Most smartphones
Rouge access point : When an unauthorized access point (AP) appears on a network, it is referred to as a rouge
access capability. You can set one up on your PC. This allows you ta communicate through an encrypted tunnel back to your
point. These can pop up from an employee who doesn’t know better, or a person with ill Intent. These APs represent a home or office. You can even send web traffic through a VPN.
‘wulnerability to the network because they leave It open to a variety of attacks. These indude
‘vulnerability scans for Update software and firmware : Keep your system up to date with the latest patches, and make sure any online
attack preparation, ARP poisoning, packet captures, and Denial of Service attacks. applications you use are updated as well. Check for AP firmware updates related to security flaws, and implement
you don’t interrupt a
Password theft : When communicati them as soon as possible. Remember to follow best practices for network modification to ensure
ng networks, think of haw often you log into a website. You send
over wireless critical task. Check out your updates in a test tab to make sure that they don’t interfere with an important application.
passwords out over the network, and if the site doesn’t use SSL if you must update during work hours make
or TLS, that password
is sitting In plain text for an Don’t perform updates during normal operating hours if possible, and
attacker to read. There are even ways to get around thase encryption methods t:
the password. I'll talk about sure everyone is aware that network connectivity could slow down, or be cut off temporarily while you work.
this with man in the middle attacks. '9steal
¥

Scanned by CamScanner
 tine
hods used In
Tools and Met 2s
325 Laws (MU-Sem7)
W_Cyber Securiandty
MW cyber Secarty and Laws (MU-Som 7) Use a mix of upp
er/lowerc ase lett ers Tools and Mathods used in Cyberfine
Use strong passwords : | recommend you use at
least # 15 character there an exc lamation at the co Social Security number
er atthe start? Is
humbers, and symbols. Again, don’t make It easy. Is the onty capital Vet ces, ‘and hackers love them.
Full name, address and birth date
practi

00
end? Are there any words in there? These are common bad something like Credit card or bank account numbers
tials. This Is often
administrative login creden
Change the login credentials : Make sure you change the Car Insurance or medical insurance account
numbers
admin/admin or admin/password by default. .
Say your

oo
This lsn't a security measure. TM s bgea
Disable your SSID (service set kientfier) broadcast: case
Details that can tip off people to your @ccount-recovery questions, such as your mother’s maiden name or your

of your network In you didn't know). However, there’s could home town
network's SSID (this Is the name With this information, criminals could impersonate you, max out your credit cards, rent an apartment, steal your
help your network fly under the radar.

Enable MAC fitering : Again, MAC fitering Is not security. A knowledgeable hacker knows how to monitor your frequent-flyer miles or act out a number of other bad-guy fantasies. Thieves can even access the Social Security

network and copy the MAC address of a connected device. They can then spoof their own MAC to appear as an number ofa deceased person, commit fraud, and create problems for the estate,
for them todeal with.
authorizeddeviceto gain access. However, this Is another annoyance 3.10.1 Types of Identity Theft
Tools for hacking wireless networks You've probably heard about—or have experienced — thieves stealing credit card numbers or money from a bank
account. To help catch this kind of identity theft, set up account alerts, scan your credit card and bank statements, and look
1 Alrcreck
Aircrack ts used as 802.11 WEP and WPA-PSK keys cracking tool around the globe. It first captures packets of the for charges you don't recognize.
FMS
network and then try to recover password of the network by analyzing packets. It also implements standard But there are other types of identity theft to look for.
KoreK attacks
attacks with some optimizations to recover or crack password of the network. Optimizations include Criminal Identity theft : happens when someone commits a crime and gives the police false identifying information
and PTW attack to make the attack much faster than other WEP password cracking tools.
Medical identity theft : when a thief steals a health insurance card and gets medical care or prescription drugs
AlrSnort
Tax identity theft : when a crook files a tax return in your name and nabs your refund
AirSnort is wireless LAN password cracking tool. It can crack WEP keysof Wi-Fi 802.11b network. This tool basically Child Identity theft : when a thief opens accounts using a child's Social Security number
operates by passively monitoring transmissions and then computing the encryption key when enough packets have
been gathered. 3.10.2 Techniques used for Identity Theft
Kismet Shoulder surfing — happens when thieves peek over your shoulder as you type sensitive information into a computer,
Kismet WHF 802.11 a/b/g/n layer 2 wireless network sniffer and Intrusion detection system. This tool Is basically used phone or ATM. Or they may listen as you make a call and provide your account info.
in WiFi troubleshooting. Dumpster diving — when a thief sifts through your garbage can. Discarded checks credit cards are just two sources of
Cain and Able valuable personal information.
Public WI-Fi— Public Wi-Fi usually doesn't encrypt data, so anyone with the Wi-Fi password and some hacker know-
ain and Able tool used for cracking wireless network passwords. This tool was developed to intercept the network how can monitor what you see and what you send. The hacker could commit identity theft if he or she intercepts your
traffic and then use the brute forcing to discover the passwords. info.
WireShark
Unencrypted websites— Make sure a website is encrypted before you use it for a financial transaction. Typically, you'll
WireShart is the network protocol analyzer tool which lets you check different things in your office or home network. see a picture of a lock in the URL field, and the URL will contain “https,” meaning it’s secure.
to look
You can live capture packets and analyze packets to find various things related ta networkby checking the data at the Phishing— Watch out for identity thieves who contact you from a phone number or email address tailored
familiar and trustworthy. The goal is to get personal information from you.

3.10_Identity Theft (ID Theft) 3.10.3 Warning Signs of Identity Theft

for those indicators so you
A large part of online crime focuses generally on identity theft which IsPart of ider Certain clues could indicate that you're a victim of identity theft. It’s @ good idea to watch
fr t
the theft of personal data of victim and using the same to create a false identity,
Tit fraud and special Can act quickly and take action to help minimize the damage. The FTC cites some of the common warning signs :
refers 2
you didn’t make.
For example If a person A gains access to person B's social network
i You notice withdrawals from your bank account that
he was B. Identity theft may include theft of identity of a persan Tenor dena ne Aan chat with Bs contacts asi You don’t receive bills or other mail.
There are a lot of ways identity theft can happen to you. Hackers debts you didn’t incur.
‘may get your information fro m a data secur ity You get calls from debt collectors about
breach. Or, you may unknowingly provide it on social media,dur on your credit report.
documents
in unsafe places.
That information may include: nB conversions others can hear or by leaving financial You see unfamiliar accounts or charges
you didn’t receive.
You receive medical bills for services

Scanned by CamScanner
 WW _cyter Socurny and Laws (MU-Sem 7) so Tools and Methods used In Cyborting
"thave.
= A health plan won't sure you becouse your medical records indicate a condition you don't otifies you that
- The IRS ens you a letter saying mere than one tax retum was fled In your name, Or the IS ri —_ ]
have Income from an employer you never worked for. essed ita breach.
The Concept of Cyberspace
- A company where you do business notifies you that your personal Information was Imadata
3.10.4 Recovery trom Kienttty Theft Unit IV
i
Kéentity the happens. Reacting quichly may be the most important thing you can do. Here are steps you can take
Youve been a victim of identity theft. Syllabus
— Contact the business where your Information was misused, let them know there wa! 5 fraudulent activity on your
E-Commerce , The contract aspects in cyber law .The security aspect of cyber law, The intellectual property aspect in
accounts ,
and close them.
cyber law, The evidence aspect in cyber law , The criminal aspect in cyber law, Global trends in cyber law , Legal
— File a police report. framework for electronic data interchange law relating to electronic banking , The need for an Incian cyber law
= Contact the there major credit reporting bureaus TransUnion, Equifax and Experian and consider putting a fraud alert
on your cred. This ensures future creditors will take extra steps to verify your identity.
— Consider a credit freere, which Is stronger than a fraud alert and ensures na one can use your credit to open new 41 E-Commerce
accounts. You'l still need to monitor existing accounts.
— _ Wyou don’t have a credit monitoring account, consider setting one up. E-commerce in simple language is defined as buying and selling good and rendering the services on the internet.
Change your password, so they're strong and unique, for all your online. Nowadays the speed of internet transaction is phenomenal. The e-commerce transactions are of 4 types that biend and
correlate :

What is Phishing? What are the different Phishing techniques? How to prevent the phishing attack? (Section 3.1)
Explain Password cracking in detail? (Section 3.2)
FeEkeReeRE

Whet is keytoggers? What are the different types of keylogger? (Section 3.3.1 and 3.3.1(A))
Wrte a short note on Spyware. (Section 3.3.2) ,
Wie a short note on Virus and Worms? (Section. 3.4)
‘What is virus? What are the types of viruses? (Section 3.4.1) Fig. 4.1.1: Types of E-commerce transactions
What is wor? What are the types of worms? (Section 3.4.2) 1. Information access
What is the Difterence between Virus and Worms? (Section 3.4.3) tt gives the user search and retrieves facility.
‘Write short note on Steganography?
(Section 3.5) 2 Interpersonal communication
10 Wme tre difference between Steganography and Cryptography? (Section. 3.5.2) tt provides the methods to exchange information discuss ideas and improve their co-operation.
|
2.11 Explain the DoS and DDoS Attacks? (Section. 3.6) 3. Shopping services
Q.12 Write a short note on SOL Injection? (Section. 3.7) through the internet.
It permits the user to seek and purchase good on the internet or to avail the services
Q.13 Write a short note on Butter Over flow? (Section. 3.8) 4. Virtual enterprises
Q.14 What ere the Attacks on Wireless Networks? (Section. 3.9) These are the business arrangements where trading partners who are separated by
geography and expertise are

ais What ia Wdentty Theft (ID Thetty? What are the types of identity theft? (Section 3.10 and 3.10.1) able to engage in joint business activities.
on but there Involves a contractual relationship between
Q.16 What Techreques are used for identity Thett? (Section. 3.10.2) Every e-commerce transaction is like any other transacti
s and the sales of goods act 1930
transacting parties. The Indian Contract Act 1872 States the law of contrsct ns have been
gga states the law pertato the sale of goods. In information technology act 2000 some provisio
ining
d nature of e-commer
the distance
toate ce transaction.
incor rporated rel

Scanned by CamScanner
 The Concept of Cyborapnc,
W_Qyter Security and Lawa (MU Sem 7) 42 — WH _cyror Secunty and Laws (MU-Sem7) a3 The Concept of ©)
needs to be tailored |
In these important implications on # contract formation Is given. Every contract | |. The subject matter includes ;
accordance with the need of tr‘ansaction:
ormally copy others contract which will be | (i) Physical goods, where goods are order anline and paid over internet and physical delivery is made.
— In india many people are not paying attention to draft contracts they Mm (li) Digital products such as software which can also be ordered.
harmtul at the time of the dispute, (ill) Services like electronic banking sale of shares financial advisor etc.
— $0, ts important to take care in drafting the contract. The lawyer which Is responsibl le for drafting a contract
should have properly understood the brief on the needs of the transaction and appralsed of the potential areas 4.2.1 Elements of Contract
of dispute which may arise so that these aspects are fully covered In the contract.
= The industries that are using Information technology in thelr setup should be aware of various legal aspects of
e-contracts the same way every consumer must understand the terms of the contract before entering Into a
transaction.
— tmecommerce, e-contracts are used. A e-contract Is any kind of contract form In the course of e-commerce by
the Interaction of two or more individuals using electronic means such as e-mail the Interaction of an Individual
with an agent, such as a program or the of at least two agent that are
rogram to recognize the existence of a contract.

~ Ane-contract Is a contract modeled, specified, executed and deployed by a software system.

42 The Contract Aspects In Cyber Law

— Acontract ts an agreement made by two or more persons that Is enforceable by law. It consists of voluntary promises
‘to do oF not to do certain things. When people make a contract their promises become legal obligations.
~ _ racontract, two parties are involved: originator and addressee. According to IT Act the definitions of originator and
addressee are as follows :
Ls Originator The elements of a contract are:
2 Addressee 1. Offer
— In section 2[a) of Indian Contract Act offer is defined as website advertisements are Invitation to offer except
specified clearly.
1. Originator — When a person respond by mail fill out online forms built into a web page they make an offer which can be either
Originator is a person who sends, generates, stores or transmits any electronic message to be sent, generated, stored, sererte or rejected and so an invitation to offer is not capable of making a binding contract on its own until it is

or transmitted to any other person and does nat include an intermediary. ‘ — Thus, an offer made must carry the intention of entering into a binding contract. This is also applying to online
2 Addressee contracts.
- 7 sadress |S a person who Is intended by the original to receive the electronic record but does not include any
2 Acceptance
jereneciary. = Once an offer Is accepted a contract is concluded except the postal acceptance rule applies.
~The important points
in a e-contract are: 7 The postal acceptance rule is an exception to the general rule that acceptance of a contract must be
a. The parties do not meet physically in most of the cases. ‘communicated to the offer or before a contract can be in existence. Under the rule acceptance of a contract Is
b. There are no physical boundaries no handwritten signature and In most times na handwriting
is required. 7 ote cae snhaBiact testinee E'cooite against the proposer when it is put in the course of
€ There is no outer most security risk factor is ~ eaeiccion toch
v or is very high, transmission to him and as against the acceptor when the acknowledgement enters into the designated
6. Jurisdictional issues are a major setback an contracts in case of breach, computer resource.
€. There is no authority to monitor the process. .
f. Digital signatures are used. 3. Lawful consideration
E.Blectronic documents are used as evidencein the court. ile
fh. Three main methods of contracting electronically are email, World Wide Web and cyber contracts a 7= nies Ties seat . problem
fe ee
that such laws cannot apply when an snmp
anonymous vom « mt . “_— " °
——,

Scanned by CamScanner
 ‘Tho Concept
of Cybers
(W_cytor Soourtty and Laws (MU-Som 7) a4 = W_ cyber Security and Laws (MU-Som 7) 45 The Concept
of Cy
4 Lawtul object b. Where the originator has stipulated that the electronic record shall be binding only on receipt of an acknowledgement
= The contract purpose should be lawful one. of such electronic record by him, then, unless acknowledgement has been so received, the electronic record shall be
idered vold.
Such contracts are cons
— Courts will not enforce contracts that are illegat or violate public policy. deemed to have been never sent by the originator.
& Competent parties ¢. Where the originator has not stipulated that the electronic record shall be binding only on receipt of such
natural oF a legal Person and so the
- Competent parties are the natural and legal persons. A computer Is nether 2 acknowledgement and the acknowledgement has not been received by the originator within the time specified or
operator of a computer comes into the picture. agreed or if no time has been specified or agreed to within a reasonable time, then, the originator may give notice to
— The autonomous computer cannot be a contractual party. the addressee stating that no acknowledgement has been received by him and specifying a reasonable time by which
6. Free consent the acknowledgement must be received by him and if no acknowledgement is received within the aforesaid time limit
he may after giving notice to the addressee, treat the electronic record as though It has never been sent.
- Autonomous computer, however, clearly cannot be contractual party.
strict rule of free The following are the questions pertaining electronic messages:
— This Is quite difficult to determine because sometimes the margin used to determine the
consent gets narrower under electronic contracts. (i) Identity of originator.
7. Certainty
of terms (il) E-message receipt.
The certainty of the terms given In the contract should be lawful (ill) The Identity of the message as fed into the computer for transmission by the originator with the message as
received by the addressee.
422 Legal Prerequisites
of an E- Contract
{iv) The contents of electronic messages are not change.
The offer and acceptance
of an offer are expressed In the form of electranic records.
Electronic records are used for the formation of a contract. The validity and enforceability of the contract Is in the
(v)_ Contents of electronic.
form of electronic record. Facilitate the e-contracts the following provisions have been legally recognized. = Asthe e-mail messages sent by the originator digital signature so it is Identity of the originator and the message. The
proved
The concepts of originator and addressee, digital signature In world hash function and encryption of the data. So, the integrity of the evidence can be
using digital signature.
2. The concept of acknowledgment of recéipt of Record/data/information as part of the legal process,
3. The concept of time and place of dispatch and receipt
3. The concept of time and place of dispatch and receipt.
Section 13 In The Information Technology Act, 2000 Is given as follows:
1, The concepts of originator
and addressee Time and place of dispatch and receipt of electronic record

‘Section 11 In The Information Technology Act, 2000 Is given as follows : a. Save as otherwise agreed to between the originator and the addressee the dispatch of an electronic record occurs
~ Attribution of electronic records when it enters a computer resource outside the control of the originator.
record shall
- Anelectronic record shall be attributed to the originator. b. Save as otherwise agreed between the originator and the addressee the time of receipt ‘of an electronic
a. If it was sent by the originator
himself, be determined as follows, namely =
records.
b. By B:person who had the authority to act on behalf of the originator in respect of that electronic
record. — ifthe addressee has designated a computer resource for the purpose of receiving electronic
e By an Information system resource.
programmed by or on behalf ofthe originator to operate
automatically (i) Receipt occurs at the time when the electronic record enters the designated computer
not the designated computer
2 The at of receipt of .
‘88 part of the legal process (Il) If the electronic record Is sent to a computer resource of the addressee that Is
addressee.
= Section 12 In The information Technology Act, 2000 is given as follows resource, receipt occurs at the time when the electronic record Is retrieved by the
timings If any, receipt occurs when
— Acknowledgment
of receipt
= ifthe addressee has not designated a computer resource along with specified
of the addressee.
a. Where the originator
has not stipulated that the acknowledgement
of rece;prs the electronic record enters the computer resource
NEE record be glen In #
particular form or by » particular method, an acknowledgement may be given and the addressee an electronic record is deemed
to be
Save as otherwise agreed to between the originator be received at the place
place of business and Is deemed to
(i) Any communication by the addressee, automated or otherwise. dispatched at the place where the originator has his :
(i) Any conduct of the addressee, suffident to indi lcate to the originator that the where the addressee has his place
of business.
recelved.
electronic record has been
v

Scanned by CamScanner
 E201 secry art tae ts Som 7 as The Concept of Cyberspace
— wy Diver Soeur and Lawes (MU-Sem 7)
& The bromsons of sub-section (2) shall apply mot with standing that the a
may be different from the place ‘where the electronic record Is deemed taplace where the eompUte FSOUTC I locatg
have been received under sub-section (3)
© Righofts use The Conc
of ep
Cyberst
pace
©. For the purposes of this Section ° Fees and payments
° Forum clauses
(1H the originatoror the addressee has more than one place of business
the principal place of business, shall be the o Warranties
Place of business.
° Umitations and liabilities
Ii) I the originat
or or
the addressee does not have a place of business his usual place of
residence shalll be deemeg
to be the place of business.
(iii) "Usual place Of residence’, in relation to abody corporat
e means the place where itis registered.
42.3 Click and Wrap Contrac L
Shrand
ink wrap contract
ts Consumers can go tothe
terms of the Consumer do not know the
When an online buyers or user clicks on the ‘1 AGREE” key terms of the contract.
button on a webpage to purchase or download a program. |
— The term is derived from the fact that such agreemen 2. Allows user to read the terms
ts most times require clicking an on of the
acceptance. screen icon to signal agreement before accepting them. People agree to the terms by using the software which
-
they have already purchased.
‘There are two types of click wrap contrac
ts : 3. They have gained Universal accepta
nce. They have questionable enforceabili
L Type and click and wrap contract ty.
4. | The simple act of clicking the accept button.
| Conclusion of the Contract is made by breaking the
2. Icon clicking seal
used to bind.

4.3 The Security Aspect of Cyber Law

1. Type and click and wrap
contract
Electronic data and its transmission are vulnerabl
— Type and click Is a type of click and wrap
Contract where the user must type |accept
e to attackers or cybercriminals. It is important to ensure
or other specified words in of the data the legal and technical means. the security
an on-screen box and then click submit
or similar button.
The data transmitted over the network can be protected
— _ Wdenotes acceptance of the terms
before dawnload can commence.
by coding this process is knawn as encryption.
Encryption paper records and files are vulnerable to the threats
2 Jeon clicking on its Privacy so many users have developed their
Own course and data securitysystems as a measure against unauthorized access. With
the growth of the internet
— leon clicking is where the user must have to click on there is increasing financial transactions such as banking transacti
OK or!AGREE button on a dialogue box or popup window ons. The Internet has become the default medium of
— The user rejects by clicking CANCEL or CLOSING
. €-comme rce. There are many organizat
ion on the Intemet such as corporate bodies Government Universiti
THE WINDOW. and other institutions apprehensive that occurs or unauthorized person es banks
enters their system and perform frauds
424 Shrink Wrap Contract manipulate records or sabotage the computerized data. To Protect
the data on internet cryptography is used.
— _ Shrink-wrap agreements are usually the licensed Cryptography is a science and art of secret writing which keeps the informati
on secret. Cryptography helps protect
agreement applicable in case of software products data from unauthorized people. Cryptography is anything which is written in the form af cipher.
shrink-wrap agreements with opening buying. In case of
of the packagin
g of the software Product, the terms and
‘Such software product are enforced upon the conditions to access Technically we can say that encryption is a process in which length x information is transformed Into ciphertext
person who buys it. . The
— _ Shrink-wrap agreements are simply Process of deciphering and encrypted information is called decryption.
those which are actepted by user at the
time of installation of software froma Encryption is done by using the algorithms and the encryption algorithms are the mathematical functions which
CD-ROM, for example, Nokia pc-suite.
perform the task of encrypting and decrypting the data.
— Sometimes additional terms can be observed
only after loading the product on the Encryption keys are used encryption algorithms. The encryption key is a program that transforms the ciphertex back
does not agree to those additional terms computer and then if the buyer
then he has an option of feturning the software product. into the plain text. There are different encryption systems available with different key lengths. t
— AS soon as the purchaser tears the packagin
g or the cover for accessing the software
product, shrink-wrap agreement ‘There are two typof encryptio
es n algorithms:
1. Private key cryptography
— Shrink wrap license Is an end user agreement (EULA) once the 2. Public key cryptography
be in effect it includes terms like : In In private
private key key. cryptography, L the same key is used to encrypt and decrypt the message this Is also known as symmetric-
© Ucenses key cryptography.

Scanned by CamScanner
 The Concept of Cyberspace,
— ce
wv Cyber Security and Laws (MU-Sem 7) 48 Ind Laws (MU-Sem
nd the private key Is used for decrypting thy 4a The Concept of C
In public-key cryptography for encrypting the message public key
Is used 2! [ii) The private key
and the Public key. are
message. There are many
Unique to the subscriber and constitute a functioning key pair.
af each description Key's place Insecure location recognized by the FT Act for ur e
digital signat
For preserving the keys safe depout box concept Is Introduced. Copy tem are
aut henge tication Asymmetric crypto system and hash function are
available, records.
and can be accessed by only trusted users against warranty issued for the same. This Is known 8 key escrow. The key of electronic
Independent safe deposit 2. Asymmetric cryptosystem
ts split into several parts using an appropriate algorithm and each split pat is deposited with
box this ts known as key splitting. — Asymmetric cryptosystem is also known
Many encryption standards are used today one of them Is Data Encryption Sta dard (DES). Data Encryptio
n standarg |; used named public key and private keys 5 public key cryptography o+ ciphers. In this cryptosystem two keys are
and function p ‘ona block of 64 bit of data and 56 bit oy
b a bit per - Public key is used to encrypt the data and
key. Initially, 64 Bit of data Is permuted and then fed Into function using study tables of permutations ang fumbers and are paired together but t hese Private key is used to decrypt the data. The keys are made up of large
Is repeated 15 2 keys are nat identical
Substitutions. The bits are permuted in combination with 48 bits of key In each round this process = The: private key. is ‘€Pt
k secret while the public key is chat with everyone.
times, each time with a different set of tables and different bits from the key. The algorithm performs the fina , Private key is used to create the digital
signature and public key is used to verify the digital signature as given in
Permutation and 64 bits of output are given. . IT act 2000.
- tt is important to secure the priate key, to secure the private key store it in floppy
or card or CD (Compact Disc)
Digital signatures or pen - Do not store the private key on hard dizk as it ls not considered a safe practice.

— A digital signature Is an electronic method for illustrating the authenticity of 2 digital message or record, 3. Hash functions
message was made by a known
A substantial digital signature gives the recipient motivation to trust that the — The hash functions are used to check the integrity of the data which Is send across the internet. Hash function
sender and that it was not changed in transit.
takes a message of any length as input and gives fixed length output. The examples of hash algorithms are MDS
and in different
— Digital signatures are regularly utilized for software conveyance, money related exchanges and SHA.
situations where it is imperative to recognize Impersonation or altering.
— Hash function is a mathematical function that maps the arbitrary size data to fixed length string. It Is used to
= of digital signature:
Following are the functions check the integrity of the data that data is not altered.
a. To authenticate the document. — Tovalidate the integrity, a hash of information is created. When data is send at that time its hash is computed at
b. To identity the document. the receivers side when data Is received then hash of received data is computed then both the hash values are
Securing the document from forgery. compared if the hash value matches then there will be no change in data else data is changed.
cL To make the contents of the document binding on person putting digital signature. 4. Creating the digital signature and verification
© Evidence for identification of document. : The process of creating the digital signature and verification is given in Rules 4 and 5 of IT Rules, 2000 as follows
:
Digital
— Digital signatures are used in ecommerce and by e-governance for the purpose of authentication. Rule 4 : Creation of digital signature
signature in IT Act, 2000 means authentication of electronic record. Section 3 of IT Act, 2000, describes
function In the
authentication of electronic records as follows: To sign an electronic record or any other item of information, the signer shall first apply the hash
Is unique (for all practical
signer's software the hash function shall compute a hash result of standard length which
Authentication of electronic records
Purposes) to the electronic record the signers software transforming the hash result into
a digital signature using signers
(i) Subject to the provisions of this section any subscriber may authenticate an electronic record by
affixing his
private key the resulting digital signi ature shall be unique to both electronic record
and private key used to create it and the
stored of transmitted with Its electronic record.
digital signature. digital signature shall be attached to its electronic record and
(li) The authentication of the electronic record shall be effected by the use of asymmetric crypto system and hash Rule 5 : Verification of digital signature
function, which envelop and transform the Initial electronic record Into another electronic record. a new hash result of the original electronic
by computing
The verification of a digital signature shall be accomplished and by using the public key and the new hash result
Explanation of electronic record
hash functio n used to create 2 digital signature
record by means of the
For the purposes of this sub-section, “hash function” means an algorithm mapping or translation of one sequence of the verifier shall check :
bits into another generally smaller set known as “hash result” such that an electronic record yields the same hash using the corresponding private key.
a. Ifthe digital signature was created was transformed Into digital signature during the
result matches the orig inal result, which
result every time the algorithm Is executed with the same electronic record as Its input making It computationally
b. ifthe newly computed hash contfirm
verifiedeIf :
the digital signasatur
infeasible. verification saftware ‘will
signing process. The
sign the electronic. record, which=is known to be the case If the
a. To derive or reconstruct
the original electronic record from the hash result produced by the algorithm. was 4 sed to digitally y
(i) The signer’s private key DSSS signers pul key will verify onl a digital
b. That two electronic records can produce the same hash result using the algorithm. was used ro vey te senaire
signers public key
(I) Any person by the use of 3 public key of the subscriber can verify the electronic record. with the signers priv
ate key.
signature created

Scanned by CamScanner
 ‘The Concept
of Cyberspacy
yy Oyter Securty and Laws (UUSem 7} 410 — ¥ Cyber Securty and Laws (MU-Sem 7)
41
(The electronic recon was unattered which is known to be the case ff the hash resutt computed
by the verifier , 6. Certification authority
identical tothe hash rest extracted from the dita signature during the werieation POSES
S. Digtal signature certificate
gral erature cerufeates are the tal equtaent of physica signature. Ts cetficate is W801 Prow the numberof deputies and offece, "apacity. The controller in consultation with the government appoints such
identty to access data and incernet services. Digtal signature certificate ensures that i Section 35 in The Information Technolo
gy Act, 2000 says thus :
data and authenticates the electronic document.
having the license of issuing the cigtay a Any person may make an application to
the Certifying Authority for the issue of an Digital Certificate
in such
Digtal certiicates are issued by the certifying authorities who are
signature. form as may be prescribed by the Central Government.
b. Every such application shall be by such fee not twenty five
2000 cigita
1 MT Act, 2000, in chapter 7 digtal signature certificate related Information is erven and in FT rules,
n rupees
as may
be prescribed by the Central Government, to be paid to the Certifying Authority: Provided that while
‘Signature certificates authorities rules are given. Prescribing fees under sub-section (2) different fees may be prescribed for different dasses ofapplicants.
The cipal signature cersfcate form is issued by the certificate authorities along with the fees up to 25000 Every such applicat ion by a certification practice statement or where there is no such
shall be accompanied
rupees. There may be different fees for different classes. statement a statement containing such particulars as may be specified by regulations.
Certification of the practice statement should be submitted along with digital signature certificate form. Digital On receipt of an application under sub-section (1) the Certifying Authority may, after consideration of the
of
Signature practice statement is defined in IT Act, 2000. It is necessary for the applicant to state In certificate Certification practice statement or the other statement under sub-section (3) and after making such enquires
Practice statement the practices he wants to employ in using digital signatures. as it may deem fit, grant the digital Certificate or for reasons to be recorded in writing, reject the application.
they
When the digital signature authority receives the application they do the enquiry and if they satisfy then ‘Suspension of digital signature certificate (The Subsection (1) of Section 37 of IT Act, Z000)
issue the cigital signature certificate.
— The certifying authorities can suspend the digital signature certificate in one cf the following situaticrs :
Applicant receives the digital signature certificate along with a key pair that private and public key. The applicant
hold the private key for creating digital signature and the public key ts used to verify the digital signature. a. Onrreceipt of a request to that effect from
Before issuing the digital signature certificate the certifying authority should check that (IT Act, 2000,Rule 25 of {i) The subscriber listed in the digital signature certificate.
certity authorities rules).
(ii) Any person duly authorized to act on behalf of that subscriber.
a The user name is should not appear as a compromised users in its list.
b. _ Ifitis of opinion that the digital signature certificate should be suspended in public interest.
b Comply with the procedure as defined in his certification practice statement including verification of
A digital signature certificate shall not be suspended for a period exceeding 15 days unless the subscriber has been
identification
and/or emplayment.
given a chance of being heard in the matter.
© Comply with al privacy requirements. -. On of a digital sig the ying ‘shall the same to the subscriber.
@ Obtain consent of the person requesting the digital signature certificate, that the details of such digital
Revocation of digital signature certificate (The Subsection (1)(2)(3) of Section 38 of IT Act, 2000)
Signature certificate can be published on a directory service.
- The certifying authority can revoke the digital certificate in following situations:
The Subsection (1) of Section 41 of IT Act, 2000 mention that a subscriber shall be deemed to have accepted a
a request to that effect.
Digital Signature Certificate if he publishes or authorises the publication of a digital signature certificate. ti) Where the subscriber or any other person authorized by him makes

{) To one or more persons.

(i) Upon the death of the subscriber.
[sa firm or a company.
(@) na repository, or otherwise demonstrates his approval of the digital signature certificate in any manner. (ii) Upon the dissolution of the frm oc winding up of the company where the subscriber
a digital signature certificate which has been Kssued by
The Subsection (2) of Section 41 of IT Act, 2000 mention that by accepting a digital signature certificate the — Without prejudice to aforesaid certifying authority may revoke
subscriber certifies to all who rely on the in the digital certificate it at any time, if itis of opinion that
ed.
signature certificate is false ar has been conceal
that: o Amaterial fact represented in the digital
satisfied.
(9 The subscriber holds the private key corresponding to the public key listed in the digital digital signature certificate was not
signature certificate (i) requirement fr issuance of the
and Is entitl
to hold the
edsame. key or security system was comprom ised in 9 manner materially affecting the
(iii) ‘The certifying authority's private
(W) All representations made by the subscriber to the certifying authority and alll material relevant to the 1signature certificate’s reliabili
ty,
m or 8 cmpary whch a been
information contained in the digital signature certificate are true. soken dead tware a scferiaf
(Ww) aonr e sulerbs hs een cred
(8) All information in the digiral signature
certificate that Is within the knowledge of
the subscriber is true. dissolved wound-up oF ed to exist

Scanned by CamScanner
 The Concept
of Cyborsn, BP Linw
0,00 Securty arc Lows (MU-Som 7) 412 (NAL. s
Exe
rom
44 _Certitying Authorities and lability in the Event of Digital SI ature Compro fess than 45,Gays before the licen
se — The Concertof
POATY date
= The role of certifying authorty i very important in digital signature emronment. cerning autROrth E ‘The controller has to grant of
Felect the
application (Section 24), "Ween Yor ce within 4 weeks trom the date ofthe recrigt of the
1, _ lssues the digital signature certificates.
2 Manage the functioning of digital signature.
3. Provides evidence of proof in legal dispute.
— For the regulation purpose of the certifying authorities the central government has appointeda controller of certifying
authorities.

— They may appoint deputy controllers and assistant controllers as per requirement. The deputy controllers ang
: Performs the given by of certifying i
The Central Government decides the head office and the branch office of the controller to be located. conviction for which i

Z §
=

i
adn tae ate.

:
Berson ha:
ether nda or out of india, of an offence the

i
— _Asgiven in Section 18 of IT Act, 2000, the functions of the controller of certifying authorities are as follows: been convicted Of an
offence under the actor
these rules
a Exercising supervision over the activities of the certifying authorities.
The controller has invoked performance bond or
b. Certifying public keys of the certifying authorities. bankers guarantee.
poy

A certifying authority commits breach of, or fails to.

© Laying down the standards to be maintained by the certifying authorities. ‘observe and comply with, the procedures and practices as per
the Certification Practice Statement.
2. Specitying the qualifications and experience which employees of the certifying authority should possess.
Acertifyi in authority fllsto conduc, or does nat submit, the
© Specifying the conditions subject to which the certifying authorities shall conduct their business. returns ofthe audit in accordance with rule 31
x

|. The audit FePOrt recommends that the certifying

1. Specifying the contents of written, printed or visual materials and advertisements that may be distributed or authority is not worthy of continuing Certifying Authority
's
operation.
used in respect of a [Electronic Signature] certificate and the public key.
& Specifying the form and content of a 27 [Electronic Signature] certificate and the key. 5. A certifying authority fails to comply with the directions of the controller.
h. Specifying the form and manner in which accounts shall be maintained by the certifying authorities. 4.4.2 Commencement of Operation by Licensed Certitying Authorities
i, Specifying
the terms and conditions subject ta which auditors may be appointed and the remuneration
to be paid (Rule 20 of Certifying Authority's Rules, 2000)
to them.

|. Facilitating the establishment of any electronic system by a certifying authority either solely or jointly with other The licensed certifying authority shall commence its commercial operation of generation
and issue of digital signature
Certifying Authorities and regulation of such systems. only after :

Specifying the manner in which the certifying authorities shall conduct their dealings with the subscribers. tt has confirmed to the controller the adoption of Certification Practice Statement.
It has generated its key pair, namely, private and corresponding public key and submitted the public key to the
L Resolving any conflict of Interests between the certifying authorities and the subscribers.
controller.
m. Laying down the duties of the certifying authorities.
The i l ed facilities and jated with all ions of ge tion, issue and management of digital
n Maintaining a database containing the disclosure record of every certifying authority containing such particulars signature certificate have been audited by the accredited auditor in accordance with the provisions of Rule 31.
as may be specified by regulations which shall be accessible to public. tt has submitted the arrangement for crass certification with other licensed certifying authorities within India to the
controller.
4.4.1 Recognition of Foreign Certifying Authorities
Suspension of license
~ AS per Section 19 of IT Act, 2000, the controller
of certifying authorities may, with the previous approval of the Central
eet

the license. The license cannot be

Government, and by notification in the official gazette, recognize any foreign Certifying authority as a certifying — After doing the inquiry if the controller is not satisfied then he can suspend
to the certifying authority.
ee

authority. Certificate issued by certifying authority is valid under the Act. suspended up to 10 days until the reason is not given
~The controller can revoke the certificate of certifying authorities if he is satisfied fyi authority has to publish the renewal | and suspension of the license. If the certifying
f certifying
that any certifying authority has sachngieteaso surrender the license after renewal
or suspension then punishment of imprisonment up to
6
contraven any
ed of the conditions and restrictions subject to which It was granted recognition.
rupees fine is issued against the certifying authority.
— For license certificate authorities have to pay 25000 and for renewal of the months and 10,000
licence of license 5000 rupees is charged
which Is non-refundable.
= _The licens
is valid
e for5 years. When the application is done for renewal af cense that applicatio J ee
n have to done not
oe SR
O86

Scanned by CamScanner
 of
min
and Laws Security and
2 Laws (MU-Sem 7)
9 a database of the disclosure recory = in the aforesaid works would
Copyright 415 of 0)
The Concept
Database of certifying suthortties
a POR exist
intain
Rule 22 of certifying authorities rules states that The controtier shall wet containing inte alia the followin, a. In the case of a published work, the ess
every certifying authority, cross certifying authority and foreign cerut India, the author is at the date of wort Is first published in india, or where the work is first published outside
dewais: time of his death the citizen of IndiasuchDublication, oF in a case where the author was dead at that date was at the
o 3 tax permanent account number, way
‘< The b.
| fname of the person/names of the directors nature eam ted with functions of Beneration gy In the case of an unpublich.ed work other ,
a < mail addresses administrate
‘ address, if ary, office and residential address, location the work a citizen of india o Tan te work of architecture, the author a the date ofthe making of
digital signature certificate, voice and facsimile telephone numbers, lect Comicited in Inca.
ty the certifying authority; and recognized fore «
contacts and authorired representatives. In the case af work ‘
j rules d Of architecture the ; work is located in India.
The above
i b. The public keys}, corresponding to the private key{s) used = jes do not
the above conditions
fot authorship
crates
confeting copWiht must be sttisfied en Ba te ase of wok
i certifying authority to digitally sign digital signature certificate. . = RisspecfedinCopyight act tat 1 authors
mrrtennern of thework soo
i © Cent and past versions of certification practice staternent of certifying authori Copyright would not subsist (Section 13( ]}:
4. Time stamps indicating the date and time. a in any cinematograph film if a substantial part ofthe film is an infringement of the copyright
I
in any other work.
3. Confidential Information
information s hall be confidential:
b. In any sound recording made in respect of a literary, dramatic or musical work if in making the sound recording
Rule 33 of certifying authorities rules states that the following copyright in such work has been infringed.
a. Digital Signature Certificate application, whether approved or rejected. It is specified that where there is a copyright in a cinematograph film or a sound recording,
it does not affect the
yhere as part of the registration ang
b Digital Certificate from the ot of which or a substa
separate component in any work in respect i
,
verification record but not induded in the digital signature certificate js
information.
:
be the case is made. of x acekaanial part of Rich te Minick eed Cera zee
€ Subscriber agreement. — In architectural work copyright subsists only in the artistic character and design and does not extend to process or
' — Section 42 is ‘bility on sul criber of a digital signature. Every subscriber shall exercise methods of construction.

in his digital
to the public key listed — The literary work indudes Pl tables and The
i care to retain control of the private key corresponding
reasonable
' Signature certificate and take all steps to prevent its disdosure. copyright covers the source code and the object code. It also includes all representations of computer programs
} — ithe private key of the subscriber gets compromised then the subscriber shall communicate the same in written form or in machine readable form.
weather
without any delay to the certifying authority. — There are two levels of computer languages for developing software, when is a high level language and second is
i]
i} is in the form of ones and
machine level language. High level language is Engfish like language and low level language
|i Aspect in Cyber Law
Propertyectual
45 The Intell zeros,
= Statements in machine level language are referred as object code and statement same high level language is referred
{ = (WIPO) is an International agency that works for the pratection of the legal
World intellectual Property Organization as source code.
fights in the artistic and literary work, inventions, trademarks and ather original creations. — Computer programs are covered under the category of literary works but audios, graphics and videos created by the
— Such rights are called intellectual property rights. underlying computer programs may not necessarily be literary works.
and other = Copyright owners have the exclusive right to da or authorized the doing of any of the follawing acts in respect of the
[ “ The WIPO words for the promotion of the international agreement on copyright, patents, trademarks, part .
work or any substation
i original creations.
— Three drafts treaties are prepared by WIPO in the conference organised in December 1996. These three treaties are as 2 Incase of literary, dramatic or musical work, not being a computer program
= To reproduce the work in any material form including the storing of tin any medium by electronic means.
t —
i © Copyright of electronic records — To lssue copies of the work to the public not being copy is already in circulation.
© Protection of performers and producers — To perform the work in public or communicate it to the public.
: — To make any cinematography or sound recording in respect of the work.
{ © Phonograms
© New form of Sul-generts{ of one’s own origin) protection of data bases f = of the work.
To make any translation
: of the work.
= Tomake any adaption
1. Copyright ’ I = Todo, inrelation to a translation for adoption of the work any of the aforesaid acts.
— Asper the copyright act 1957 copyright subsists in the following work :
a. Original literary, dramatic, musical and artistic works. F r Fo ae rete oe for tnerry, dramatic or musical work
= Photo any of the acts specified commercial rental of the computer pores
b. films and sound recording.
Ginematograph = Tosellor give on commercial rental or office for sale oF —
Wins

Scanned by CamScanner
 Wyte Securty and Laws (MU-Sem7) 4.16 ew W_ Cyber Security and Laws (MU-Som
2 a7 The Concept of Cy
Explanation :
3. Inthe case of an artistic
work two dimensional or in two
= Torepraduce the workin any material orm Incuding deplction in thre dimensions For the purposes of this section, the
nematograp
reproduction of a litera dramatic,
musical or artistic work in the form of a
dimensions
of a three dimensional work. h film shall be deemed to be
an “infringing” come
Section S2 of copyright act States
— To communicate
the work to the public. certain ads which dé 19 not constitute copyright infringement some of the important
in circulation. exceptions are as follows :
- To tssue copies of the work to the public not being copy Is already
— To Indlude the work in any cinematograph
film. & A fair dealing with a literary, dramatic, musical or artistic work not being a computer programme for the purposes
of
- Tomake any adaption of the work. Private use including research.
the Instant category of artistic work,
— Todo in relation when adaption of the work any of the first four acts In Criticism or review, whether of that work or of any other
work.
— Inthe case of cinematograph film (1) The making of copies or adaptation of a computer programme by the lawful possessor of a copy of such
— Tomake a copy of the film, including a photograph of any image forming part- computer programme from such copy.
= or give on hire, or offer
To sell of the film regardless ofwhether such copy has been
for sale or higher, any copy
In order to utilize the computer programme for the purpose for which it was supplied.
sold are given on hire on earlier occasions.
— To communicate
the film to the public. Ta make back-up copies purely as a temporary protection against loss, destruction or damage in order only to
utilize the computer programme for the purpose for which it was supplied.
4 In the case of sound recording
(2). The doing of any act necessary to obtain i ial for ilty of an
— To make any other sound recording embodying It. created pr with other pi by a lawful ofa provided
has
— or give on hire, offer for sale or hire, any copy of the sound recording regardless of whether such copy
Ta sell that such information is not otherwise readily available.
been sold or given on hire on earlier occasions.
(3) The observation, study or test of functioning of the computer programme in order to determine the ideas and
- Tocommunicatethe sound recording
to the public. principles which underline any elements of the programme while performing such acts necessary for the
— Corporate to the work like, Form
work is also extended in published as
of the verb not the idea. Copyright subsists functions for which the computer programme was supplied.
well as a published
work. (4 The making of copies or adaption of the computer programme from a personally legally obtained copy for
— _ Registration of work is optional not mandatory under the law. If people do registration under the IT Act then it non-commercial personal use.
will be evidence in the disputes. A fair dealing with a literary, dramatic, musical or artistic work for the purpose of reporting current events.
=

- Toregister copyright you have

to fill the application form, payment of nominal fees and depositing3 copies
of the In a newspaper, magazine or similar periodical.
work with the copyright
office. by broadcast or in a cinematograph film or by means of photographs. broadcast or in a cinematograph film or by
5. Copyright infringement,
remedies and offences means of photographs.
Section 51 of copyright act States the various acts which among to copyright infringement
as follows: Explanation

Section 51: When copyright infringed
Copyright in a work shal! be deemed to be infringed. When any person, without a license granted by the owner of the
copyright or the Registrar of Copyrights under this Act or in contravention of the conditions of a license so granted or of
any condition imposed by a competent authority under this Act :
(i) Does anything, the exclusive right to do which is by this Act conferred upon the owner of the copyright.
(i) Permits for profit any place to be used for the communication of the work to the public where such communication
constitutes an infringement
of the copyright in the work, unless he was not aware and had no reasonable ground for
believing that such communication to the public would be an infringement
of copyright.
— The publication of a compilation of addresses or speeches delivered in public Is not a fair dealing of such work
within the meaning of this clause.
— The defence of fair dealing is an integral part of copyright law. The fair dealing defence allowed certain usage of
literary works which would have otherwise been an infringement
of copyrights.
— The fair dealing defence states that copyrights must not stifle the very creativity that law Is meant to foster.
= The Indian Copyright Act under Section 52 makes fair dealing a valid defence for copyright infringement.
— This defence places the burden of proof on the copyright owner to establish infringement. However, the
on the definition of English
Copyright Act has not defined fair dealing which led the Indian court to rely
authorities.

‘When
any person =
— The Incidence of Indian Patent Act on Soft Proprietary work .
granted to the owner of new Invention, for a limited
— Inventions are protected by Patents. It is @ legal monopoly
process.
(i) Makes for sale or hire, or sells or lets for hire, or by way of trade displays or offers for sale ar hire. to 20 years. It can be granted for product as well as
period of time. Many countries give time period 16
(i) Distributes either for the purpose of trade or to such an extent as to affect prejudicially the owner of the copyright. regulatory framework.
tions on patents.
Patent Rules, 2003 are the primary legisla
{ili) By way of trade exhibits
in public. — The Indian Patents Act, 1970 and the
(iv) Imports
into India

¥:

Scanned by CamScanner
Screw secrty ar tava So 7) ats
The Concept
of Cyberspace Laws (MU-Sem
419
regulates the grant. the operative period, revocation, and infringement of Patents. ta . New trends
In IPR law of Cyberspace:
To keep with the requirements of TRIPS Agreement (Trade Related Aspects of Intellectual Property Rights) the Indian has not taken
reste uneven any Major intiathtives
Patents Act 1970 was amended In 2005 and Patent Rules, 2003 were amended in 2006. fr ‘om the last several years iin the direction
ofof proti
lobal develog, prot jection of intellectual
The inventor first registers its patent. Many manufacturers start production after filing the pattern over the delay = _ Patent protection will faciitate te ment. The new Patent law envisages is the following ::
in getting thenew product in the market. . ology transfer
- By establishing patents over their
Copy the patent invention without permission is called Infringement. The patent owner May sue for damages ang
as a strategy for entry barriers sel men ie Droucs, Companies try to ward off competition. Patents will be used
an injunction order the infringer to stop copying the invention.
Inventor cancels all or part of the rights given by a patent. He or she may also license these rights to a Indian companies will increase resea
seeking to technology providex rch and development budget and the emphasis: will shift from technology
manutacturer. Licensing gives the inventor of fees or royalties
or both. — _ More fruitful collaborations between universes for research laboratories
Patent laws vary from country to country. and corporate.
- Multinational companies will be tem
7. Present provofisio
Indian Patent
nsAct 'pted top set up more research
intellectual manpower and better patent and development t centers in India jia due dueto che: ap
rch and
As per the patentsAct, the 1970 patent is granted only for an invention
that Is new and useful. = Patent protection will promote Orginal product develo
increasingly difficult. andpment
violation of patent laws will become
It must be novel and useful. It must be the inventors own Discovery as opposed to mere variations of what ne
is
already known in India. Patents held by the parent muttinational companies will
be recognized in india.
Patent once granted, confers on the grantee the exclusive privilege for making selling and using the invention — Patents will be powerful instruments for converting knowledge into
and wealth. Commercialization of research will
also authorizing others to do so. start earning royalties.
For practical purpases of the patent is a legally created entry barrier, which prevents others from competing with - Pl ical can get
the inventor- a reward for disclosing the process. ei products
— Piracy in drugs and pharmaceuticals will end; prices of thase essential drugs which are covered
TRIPS agreement, which India \s party, needs patent protection cavers both by worldwide
product and process in every field of patents will increase
Technology.
— Products of better quality will be easily available to consumers.
‘The patents act allows process method but does not allow product
patents for food, medicines, drugs, and — Sucha result will be paten Publication.
before ted
Chemicais.
— Software companies will be able to establish patent rights over customized products or programs.
The new pattern region by 2005 complies with the World Trade Organization
it Is compared with the traditional
Provi as shown in the table.
sions — Systematic changes will be needed on the part of patent administrators.
Table 4.5.1
— Technologies developed are likely to be licensed
out of the marketing of Technology
will become a viable
business.
— The shift from process patents to product patents will transform the Pharmaceutical and Biotechnology
‘The duration of process patents is five |New patents bill to industries.
years. be Passed.
years from the date of sealing or 7 | Excusive Marketing rights for a 9. The IT Act 2000 and IPR law
years from the date of filing. Duration | mailbox Patent
can be granted for S
Of product patentis 14 years. Years. — There are no provisions related to Electronic copyright management systems, electronic copyrights, protection of
Both Process and product | Indian patents act allows process | Pro phonograms producers against unauthorized duplication of their phonograms etc in infarmation technology
Patents must be availab patent
duc application
t s g0 into a
inle all | patents only for food, medicines, mailbox act 2000. ;
fields of Technology to be open the latest by 2005.
drugs, and Chemicals However, this hasno legal backing. — Program copyright is not deal with the idea and the phonograms are yet to gain recognition in India.
Microorgan a non-biologi
isms, cal | Patenting of life forms is Not | Patents will cover microorganisms, — Once the concept of online copyrights is induded in Indian IPR legislations, performers and makers of
Drocesses must be patent permitted. Nor-organisms, and _non-biological and software would be from the "g hamely:
Phonog:
processes. The biodiversity
conservation bill to be passed.
© Legal remedy against the misuse of copyright both direct and indirect in any manner or form.
There should be pon i tobepassed. |
no | The importation
of a product is not © Right of the owner of the copyrights to make available to the public program performances stored in electronic
between | equivalent to the workofing
a patent
In India.
media by interactive, on-demand, online delivery method.
Plant variet
must be ies
protected | No protec
of plant
tionvarieties, 10. General
Plant varieties bill to be Passe
d. = For global trade and Exchange Services, the . xtainment, information products, and professional
ee The services are available on internet ka so

Scanned by CamScanner
 Tha Concept of PpACe
W_cyter Secunty and Laws (MU-Som7) 420 ce because of lack
= Stil, there are many business houses that are conducting extensive businesscyberspa am 2 - an en — of
The Concept Cyberspace
= The folk lowing are some provisions of the Indian evidence Act, 1872 which
Predictable legal environment governing transactions. security, and other matters,
are altered in (T Act, 2000.
In Section 17 of the Indian evidence
= Such apprehensions result In concems about intellectual property protection privacy vemment me Contained
docu
Act, 1872, 7 for the words “oral or documentary,” ry. words s “ “oral or
of Intellectual property. in electronic form’ shall be substituted by IT Act, 2000.
= Commerce on the internet involves the sell and licensing ers must know that they are In Section 34 of
property will not be irritated and buys “Entries m the bean evidence Act, 1872, for the words “Entries In the books of account”, the words
— Promote an effective environment intellectual Wher tia, Of account, including those maintained in an electronic form" shall be substituted by
obtaining authentic products and not pirated coples.
rights are as follows:
= There are few IPR Issues which arise with regard to the Electronic COPY! In Section 35 of the Indian evidence Act, 1872, for the word “record", in both the places where it occurs, the
The liability of online service providers. words "record or an electronic record” shall be substituted by IT Act, 2000.
An effective patent system. In Section 59 of the Indian evidence Act, 1872, for the words “contents of documents “the words” contents
00000

Utigation that may arise due to trademarks. of documents or electroni¢ records” shall be substituted by IT Act, 2000.
Fair uses of copyrighted material, effective management of copyright information. — Section 39 of the Indian evidence Act, 1872 is substituted vide the IT Act, 2000.
— "Section 39 What evidence to be given when statement forms part of a conversation, documents, electronic record,
Intemational standards for determining the validity of patent claims.
book or series of letters or papers.
The similarity of internet domain names and registered trademarks.
agreements
Goverment should improvise the IPR Law School to address these issues according tO International
©

— When any statement of which evidence is given forms part of longer statement, or of a conversation or part of an
= isolated documents, or is contained in a document which forms part of a book, or is contained in part of
in such a way that our national interest gets protected and preserved. electronic record or of a connected series of letters or papers, evidence shall be given of so much and no more of
the statement, conversation, document, electronic record, book or series of letters or papers as the Court
46 The Evidence Aspect In Cyber Law
considers necessary in that particular case to the full understanding of the nature and effect of the statement,
Recording the evidence is the important function of the tr jal court. With the growth of the e-commerce the electronic ‘and of the circumstances under which it was made.”
digital si jgnature, relevance of proof is
evidences have come in picture. Admissibility of electronic evidence, proving — Section 39 of the Indian evidence Act, 1872 is substituted vide the IT Act,2000.
Act, 1872,
important before giving the verdict. Provisions related to evidence are given In Indian Evidence — "Section 131 Production of documents or electronic records which another person, having possession, could
are making a great impact on our lives.
Now a day's Electronic agreements, electronic messages, and digital signatures refuse to produce
Act, 1872. The Indian Evidence Act,
tt sa general perception that electronic evidence is not covered in Indian Evidence — Noone shall be compelied to produce documents in his possession or electronic records under his control, which
1872 is amended by the IT Act, 2000.
any other persan would be entitled to refuse to produce if they were in his possessions or control, unless such
Let's see the status of computer records or electronic records in the Indi: jan Evidence Act 1872 before andafter the IT last-mentioned person consents to their production.”
‘Act 2000. — Definition of document is given in Section
3 of Indian evidence act, 1872 is:
.
The Section 3 mentions the definition of evidence, proved and the fact.
act the are oral that Is ‘of the witness and documentary Document means any matter expressed or described upon any substance by means of letters, figuresor marks, or
by more than one of those means, intended to be used or which may be used for the purpose of recording that
zIn
of evi by the of are oral evit and
The two types
evidence. The definitions of facts and proved gives things and object status of evidences. matter.

Proved : A fact is said to be proved when, after considering the matters befare it, the Court either
believes it to exist, * IMlustration for documents
act
or considers its existence so probable that a prudent man ought, under the circumstances of the particular case, to — Awriting is a document; Words printed, lithographed or photographed
are documents; A map or plan is a document.
upon the supposition that it exists. Aninscription on a metal plate or stone is a document; A caricature is a document.
3. Facts : tt includes things or abjects. — Ingredients of the definition of the document are
marks, of by more than
The definition of evidence in Indian Evidence Act, 1872 before the amendmen t IT Act 2000 Is :
by the
1. Any matter expressed or described upon any substance by means of letters, figures or
Evidence
means and Includes one of those means.
of recording
to be used or which may be used for the purpase
a. of fact
Allstatements which the court permitsor requires to be made before it by witnessesin relation to matters 2 ‘The aforesaid expression or description is intended
that matter.
under inquiry, such statements are called oral evidence. In IT Act, 2000.
of el lectronic record,
The definitions data and computer system are given in Section 2(1}
b. All documents produced for the inspection of the cour such documents are called documentary evidence. ‘a. Electronic record
In the given definition only the words “Including electronic records” Is added in the IT Act, 2000 amendment. b. Data
- Apart from the definition of the evidence the words like electronic record and electronic form ate c. Computer system
introduced alongside with documents in certain provisions.
wm

Scanned by CamScanner
 7.y7.
an The Concept
of Cyberspace wv Cyber Securty and Laws (MU-Sem 7)
W Oster Securty andi Laws (MUSem 7) The Concert
of Cy
@ Sectronic record 46.2 Admissibility of Electronic R

“Dectronic record” means data, record or data generated, Image of sound stored, recelved or sent In an electronic Section 658 : Admissibility
of electronic
form or micro film or computer generated micro fiche. Subsection (1) Notwithstandi
b&b Date which Is printed on a paper, © Contained in this Act, any information contained in an electronic record
: corded or copied in optical or magnetic media produced by a computer
Data means a of facts, or which are being prepared or

have been prepared in a formalized manner, and Is intended to be processed, Is being processed or has been
Processed in a computer system or computer network, and may be In any form (including computer printouts fact stated therein or which direct evidence would be admissible
the
magnetic or optical storage media, punched cards, punched tapes) or stored intemally in the memory of ‘AS ber Section 658 any information contained in an electronic record if any of the
following computer outputs what &s
computer. ‘my computer, computer output shall also be deemed and documents which are admissible
in law as evidence, On
c& Computer system compliance of certain conditions of the contents of the original electronic record stated any
facts therein of which
be admissible:
direct evidence would
— “Computer system" means a device or collection of devices, including input and output support devices and
exciuding calculators which are not programmable and capable of being used in conjunction with external files Computer printout.
which contain computer programmers, electronic instructions, input data and output data that performs logic, Stored, recorded or copy in optical or magnetic media that is floppy, CD etc. iPhone SE computer output are
arithmetic, data storage and retrieval, communication control and other functions. 5 proot without ing i ng the original ic record this is piven in Section 2 of
— From the definitions of the electronic record, data and computer system It is dear that electronic record can be Section 658.

appear on the screen of the monitor or it can be stored on hard disk, CD or floppy and an expression
or ‘Subsection (2) of Section 658 of the Indian Evidence Act, 1372
description of matter upon amy substance stored in them.
1L The output the fon was pr by the Curing the period over which the
46.1 Characteristics
of Electronic Records computer was used regularly to store or process information for the purposes of ary activities regutarty carried on
over that period by the person having lawful control over the use of the computer.
L_ The copy is practically indistinguishable
from the original.
During the said period, information of the kind contained in the electronic record or of the kind from which the
2 The original computer record is the one which is created first and stored in computer's memory. To prove this primary information so contained is derived was regularty fed into the computer in the ordinary course of the said activities.
evidence the computer has to brought to the court which causes hardship.
‘Throughout the materiel part of the said period, the computer was operating property or, If nat, then in respect of any
‘The primary evidence situation is covered in Section (2) of Section 63 and clause (D) of Section 65 and permits the period in which it was not operating property or was out of operation during that part of the period, was not such as
Secondary evidences of electronic records through CD, floppy, printout etc. to affect the electronic record or the accuracy of its contents.
The information contained in the electronic record reproduces or is derived from such information fed into the
Section 63 : Secondary evidences
computer in the ordinary course of the said activites.
— Secondary evidence means and includes :
There are different computers or combinations of computer involved for which the following is provided =
— Section (2) copies made from the original by mechanical processes which in themselves insure the accuracy of the
copy, and copies compared with such copies. Subsection (3) of Section 658 of the Indian Evidence Act, 1872
Section 65 : Cases in which secondary evidence relating to documents may be given Subsection (3) Where aver any period, the functions of storing or processing Information for the purposes of any
= Secondary evidence may be given of the existence, condition, or contents of a document in the following cases .
activities of ary regularty carried on over that period a3 mentioned in dause (a) of sub-section (2) was regularty
performed
by computer, whether =
- Gause (D) When the original is of such a nature as not to be easily movable.
operating over that period.
By a combination of computers
— The Section 32 the Indian evidence Act, the second paragraph has Included rule against the hearsay evidence, would
By different computers operating in succession over that period,
en

not apply to electronic records.

in succession over that period.
Proof and of lity and Value of E- By different combinations of computers operating
or more
— There are some certain computer outputs of the original electronic record which has been granted admissibility as In any other manner invohing the successive operation over that period, in whatever order, of one
-

of computers.
documentary evidence in any proceeding without proof or production of the original electronic record. computers and one or more combinations
= The admissibility of electronic records is piven In Subsection (1) of Section 658 of the Indian Evidence Act, 1872. All the computers used for
that purpose during that period shall be treated for the purposes of this Section as
a computer shall be construed accordingty.
a singlecomputer; and references in this Section to
constituting
Wt

Scanned by CamScanner
 aot ‘The Concopl of Cyberspace
Lave (Mu-Sem 7}
anes
Cyber Socur and Laws (MU-Som 7)
rtye
ScoSecup and production ° f comp
uter output.
Is said to be relevant to anoth,
The fact 425 of C)
The Concept
ly of information toa computer
regarding the modean of suppence the provisions of this Act relatingto the ermed simone 's connected with the other In any of the ways referzed to in
- 658 says ion 658 of the Indi Evid Act, 1872
Subsection (5) of Sect facts.
In the IT Act 2 (000, two new Sections are IntroducedOf related
whether to relevancy, they are 22A and 47A:
opriate form and
1. Information shall be taken to be supplied to a computer if It Is supp! lied th yereto In any appr
rate equipment. Section 22A : When oral admissions as to ‘ote ° les
Its so supplied directly or (with or without human Intervention) by means of any #PProP -— Hectronic records are relevant
. being stored Oral admissions as
2. Whether in the course of activities carried on by any offical, Information Is supplied with a view to ofIts No those7 7 Mmit ies,- record produced isinto question,
the Contents of electronic records are not relevant, unless the genuineness of the electronicit
operated otherwise than in the course
processed for the purposes of those activities by a computer
that Information, If duly suppled to that computer, shall be taken to be supplied to itn the course of those activities, Section 47A : Opinion as to digital signature when
relevant
whether it was produced by It directly or Whe: n the Court hi 25 t0 form an opinion
i as to the digital signature of any
3. A computer output shall be taken to have been produced by a computer
person, the opinion of the certifying authority
(with or without human intervention) by means of any appropriate equipment. which has issued the digital signature certificate is a relevant fact.
Explanation : ‘Accordingto Section 47 when the Court has to form an opinion as to the person by whom any document was written
shall be a or signed, the opinion of any person acquainted with the handwriting of the person by whom it is supposed to be
- For the purposes of this Section any reference to information being derived from other information
written or signed that it was or was not written or signed by that person, is a relevant fact.
reference to Its being derived there from by calculation, comparison or any other process.
— The secondary evidence should be deemed to be a document and shall be admissible in any proceedings as evidence All the provisions of the Indian Evidence Act which are applicable to document are also applied automatically to
of any content of the original electronic record or of the facts stated therein of which direct evidence would be electronic records.
admissible.
4,6.3(A) Relevancy for Business Community
— Section 658 in the fourth limb the provision. In any proceedings where it is desired to give a statement in evidence by
virtue of this Section, a certificate doing any of the following things, that Is to say The relevancy for business community is given in Section 16, 32(Para 2), and 34.
1 Identifying the electronic record containing the statement and describing the manner in which it was produced 1, _ Existence of course of business when relevant:
2. Giving such particulars of any device involved in the production of that electronic record as may be appropriate When there is a question whether a particular act was done, the existence of any course of business, according to
for the purpose of showing that the electronic record was produced by a computer. which it naturally would have been done, is a relevant fact. Illustrations
3. Dealing with any of the matters to which the canditions mentioned in sub-section (2) relate, and purporting
to be a. The question is, whether a particular letter was dispatched. The facts that it was the ordinary course af business
Signed by a person occupying a responsible official position in relation to the operation of the relevant device or for all letters put in a certain place to be carried to the post, and that particular letter was put in that place are
the management of the relevant activities (whichever Is appropriate) shall be evidence of any matter stated in relevant.
the certificate; and for the purposes of this sub-section it shall be sufficient for a matter to be stated to the best b. The question is whether a particular letter reached A. The facts that It was posted in due course and was not
of the knowledge and belief of the person stating it. returned through the Dead Letter Office are relevant.
4.6.3 Relevancy and Admissibility 4.6.3(B) Authorship of an Electronic Record
- ASwe know that under Section 658, the computer outputs are admissible but we have to prove it as an evidence also.
- After admissibility and relevance of computer output the next step is ta prove the authorship of the electronic record.
Evidence may be given in any suit or proceedings of the existence or non-existence of every fact in issue and of such
other facts as are hereinafter declared to be relevant, and of no others (Section 5). Under Section 658 the author of an electronic record is a person who may give the certificate.
of the activities
— The person who has official position in relation to the operation of the computer or the management for
process the information
the computer was used regularly to store or
= Section 3 says “facts in issue” means and indudes any fact from which, either by itself or in connection with other
facts, the existence, non-existence, nature, or extent of any right, liability, or disability, asserted or denied in any sult regularly carried out during the period when
authorship of the electronic record.
oF proceeding, necessarily follows. ‘such activities, then only such a person only provides the evidence of the
= Forexample
: Als accused of the murder of B. At his trial the following facts may be in issue : — The normal method of proving a document is by calling the witness the person who had executed or signed it or who
in the document.
— That A caused B's death. Is qualified or competent to express his opinion as to the handwriting
e the
familiar with
Is otherwis
— That A intended
to cause B's death. The person who executed the electronic record or who saw it being executed or who
prove the execution.
= That Ahad received grave and sudden provocation from B. execution would be required to the digital signatures need to be proved.
- That A at the time of doing the act which caused B's death, was, by reason of unsoundness of mind, incapable of - - i the electronic record Is signed with the digital signature then
knowing
its nature.

Scanned by CamScanner
a ——

cree teen wv Cyber Security and Laws (MU-Sem 7)

4-26 427 ‘The Concept
of Cyberspace
Oper Securty arc Laws (MU-Sem 7) Example : The cookie jar with
the hair
tool markings fingerprints, blood, Cookieskinsomplecs
monster’ fingerprints on it. Other typical
s examples...
les. weapons, tools,
weapor
4.6.4 Probative
Value of Electronic Evidence astobe judged havin regard to the facts To enhance the probativ
h
— probative value of electronic evidence Is the weight to be given to It whic importance, e value of the electronic evidence, the kind of software’s used would also assume
and circumstances of the case. tance tive value,
In determining Its proba Cases In which Statement of relevant fact by person who Is
‘The nature of the computer generated evidence would also assume Imo! dead or cannot be found etc. Is releva
There are oral, documentary, circumstantial, direct and real evidences. When it relates to cause of death. nt
any of the circumstances of the When the statement is made by a person as to the cause of his death, or as to
transact ion which resulted in his death, in cases in which the cause of that
person's death comes into question.
Such statements are relevant whether
the Berson wha made them was or was not, at the time when they were
made, under expectation of death, and
wh vatever may be the nature of the proceeding in which the cause of his
death comes into question,
Entries in books of account Including those maintained In an electronic
form when relevant
Whenever they refer to a matter into which the court has to inquire, but such statements shall not alone be
sufficient evidence to charge any person with liability. Illustration A sues B for * 1,000, and shows entries in his
account-books showing B to be indebted to him to this amount.
The entries are relevant, but are not sufficient, without other evidence, to prove the
Fig.A.6.1 : Types of Electronic
Evidence debt. COMMENTS
Admissibility Entries in account books regularly kept in the course of business are admissible though they
by
Oral evidence themselves cannot create any liability.
- Section 60 of the Indian Evidence Act, 1872 prescribed the provision of recording oral evidence.
4.7 The Criminal Aspect In Cyber Law
— All those statements which the court permits or expects the witnesses to make in his presence regarding the
truth of the facts are called oral evidence. Crime : A violation of criminal law is called crime. The examples of crime are: murder, rape, forgery, stealing etc. these
— Oral evidence is that evidence which the witness has personally seen or heard. crimes threaten to the society.
Documentary evidence Criminology : Criminology is the study of criminal behavior.
Section 3 of The Indian evidence act says that all those which are in the court for
Cc crime:
such documents are called documentary
evidences. Any illegal action in which a computerIs a tool of a crime is known as computer crime or any crime, the means or
Purpose of which is to influence the function of computer,
Circumstantial evidence
Any event related with computer technology in which a victim suffered or could have suffered loss and a
A form of evidence that allows a judge or Jury to Infer or accept a fact based on a set of known circumstances.
A fact Perpetrator, by intention, made or could have made a gain.
that can be used to infer another fact. Computer crime Is any criminal offense, activity or Issue that Involves computers. Computer Is used in illegal
activities: child pornography, threatening letters, e-mail spam or harassment, extortion, fraud and theft of
Example : The cookie monster is found standing by an open cookie Jar with cookle crumbs on his face. The
Intellectual property, embezzlement.
droumstantial evidence would indicate that the cookle monster ate a cookie. However, he was not actually seen
eating
the cookie.
Categorizing computer-related crime
A single category cannot accommodate the wide divergence of conduct, perpetrators, victims, and motives found
Direct evidence
In examining computer crimes. Adding to this confusion Is the fact that computer crimes also can vary depending
— An eyewitness has seen or heard the alleged events, or some real evidence Is provided which proves a fact In upon the Jurisdiction criminalizing the conduct. Computers serve In several different roles related to criminal
question. (The fact in question must prove the gullt of the accused.) activity. The three generally accepted categories speak In terms of computers as communication tools, astargets,
= _Euample : Someone sees cookie monster eat a cookie out of the cookie jar, and as storage devices.

Real evidence (physical) 1, The computer as a communication tool presents the computer as the object used to commit the crime. This
category Includes traditional offenses such as fraud committed through the use of a computer. For example,
— _ Evidence that consists of physical objects that can be offered into evidence. Real evidence means real or material the purchase of counterfeit artwork at an auction held on the Internet uses the computer as the tool for
evidence. Real evidence
of a fact is broughtto the knowledge of the court by Inspection ofa physical object and committing the crime. While the activity could easily occur offline at an auction house, the fact
that a
not by information derived from a witness or a document.
v=——

Scanned by CamScanner
 Tho Concept of Cyberspace
Bem seen ort tase wn. som 7) cs)
computer Is used for the purchase of this artwork may cause a delay in the detection of It being a fraud. ow
The
— The implementation of
use of the Internet may also make It difficut to find the perpetrator
of the crime: a SsUch manual,
authorized access to made obligatory. Such guidelines atall
all levels within an organization and between organizations should be
2. A computer can also be the target of criminal activity, as seen when
hackers i within this category. The or may ‘ual when sincerely implemented, hold greater prospects of success than,
Department of Defense sites. Theft of information stored on a computer also the comput, enacting new legislation for data pr
ection.
unauthorired procuring of trade secrets for economic gain from
a computer system places purer In = It should be made obi igate tre
the role of being a target of the criminal activity. affirmatio to the effect that
n the part of companies or Institutions to give in their annua repor
7 , l ts a
3. Acomputer can also be tangential to crime when, for example, It Is used as a storage place for criminal transaction oriented system Security standards are described by the manual have been adopted a
records. For example, a business engaged in illegal activity may be using a computer to store its records. The eed forpermit
Protection than a system of access only read only ly for
picgsesies for enquiry only access this offers a great degree of
seizure of computer hard drives by law enforcement demonstrates the importance of this function to the
evidence gathering process. Legal deterrents
4 In some instances, computers serve in a dual capacity as both the tool and target of criminal conduct. For ‘Separation of the activities which
composed of resources which are
example, a computer Is the object or tool of the criminal conduct when an individual uses It to Insert a —
non offences.
Amendment of the damestic criminal
Computer virus into the Internet. In this same scenario computers also serve in the role of targets In that the law based on an international understanding, to meet the requirement of
virus may be to cripple the of the world.
Prevention of computer related crime.

(Causes! Factors contributing to computer erlme
Cyber criminals ahways opt for an easy way to make big money. They target rich people or rich organizations like
banks, casinos and financial firms where a huge amount of money flows daily and hack sensitive information. Catching such
iminals is difficuk. Hence, that increases the number of cyber-crimes across the globe. Computers are vulnerable so laws
are required to protect and safeguard them against cybercriminals. We could list the following reasons for the vulnerability
of computers:
~ Easy to access: The problem behind safeguarding a computer system from unauthorized access Is that there are many
Possibilities of breach due to the complex technology. Hackers can steal access codes, retina Images, advanced voice
Fecorders ett. that can fool biometric systems easily and bypass firewalls can be utilized to get past many security
systems.
— Capacity to store data In small space : The
has the unique istc of storing data Ina
very small space. This makes it a lot easier
for the people to steal data from any other storage and use it for own
profit.
— Complex: The computers run on operating systems and these operating systems are programmed of millions of
codes. The human mind Is imperfect, so they can do mistakes at any stage. The cybercriminals take advantage of these
gaps.
— Negligence: Negligence Is one of the characteristics of human conduct. So, there may be a Possibility that protecting
the computer system we may make any negligence which provides a cyber-criminal the access and control over the
computer system.
— Loss of evidence:The data relatedto the crime can be easily destroyed, So, Loss of evidence has become
a very
common and obvious problem which paralyzes the system behind the investigation of cyber-crime.
4.7.1 Strategy for Preventing Computer Crime
To prevent the crime there are 2 main aspects of the strategy.
1. Systemic methodology
— Computer crime is a new way of criminal offence that provides through transnational borders.
— Concerted International Corporation Is needed to successfully address this crime,
= __ International collaborations and exchange of Technology related to data security should be strongly
encouraged.
Effective prosecution inter-alia by adopting the existing criminal procedure and related
provisions.
The formulation and adoption of a Procedure for the investigation
of computer crime is Cardinal to the effective
translation into action of any new piece of legislation for amendment or supplementati
on of existing law.
The guidelines rules should be spell out the procedural aspects relating to search of premises seizure of
incriminating documents for materials the duty of witnesses etc.
In addition to the above considering the fast changing nature of computer related crime it is desirable to adopt
the guidelines and classification suggested by the Organization for Electronic Cooperation and Development
(OECD) with necessary amendments to suit National requirements
4.7.2 Amendments to Indian Penal Code 1860
Electronic Record (section 29a)
The words “electronic record” shall have the meaning assigned to them in clause (t) of sub-section.
Public servant framing an incorrect document with intent to cause injury (section 167)
Whoever, being a public servant, and being, as [such public servant, charged with the preparation or translation of
any document or electronic record, frames, prepares or translates that document or electronic record] in a manner
which he knows or believes to be incorrect, intending thereby to cause or knowing It to be likely that he may thereby
fause injury to any person, shall be punished with imprisonment of either description for a term which may extend to
three years, or with fine, or with both.
Absconding
to avold service of summons
or other proceeding (section 172)
Whoever absconds in order to avold being served with a summons, notice or order, proceeding from any public
Servant legally competent, as such public servant, to issue such summons, notice or order, shall be punished with
simple imprisonment for a term which may extend to one month, or with fine which may extend to five hundred
person or by agent, or to (produce a
Tupees, or with both; or, if the summons or notice or order is to attend in
document or an electronic record in 2 court of justice) with simple imprisonment for a term which may extend to six
months, or with fine which may extend to one thousand rupees, or with both.
v

Scanned by CamScanner
W__Qper Secunty and Laws (MU-Sem 7) 4-30
‘Tho Concept
of Cyberspace
en,
Service of Or other or thereof (section 273)
ps
Whoever in any manner intentionally prevents the serving on himself, or on any
other person, of any summons, noticg 7. Forgery (section 463)
Of order proceeding from ary public servant legally competent, nt, to Issue such summons, notice
©F order, of intentionally prevents the lawful affixing to as such public serva notice or ord Whoever makes any false docu;
ments or :
any place of any such summons, ; oF to cause damage or injury}, to the
intentionally removes any such summons, notice or order from any place to which it fs awfully affixed, or intentionally {alte electronic record or Part of a document or electronic record, with
Prevents the lawful making of any proclamation, " intent
under the authority of any publlc servant legally competent, as such part with property, or to enter Public oF to any person, * OF to support any claim
intoan or title, » orOF to Co ca: Cause any person to
Public Servant, to direct such proctamto be made, shall be punish
ation with ed
simple Imprisonment
for a term which be committed , commits forgery ly ex
Press OF implied contract, or with intent to commit fraud or that fraud may
may extend to one month, or with fine which may extend to five hundred rupees, or with
both; or, if the summons,
notice, order or proclamation Is to attend in person or by agent, or [to produce a document or electronic 8. Making a false document (section 464)
record in 3
Court of Justice], with simple imprisonment for a term which may extend A person Is said to make
to six months, of with fine which may extend a false document or false electr
to one thou sand
rupees, or with both. onic record.
a. First who dishonestly or fraudulently
Omission ta produce 1(document or electronic record) to
public servant by person legally bound to produce (i)
(section 175) Makes, signs, seals or executes
a document or part of adocument.
Whoever, being legally bound to produce or deliver (i) Makes or transmits any electr
up any 1[document or electronic record] of any onic record or part of any
public servant, as electronic record.
such, intentionally omits so to produce or deliver up {ill} Affixes any electronic signat
the same, shallbe punish with ed
simple Imprisonment
which may extend to one month, or with fine which for a term ure on any electronicrecord.
may extend to five hundred rupees, or with both, or, if
{document of electronic record] the (iv) Makes any mark denoting the execution ofa
is to be produc or delivered
ed up to a Court of Justice, with simple imprisonment document or the authenticity of the electronic
aterm which may extend to six months, or with for signature. with the
fine which may extend to one thousand rupees, intention of causing it to be believed that
such document or part of document, electronic
Mlustration A, being legally bound to produce a document or with both,
Signature
was made, signed, sealed, executed, transmitted or affixed by or by
record or electronic
‘same. A has committed the offence defined in this section, before a District Court, intentionally omits to produce the or by whose authority he knows that it was not made, signed, the authority of a person by whom
, sealed, executed or affixed.
Fabr icat
false evidence (section
ing 192) b. Secondly who, without lawful authority, dishonestly or fraudulentl
y, by cancellation or otherwise, alters a document
Whoever causes any circumstance to exist or 1 or an electronic record in any material part thereof, after it has been made,
makes any false entry in any book or record, or electronic executed or affixed with electronic
makes any document or electronic record containing a false statement] intending record or Signature] either by himself or by any other person, whether such person
oF false statement may appear in evidence in that such circumstance, false entry be living of dead at the time of such
a judicial Proceeding, or in a proceeding taken alteration.
‘servant as such, or before an arbitrator, and that by law before a public
evidence, may cause any person
such Groumstance false entry or false statement,
so appearing in © Thirdly who dishonestly or fraudulently causes any person to sign, seal, execute of alter a
who in such proceeding is to form an opinion upon the evidence, document or an electronic
erro opinion
neou
touching anys
point mate to entertain an Fecord or to affix his electronic signature on any electronic record knowing that such person by
to therial
result of such proceeding, |s said “to fabricate false evidence”. reason of unsoundness
Ulustrations Of mind or intoxication cannot, or that by reason of deception practiced upon him, he does not know the
contents of
(a) A. buts Jewels into 3 box belonging to Z, with the intention the document or electronic record or the nature of the alteration.
that they may be found in that box, and that this
may cause
Z to be convicted of theft. A has fabricated false evidence. Mlustrations
{b) ‘A makes a false entry in his shop-book for the purpose of using a ‘Aas a letter of credit upon B for rupees 10,000 written by Z A, in order to defraud B, adds
it as corroborative evidence in a Court of Justice. a cipher to the 10,000,
Ahas fabrifalse catedevidence. and makes the sum 1, 00, 000 intending that it may be believed by B that Z so wrote the letter. A has
(c)_ A, with the intention of causing Z to be convicted ofa criminal Conspiracy, writesa letter in imitation of Z's committed
forgery.
handpurporting
writ to being,
addressed to an accomplice In such criminal Conspiracy, and puts the letter ina
place which he knows that the officers of the Police are likely to search. A has b. A, without Z's authority, affixes Z's seal to a document purporting to be a conveyance of an estate from Z to A, with
fabricated false evidence. the intention of selling the estate to B, and thereby of obtaining from 6 the
Destruction af 1{document or electronic record] purchase-money. A has committed
to prevent its production as evidence [section 204)
forgery.
Whoever secretes or destroys any 1[document or electronic record]
which he may be lawfully compelled to produce © A picks up a cheque on a banker signed by B, payable to bearer, but without
as evidence In a Court of Justice, or in any proceeding lawfully held before any sum having been Inserted in the
a public Servant, as such, or obliteratesoF cheque. A fraudulentlyfills up the cheque by inserting the sum of ten thousand rupees.
A
renders illegible the whole or any part of such 1[document
or electronic record] with the Intention of preventing the 4. leaves with B, his agent, com its forgery.
a cheque on a banker, signed by A, without inserting the sum payable and authorizes
same from being produced or used as evidence before such Court or public servanta5 afores
B to
or after
aid,he shall have fill up the cheque by inserting a sum not exceeding ten thousand rupees for the purpose of making certain payment. B
been lawfully summoned or required to produce the same for that purpose, shall be punished with imprisonment
of fraudulently fills up the cheque by inserting the sum of twenty thousand
rupees. B commits forgery.
either description for a term which may extend to two years, or with fine, or with both.

Scanned by CamScanner
 The
wv Cyder Seourty and Laws (MU-Sem 7) 42
tending
©. Adraws a bil of exchange on himself in the name of B without B's authority. In pill with Intent to deceive
the
with a banker and intending to take up the bill on Its maturity. Here, as A
banker by leading him to suppose that he had the security of B, and thereby to
equally divided between A, Band C * 4
£. Z's will contains the these words—"I direct that all my remaining property De whole was left to himself and CA hay Explanation 3 : For the purposes of this
Gishonestly scratches out 8's name, intending that it may be believed that the SeCtion,
assigned to It in clause (4) of sub-section (Qhor eosin
tne 9,
committed forgery.
‘affiaing 2 [electronic signature)” shall have the meaning
the bill the words "Pay
ectior ne Information Technology Act, 2000.
& Aendorses aa Government Promissory note and makes it payalble toZor his order by writing oron his order", and thereby —™ of Court or of public register, tte (section 466)
to Z or his order” and signing the endorsement. B dishonestly erases the words “Pay to Z
Converts the special endorsement into a blank endorsement. B commits forgery.
fh. Assells and conveys an estate to 2. A afterwards, in order to defraud Z of his estate, executes a conveyance of the
same estate to B, dated six months earlier than the date of the conveyance to Z, Intending tt to be believed that he
had conveyed the estate to B before he conveyed it to Z. A has committed forgery.
|.
Zdictates his will to A.A intentionally writes down a different legatee from the legatee named by Z, and by represent. Explanation 2 For the Purposes ofthis section, “regstr"incudes any Ret, data of record of any entries maintained in the
ing to Z that he has prepared the will according to his instructions, induces Z to sign the will. A has committed forgery, Act, 2000.)
electronic form as defined in clause (r) of sub-section (1) f section 2 of the Information Technology
| Awrites a letter and signs it with B 's name without B's authority, certifying that A is a man of good character and in Explanation 2 : For the purposes of this section, the expression
“affising 2 [electronic signature]? shall have the meaning.
distressed circumstances from unforeseen misfortune, intending by means of such letter to obtain alms from Z and assigned to it in clause (d) of sub-section (1) of section
2 of the Information Technology Act, 2000.
Other persons. Here, as A made a false document in order to induce Z to part with property. A has committed forgery. Forgery for purpose of cheating (section 468)
k. Awithout B's authority writes a letter and signs it in B 's name certifying to A ‘s character, intending thereby to obtain Whoever commits forgery, intending that the 1[document or electronic record forged] shall be used for
the purpose
employment under Z. A has committed forgery in as much as he intended to deceive Z by the forged certificate, and of cheating, shall be punished with imprisonment of either description for a term which may extend to seven years,
thereby to induce Z to enter into an express or implied contract for service. to fine.
and shall also be liable
Explanation 1 : A man's signature of his own name may amount to forgery Forgery for purpose of harming reputation (section 469)
@ A Signs his own name to a bill of exchange, intending that it may be believed that the bill was drawn
by another forgery, 1[i that the or ic record forged] shall harm the reputation
of
Person of the same name. A has committed forgery.
any party, or knowing that it is likely to be used for that purpose, shall be punished with imprisonment
of either
b. Awrites the word “accepted” on a piece of paper and signs it with Zs name, in order that B may afterwards write on description for a term which may extend to three years, and shail also be liable to fine.
the paper a bill of exchange drawn by B upon Z, and negotiate the bill as though it had been accepted by Z. A is guilty Forged document (Section 470)
of forgery; and if B, knowing the fact, draws the bill upon the paper pursuant to A's intention, B is also guilty of
A false document made wholly or in part by forgery is designated "a forged document*
forgery.
Using as genuine a forged document{section 471]
c Apicks up a bill of exchange payable to the order of a different person of the same name. A endorses the bill in his
‘own name, intending to cause it to be believed that it was endorsed by the person whose order it was payable; here A Whoever fraudulently or dishonestly uses as genuine any document which he knows or has reason to believe to be a
has committed forgery. forged document,
shall be punished in the same manner as if he had forged such document.

d. Apurchases an estate sold under execution of a decree against B. B, after the seizure of the estate, in collusion with Z, Having possession of document described In section 466 or 467, knowing It to be forged and intending to use It as

executes a lease of the estate of Z at a nominal rent and for a long period and dates the lease six months prior to the genuine (section 474) .

seizure, with intent to defraud A, and to cause it to be believed that the lease was granted before the seizure. 8,
though he executes the lease In his own name, commits forgery by antedating it.
eA, atrader, in anticipation of insolvency, lodges effects with B for A's benefit, and with intent to defraud his creditors;
and in order to give a colour to the transaction, writes a promissory note binding himself to pay to B a sum for value
received, and antedates the note, intending that It may be believed to have been made before. A was on the point of
Ahas ed forgery under the first head of the defi
Whoever, has in his possession any document, knowing the same to be forged, and intending that the same shall
fraudulently or dishonestly be used as genuine, shall, if the document is one of the description mentioned in section
466 of this Code, be punished with imprisonment of either description for a term which may extend to seven years,
and shall also be liable to fine; and if the document is one of the description mentioned in section 467, shail be
for life), or with imprisonment of either description, for a term which may extend to
Punished with (imprisonment
‘Seven years, and shall atso be liable to fine.

Scanned by CamScanner
 =

‘The Concept of Cyborepace

ae
JW cyper securty and tawe (Som) as Tan gore dexetbed In section 467, oy
1. Counterfeiting device or mark used for authenticating documents other
Possessing counterfelt marked material{ section 476)) le
or mark used for the purpose of © crypto,
among the uses of information
Whoever, counterfeits upon, or in the substance of, any material, any de ‘ecbal In section 467 of this Code and nae method should be trustworthy in order to generate confidence
authenticating [any document or electronic record} other than the documentsd © Choice of cryptographic methodas go nation systems.
ence of outherticty to a should be subject to the relevant nla "ATs should have a right to choose any cryptographic method
Intending that such device or mark shall be used for the purpose of giving the appea! and it
document then forged or thereafter to be forged on such material, or who, with such intent, fas has tis nl © Market driven development of er,
In his possession any Tesponss tothe neds and demands ot caer eC NIOUTDNIE methods should be developed i
material upon or in the substance of which any such device or mark has nterfeited, shall be punished with
been cou! be table tafe . © Standards f 5 Of individuals, business houses
Imprisonment of either description for a term which may extend to seven years, and shall also be ould * for cryptographic methods: technical standards, criteri and governments,
iy be developed and promulgated fs,
& _Falsification of accounts (section 477A) © Protection of privacy and personal
st National ang emaionlien Hes enypnoereptie hic mattis
method:
Whoever, being a derk, officer or servant, or employed or acting in of eomrmunieslon and plese — 7
a
the capacity of a clerk, officer or servant, willfully, 40n of
Ihe fundamental rights of individuals to privacy including secrecy
personality
and in the implementation and use if cptogrithicit restos Tespected in National
Crypt
and with intent to defraud, destroys, alters, mutilates of falsifies any 2 book, electronic record,
jectronic meson poms
valuable security or account which belongs to or ts in the possession of his employer, or has
pen er, writil ne, °
Lawtul
to aon : 7
National cryptographic policies Mein allow access by lawful means plain text for
been received by him for Cryptographic keys of encrypted data,
oF on behalf of his employer, or willfully, and with Intent to defraud, makes or abets the making of
any false entry in, ° pana *stablished by contract our legislation the liability of individual and institutions that offer
or omits or alters or abets the omission or alteration af any material particular from or In, any such 2 book, electronic
he obraphic services Should be clearly stated.
record, paper, writing, valuable security or account, shall be punished with Imprisonment of either description for a
+. © _ International Corporation: government should co-ordinate Cryptographic policies. Governments should
term which may extend to seven years, or with fine, or with both. avoid creating
a: : - The 1@ of OECD members unjustified
review
of circles to international
. this Buidelines
. trade in th
ee
at least every five years
of enforciny
Tay BOM i
with a view to improving International
cooperation on issues related to Cryptography policy.
it shall be sufficient in any charge under this section to allege a general intent to
defraud without naming any 2. Initlatives by the United States of America
para person ee . be — or specifying any patio sum of money intended to,be the subject of
ud, oF any particular a day — __ Many states in the United States have either passed or propose legistation
on eoffence ‘was comm 7 signature on digital signature.
— The Utah digital act of 1995 offers legal Framework for the use of cryptography as a tool for data
48 Global Trends in Cyber Law
—
authentication purpose,
California and Arizona have passed digital signatures legislation enabling electronic
4.8.1 The Contract Aspect transactions with state
Enterprises.
In contract aspect no much debates and deliberations have taken place. In — _ Minnesota is established licensing criteria for certification authority and defines their legal responsibilities to
a lot of cases when security measures parties. third
through encryption etc are adopted, the basic necessity of authenticity, witnessing
signatures, non repudiation, — Nevada has passed a law authorizing the use af electronic symbols as a alternate
Origination, acknowledgement extra Is taken care of. So, two of
the three main concepts related to e-commerce that are for supplement for certain
signatures. .
Originator, addressee and acknowledgement of receipt of record ‘automatically attended
to while implementing a legal — Department of Commerce is responsible for licensing cryptographic devices used for dait
Framework for encryption or digital signatures. The concept of time and place of dispatch and received authentication access
Is probably the only Control proprietary software automatic tailor machines excetra.
area which has been relegated to the backgraund.
— Cryptography devices and the technical data of these devices are subject to US government export control
as
48.2 The Security Aspect Specified in title 22 of the code of Federal regulations.
— US government has made out a policy paper for global Electronic Commerce and title 'A' Framework for global
1. Initiatives by International Organizations Electronic Commerce. tt helps to accelerate the growth of global, through the internet.
— Many countries have come to pass laws related to digital signature. Many — US government permits companies to export encryption products using S6b Data Encryption Standard (DES) or
others are can templating on these equal algorithm.
lines. United Nations Commission on international Trade Law (UNICITRAL) is
working on a model digital signature
law. 3. Initiatives by European Union
— Few guidelines related to Cryptography have been adopted by Organization
for Economic Co-operation and The European Commission has launched a study on the legal aspect of digital signatures. The study give the overview
Development (OECD). The OECD compromises of Industrialized countries like Australia Canada European Nations
Japan and United States.
Of policies of European Union as well as an insight into the existing rules regulations and the de facto practices related
to digital signatures and enable message new rules regulations and practices among the members of European union's

and its main trading partners.

Witenes

Scanned by CamScanner
 a
The Concept of Cyberspace
W_cyter Security and Laws (MU-Sem7) 496 — NH_cybor Security and Laws (MU-Sem 7
437
4a Initiatives
by the G-7 countries
‘The G-7 countries have suggested following things
to be used In the Global
— Garments industry and users must agree on the cryptographic techniques 2! nd products
information infrastructure. There should be agreement on the procedure fo! verifying that these techniques for
Additionally, while soun
becoming extensive we as ; = poctca are necessary in all countries where the use of EDI and electronic mail is

'
Products conform to the standard so agreed. telecopy and telex 50 felt in many countries with respect to such communication techniques as
~The great techniques at the great verification procedures must be made public. Electronic data Interchange definiti
‘on Is given
in Article
— Agreed techniques must be based on private sector Led, voluntary International standards arrived at by specified by the model law. idle 2, 2, but The meaning of the Electronic Commerce Is not
agreement. At the time Of preparing the model law the commissio
n decided that in addressing the subject matter before
— The products conforming
to the agreed techniques should be free from would have in mind a broad nation of EDI, Covering it, it
the variety of trade related uses of EDI that may
broadly under the term of Electronic Commerce. be referred
© Import controts
© Legal restrictions on its use ‘Among the means af communication encampass in the notion of Electronic Commerce
transmission based on the use of electronic techniques : are the following modes of
© Licensing restrictions
— The products meeting the requirements to the agreed techniques should be export table to all countries except
1. Communication by means of EDI defined narrowly as computer-to-computer transmission of data In a
those which are subject to Union embargo and users and suppllers of products meeting the requirements to the standardized format.
agreed techniques should be free ta make technical and economic selection about modes of Implementation and Transmission of electronic messages Involving the use of either publicly available standards or proprietary
s

Operation. The choice of hardware and software should also be allowed. standards

48.3 The Intellectual Property Aspects 3. Transmission of preformatted text by electronic means for example through the internet.
Certain types of acknowledgement for example UN/EDIFACT message establishing that the data message received Is
US initiatives: Digital Era copyright enhancement Act 1997, the digital corporate clarification and Technology
Education Act of 1997, the no electronic theft act 1998, these legislations are taking care of IPL aspects with tegard to
syntactically correct that Is it can be processed by the receiving computer.
the Electronic medium. The reference to technical requirement which is to be construed primary as a reference to data syntax In the context
of EDI communication may be less relevant in the contacts of the use of other means of communication such as
Nil copyright Protection Act of 1995, specific provisions are done related to digital network environment.
Telegram or telex.
‘The Global Information Commission (GIIC] has recommended the intellectual property law. It supports the efforts for Moreover mere consistency with the rules of data Syntax technical requirements set forth in applicable standards may
the development of suitable technology to prevent activities which infringe on exclusive rights. A precise definition of Include, for example, the use of procedures verifying the integrity of the cantent of data messages.
demarcates between legal and illegal activities is given to Identify the actions that result in infringement of Intellectual
Robust communication network would offer the channel for instant transmission of the message. The message
Property right. transmitted over the network should make sense to the receiver of the message and this Is possible only If the
transmitter as well as the receiver
is adopting the same message formats. Message format is necessary for achieving
4.9 Legal Framework for Electronic Data Interchange
the standardization.
a

4.9.1 The Electronic Data Interchange Scenario In India The Ministry of Commerce Is the nodal agency for the implementation of Electronic Data Interchange (ED!) in
India.
India Joined the EO! movement in earty 1992, when It obtained the observer status in the Asia EDIFACT Board (ASEB).
‘The ED! mechanism : India became a member of ASEB in August 1992. In order to promote the use of EDI in India the Ministry of Commerce
According to UNCITRAL the definition of EDI ts: “Electronic data interchange means the electronic transfer has taken initiatives to develop EDI infrastructure. The following are the agencies that cater ta the ED! infrastructure
‘computer to computer
from
of information using and agreed standard fee structure the information.”
1. EDI council of india 2 India EDIFACT committee
For the conduct of International Trade electronic email and electronic data interchange Is Increasing rapidly.
There are legal obstadies in the communication of legally significant Information in the form of paperless messages. 3. Warking group 4. Education and awareness
There Is also uncertainty to their legal effect or validity. 5. VAN service providers & —_EDl implementation in government regulatory agencies
So set of Internationally acceptable statue Is provided by the cyber law remove the number of legal obstacles. The
cyber law also secure the legal environment created for Electronic Commerce,
The UNICITRAL the decision to model I on fe because In countries EDI council of India
the existing legislation governing communication and storage of information Is Insufficient or outdated because It
does not consider the use of Electronic Commerce. EDI council Is the apex body consisting of all the key government departments and representatives of trade and
Industry. tt is responsible for laying down the policy frame work and direction for-
In defintte cases, existing legislation imposes restrictions on the use of modem mea ns of communication, for example:
by recommending the use of written, sign, or original documents. = Promotion and propagation of EDI and Electronic Commerce.

Scanned by CamScanner
 WW_Cyt0r Socurty and Laws (MU.Sem 7
439 The Concept
of Cyberspace
and Laws (MU-Sem 438 4, Education and awareness
Creating awareness and education among the potential ED! functionaries
and user# - Federation of indian tx,
Streamlining procedures and practices India. FIEO has identined eestons (FLEO) is organising regular workshops and seminars throughout in
Attending
to legal Issues.
implernented EDI, These or Sree automotive, chemical, textile and engineering concerns that had already
own sectors, Banisations would perform as model organisation for the EDI implementation in their
Human resource development.
Thec All i
India n
‘Any other Issue connected with EDI and Electronic Commerce. Manae
gement Assoc
—o ) of New Dethi is Offer
lation (ALMA) of ing courses on EDI, including a Mast
ers
Chairman : Secretary, Ministry of Commerce ;
‘0 investigate the needs for EDI related human resource development.
‘Secretariat
: EDI Division
5, VAN service providers

Ministry
of Commerce
— The two major VAN operators
in India providing EDI services
are NIC and VSNL
Udyog Bhawan, ne Informatics Center (NIC) has set up a nation-wide computer communication network with over 600
fe $ connecting the national capital, the state capitals and district headquarters.
New Delhi
- 1100011
NICNET provides high speed
information highway nodes within the Country and connectivity to Internet as well as
2 India EDIFACT committee to other foreign networks
outside the country,
‘The India EDIFACT (EQ) Is for e rds ing the procedures In line \Videsh Sanchar Nigam Ltd. (VSNL) has established the GEDIS TradeNET
Network service for EDI. It is connected to
with UN/EDIFACT and maintain liaison with UN/EDIFACT bodies. two International EDI VAN operators, GEIS and INS UK.
To address all the Information needed on different sectors and Its interface with UN/EDIFACT standards following 6. EDI Implementation In government's regulatory
Message Development Groups are working- agencies
- The Ministry
of Ce
© Ports Message Development Group under Indian Ports Association (IPA). has selectedg nt y and facilitatory for co- EDI
implementation.
© Airports Message Development Group under Airports Authority of India (AAI).
These organisations are Customs, Directorate General of Foreign Trade (DGFT), Regional Licensing Authorities,
© Financial Message Development Group under Indian Banks Association (EBA).
Alrports Authority of India (AAI), Scheduled Banks, Airlines, Reserve Bank of India, Directorate General of
© — Gustoms Message Development
Group under Central Board of Excise
and Custom (CBEC). Commercial Intelligence & Statistics (OGCI&S), Chamber of Commerce, Inspection Agencies, Export promotion
© Private Sector Message Development Group under Federation of Indian Export Organisations (FIEOQ). Organisations, Port Trusts, Container Corporation of India Ltd. (CONCOR), Insurance Agencies.
A Technical Support Group is also working under National Informatics Center (NIC) which Is responsible for
helping users In EDI related software development and for providing technical support... 4.10_Law Relating to Electronic Banking
Chairman
: Additional Secretary, Ministry
of Commerce 1. The history of payments
Secretariat
: EDI Division
A “bill of exchange” Is an Instrument in writing containing an unconditional order, signed by the maker, directing a
Ministry
of Commerce
certain person to pay a certain sum of money only to, or to the order of, a certain person or to the bearer of the
Udyog Bhawan, instrument. The payment Instruments are paper based and need to be tendered at specific bank for payment either
New Dethi-1100011 In person or through another bank in clearing or through collection. The cheque ot the instrument has to be
3. Working group Presented to the drawer under Negotiable act 1881. The disadvantage of this system Is cheque or demand draft have
to be physically presented and it often leads to delay in payment.
The working group ts for various in the go t and ensure d
implementation
of program. 2 The clearing house mechanism
Chairman : Secretary,
Ministry of Commerce The clearing process begins with the deposit of a cheque In a bank. The cheque (along with other cheques) Is delivered
Secretariat
: EDI Division to the bank/branch where It is drawn. The cheque is passed for payment if the funds are available and the banker Is
Ministry
of Commerce Satisfied about the genuineness of the instrument. The cheques that are unpaid are returned to the presenting bani
Udyog Bhawan, through another clearing called the Return Clearing. The realisation of the funds occurs after the completion of return
New Delhi
- 1100011 Clearing and by the absence of an unpaid cheque.

Scanned by CamScanner
SRST eee
The Concept of Cyberspace
Wr _Oyer Securty and Lawa (MU-Sem 7) 4-40
3. Electronic Clearing System (ECS)
fund transfer from of ne bank
account to another. It Is
Electronic Clearing System (ECS) Is an electronic method of
ts like dividend, interest, salary,
generally used for bulk transfers performed by Institutions for making paymen!
nts to utility companies such
pension, etc. ECS can also be used to pay bills and other charges such as paymel
paymet nts on loans as well as Sip
telephone, electricity, water. or for making equated monthly installments
investments.
a EScredit
the customer's
— ECS credit fs used for allowing credit to a large number of beneficiaries by ralsing a single debit to ris
account, such as dividend, Interest or salary payment. ECS payments can be performed by any institution
(ECS user) that has to make bulk or repetitive payments to a number of recipients or beneficiaries. They initiate
the after registering with an se. ECS users also have to obtain a
‘consent such as the account particulars of the beneficiaries for engaging in the ECS clearings.
- Under the scheme, the beneficiaries of the repetitive or regular payments can also require the paying institution
to make ECS (credit) for payment. The ECS users expect to effect payments and to present the data in a
the
prescribed format to any one of the recognized clearinghouses. The clearinghouse will debit the account of
ECS user through the user’s bank on a particular day and credit the accounts of the recipient banks, for praviding
onward credit to the accounts of the ultimate beneficiaries. The benefits of ECS credit given to the clients are as
follows:
© The end beneficiary need not make frequent visit to his bank for depositing the physical paper instruments.
© Delay in the realization of proceeds, which used to happen in the receipt of the paper instrument is eliminated.
° The ECS user helps to save on administrative machinery for printing, dispatch and reconciliation.
° Provides the ability to make payment and ensure that the beneficiaries account gets credited on a designated
date.
b. ECS debit
— ECS debit is used for raising debits to a number
of accounts of consumers or account holders for affardinga single
credit to a particular institution, in cases such as utility payments like electricity bills and telephone bills. ECS
debit isa scheme in which an account holder can authorise an ECS user ta recovera prescribed amount by raising
a debit an his account. The ECS user has to receive an authorisation which Is called ECS mandate for raising such
debts. These mandates have to be approved by the bank branch maintaining the account.
- Any ECS user participating in the scheme has to register with an approved clearinghouse, an ECS user should
receive the mandate forms from the participating destination account holders with the bank's acknowledgement.
Acertified copy of the mandate should be available with the drawee bank.
— The ECS user has to submit the data in a specified form through the sponsor bank to the clearinghouse. The
clearinghouse would pass on the debit to the destination account holder through the clearing system and credit
the sponsor bank's account for onward crediting the ECS user. All the unprocessed debits have to be returned to
the sponsor bank's account for onward crediting the ECS user. All the unprocessed debits have to be returned to
the sponsor bank, within the time frame specified. Banks treat the electronic Instructions received through the
dearing system at par with the physical cheques. The benefits
of ECS debit given to the clients are as follows:
© Trouble-tree: Eliminates the need to go to the collection centres or banks and the need to stand In long queues
for payment.
W_Cyber Socurty and Laws (MU-Sem 7)
441 The Concept of Cyberspace
© Easy ' to to track: track: Customers are not required to track dawn payments by last dates, The ECS users would monitor
the debts. Th ',
'e ECS user saves on administrative machinery for collecting the cheques by monitoring
realisation and reconciliation.
their
as © Better cash management: Chances of frauds due to fraudulent access to Paper instruments and encashment
are avoided.
The realisation of payments on a single date is enabled instead of fractured
receipt of payments.
Cheque truncation
Cheque Truncation is a method of payment processing where under movement of the paper instrument is
truncated by substituting with electronic transmission of the cheque details or data. The Shere Committee had
examined the legal issues pertaining to cheque truncation and had indicated that the definition of presentmentin
the Negotiable Instruments Act may have to be amended for adoption of cheque truncation system in India.
Under the Negotiable Instruments Act, 1881, cheques would have to be presented for payment to
drawee / drawer bank. Without such presentment, no cause of action arises against the drawer.
— _ In default of presentment ofa cheque to the drawee for payment, other parties ta the cheque are not liable to
the holder. It is by banking practice and under the Uniform Rules and Regulations for Clearing Houses that banks
have agreed for presentment at any place other than the branch, such as the clearing house.
— Besides, the implications of the definition of payment in due course under the Negotiable Instruments Act, 1881
may make it difficult for banks to introduce cheque truncation system simply by agreement among themselves.
— The right of the paying bank to require physical presentation and possession of the cheque are designed to
Provide the bank with an opportunity to examine the signature and other authentication of the cheque.
— This is meant essentially to protect the interest of the drawer. Therefore, in UK, the cheque truncation system
started with customer consent agreements and was eventually introduced after a fair degree of familiarization
with imaging technology by the banks.
— Thus, introduction of cheque truncation system may require adoption of a fairly standardized imaging technology
and appropriate amendments to the Negotiable Instruments Act, 1881.
Electronic Fund Transfer (EFT) : Present set up
— An Electronic Funds Transfer (EFT) is a transaction that takes place over a computerized network, either among
accounts at the same bank or to different accounts at separate financial institutions.
— _EFTs include direct-debit transactions, wire transfers, direct deposits, ATM withdrawals and online bill pay
services. Transactions are processed through the Automated Clearing House (ACH) network, the secure transfer
system of the Federal Reserve that connects all U.S. banks, credit unions and ather financial institutions.
~ For example, when you use your debit card to make a purchase at a store or online, the transaction Is processed
using an EFT system. The transaction Is very similar to an ATM withdrawal, with near-instantaneous payment to
the merchant and deduction from your checking account.
— Direct deposit is another form of an electronic funds transfer. In this case, funds from your employer's bank
account are transferred electronically to your bank account, with no need for paper-based payment systems.
EFT In future : Electronic funds transfer act
— In 1995, the Reserve Bank had set up the Committee for Proposing Legislation on Electronic Funds Transfer and
‘other Electronic Payments (Chairperson : Smt. K.S.Shere). The Shere Committee had recommended a set of EFT
Regulations by the Reserve Bank under the Reserve Bank of India Act,1934 and amendment to the Bankers’
Books Evidence Act,1881 as short term measures and promotion ofa few Acts like the Electronic Funds Transfer
‘Act, the Computer Misuse and Data Protection Act etc. as long term measures.
Scanned by CamScanner
 The Concept
of Cyberspace
Wi _Cyper Securty and Laws (MU-Sem
7) 4-42 v Cron Seciirty and Lines (MU)-Sem 7)
= The Reserve Bank has already initiated steps for framing of EFT Regulations. The Govern™nTof India have the
al Tho Concept of Cy
Inktisted steps for promoting Information and Technology Act, 1999 and consequent environment.
Kong etc update in the RTGS
Reserve Bank of India Act, 1934, the Bankers’ Books Evidence Act, 1881 et. — RIGS Is critical for an
effectiveness contr
— The proposed Information Technology Bill, 1999 and Electronic Commerce Bill,
1999 are Intended to be generaj
; Payments system was in the Net settleme:o Strategy. The The risk inf herent in a net settlement system Is well-known,
purpose legislation covering mainly Issues like secure electronic records and signs! ures, acceptance of digital on Domino effect on arters mt System are such that the default by one bank will lead to the knock
signatures, duties of certification authority, liability of network service providers,
computer crime and data
— Gross settlement reduces the risk fre
protection. mode. equent
as tranzactions
ty are settied one by one on bilateral basis in real time
— Both the bills deal with electronic contracts and they are being promoted by the Government of India primarily to
facitate Introduction of Electronic Data interchange in the commercial sector. However, they are equally — In cross-border context, —
aT become even more 11:00 as Cross Country race are more
compared to domestic difficult to manage as
applicable for electronic funds transfer already launched by the Reserve Bank and Is going to be Increasingly insaction. Concepts like payment versus payment are especially
Fesorted to by the user banks of the VSAT based network, the INFINET. currency transactions. relevant in cross

~ However, there is still a need for a separate Act for electronic funds transfer because certain transactional issues RTGS vil both the technology and the process controls to manage the series
better. The communication
like payments finality, rights and obligations of the parties involved In electronic funds transfer etc. cannot be network 5 the backbone for the domestic RTGS system. A national RTGS facility
would help promote an
Covered In general purpose bills like the proposed Information Technology Bill or the proposed Electronic integrated National payment system covering :
Commerce Bill.
Wide array of payme products
ntsand services with a mix of paper and electronic payments.
~The EFT Regulations being framed by the reserve bank would address only the specific type of EFT system that the ATM, smart/credit transactions.
©22700000000

Reserve Bank would be involved with as a service provider as also a regulator. The EFT Regulations would,
Moreover, cover only credit transfer related transactions and not Debit Clearing transactions. A separate
legislation on the lines of Electronic Funds Transfer Act of USA Is, therefore, required which would be consumer
Protection oriented and would at the same time address transactional Issues like execution of payment order,
Settlement finality, etc.
— The reserve bank has taken the help of a consultant in drafting a new legislation on electronic funds transfer
System and proposing amendment to the Reserve Bank of India Act 1934. The Committee, after a careful
examination of the issue, has endorsed the view that the proposed Electronic Funds Transfer
Act should cover all
forms of electronic payments.
— The committee supports the view that the reserve bank, at an appropriate time, consider operating the
Inter-bank payment systems through an agency or subsidiary so that its regulatory role is rendered distinct from
Its supervisory role. Retail payment systems such as the ECS and the EFT Remittance Processing Scheme presently
‘operational may be managed by a group of large banks with country wide branch network and technical
capability, with settlement assistance from the reserve bank.
This would help the RBI to focus its efforts
only on large value time critical funds transfers to be settled on an
RTGS basis. in the ongoing debate on the role of central bank in payment systems, the trend is towards
distinguishing the central! bank role as @ regulator from that of service providers which could be commercial
banks themselves or the entities under the control of commercial banks. The committee has considered it
necessary that the legal framework for payment system takes into account this international trend.
Lew of netting/settiement
Real Time Gross Settlement (RTGS) — A funds transfer function in which transfer of money takes place from one
bank to another on a real-time basis without delaying or netting with any ather transaction.
RTGS Is regarded as the centerpiece of the Integrated system. The RTGS is centralized settlement system Into
which all dispersed settlement system will flow.
The RTGS will enable real time and online fund management for the financial system. Migration to an RTGS
environmentIs the main objectiveof payments system reforms in most countries of the world,
Access to cross border settlement system such as the TARGET Europe is conditional on the availability of fulfill a
domestic RTGS for each of the participating country.
v Wht
National clearing system on deferred net settlement basis.
National DvP system
Cross currency Clearing and settlement system.
Money market dealing system.
Debt and capital market segments.
National online government account system.
National RTGS system.
National currency management and accounting system.
Wide area satellite based dosed user group network providing the communication backbone the proposed
integrated National payment system.
— The basic issue in writing system is that of settiement and the Systemic risk borne by the participants if one or
some of the participants fail to meet the clearing liability.
= In case of Transformers settle on gross basis the parties involved are only two and principal risk, if any, is only for
‘specific transaction. But in multilateral netting systems, where claims are obligations over a period of time,
Incoming and outgoing payments are set off against each other in case of failure of a party in meeting the
dearing liability. The methodology of identifying the counterparties and determining the exposure level becomes
difficutt.
Encryption of messages transmitted over PSTN lines.
— The Committee understands that at present banks in both the public and private sectors use a code book for
purposes of coding and decoding TT messages. For transmitting messages Involving transfer of huge sums, the
sending branch codifies the message and the receiving branch decodes the message after its receipt with the help
of the cipher code book. Though the public telephone / wireless network is used, the code is adopted only for
Inter-branchtransfers of the same bank. However, if the messages of funds transfer are to be electronically
transmitted to different bank branches all over the country, it is necessary that a common code for encryption is
used and adopted for all banks involved in inter-bank transactions.
— The Committee is aware that as per the existing policy of DoT, the use of PSTN lines for connecting with other
private network Is prohibited unless specific exemption is given by DoT. The Committee strangly recommends the

Scanned by CamScanner
 Oem sear ont ines paso? out The Concept
of Cyberspace
© Copyright and digital int 445
Use Of PSTN Bes between branches and the INFINET networt fr fs optimum use. ts therefore, Necessory the . The Concest of Cybersnace
banks are permitted to encrypt the messages on the PSTN lines as well. Permission to Use network for © Electronic governance Property Rights especialy wth regard he itanet and World Wise won
Connectivity to INFINET should coincide with the permission to encrypt the messages as well. ° Computerization of land
records.
s :
= As regards possible delay on account of use of PSTN lines, it may be necessary to free the service provider from
‘amy Kabiity cn account of delay, since efficiency of the public telephone network cannot be assured by the
service providers.
& Admission of electronic files as evidence end preservation of records
— The Shere & had the ksues of files as ae ot Data protection Please define includefe the legal SIM cards
electronic records and recommended the need to amend the Bankers’ Books Evidence Act, 1881 on the lines of of what information may be held about them in 3
computer database and the Protection from theft, instruction, or damage of software and
the Customs and Central Excise Laws Act, 1988 and Central Excise and Salt Act, 1944 for the computer’s memory. data held in the
Purpose. ft & learnt that Government of india & processing the draft Bill amending the Bankers’ Books Evidence
‘Act, 1881 This is a welcome development and would meet the legal requirement of acveptance of contracts,
Goqaments etc. in electronic form as evidence.
= ider certain provis ons of the Bectronic Bill for eles Data Protection Act 1984 af the UK safeguards individual rights to see
records / signatures 2s evidence. Clauses 9, 10, 11, 12 and 14 of this proposed Bill which are relevant
in this inaccuracies or in some cases deletes it As per this act his or her databentries,
ase aher
Conpecton are given in Annexure 26 . I is worth mentioning that while clauses 9, 10 and 11 of this Bill are based register
organization which are holding personal data must
with the Data Protection Registrar. if any organization is not registering then it
on the UNCITRAL Model Law, clauses 12 and 14 are based on Singapore Electronic Transactions Act. As and when is considered as a criminal
the Bectronic Commerce Bill is passed, these provisions will be made applicable, ipso facto, to electronic funds
(Wansfer transactions 25 well, The absence of law related to digital signature and encryption prevents our country from implementing electronic
fund transfe in a big way.
r
10. Funds transfer through (EFT) systems from tax compliance angie
The absence of law and legal deterrents retating to computer crime emboldens many computer
criminals in the
‘The Shere Committee had recommended that the Central Board of Direct Taxes (CBDT) may be requested to take country to indulge in computer crime.
up the of darifying and,if requis the relative of the Direct Tax Laws like Section The absence of provisions enabling electronic data as admissible evidence in courts has put our country decades
40A of the income-Tax Act, 1961. back of other Nations.
The Committes however fet that, for according the funds transfer under the EFT system the same status of Loss of stamp duty due to compensated:
Bayment 23 one made by an A/c payee cheque, suitable technology may have to be developed for treating such
Transfers as A/c payee transfers. A mere recognition to that effect by the CBOT may not be adequate to treat such The loss of revenue from stamp duty that the country may suffer while encouraging e- contracts.
transfer as A/c payee cheques. : E- contracts are forged in the electronic medium and one is unable to affix stamps on the short documents.
Legal provisions need to be made if such recognition has to be given. The first test would arise when paper To compensate for the loss of revenue the contract in parties liable to stamp duty could ask to limit the
instruments Eke cheques are used along with the use of EFT system. So long as both the systems are in éxistence ‘appropriatevalue in cash in the exchequer.
at the same time it would require either tothe i Act ora i Acknowledgment for such payment could serve as evidence of Duty paid in a court of law where the soft
to deal with the matter. document has to be exhibited as evidence.
The companies have to remit stamp duty issuing securities. The depositories act, 1996 has done some
4.11_The Need for an Indian Cyber Law amendments to the following corporate and commercial legislation:
The ambitious
pian of NITP © The Indian stamp duty act 1899

‘The Indian law is outdated and there is a need to changes in it. tt is necessary who introduced against crime and © The Companies
Act 1956
other cyber laws that would help to build National information infrastructure. © The Securities Contract Act 1956
The laws have to take into consideration the email emerging use of electronic data interchange, Electronic 0 The Income
Tax Act 1961
Commerce, electronic fund transfer, electronic cash, copyright and dightal intellectual property right etc. © The Benami transactions
Act 1988
There is a need to do changes in Evidence Act recognize digital signature. © . ‘© The Securities and Exchange Board of India Act 1982
Indian Penal Code 1860 and indian Patent Act general dauses/act would be undertaken to recognize emerging
‘Technologies,
keeping in view of the following : 3. Transactions
In Securities
lized oz in the stock The tr are either directly or
© Prevention
of computer crime ‘occur in
medium.
© Digital signature especially related to electronic fund transfer. cial activity taking place to the cyber
through the internet, isa commer

Scanned by CamScanner
 The ot Cybore ir
end Laws 440 2nd Laws (MU-Sem
- So cyber law has become significant for legal validation of transactions in electronic
securities. The Concept of Cybers
cyber medium can lead to pace
- Securities transactions are worth millions of rupees and If any misadventure In the
damages to the capital marketin particular and the economyIn general. sities has to be analyzed Explain click and
wrap Contracts. (Sec
tion 423)
— inthis context, the level of applicability of Cyber Law in transactions Involving soft sect! ‘What is the 3
and loopholes Plugged. az Gfforence between click and wrap, shirk, and weap cont 425)
| 3

to the critical nature of financial data tra nsffer,

a Explai certtying authorities and ther tabtty in the event of digital signature compromise. (Section 4.4)
2.3 Explainn the admissibillity of electronic records. (Section 4.8.2)
|
° - At the application level, cyber law has an important role due
— Financial messages should have the following features: G.5 Explain relevancy.? (Section 4.6.3)
Data transmission-The receipt of the message
at the Intended destination. What are the ditferent types of evidences ? (Section 4.6)
0 0 0

Data Integrity-The content of the message will be the same as the transmitted one.
‘What are the different types of E-commerce transactio
Data acknowledgment:
Sender of the information should be able to verify
It's receipt
by the recipient. ns? (Section 4.1)
oo

Data authenticity Recipient of the message could verify that the sender
Is Indeed the person. Explain the contract aspect of cyber law? (Seetion 4.2)
Data securfty - information in transit should not be observed, altered or extracted. Any attempt to tamper as Explain the security aspect of cyber law? (Section 4.3)
with the data in transit will need to be revealed. Q.10 Write short note on Intellectual Property aspect in cyber law? (Section 4.5)
9 Nonrepudiation- non-repudiation of data.
These features boiled down essentially to authentication, authorization, confidentiality, Integrity, and
G.11 Write short note on Evidence aspect in cyber law? (Section 4.6)
nonrepudiation. Q.12 Explain the amendments to Indian Penal Code 18607 (Section 4.7.2)
— There should be an for key and
This is normally done by the certification agencies, For the banking
and finandal sector,
the RBI should appointa
Suitable agency as a certification
agency.
The proper assessment of the participants of the financial network should be there in terms of their ajala)
creditworthiness, financial soundness, etc. °
Initially, the indian Financial Network (INFINET) will be Closed Used Group (CUG) network, but in due course, this
network will have to be connected to public networks like the Society for Worldwide Interbank Financial
Telecommunication(SWIFT), etc. So it is necessary to look at the possibility of having Firewall implementations
and they need to meet the following criteria :
© All in and out traffic must pass through the firewall. The firewall should check and authorize the traffic. The
firewall in itself should be immune to penetration. -
© Implementation of firewalls can be done using packet filtering routers, application, and circutt-level Gateway
and also network translation
devices.
© Stateful multilayer inspection gateways combine the advantages of the above and give a better performance,
flexibility, and security. This environment can handle all kinds of applications
like the transmission.
© Transport Control protocol (TCP), User Datagram Protocol (UDP), Remote Procedure Call (RPC), internet
Control Message Protocol (ICMP), etc. New applications can be added easily and this environment Is totally
transparentto end-users.
© Firewalls are used to implement access control security as well as to provide for user authentication
and to
ensure Data integrity by using encryption. It Is Important that the banks have their own security policy and
then design security solutions accordingly. Regular reviews of security policies and their Implementation are
also important. Highty secured, secured, non-secured messages should be clearly demarcated In the security
policy. Banks are therefore advised to have a dedicated group with enough competence and capability.

Scanned by CamScanner
 nNOS
SH i ed ih
i. v Cyber Security and Laws (MU-Som 7)
52
Computer crimes are
also dlassified based
On the nature of the usage of thecomput
- Compute
r crimes which are er.
Import
for commisio
ant n ofthe offence, 1% SmamPle Racking In hacking computer and networks
~

Indian IT Act Crimes which are assist

ed by computer for examy
iple cyber pomography where the medium is computer.
ry for commission for example
cyber fraud.
‘There are some crimes related to cyberspace which are given
in the Indian penal code 1860.
— It has been observed that in many offences in
‘el ler .. PC the definition of document is not included within its boundary

Document
Cyber crime and criminal justice: Penalties, Adjudication and appeals under the IT Act, 2000, IT Act. 2008 and its
Document under IPC Section 29 denotes any matter expressed or
amendments describe upon in a substance by means of letters,
figures or marks or, by more than one of those means intended to be used or it may be used
as evidence of that
matter.
It is explained In IPC Section 29 that it is immaterial by what means or upon what substance
5.1 Cyber Crime and Criminal Justice the letters, figures or
marks, are formed or whether the evidence is intended for or may be used in a court of justice or not.
5.1.1 Concept of ‘Cyber Crime’ and the IT Act, 2000 Electronic records
— The definition of cybercrime is not defined in Information Technology Act, 2000 and alsa Its expressions are not used.
The definition
of the electronic record is given in Section 2(1)(t) in The Information Technology
Act, 2000 as follows :
‘The IT Act, 2000 only gives the definitions of certain offences and punishments for certain offences.
{t) “Electronic record” means data, record or data generated, image or sound stored, received or sent in an electronic
— If we define cyber crime narrowly, then cybercrime is defined as the crimes which are mentioned in Information form or microfilm or computer generated microfiche.
Technology Act, 2000. The cybercrimes are restricted to tamper done with the computer source code, cyber
Pornography, hacking, email abuse, harassment, defamation, IPR theft, cyber fraud etc. 5.1.2 Hacking
— Wwe define cyber crime broadly, then cybercrime is any act of commission committed on or via or with the help of The definition of hacker is, the people whose profession or hobby of working with computer is known as hackers or
internet, whether connected directly or indirectly, which is prohibited by law and for which punishment, monetary they also known as crackers.
and/or corporal is provided. This definition ts applied for and punishes only certain cyber offences and Is not Another definition of hacker is a person who enjoys exploring the details of the programming system and haw to
exhaustive
of all the cyber crimes. stretch their capabilities as opposed two most users who prefer to learn only the minimum necessary, or one who
— For example, if a person is giving death threat through the intemet, he Is liable for offence of criminal intimidation programmes enthusiastically is also known as hacker.
under Section 506 of Indian pena! code 1860 and no offence under the IT Act this, offence is still known as cyber crime The definition which is more commonly used for hacking is breaking into computer systems.
as per the broad definition. ‘There are following types of hackers :
Ctassification
of cyber crime =

The cyber crimes are classified

as
1. Code hackers

1. Old crimes
- These crimes are committed on or via the new medium of internet. for example fraud, defamation, threats, [ 5 Cyperpunk and Crackers |
misappropriation, cheating etc. All the mentioned crimes are old but the place of operation is new and the new Fig. 5.1.1: Types of Hackers
place is internet. Because of the high speed of the internet and the global access, it Is easy, risk free and effidient
such crimes.
to perform ‘Code hackers o
—
These crimes are cheap and profitable to commit. These crimes can be called and their
the crimes on the intemet. the Inowledge of intricacies of computer system
The code hackers are the people who are having
2 New crimes Operatiot ns.

i These crimes are created with the Internet itseif for example planting viruses .
hacking IPR theft etc. such crimes Phreakers
telecommunication system. .
are also known as crimes of the internet.
Phreakers are those people who have deep ledge of the internet andl
= New crimes are used for the commission af old crime. For example to carry out the cyt fr t gis
v
committed.

Scanned by CamScanner
 Indian
TF Ag
v Cyber Security and Laws (MU-Sem 7) 63 ——
3. Cyberpunk
and crackers e who crack Into computer Security
- The people who are specialized in cryptography and crackers are those
system. netizens think that in Intern,
- Criminal hacking isthe biggest threat to the Internet and e-commerce.restion
Manyon technology So Ils netessaryst
to
vulnerable and weak. Hf hacking ts uncontrollable then It will raise qu

UTD LE
tui
check for the hacking tn all the circumstances if internet ls used for e-commerce. Access to such computer, computer system or
ent © Damage ta any computer, ‘computer network. (Section 43(a) of IT Act, 2000).
- If hacking remains unchecked end uncontolable then it wil bring down the spit of WED SOATEPTENEUS from
it affects the futu .
entering the IT industry by putting up the websites and as a result
- E-commerce has become costher as there Is» huge cost In world for Insaling systems Guard against Backers, Foy

3g
example the Pakistani hackers have hacked Indian websites. An another example Is In SEBI website link of

3
37
§
Assistance to any person ,

3
§
:
3
i

i
i
8
contraventl ° to facilitate access to a computer, computer system or computer network in

o0a
pomographic website was inserted. Nothing Is also used for doing the product gain Institutions ang nition OF IT Act rules and regulations made there under. (Section
43{g) IT Act,2000).
governments.

EE
Hacking for the purposes of it is only defined in Section 66 one of the act
which has already been discussed.

o
— Hacking ts done for the following purposes : For determining the quantum of compensation Where are there
or more of the four FedEx approved the
°
Teenagers are obsessed with internet for doing hacking for fun as a hobby. adjudicating officer would be required to have ‘safeguard to(Section 47 of the IT Act)
-
earee

‘The businessman does hacking to damage the business of competitor. 1 The amount of gain of unfair advantage, whenever quantifiable, made as a result of the default.
Hacking is also done with the Intention for committing fraud and misappropriation, 2. The amount of loss caused to any person as a result of the default.

a ER
Hacking is also done by the Internet security companies for testing their clients systems and winning the 3. The repetitiv nature of the default.
e
confidence.
5.1.3. Teenage Web Vandals
— There are many websites available on internet which tells how to crash computers and hijack control of computer

nn paren
systerns. — The attraction of internet has given birth to teenage cyber criminals. Now a days cyber hacking has become attraction
— The fT Act, 2000 defines and publishes hacking as follows : for the teenagers. How to hack CDS are available in the market in the cheap rate and easily.
— This CD's are having the information about hacking the internet and hijacking computer. The motivation which the
Section 66 Hacking with Computer System :
teenage cyber criminals are as follows :
(1) Whoever with the intent of cause or knowing that is likely to cause wrongful loss or damage to the public or any 1. Many teenagers are hungry for fame and publicity because of the access of the internet.
person destroys or deletes or alters any information residing in a computer resource or diminishes its value or 2 Many are having of: it great for doing ing different.
utility or affects it injuriously by any means, commits hacking. 3. Some want to their of internet and
(2) Whoever commits hacking shall be punished with imprisonment up to three years, or with fine which may extend 4. Many teenagers are not having the knowledge of the adverse effect of the act of hacking they have perception
that there will be no loss due to hacking.
up to 2 lakh rupees, or with both.
5. Teenagers obsession for computer programming and internet has not got the right direction.
— Itisnecessary to prove the following ingredients before holding a person guilty for the offence of hacking in India :
6. Lack of fear of taw and its enforcement because of anonymity given by the various system of the Internet you can
© An act which destroys or delete or changes any information residing in a computer resource or diminishes its ” say Wis considered as risk free adventure.
value of utility or affects it’s ingeniously by any means. 7. are cheap and getting easily.
the hacking
Tools required committing
adverse effect on IT industry and on the
o The afore said act is committed with the intent to cause or knowing that It Is likely to cause wrongful loss or - tt is important to monitor the teenage activities on the internet to avoid the
damage to the public or any person. society.
— Like other criminal offence lease hacking needs intent or knowledge and the act of commission as given under = The elder member of the family has to monitor the teen's activities.
Section 66 (1) of the IT Act, 2000. the teenage.
— Parents and teachers can effectively act as policeman to prevent
— If hacking is done innocently or unintentionally if it causes a loss or damage to public or any person would not
amount hacking. 5.1.4 Cyber Fraud and Cyber Cheating
calls are happening In e-commerce a5 the
— The internet to commit the offence or knowledge of its likely loss Is the question of the fact to be gathered in From last
few years sa many internet frauds are increased. Maximum
fault from the circumstances
of each particular case.
e-commerce Is growing rapidly.
the fear of losing public trust, lmage, confidence
— Punishment for criminal hacking |s imprisonment up to 3 years or sign up to 2 lakh or both, Victim can also claim a Many cyber frauds are not disclosed by the victim becausethey have
for the damages from the h3cker under chil law.
and business.
|
te a

Scanned by CamScanner
 W_ Cyber Security and Laws (MU-Sem7) 55 Indian IT Act w Cyber Security and Laws (MU-Sem n
— 58
the credit card by obtaining the password ©. dishonest concealment
of facts is also treated at a cheatin —
— Few areas where cyber frauds and cheating take place are misusing
from websites transfer of funds
Introducing bogus Investment schemes, non delivery of the goods purchases online tustrations .
etc.
The cheating offences re a explain
‘The fraud Is stated in Section 17 In the Indian Contract Act, 1872 as follows : Section 17 In the Indian Contract Act, ed using following illustrations:
1872. a. A, by falsely pretending to be in the civil service, intentiona
lly deceives Z, and thus dishonestly induces Z to let
him have on credit Boods for which he does not mean
5.1.4{A) Fraud to pay. A cheats.
b. A, by putting a counterfeit mark on anarticle,
Intentionally deceives Z into a belief that thi this article was madeds bya
Fraud means and Includes any of the following acts committed by a party to a contract, or with his connivance or by
certain celebrated manufacturer, ‘and thus dishonestly induces Z to buy and pay for theat artide. A cheats.
his agent with intent to deceive another party thereto or his agent or to Induce him to enter into the contract fraud
A, by exhibiting to Z a false sample of an artide, intentionally deceives Z into believing that the artide
means and includes any of the following acts committed by a party
to a contract,
or with his connivance,
or by his agent1, Corresponds with the sample, and thereby dishonestly induces Z to buy and pay for the article. A cheats.
with intent to deceive another party thereto or his agent, or to induce him to enter into the contract :
A, by tenderingin paymen
for an article
t a bill on a house with which A keeps no money, and by which A expects
Ls The suggestion,
as a fact, of that which is not true, by one who does not believe it to be true.
that the bill will be dishonored, intentionally deceives Z, and thereby dishonestly induces Z to deliver the article,
‘The active concealment of a fact by one having knowledge or belief of the fact. Intending not to pay for it. A cheats.
YN

‘A promise made without any intention of performing It. A, by pledging as diamonds articles which he knows are nat diamonds, intentionally deceives Z, and thereby
Any other act fitted to deceive. dishonestly induces Z to lend money. A cheats.
ye

Any such act or omission as the law specially declares to be fraudulent. A intentionally deceives Z into a belief that A means to repay any money that Z may lend him and thereby
dishanestly induces Z to lend him money, A not intending
to repay it. A cheats.
Explanation:
Mere silence as to facts likely to affect the willingness of a person to enter into a contract is not fraud, unless the
g. Aintentionally deceives Z into a belief that A means to deliver toZ a certain quantity of indigo plant which he
does not intend to deliver, and thereby dishonestly induces Z to advance money upon the faith of such delivery.
circumstancesof the case are such that, regard being had to them, it Is the duty of the person keeping silence to speak
2, or unless his silence, is, in itself, equivalent to speech. A cheats; but if A, at the time of obtaining the money, intends to deliver the indigo plant, and afterwards breaks
his contract and does not deliver it, he does nat cheat but is liable only to a civil action for breach of contract.
‘The expression
cyber fraud is used for the purpose
of criminal law; it Is used for the cross under the law of contract not
and other civil laws. For claiming damages
and compensation under the civil law, cyber fraud expression
Is used. bh. Aintentionally deceives Z into a belief that A has performed A’s part of a contract made with Z, which he has
performed and thereby dishonestly inducesZ to pay money. Acheats.
‘The expression cyber cheating is used for the crime entailing corporal punishment and fine. All the frauds can be
1. Asells and conveys of such sale he has no right to the property,
an estate to B. A, knowing that in consequence
considered as cheating but it ts not vice versa. Cheating offence is popularly called 420 in India cheating is defined in
of the previous sales and conveyance
the same to Z, without disclosing the fact to B, and
Indian Penal Code under Section 415 as follows : sells or mortgages
receives the purchase or mortgage money from Z A cheats.
5.1.4(B) Section 415 : Cheating
2 Punishment for Cheating
ing t which can be extend up to one year or fine or both.
Whoever, by deceiving any person, fraudulently or dishonestly induces the person so deceived to deliver any property
= The punishment is imprisonmen
for simple cheat
to any person, or to consent that any person shall retain any property,
or intentionally induces the person so deceived fine or
t for a term which can be extend up to 3 years or with
to do or omit to do anything
which he would not do or omit if he were not so deceived, and which act or omission — For the personating the punishment is imprisonmen
causes or Is likely to cause damage or harm to that person In body, mind, reputation or property, Is said to cheat. both.
is
to any person then the punishment for that person
- th of factsisa nwithin the of this section. - Vf any person fs deceived to delver any property
up to 7 years with fine.
imprisonment for a term which can be extend
1, Ingredients
of Cheating
‘The ingredients
of cheating are as follows : 5.1.5 Virus on the Internet
a. The accused must have induced fraudulently or dishonestly a person. 1, Computer Virus
that destroys, damages,
b. The deceived should be induced to deliver any property to any person
or to consent that any person shall retain puter computer Instruction, Information, data or programme computer
of 2 compute! resource or attaches itself to another
any property. ~ ow ae vrvly affects the performance Is executed or some other
event takes place in
programme, data or instruction
If the person deceived, must be intentionally Induced by the wrong-doer
to do or omit to do anything which he ree anA ones aban a
resource
(im.
would not do or omit if such deceived person was not so deceived. resource {Section 43,explanation are bugs, worms, logic bombs
of the virus and contaminants
d. The deceived should suffer any damage or harm In body, mind, reputation or property by the deceitful act of the ses a
re Itove your wrus. The cousins WTP
Bample nn
tes propa ad the deta rend
se Jesoy te compute
wrong doer. - on

Scanned by CamScanner
 3 coe Secnty ond Lane ussom 7 =
Indian tr

“s
* * Damage means to to destroy,A. alter, ler, delete, add, modify or rearrange any computer resource by any mean,
[Section 43, explanation (IV).
2. Computer contaminant
Computer contaminant means any set of computer Instructions that are design t0 re ee eee
transmit data or programs residing within a computer, computer system etwork
{Section 43,explanation(!)).
4 The penalty and compensstion
— Many person without permission of the owner
or any other person who Is Incharge
of 8 computer, computer Neeta which is derogatory of
system or network or causes to be Neeta it is not considered as defamation. But If
any computer or computer virus Meena is writing a letter to Neeta which
contains derogatory comments about
Into any computer, computer system or computer network will be liable to pay damages by way of compensation defamation. Reema then it is considered as
Not exceeding rupees one corer
to the person affected (Section 43(c)).
Punishment
— _ Wany person, dishonestly or fraudulently does any act referred to In Section 43 (cl, he shall be punishable with
imprisonment for a term which may extend to three years or with fine which may extend to five lakhs rupees or - The law provides that whoever prints or engraves any matter, knowing
or having pood reason to believe that such
with bath (Section 55). matter is defamatory af any person shall be Punished with simple Imprisonment for
a term which may extend to
The factors to be taken into account for determining quantum of compensation 2 years or with fine, or with both (IPC 501).
are the amount of gain of unfair
advantage the amount of loss caused the repetitive nature of the default. The act of planting virus and Publishers and the editors who bublish the defamation matter
are also liable for defamation. There are 10
Contaminants is amount to the criminal offenceof mischief. exceptions, if imputation falls under this 10 exceptions then it
won't be an offence of defamation.
5. Mischief
(IPC 425)
Whoeve with intent
r to cause or knowing that he is likely to cause wrongful loss or damageto the public
or ta any
Person, causes the destruction of any property, or any such change in any property or in the situation
thereof as
destroys or diminishes its value or utility or affects it injuriously commits “mischief”.
Explanation 1: It is not essential to the offence of mischief that the offender
should Intend to cause loss or
damage to the owner of the Property Injured or destroyed. It Is sufficient if he Intends
to cause or knows that he
ls likety to couse wrong-ful loss or damage to any person by injuring
any property whether it belongs to that
Person or not.
Explanation 2 : Mischief may be committed by an act affecting property belonging to
the act, or to that person and others jointly. the person who commits
Mischief causing damage to the amount of fifty rupees. Whoever commits
mischief and thereby causes loss or
‘damage to the amount of fifty rupees or upwards, shall be punished with impris-onmen
a term which may extend to two years, or with fine, or with both (IPC t of either description for
427).
5.1.6 Defamation, Harassment and E- mail
Abuse
- The Freedom of speech and expression is given by the constitution
abuse of internet is min fight in India. of india is misused by few people. The criminal
— As inte is cost friendly and easily available many cases of defamati
rnet on and harassments are reported. It
bec a major
omecyber crime. has
- There are s nude phi hs of Indian bolly Fig. 5.1.2 : Exceptions
of Datamation
defamation, harassment is and e-mail abuse. Stars. So let's see what
First exception
imputation of truth which public good requires to be made or published. ft is not defamation to impute anything
which is true concerning any person if it be for the public good that the imputation should be made or published.
—=_ ‘Whether or not itis for the public good is a questiort af fact.

Scanned by CamScanner
 Indian IT Act )
W_cyter Security ant Laws (MU-Sem 7) 59 W_cybor Security and Laws (MU-Sem7 510
2 Second exception Illustrations : eden IT Act
Public conduct of public servants. It is not defamation to express in a good faith any orion wi ioresttedena’ a. 2 OA Person wha publi ishe
a book,
s Submits that book to the
conduct of a public servant in the discharge of his public functions, of respecting his char " judfgment of the public.
b. Aperson who makes a speech in Public,
appears
in that conduct and no further. submits that speech to the judgmen
t of the public.
© An actor or singer wha appears on a public stage,
‘Third exception submits his acting or signing in the judgment of the public.
Conduct of any person touching any public question. tt Is nat defamation to express in good falth any opinion
4 i
ms * a mene by 2 "T's book Is foolish;Z
must be a weak man. Z's book is indecent; Z must be aman
whatever respecting the conductof any person touching any public question, and respecting his character
so far as his impure mind”. A is within the exception, if he says this
in good faith, in as much as the opinion which he
expresses of Z respects Z's character only so far as it appears
character appears in that conduct and no further. in Z's book, and no further,
Mustrations: e. But if A says “ am not surprised that 2's book is foolish and indecent, for he
is a weak man and a libertine". A is
Not within this exception, in as much as the pinion which he expresses
tt Is not defamation In A to express in good faith any opinion whatever respecting Z's conduct in petitioning of Z's character is an opinion not founded
on Z's book.
Government on a public question in signing a requisition for a meeting on a public question in presiding or attending a
such meeting, in forming or joining any society which invites the public support in voting or canvassing for a particular 7. Seventh exception
candidate for any situation in the efficient discharges
of the duties of which the public is interested.
Censure passed in good faith by person having lawful authority
over another. It is not defamation in a person having
Fourth exception ‘aver anather any authority either conferred by law or arising out of a lawful contract made with that other to pass in

Publication of reports of proceedings of courts. It Is not defamation to publish substantially true report of the good faith any censure on the conduct of that other in matters to which such lawful authority relates.
Proceedings of a court of justice or af the result of any such proceedings. Mlustrations:
Explanation : A Justice of the peace or other officer holding an inquiry in open court preliminary to a trial in a court of A Judge censuring in goad faith the conduct of a witness or of an officer of the court a head of a department censuring
Justice, is a court within the meaning of the above section.
in good faith thase who are under his orders; a parent censuring in good Faith a child In the presence of other children
Fifth exception ‘a school master, whose authority is derived from a parent censuring in good faith a pupil in the presence of other
Merits of case decided In court or conduct of witnesses and others concerned, It is not defamation to express in good pupils a master censuring a servant in good faith for remissness in service a banker censuring in good faith the cashier
faith any opinion whatever respecting the merits of any case, civil or criminal, which has been decided by a court of of his bank for the conduct of such cashier as such cashier are within this exception.
Justice or respecting the conduct of any person as a party witness or agent, in any such case or respecting the 8. Elghth exception
character of such person as far as his character appears in that conduct
and no further.
Accusation preferred In good faith to authorized person. It is not defamation to prefer In good faith an accusation
Diustrations: ‘against any person to any of those who have lawful authority over that person with respect to the subject matter of
a. Assays : “I think Z's evidence on that trial is so contradictory that he must be stupid or dishonest”.
A is within this accusation.
exception if he says this Is in good faith, In as much as the opin-ion which he expresses respects
2's character as It
Wustration:
appears in Z's conduct as a witness, and no further,
b. But if A says : “I do not believe what Z asserted at that trial because | know him to be a man without veracity” A|s Hf A In good faith accuse Z before a Magistrate; if A in good faith complains of the conduct of Z, a servant, to Z's
not within this exception, in as much as the opinion which he express of Z's character, Is an opinion not founded master; If A in good falth complains of the conduct of 2, and child, to Z's father A is within this exception.
on Z's conduct as a witness. 9. Nineth exception
It Is not defamation ta make an
‘Sixth exception imputation made In good falth by person for protection of his or others interests.
made in good faith for the protection of the
imputation on the character of another provided that the imputation be
Merits of public performance. It Is not defamation to express In good faith any opinion respecting the merits of any
the public good.
Interests of the person making It or of any other person or for
performance which its author has submitted to the Judgment of the public, or respecting the character of the author
Mlustrations : esi
so far as his character
appears in such performance,
and no further.
“Sent to Z unless he pays you .
2A per may be to the of the public shopkeeper, en od th
ne pethin ie expan hes mae sings
y or by acts on the part of the
author which imply such submission to the judgment of the public. *
of his own interests.
the protection

Scanned by CamScanner
 W_cyber Securty and Laws (MU-Sem 7)
Indian IT Act £12 Indian IT Act
“W_Oyber Securtty and Laws (MU-Som 7) 51 Under Section 67 of the Information
Technolo; BY Act, 2000 makes
the following acts punishable with Imprisonment up
character of Z. Here, if
b. Aa magistrate in making a report of his own superior officer casts an im putation on the to 3 years and fine up to 5 lakhs
the imputationis made In good faith, and for the public good. Ais within the exception. 1, Publication : Which would include Uploadin
g on a website, what's app group ar any other digital portal where
10. Tenth exception third parties can have access to such content.
“
= Caution Intended for good of person to who conveyed or for public good. It Is not defamation to convey a Transmission : This includes sending obscene
photos or images ta a ny person via email, messaging, what's app or

N
such caution be Intended for the good of the
(caution, in good faith to one person against another provided that any other form of digital media.
person to whom It is conveyed, or of some person in whom that personis interested, or for the public good. Causing to be published or transmitted : This is a very wide terminology which would end
up making the

= The cyber criminals having violent minds to threaten and intimidate others are punishable under IPC 503. The
§ndian Penal Code 503 explains criminal Intimidation as follows:
Criminal intimidation
Whoever threatens another with any injury ta his person, reputation or property, or to the person or reputation of
any one in whom that person is interested, with intent to cause alarm to that person, or to cause that person to do any act
which he ts nat legally bound to do, or to omit to do any act which that person is legally entitled to do, as the means of
bad
intermediary portal liable, using which the offender has Published or transmitted
such obscene content. The
intermediary guidelines under the information technology act put anonus on the intermediary/se
rvice provider
to exercise due diligence to ensure their portal is nat being misused.
— Section 67A of the Information Technology Act makes publication, transmission and causing to be transmitted and
published in electronic form any material containing sexually explicit act or conduct, punishable with imprisonment up
to 5 years and fine up to 10 lakhs.

avoiding the execution of such threat, commits criminal intimidation. - An understanding of these provisions makes the following conclusions about the law of cyber pornography in India
extremely clear:
Explanation : A threat
to injure the reputation of any deceased person in whom the person threatened is interested, is
within this section. Viewing cyber pornography Is legal in India. Merely dawnloading and viewing such content does not amount to
an offence.
Wustration : A, for the purpose af inducing B to desist from prosecuting a civil suit, threatens to burn B’s house. A is
guilty of criminal intimidation. Publication of pornographic content onlineis illegal.
z

¢. Storing cyber pornographic content is not an offence.

Punishment
for criminal Intimidation (Section 506)
— The punishment for criminal intimidation is imprisonment of either description for a term which may extend to 2 Transmitting cyber pornography via instant messaging, emails or any ather mode of digital transmission is an
a

years, or with fine, or with bath. offence.

— If threat be to cause either one of the following then the punishment is imprisonment up to 7 years, ar with fine, or 5.2 Monetary Penalties, Adjudication and Appeals under IT Act 2000
with both.
© Death or grievous
hurt, etc. — IT Act provides certain contraventions for which a person has to pay for damages by the way of compensation or
© Ifthe threat be to cause death or grievous hurt. Penalty. Section 43 of IT Act, 2000 Is for penalty and compensation.
© Cause the destruction
of any property by fire. — It states that, if any person without permission of the owner or any other person who Is in-charge of a computer,
© Cause
an offence with death or impr for life, or with for a term which may
computer system or computer network.
extend
to 7 years. a. Accesses
or secures access to such computer, computer system, computer network of computer resource.
° To impute, unchastely to a woman, shall be punished with imprison-ment of either description for a term which
b. Downloads copies or extracts any data, computer data base or Information from such computer, computer
may extend to 7 years, or with fine, or with both.
- There are many cases of email abuse, women harassment for taking the revenge are happening. system or computer network Including Information or data held or stored in any removable storage medium.
So such cases are
Insulting the modesty
of women. c. Introduces or causes to be Introduced any computer contaminant or computer virus into any computer,
— _ Ifany person insuhs the modesty of women, utters any word, makes any sound and gesture
or intrudes the privacy computer system or computer network.
of
’@ woman then that person is punishable under Section 509.
— The punishment is simple imprisonment up to one year, with fine or with both. d. Damages or causes to be any A system or network, data, uter data
base or any other programs residing in such computer, computer system or computer network.
5.1.7 Cyber Pornography
e. Disrupts or causes disruption of any computer, computer system or computer network.
- Cyber pomography is the act of using cyberspace to create, display, distribute, Import,
or publish pomography of f. Denies or causes the denial of access to any person authorized to access any computer,
computer system or
obscene materials. With the advent of cyberspace, traditional pornographic content
has now been largely replaced by
online/digital pornographic content. computer network by any means.
— Cyber pomography Is banned in many countries and legalized in some. in India, under the informat rechnology to any person to facilitate access to a computer, computer system or
Provides any assistance
computer network
2000, this is a grey area of the law, where it Is not prohibited but not legalized either,
= a in con of the of this Act, rules or regulations made there under. —

Scanned by CamScanner
 Indian IT Act W_Cybor aSecurity and Laws (MU-Sem 7)
W opter Secunty and Laws (MU-Sem7) 513 — 514
Ith or manipul (f) Dismissing an application
Indian IT
ho Charges the services availed of by a person to the account of another person by tampering wish or mapipeating for default or decidingit ex
parte.
any Computer, computer system, or computer network. (g) Any other matter which may be prescri =
bed
The following are the monetary penalties given by the IT |aws Section 44 Section 61 provides that, NO Court shail have jurisdiction to ent
2 For every failure to furnish any document, retum or report to the controller or the certifying
authority shall be liable which an adjudicating offiSc oe
A
under this act or the ertain any sult or proceeding in respect of any matter
Cyber Appellate Tribunal constituted under
this act is
to a penalty not exceeding f 1.50 lakh rupees. 10 determine and no injunction shall be
respect of any action taken or to be taken in Bursuance
granted by any court or oth
File any retum or furnish any information, books or other documents within the time specified therefore in the of any power conferred by sae, this 1
ert
regulations fails to file return or furnish the same within the time specified therefore
In the regulations, he shall be Section 62 provides that, any person aggrieved by any decision or order of
the Cyber Appellate Tribunal may file an
Rable to a penalty not exceeding ¥ 5,000 rupees for every day during which such failure continues. appeal to the high court within 60 days from the date of communication of
the decision or order of the Cyber
Appellate Tribunal to him on any question of fact or law arising out
If fail to maintain books of account of records, then he shall be liable to a penalty not exceeding 10,000 rupees for of such order: Provided that the high court may, if
it is satisfied that the appellant was prevented by sufficient cause from filing the
appeal within the said period, allow It
every day during which the faiture continues.
to be filed within a further period not exceeding sixty days.
- There is a separate adjudicating authority created for the adjudication of contraventions for which
to Section 63 provides that, any contravention may, either before or after the institution of adjudication proceedings, be
compensations are provided. The central government shall appoint any officer not below the rank of a director
the government of India or an equivalent officer of a state government to be an adjudicating officer for halding compounded by the controller or such other officer as may be specially authorized by him in this behalf or by the
an inquiry in the manner prescribed by the central government. adjudicating officer, as the case may be, subject to such conditions as the controller or such other officer or the

- The officer shall exercise j to matters in which the claim for injury or adjudicating officer may specify. Provided that such sum shall not, in any case, exceed the maximum amount of the
Gamage does not exceed € S crore provided that the jurisdiction in respect of the claim for injury or damage penalty which may be imposed under this act for the contravention so compounded. Any contravention shall apply to
exceeding rupees five crore shall vest with the competent court. a person who commits the same or similar contravention within a period of three years from the date on which the

— Wevidence is produced related to the penalty to the adjudicating officer, he may order in writing to impose the
penalty. Where more than one adjudicating officers are appointed, the central government shall specify by order
the matters and places with respect to which such officers shall exercise their jurisdiction.
Every adjudicating officer shall have the pawers of a civil court which are conferred on the
Cyber Appellate Tribunal and (Section 46 (3)(2)(4)(5), IT Act,2000).
An adjudicating officer appeal to a Cyber Appellate Tribunal having Jurisdiction in the matter. No appeal shall file to
the Cyber Appellate Tribunal from an order made by an adjudicating officer with the consent of the parties.
Every appeal shall be filed within a period of 45 days from the date on which a copy of the order made by the
controtier or the adjudicating officer is received by the person aggrieved and it shall be in such form and be
accompanied by such fee as may be prescribed: Provided that the cyber appellate tribunal may entertain an appeal
after the expiry of the said period of 45 days if it Is satisfied that there was sufficient cause for not filing It within that
period (Section 57(1)(2)(3), IT Act, 2000).
Section 58 provides that, the Cyber Appellate Tribunal shall not be bound by the procedure laid down by the code of
civil procedure, 1908 but shall be guided by the principles of natural justice and, subject to the other provisions of this
Act and of any rules, the Cyber Appellate Tribunal shall have powers to regulate its own procedure including the place
‘at which it shall have its sittings.
The Cyber Appellate Tribunal shall have same powers as are vested in a civil court under the Code of Civil Procedure.
while trying a suit, in respect of the fatlowing matters namely :
{a) Summoning and enforcing the attendance of any person and examining him on oath.
{>} Requiring the discovery
and production of documents or other electronic records.
() Receiving evidence on affidavits.
{d)__ Issuing commissions for the examination of witnesses or documents.
first contravention, committed by him was compounded.
No proceeding or further proceeding as the case may be shall be taken against the person guilty of such contravention
in respect of the contravention so compounded.
5.3 __ IT Act. 2008 and Its Amendments
‘The Indian Information Technology Act 2000 “Act” was a based on the Madel Law on Electronic Commerce adopted
by the United Nations Commission on International Trade Law the suggestion was that all States intending to enact a law
for the impugned purpose, give favorable consideration to the said model law when they enact or revise their laws, in view
of the need for uniformity of the law applicable to alternatives to paper-based methods of communication and storage of
Information. Thus the Act was enacted to provide legal recognition for transactions carried out by means of electronic data
Interchange and other means of electronic communication, commonly referred to as “electronic commerce", which
involved the use of alternatives to traditional or paper-based methods of communication and storage of information, to
facilitate electronic filing of documents with the government agencies. Also it was considered necessary to give effect to
the said resolution and to promote efficient delivery of government services by means of reliable electronic records, The
Act received the assent of the President on the Sth of June, 2000.
objectives
The Act was subsequently and substantially amended in 2006 and again in 2008 citing the following
With proliferation of information technology enabled services such as e-governance, e-cammerce and é-transactions,
practices and procedures relating to
protection of personal data and information and implementation of security
they require harmonization
these applications of electronic communications have assumed greater importance and
protection of Critical Information Infrastructure is
with the provisions of the Information Technology Act. Further,
so it has become necessary to declare such
pivotal ta national security, economy, public health and safety,
Infrastructure as a protected system so as to restrict Its access.

fe its

Scanned by CamScanner
 W__cyver Seourty and Lawe (MU-Sem 7) Indian IT
5-15 i
A rapid increase in the use of
computer and Internet has given rise to new forms of crimes like publishing sexually
explicit materials in electronic form,
Intermediary,
video voyeurism and breach of confidentiality and leakage of data by
ecommerce frauds Wke personation commonly known as Phishing, Wentity theft and offensive
messages through communication services. So, penal provisions are required to
be Included In the Information
Technology Act, the indian Penal Code, the indian Evidence Act and the code of criminal
crimes.
procedure to prevent such The damages of Rs.
One Crore
Prescribed under
Computer system etc. has been del
The United Nations Commission on international Trade
Law (UNCITRAL) In the year 2001 adopted the Model Law ‘he shall be liable to
Fen 3 ofthe eater Aet of 2000 fr da
on pay damages by
Uectronic Signatures, The General ‘Assembly of the United Nations by Its resolution
No. 56/80, dated 12th December, Important definitions
2001, recommended that ell states accord favorable consid added
eratio
to the
n sald model Law on electronic signatures,
Since the dighal signatures are linked
to a 5 Pecific technology under the existing provisions of the WIT ACT 2008 two important
Technology Act, it has become Information definitions are added :
necessary to Provide for alternate technology of electronic
signatures for bringing © Communication Device : “Comm
har mon
withiza
the sald unica
tiomodel n
law. combination of both or an ¥ Other devicetion Oevice" ‘means Cell Phones, Personal Digital Assistance
Although cell phones and other devices used to Communicate, send or transmit any text, video, audio, or image,or
(Sic),
The service providers may be authorized by the central Government or the state government to set up, maintain and
upgrade the computerized facilities and also used tocommunicate would fall unthe
Collect, retain appropriate service charges Act.This amendment re "Moves any ambigu de defini
rtion of computerin the IT
for providing s uch services at ity and brin165 within the
Such scale as may be specified by the cell phones, Ipods or otherdevic domain of the Act all communi
central government or the state governmen
t. es used to commu inicate, send or ication devices,
transmit any text .video ,audio or image.
5.3.1 IT Act 2008 Amendments © Intermediary ; It clarifies the catego
ries of service Providers that come within
service providers, network service Provid its definitio n that includes telecom
i fers, internet service provider, web
1. Electronic signatures Introduced engines, online payment sites, Online hosting service providers, search
auction sites, online Marketplaces and
cyber cafes.
=~ NTT ACT 2008 the term ‘digital signature’ has been replaced with ‘electronic signature’ to make Legal validity of electronic documents re-emph
the Act more asized
neutral.
Two new sections Section 74 and 10A in the
Therefore, allowing forms of authentication that amended Act reinforce the equivalence of paper
to electronic documents based documents,
are simpler to use such as retina scanniny B can be quite useful .
of the Act. athe It poses Is to tools and Section 7A In the amended Act makes audit
imparting education to people to use the same, of electronic documents also necessary wherever
documents are required to be audited by law. paper based
Iisa challenging task for the Central Government to
prescribe conditions for considering Section 104 confers legal validity and enforceability an contracts formed through
© reliability of electronic signatures or electronic authenticat electronic means.
ion techniques under Section 3A (2), These provisions are inserted to diarify and strengthen
the legal principle in Section 4 of the IT Act,2000
a the procedure for ascertaining electronic ‘signature or authenticat electronic documents are attar with electronic
that
ion under Section 3A(3], documents and e-contracts are \egally recognized
° The manner in which information may be authenticated by electronic 'n law. This will facilitate growth of e-commerce activity on the Internet and build and acceptable
signatures In Section 5, netizens confidence,
° it also involves expenditure as such authentication tools will require The role of adjudicating officers under the amended act.
purchase, Installation & training,
Particularly in all government departments where It Is Proposed ‘The Adjudicating officers power under the amended Act In Section
to be used. Equally challenging will be the 46 (1A) is limited
drafting of duties of subscriber of electronic signature certificate to decide claims where claim
under Section 40 A of the Act which will need for injury or damage does not exceed 5 crores.
to incorporate security measures subscribers can adopt
depending on electronic signature being used for Beyond 5 crore the jurisdiction shall now vest with competent court. This has introduced
signatures. Further, In a move to secure the flow of data another forum for
and Information on the Internet, and Promote adjudication of cyber contraventions.
ecommerce & @- governance, the amended Act in Section
84A has empowered the Central Government to The words “competent court” also needs to be dearly defined. As per Section 46(2),the quantum of
prescribe modes or methods for encryption.
Compensation that may be awarded is left to the discretion of Adjudicating officers.
2 Corporate responsibility introduced In 5, 434
In the IT Act,2000 the office of adjudicating officer had the powers of clvil court and ail proceedings before ht are .
A new section 43A has been Inserted to protect sensitive personal data. Any business deemed to be Judicial proceedings. A new change Is Incorporated in Section 46(5) whereby the Adjudicating
entity who Is in possession
or Is dealing or ary data or Officers have been conferred with powers of execution of orders passed by it, including order of attachment and
Ina resource which the business
entity owns, control or operates, is negligent in implementing and maintaining sale of property, arrest and detention of accused and appointment of receiver.
reasonable security practices and
thus causes wrongful loss or gain to any person, the business entity shall
be liable for Paying damages to the 6. Composition of CAT
Person so affected.
- The corporate — The amended Act has changed the composition of the Cyber Appellate Tribunal (CAT).
bodies handling sensitive personal information or data in | computer
resource are under an
to ensure of security = The Presiding officer alone would earlier constitute the Cyber Regulations Appellate Tribunal which provision has
to Its secrecy, falling which they may be now been amended. .

v vee

Scanned by CamScanner
 wv Cyber Seay Yard Laws (MU-Sem 7)
LT
i IT Act 513
w Cyber Securty and Lews (MU-Sem 7) S17 eset d. Cheating by Personat inchan
IT Act
ion byu:isingcomp
ute, r resource, » uNder
~ The tribunal woutd now consist of Chairperson and such number of members a5 Central Government may Section 66D:
~ Cheating by personation
: by using computer r esource, under
appoint. under section GED. Ch
EO

any communication device or Computer resource,

term of office salary, power of superintendence, resignation and ating by Personation by means of
— The qualifications for their appointment.
removal. filling of vacancies have been incorporated.
= The decision making process allows more objectivity with Section $2 D that provides that the decision shall be
taken by majority. ~ _ Intentionally or knowingly capturi
ng,
7. New cyber crimes as offences under amended act
Sections 66A to 66F have been added to Section
66. The cybercrimes covered by these sections are as follows: Punishment: Term of imprisonment May
with both, extent to thre ee Years or with fine not exceeding two lakh 7
Sending of offensive or false messages (s 66A)
Cyber terrorism, under Section 65F:
Receiving stolen computer resource (5 668)
po

— Cyber Terrorism, under Section 66F A- Whoever with intention

Identity thet [s 660 to threaten the unity, integrity, ‘Security or
Sovereignty of India or to cause terror in the people or any section af
people by-
pn

‘Cheating
by personstion (s 66D) i) Causing denial of access to authorized person.
Violationof privacy (s 66E) ji) Attempting to penetrate or access a Computer resource without authorizat
ion or by exceeding authorized
=f

f. Cyber terrorism (Section 66 F) access.

ili) Introducing or causing to introduce computer contaminant The conduct causes of likely to
Computer related offences under section 66 : cause death or
injuries to persons or damage or causes or likely to cause destruction of property or damage or disruption to
Computer related offences under section 66 Dishonestly and fraudulently committing contraventions under section 43 supplies or services essential to life.
of the Act by any person. — Penetration or access to computer resource without authorization or exceeding authorized access, with
knowledge and intention, and thus obtains access to information, data cr computer database.
Punishment : imprisonment for a term which may extent to three years or with fine which may extent to five lakh
fupees of with both. — Punishment : Term of imprisonment may extent to life.
8. Amendments
in section 67
& Sending offensive messages through communication service, under Section 66A :
Section 67 of the IT Act, 2000 has been amended to reduce the term of imprisonment for publishing or transmitting
- Sending information which is grassly offensive or has menacing character.
‘obscene material in electronic form.
— Mailing fatse information to cause annoyance, inconvenience, danger, obstruction, insult, injury, criminal
Intemidation, enmity, hatred
or ill will. Publishing or transmitting obscene material in electronic form section 67 :
— Sending mail for the purpose of causing annoyance or inconvenience or to deceive, mislead the addressee about - Publishing or transmitting or causing same to be published or transmitted in electronic form, material which is
‘the origin of such messages. ‘obscene.
~ Punishment:
for a term which may extend to three years and with fine. — Punishment: imprisonment may extent to three years and with fine which may extent to five lakh rupees. For
subsequent conviction the term of imprisonment may extent to five years with fine, which may extent to ten lakh
Bb. Receiving stolen computer resource or communication device, under Section 66B:
rupees.
— Receiving stolen computer resource or communication device, under section 66B Under section 66B, whoever
dishonestly received or retained any stolen computer resource or communication device with knowledge or have
Publishing or transmitting of material containing sexually explicit act, under section 67A :
reasons ta believe the same to be stolen computer resource or communication device. - ing or 1g oF causing ta be or in form any material
which contains
— Punishment: imprisonment for a term which may extent to three years or with fine which may extent to one lakh sexually explicit act or conduct.
rupees or with both. — Punishment: For first conviction; imprisonment for a term which may extent to five years and with fine which may
which may extent
extent to ten lakh rupees. Second conviction: imprisonm ent and fine which may
to seven years
& Identity Theft, under Section 66C:
extent ta ten lakh rupees.
= fraudulently or dishonestly making use of the electronic signature, password or any other unique identification
under section 678 :
feature of any other person. Publishing or transmitting of material depicting children In sexually explicit act,
or the material in form, which depicts children
- Punishment: imprisonment for a term which may extent to three years or with fine which may extent to one lakh Publishesor ‘or Causes the
Tupees. engaged in sexually explicit act or conduct.
We

Scanned by CamScanner
 ne

5-19
Indian IT Act
WY _Cyter Securtty and Laws (MU-Sem7)
Cyber Security and Laws (MU-Sem 7) or by
520
ating text, digital images
Depicting children in obscene or Indecent or sexually explicit manner, by way of ¢
12. Section 10A
= lon of such material.
collecting, seeking, browsing, downloading, advertising, promoting, exchanging of distribut ‘A new section 104 has been
for and on sexually ex plicit act or manner inserted to the effect that contracts
= Toentice, induce children to get into online relationship with other children unenforceable solely on the Bround
concluded electronically shall not be deemed to be
that electronic form OF means
In which a reasonable adult may get offended. was used.
| — Facilitates abusing children online.
13. Section 81
chil dren.
' = Recording in electronic form own abuse or that of others pertaining to sexually explicit act with A provision has been added to Section 81 which
and with fine which may states that the provisions of the Act shall have
overriding effect. The
- Punishment : $ for first conviction impris
imprisonment t for for a term which
whict may extent to five years years and with fine which Provision states that nothing contained in the Act shall restrict any person
extent to ten lakh rupees For second conviction imprisonment which may extent to seven any from exerci ex rcis
from fi ferred
' the Copyright Act, 1957.
i may extent to ten lakh rupees. —_—*
9, Section 698 added to confer power to collect, monitor traffic data ee
69
= Inview of the increasing threat of terrorism in the country, the new amendments Include an amended section
decryption of any information
giving power to the state to issue directions for interception or monitoring of
through any computer resource. Further, sections 69A and B, two new sections, grant power to the state to Issue 65 —_| Tampering with computer source ende documents
and to authorize to
directions for blocking for public access of any Information through any computer resource

5/5/E
monitor and collect traffic data or information through any computer resource for cyber security. 66 Hacking with computer system dishonestly or fraudulently |3 years or/and
= Section 69 8 of IT Act 2008 confers on the Central government power to appoint any agency to monitor and
collect traffic data or information generated ,transmitted, received, or stored in any computer resource In order 668 receiving stolen computer resource
to enhance its cyber security and for identification, analysis, and prevention of intrusion or spread of computer
contaminant in the country. 66C —_| Identity theft fraudulently
or dishonestly make use of the | 3 years and 100,000
electronic signature, password or any other unique
= The Information Technology (procedure and safeguard for monitoring and collecting traffic data or information )
Rules, 2009 have been laid down to monitor and collect the traffic data or information for cyber security
identification
feature of any other person
purposes under Section 698.
66D _| cheating by personation by using computer resource 3 years and 100,000
10, Section 79
65E —_| Violation
of privacy 3 years or/and 200,000
Section 79 of the Act which exempted intermediaries has been modified to the effect that an intermediary shall not be
liable for any third party information data or communication link made available or hosted by him if. 66F ‘Whoever,- Imprisonment for Life
a. The function of the intermediary Is limited to providing access to a communication system over which with intent to threaten
the unity, integrity, security or
sovereignty of India or to strike terror in the people or any
information made available by third parties is transmitted or temporarily stored or hosted.
section
of the people by
b. The intermediary does not initiate the transmission or select the receiver of the transmission and select or Denial
of Access
modify the information contained in the transmission. Attempting
to Penetrate computer resource
The intermediary observes due diligence while discharging his duties. However, section 79 will not apply to an Computer containment.
intermediary # the intermediary has conspired or abetted or aided or induced whether by threats or promise or knowingly
or intentionally penetrates
and by means of
otherwise in the commission of the unlawful act or upon receiving actual knowledge or on being notified that any
such conduct obtains access to information, data or
computer database that is restricted for reasons of the
information, data or communication link residing in or connected to a computer resource controlled by it is being
security of the State or foreign relations, or likely to cause
used to commit an unlawful act, the intermediary falls to expeditiously remove or disable access to that material injury to the interests of the sovereignty and integrity of
on that resource without vitiating the evidence In any manner. India

AL. Cyber Cafe 7 Publish or transmit Obscene material - 1st time 3 years and 500,000
Anew section has been added to define cyber cafe as any facility from where the access to the internet is offered by Subsequent Obscene in elec Form. 5 years and 110,00,000
any person in the ordinary course of business to the members of the public.
67A —_| Publishing or transmitting material containing Sexually|5 years and 10,00,000
Explicit Act - 1st time Subsequent Tyears and 10,00,000

Scanned by CamScanner
 Indian IT Act W_Cyber Security and Laws (MU-Sem 7) 5:22
W _cyper Security and Laws (MU-Sem
7) 5-21 Indian
IT Act

Contents Imprisonment Up to Fine Upto

section oy Contents Imprisonment Upto | Fine Upto.
678
:
Publishing or transmitting material containing Children in| 5 years and
10,00,000 77 [Penalty and Confiscation shall not interfere with other
Sexually Explicit Act - 1st time Subsequent 7 years and 10,00,000 Punishments provided under any law.
78 Power to investigate offences by police officer not below
67C —_| Contravention of Retention or preservation of information | 3 years and Not Defined
by intermediaries rank of Dy. Superintendent of police.

68 Controller's directions to certifying Authorities or any|2 years or/and 100,000

employees failure to comply knowingly or intentionally
69 Failure to comply with directions for intercepting, |7 Years and Not Defined Q.1 Explain the term Document and Electronic record. (Section 5.1.1)
monitoring or decryption of any info transmitted through Q.2 Whats hacker ? What are the different types of hackers ? (Section 5.1.2)
any computer system/network
@.3 Explain how IT act defines and publishes hacking. What is the punishment for hacking? (Section 5.1.2)
69A [Failure to comply with directions for blocking for public] 7Years and Not Defined
‘access of any information through any computer resource Q.4 Explain teenage web vandals. (Section 5.1.3)

698 Failure to comply with directions to monitor and collect |3 Years and Not Defined
@.5 Explain cyber fraud and cyber cheating. (Section 5.1.4)
waffic data @.6 Explain computer virus, damage and computer contaminant and mischiel. (Section 5.1.5)
70 Protected system. Any unauthorized access to such system. | 10 years and Not Defined
@.7 Explain defamation, harassment and email abuse. (Section 5.1.5)
Q.8 Explain the 10 exceptions of defamation. (Section 5.1.6)
70B (7) | Failure to provide information called for by the °I.CE.R.T|| year or 1,00,000
or comply with directions. Q.9 Explain cyber pomography,
(Section 5.1.7)
Q.10 Explain some IT offences and punishment for those offences. (Section 5.1.8)
71 —_| Penalty for misrepresentation or suppressing any material |2 years or/and 100,000
fact. Q.11. Explain Y and Appeals Under IT Act, 2000. (Section 5.2)
ooa
72 | Penalty for breach of confidentiality and privacy of el. | 2years or/and 100,000
records, books, info, etc. without consent of person to
whom they belong.
72A | Punishment for disclosure of Information in breach of |3 years or/and 500,000
lawful contract.
73a_—_| Penalty for publishing false Digital Signature Certificate. | 2 years or/and 100,000
74 | Fraudulent publication. 2 years or/and 100,000
75 | Act also to apply for offences or contravention committed
outside india If the act or conduct constituting the offence
involves a computer, computer system or computer
network located in India.
76 | Confiscation of any computer, computer system, floppies,
(Ds, tape drives or other accessories related thereto in
contravention of any provisions of the Act, Rules,
Regulations or Orders made.
ee
Per eee

Scanned by CamScanner
 WW _Cyber Security and Laws (MU-Sem 7)
— 62 Information Security Standard Compliances
4. Section
906 of the SOx Act

FETTER HT ENT
Information Security Standard Section 906 of the SOX Act requires a written stat
the Chief Financial Officer (CFO). ferment
to be submitted bymitethe Chief Executh
tive Officer (CEQ) and
Compliances This statement is to be submitted with a periodic report, also
required by the act.
The content of the written statement, according to
section 906 shall certify that the Periodic report containing
the financial statements fully complies with the requirement
s of section 13(a) or 15(d) of the securities exchange
act of 1934. and that information contained in the periodic report falrty presents in
financial condition and results of operations of the issuer. all material respects the

ener
The penattles for violations are for either
SOX, GLBA, HIPAA, ISO, FISMA, NERC, PCI. a. Knowingly certifying a report that does not comport with the requirement of section 906
b. Willfully certifying a report that does not comport with the requirement of section 906
The fine for a knowing violation will be not more than $1,000,000 or imprisoned not more than 1D years in prison
6.1 SOX (Sarbanes-Oxley Act) Compilance or both. A will ful violation is significantly more costly at nat more than $5,000,000
or 20 years in prison or both.
In 2002, the United States Congress passed the Sarbanes-Oxley Act (SOX) to shield investors and the common public 2 Data protection and compliance
from accounting mistakes and deceitful practices in enterprises and to improve the precision of corporate revelations.
Data classification enables security teams to more easily monitor and enforce corporate policies for data
— The act set deadlines
for compliance and publishes rules on necessities. handling.
‘The act is drafted by Congressmen Paul Sarbanes and Michael Oxley. Its objective was to Improve corporate Depending on the sensitivity of data and its applicable regulations it may need to be encrypted, compressed or
administration and responsibility, in light of the financial scandals. saved to a different
file format.
SOX covers a range of topics from criminal penalties to corporate board responsibilities and the issues like With the correct policies in place corporations can prevent unauthorized users even those with administrative
auditing requi corporate internal control and financial rights to the system from viewing regulated data.
discdosure. ‘The best solutions also prevent data egress through copying to removable storage devices.
All the public companies have to comply with SOX both on IT side and financial side. SOX have changed the way of Another feature of security solutions that are worth the investment Is Its ability to safeguard shared data. These
Storing IT departmental electronic records. so called masking features give users access to necessary Information while ensuring compliance with
regulations,
‘The SOX act does not specify how a business should store records.
It specifies which record ta be stored and the
length of time for storage af record. 3. Compliance and audits
The corporate have to store all the business records, including electronic records and electronic messages for not less Correct security solutions are needed in SOX compliance and complying with other regulatory standards.
than 5 years to comply with the SOX. Penatty for noncompliance include fines or imprisonment, or both. Providing evidence of compliance is even worse because evidence must prove written controls are in place
- ww are for creating and an archive of records. Three rules in Section communicated and enforced while supporting non repudiation.
802 of SOX affect the management of electronic records. — The correct security software solution provides the supportable evidence so that all of your compliance efforts
1. First rule concerns the destruction, change, or forgery of records and the resulting penalties. are worthwhile.

2. Second rule defines the retention period for records storage. — Asoftware solution for meeting compliance requirements should be able to monitor data, enforce policies and
log every user action. With evidentiary quality trails all of the data needed for compliance Is in place.
3. Third rule outlines the type of business records that need to be stored including all business records, — Protect your data and your business with a software solution that ensures SOX compliance and rest a little easier
‘communi
and electronic
cationscommunications.
during your next audit.
For SOX compliance have the correct security controls In place to ensure that financial data Is accurate and protected
against loss. It is achieved by developing best practices and relying on the appropriate
tools helps businesses 6.2 GLBA Compliance
automate SOX compliance and reduce SOX management costs.
The Gramm-Leach-Bliley Act (GLB Act or GLBA) Is also known as the Financial Modernization Act of 1999.
Data classification tools are commonly used to aid in addressing compliance challenges by
automatically spotting and It Is a United States federal law that requires financial institutions to explain how they share and protect their
classifying data as soon as it Is created and applying persistent
classification tags to the data. Solutions that
are context aware have the ability to classify and tag electronic health records, card holder and customers’
private information.
other financial data,
confidential design documents, social security numbers, PHI, Pll, and other structured and unstructured
data that Is
regulated.

Scanned by CamScanner
“W_oter Security and Laws (MU-Sem 7) 63 Information Security Standard Compliancos W_cybor
se Socurty and Laws (MU-Som7) 64
— Toachieve GLBA compliance,
‘The act consists of three sections : the safeguards Ful: requires that financial
management and training, ins stitutions pay
special attention
1 The financial privacy rule, which regulates the collection and disclosure of private financial information,
ion.
implementation, information systems and security managem rent in theirieinformationatrentionsecurityto employee
plans and
2. The safeguards rule, which stipulates that financial institutions must implement security programs to protect GLBA penalties
such information.
- Once a GLBA non-compliance
allegation is proven the
3. The pretexting provisions, which prohibit the practice of pretexting (accessing private information using false consequences.
pretenses). — Some non-compliance penalties include:
The act also requires financial institutions to give customers written privacy notices that explain their information
1. _ Financial institutions found in violation face fines
sharing practices. of $100,000 for each violation.
GLBA compliance benefits 2. _ Individuals in charge found in violation face fines
of $10,000 for each Violation.
Complying with the GLBA puts financial institutions at lower risk of penalties or reputational damage caused by 3. _ Individuals found in violation can be put in prison for upto
5 years.
unauthorized sharing of loss of private customer data. There are also several privacy and security benefits required by
Non-compliance allegations examples
the GLBA safeguards Rute for custamers, some of which include :
© Private information must be secured against unauthorized access. — _ Since the act has gone into effect, there have been several allegations including:
© Customers must be notified of private information sharing between financial institutions and third parties and © Paypal (operating as Venmo] allegedly violated both the Federal Trade Act and the GLBA. According to one source,
have the ability to opt out of private information sharing.
The FTC also asserts that the privacy practices it alleges violate the GLBA and its privacy rule and that the security
failures it alleges violate the GLBA and the safeguarding rule.
© User activity must be tracked induding any attempts to access protected records.
© Early in the Acts existence the FTC invoked the GLBA against several mortgag= companies for a number of
Compliance with the GLBA protects consumer and customer records and will therefore help to build and strengthen violations.
consumer reliability and trust. Customers gain assurance that their information will be kept secure by the institution
‘Safety and security cultivate customer loyalty, resulting in a boost in reputation, repeat business and other benefits for — However, by taking steps to safeguard NP! and comply with the GLBA organizations will not only benefit from
financial institutions. improved security and the avoidance of penalties but alsa from increased customer trust and loyalty.
6.2.1 Working of GLBA Compliance 6.3 HIPAA Compliance
The GLBA needs that financial institutions act to ensure the confidentiality and security of customers’ nonpublic — The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for sensitive patient data protection.
personal information or NPI. Companies that deal with protected health information (PHI) must have a physical, network, and process securiry
Nonpublic personal information includes social security numbers, credit and income histories, credit and bank card measures in place and follow them to ensure HIPAA compliance.
account numbers, phone numbers, addresses, names, and any other personal customer information received bya — Health and Human Services (HHS) point out that as health care providers and other entities dealing with PHI move to
financial institution that is not public. computerized operations, including Computerized Physician Order Entry (CPOE) symerms, Electronic Heath
Records (EHR), and pharmacy, and Y Systems, HIPAA is more
‘The safeguards rule states that financial institutions must create a written information security plan describing the
program to protect their customers information. — Similarty, health plans provide access to claims as well as care management and self-service applications. While all of
The information security plan must be tailored specifically to the institutions size, operations and complexity as well
these electronic methods provide increased efficiency and mobility, they also Grastically increase the security risks
facing health care data.
asthe ivity of the ion. ng to the safeg rule covered financial institutions
must:
~The security rule is in place to protect the privacy of individuals health information, while at the same time allowmng
1 Designate one or more employees to coordinate its information security program. covered entities to adopt new technologies to improve the quality and efficiency of patient care.
2. Identify and assess the risks to customer information in each relevant area of the companies operation and ~The security rule by design, is flexible enough to allow a covered entity to implement policies, procedures and
evaluate the effectiveness of the current safeguards for controlling these risks. technologies that are suited to the entity's size, organizationalstructure and nsks to patents and consumers e-PHL

3. Design and implement a safeguards program, and regularly monitor and test it. 1 y’ and Pp and HIPPA
patient data. These
4. Select service providers that can maintain appropriate safeguards make sure your contract requires them to — The HHS requires physical and technical safeguards for organizations hosting sensitive
maintain safeguards, and oversee their handling of customer information. physical safeguards include:

5. Evaluate and adjust the program in light of relevant circumstances, including changes in the firm's business or © Limited facility access and control with authorized access in place.
operations, or the results of security testing and monitoring. ° Policies about use and access to workstations and electronic media.
media and e-PHL
© Restrictionsfor transferring, removing, disposing, and re-using electronic
Va

Scanned by CamScanner
 Information Sacurty Stanclard Complinncoy: Ww Cyber Security and Laws (MU-Sem 7)
W_ cyber Secunty and Laws (MU-Som7) 65 Information Security Standard Compliances
allowing only for authorized
Along the same lines, the technical safeguards of HIPAA require access control ds are designed to support organizations in
Person
to access ePHL Access control includes : delivering products and services which are hi igher in quality, safer, more secure, more resilient, and environm
friendly. entally
© Using unique user 105, emergency access procedures, automatic log off, encryption and decryption.
‘These standards are well known such as
© Audit reports or tracking logs that record activity on hardware and software. ISO 9001 (Quality Management),
(Environmental), SO 22301 (Business Continuity) 150 27001 (Information Security), ISO 14001
and the soon to be laut inched ISO 45001 (Health and Safety}.
2 and for and HIPAA 1SO 27001 is a specification for an information security
manay gement system (ISMS).
Based on the breach notification rule health care providers and plans must report any possible exposure of and procedures that includes all legal, physical and technical controls involved An ISMS is a framework of policies
Protected health information whenever data Is stolen, lost or otherwise compromised.
in an organizations information risk
management processes.

If the exposure includes more than SOO people the HIPAA CE must also quickly contact the HHS secretary. According to its documentation, ISO 27001 was developed ta provide a model for establishing,
Local media must be notified In a state or jurisdiction in which S00 or more affected Individuals reside. implementing,
Operating, monitoring, reviewing, maintaining and improving an information security management system.
Wf fewer than 500 people are impacted the individuals must be alerted and the HHS secretary must be sent a 'SO 27001 uses a top down, risk-based approach and is technology neutral. The specification defines a six-part
Feport within 60 days following the end of the calendar
year. planning process :
HIPAA violations are expensive. The penalties for noncompliance are based on the level of negligence and can
Fange from $100 to $50,000 per violation (or per record) with a maximum penalty of $1.5 Define a security policy.
a
million per year for
violations of an identical provision. Violations can also carry criminal charges that can result in jail time. Define the scope of the ISMS.
Fines will increase with the number of patients and the amount of neglect. The lowest fines start with a breach Conduct a risk assessment.
where you didn’t know and by exercising reasonable diligence would not have known that you
violated a
Provision. Manage identified risks.
At the other end of the spectrum are fines levied where a breach is due to negligence and not corrected Select control objectives and controls to be implemented.
in 30
days. In legalese this is known as mens rea (state of mind). So fines increase in severity from
no mens rea (didn't Prepare a statement of applicability.
know)
to assumed mens rea (willful negiect).
The specification indudes details for documentation, management responsibility, internal audits, continual
The fines and charges are broken down into 2 major categories: Reasonable Cause
and Willful Neglect. improvement, corrective and preventive action. The stzndard requires cooperation among all sections of an
Reasonable cause ranges from $100 to $50,000 per Incident and does nat Involve any
jail time. organization.
‘Willful negiect ranges from $10,000 to $50,000 for each incident and can result in criminal charges.
‘The 27001 standard does not mandate specific information security controls, but it provides a checklist of controls
Data pr for healthcare and HIPPA that should be considered In the accompanying code of practice, ISO/IEC 27002-2005. This second standard describes
‘a comprehensive set of information security control objectives and a set of generally accepted good practice security
The data security need has grown with an increase In the use and sharing of electronic patient data. Today
controls,
‘are requires health care organizations to meet this accelerated demand for data
while complying ‘The ISO 27002 sa of security that are to help an
with HIPAA regulations and protecting PHI. Having a data protection strategy in place allows healthcare
‘Organizations
to : Implement, maintain, and improve its information security management.

© Ensure the security and availability of PHI to maintain the trust of practitioners and patients. ISO 27002 provides hundreds of potential controls and control mechanisms that are designed to be implemented with
guidance provided within ISO 27001.
© Meet HIPAA and HITECH regulations for access, audit, integrity controls, data transmissian,
and device The suggested controls listed in the standard are intended to address specific Issues Identified during a formal risk
security.
‘assessment. The standard is also intended to provide a guide for the development of security standards and effective
© Maintain greater visibility and control of sensitive data throughout the ‘Organization.
security management practices.
The best data protection solutions recognize and protect patient (1S0} and the Blectro
data In all forms Including structured and ISO 27002 is by the Cc for
unstr data,
uctur
e-mails, documents,
ed and scans while allowing health care Provider to share
s data securely to Technical Commission (IEC).
ensure the best possible patient care. Patients entrust their data to health care Organi
zationands it is the dutyof it was updated in 2005, when It was
these organizations to take care of their protected health information, ISO 27002 was originally named ISO/MEC 1779, and published in 2000.
accompanied by the newly published ISO 27001.
64 (SO Compliance uch
‘The two standards are intended to be used together with one complimenting the other.
pra aeiedmapepair ra as
‘The international Organiz
for Standardization
ation (ISO) produces thousands of standards every year covering multiple The standards are updated regularly to incorporate references to
practices: emerged rene
topics and disciplines. EC 27000 and ISO/IEC 27005 in addition to add Information secunty
of controls based Onan oranzatons
aera These ince the election, Fmplementaion and management
unique information security risk environment.

Scanned by CamScanner
 Te

W_Cybor Security and Laws (MU-Sem 7)

(WF cyper Securtty and Laws (MU-Som7) 67 Information Security Standard Compliances Information Security Standard Compliancea
Best practices for FISMA compliance
1SO 27002 contains 12 main sections :
1. Risk assessment Obtaining FISMA compliance doesn’t
need to be a difficult process. The following
are some best practices to help
2. Security policy your organization meet all applicable FISMA
requirements. While this list is not exhaustive
it will certainly get you on the
3. Organization of information security way to achieving FISMA compliance.
4 Asset management Classify information as it is created; Classifying data based
on its sensitivity upon creation helps you prioritize

°
5 Human resources security security controlsand policies to apply the highest level of protection
to your most sensitive information.
6 Physical and environmental security Automatically encrypt sensitive data: This should be a given
for sensitive information. Ideally, you should arm

°
7. Communications and operations management your team with a tool that can encrypt sensitive data based on
its classification level ‘or when it is put at risk.
8. Access control Maintain written evidence of FISMA compliance: Stay on top of FISMA audits by maintaining
detailed records

°
9. Information systems acquisition, development and maintenance of the steps you've taken to achieve FISMA compliance.
10. Information security incident management
6.6 NERC Compliance
LL. Business continuity management
12. Compliance The North Ai Electric C (NERC) is a based in Atlanta, Georgia, and
formed on March 28, 2006, as the successor to the North American Electric Reliability Council (also known as NERC).
Benefits
of ISO :
NERC's major responsibilities: It include working with all stakeholders to develop standards for power system
The can easily prove i to ‘Sand ted parties. ig and enforcing with those resource and
‘The organization is independentty recognized
for itsefforts, educational and training resources as part of an accreditation program to ensure power system operators remain
The level of auditing from customers can often be significantly reduced as independent qualified and proficient. NERC also investigates and analyzes the causes of significant power system disturbances In
assurance. certification can increase order to help prevent future events.
Many organizations are now demanding that their suppliers Compliance monitoring: It is the process us)d to assess, investigate, evaluate, and audit in order to measure
are certified to ISO standards.
with NERC reliability ae ‘adopted, and through the ity
6.5 FISMA Compliance standards development program and placed into effect pursuant to FERC orders or to applicable authoritiesin other
North American jurisdictions. This statutory responsibility ts set forth in section 215{e) of the Federal Power Act as
The Federal Information Security Management Act (FISMA) well as 18 CFR. §39.7.
a i is a United States federal law Passed in 2002 that made it
for federal to develop, and an ion security and protection ‘Compliance enforcement: It is the process by which NERC issues sanctions and ensures mitigation of confirmed
Program. FISMA is part of the larger E-Government
Act of 2002 introduced to improve the m:
anagement of electronic violations af mandatory NERC reliability standards. As part of these efforts, NERC can also issue directives to
government services and processes, immediately address and deter new or further violations, irrespective of their presence or status (l.e., confirmed or
FISMA compliance benefits alleged). Sanctioning of confirmed violations is determined pursuant to the NERC sanction guidelines and is based
heavily upon the violation risk factors and violation severity levels of the standards requirements violated and the
- FSMA hasi the security of federal violations duration. Entities found in violation of any standard must submit a mitigation plan for approval by NERC and
- Continuous ng for FISMA p agencies with the once approved, must execute this plan as submitted.
tion they need to maintain a
high level of security and eliminate vulnerabilities in a timely and cost effective manner. Organization registration and certification: It Includes both the organization rregistratian function and the
Companies operating in the private sector particularly those who do busi organization certification function. Organization registration identifies and registers bulk power system users, owners
ness with federal agencies can also
benefit by maintaining FISMA compliance. and operators who are responsible for performing specified reliability functions to which requirements of ae
This can give private companies an advantage when trying
to add new business from federal NERC reliability standards are applicable. The organization certification function Is the process by a
‘meeting FISMA compliance requirements companies can ensure that th
agencies and by itors and enforces eee “an NERC naeats Sooneae mete Sheaaihe
ey re covering many of the security best
Practices outlined in FISMA’s requirements.
FISMA non-compilance penalties necessary personnel, knowledge, facilities, programs, and other qualifications to cet out es ee
responsibilities. Requirements and activities for the organization registration and eal ees ce
The for the ge agencies or Private that fail to comply with FISMA are: In Section 500 (Organization Registration and Certification) and Appendices 5A and 51
censure by congress, a reduction in federal funding and reputational damage. rules of procedure.

ws

Scanned by CamScanner
 mmm = “Re
W_Cybor Security and Laws (MU-Sem7)
SE per seurty and tren ats Ser7 £2 Information Security Standard Compliancos — The level 4 merchants that are small to medium
6-10 Information Security Standard Complances
Regional entity compliance monitoring and enforce sized business must complete the following steps to satisfy
ment Programs requiremen of PCI:
ts the
— NERC relies on the Regional Entities to enforce the NERC reliability standards with bulk power system
operator and users through approved regional delegatio owners, 1. Determine which Self- Assessment Questionnaire (SAQ) your business
n agreements. should use to validate compliance.
Regional entities are responsible for monitoring compliance of the registere 2. Complete the Self- Assessment Questionnaire (SAQ) according to the
d entities within their regional boundarie s, instructions itcontains.
comply.
of all of v s, penalties and for failure to 3. Complete and obtain evidence of a Passing vulnerability scan with
a PC) SSC Approved Scanning Vendor
(ASV). Nate scanning does not apply to all merchants
Regional hearing processes are available . It is required for SAQ.A-EP, SAQ B-IP, SAQC, SAQ.
Cannot be achieved at the regional level, NERto iC resolve contested Violations or penalties or sanctions. If
maintains an appeals process to hear disputes. a resolution D Merchant and SAQ D-Service provider.
Registered entities or other relevant industry Complete the relevant attestation of compliance in its entirety
stakeholders can report any perceived inconsis (located in the SAQ tool).
OF tools of two or more regional tency In the methods,
entities through the consistency reporting tool located Submit the SAQ, evidence of a Passing scan (if applicable), and the
enterprise program alignment process page. on the ERO attestatio n of compliance, along with any
other requested documentation to your acquirer.
Pci ent Card Industry) Compliance 6.7.1 GOALS of PCI
— The Payment Card industry DataSecurity Standar
d (PC! DSS) is a Set of security standards designed 1. Bullding and maintaining
a secure network
‘companies that accept, process, store to ensure that ALL
or transmit Credit card information maintai
n a secure environment. © Install and a firewall Fig to protect data : C must create their own
firewall configuration policy and develop a configuration test procedure
designed to protect cardholder data. Your
hosting provider should have firewalls in place to protect and create a secure,
private network.
° Do not use vendor supplied defaults for system passwords and other security
parameters: This means creating,
‘maintaining and updating your system passwords with unique and secure passwords
created by your company,
Express, Discover and JCB) not ones that a software vendor might already have in place when purchased.
- oegpoTtant f8 nate thatthe payment
brands and acquirers are responsible 2 Protect
card holder data
council. for enforcing comilance not the PC
— The PC DSS applies to ANY Organization
regardless of size or number ‘of transactions
any card holder data that accepts transmits or stores

networking cabinet locks according to computer world.com.

Encrypt transmission of cardholder data across open,
public networks : Encrypted data is unreadable and
unusable to system intruder without the property cryptograph
ic keys according the PCI security standards

Table 6.7.1

3. Maintain a vulnerability management program

Any — _ Use and regularty update antivirus software : An anti-virus sofware service needs
Protect against the most recently developed malware. If your data is being hostedin he frequently updated to
Fequirementsto minimize risk to the visa system. on outsourced servers, a
server provider is for maintaining a safe aud logs.
2 Any merchant of ce channel 1M to 6M Visa te ~ Develop and maintain secure systems and applications : This includes discovering newly
vulnerabilities via alert systems. Your PO. compliant hasting provider
identified security
Any merchant processing 20,000 to 1M Visa e-commerce transactions should be monitoring and updating their
per year.
Systems to accom any modat
security vulnerabilities.
e
Any merchant processing fewer than 20,000 visa e-commerce
other merchants regardless of acceptance channel Processing uptransactions
per year, and all
to 1M Visa transactions per
year.

¥ Wie

Scanned by CamScanner
 .
¥ Cyber Secu ity and Laws (MU-Sem 7) 6-14 : ity Standard Compii
Information Security s mplianceg

4. Implement strong access contro!

measures
Restrict access to card holder data by business need-
to-know: Limiting the number of person that have
card holder data will accessas
lessen the chances of a security breach.
hould follow best
practi
Assign a unique ID to each person with computer access: User accounts with access $ tsve [gn inca Ces
including password encryption, authorization, authenticati
on, password updates every 3 0 days, log € limits,
etc.

Restrict physical access to cardholder data : If your data is hosted in an off-sit

e data center your data cente;
provider should have limited personal with access to the sensitive inform
ation. PCI compliant data centers shoulg
have full monit7oring, inclu
:
ding surveillance cameras and entry ;
compliant hosting environment. authentication to ens ure a secure and p
“
5. Implement strong access contro!
measures
Track and monitor all access to netw
ork resources and cardholder data
and stored archives can help your hosting provider : Logging systems that track user activi
pinpoint the cause in the n
event of a security breach or other
issue.
Regularly test security systems
and Processes : With regular monitoring
hosting provider should be able and testing processes in place, your data
toa ssure you that your customers card holder data is safe at all times.
6. Maintain an information security
policy
Maintain a policy that addresse
s information secu rity : This policy should
technology reviews and annual include all acceptable uses of
processes for risk analysis, operational security
administrative tasks procedures, and other general
.
If you are choosing a data-hosting provi
der ask for docu mentation of the processes
compliance requirements can be met. that ensure the 12 Pd

Q.1 Write short note on SOX ? (Section 6.1)

Q2 Write short note on GLBA 7 (Section 6.2)

Q.3 What is HIPAA compliance ? Explain in detail ? (Secti

on 6.3)
Q4 Write short note on ISO ? (Section 6.4)

Qs Write short note on FISMA 7 (Section 6.5)

Q.6 Explain NERC compliance ? (Section 6.6)

Q.7 What is PCI ? (Section 6.7)

Q.8 What are the goals of PCI ? (Section 6.7.1)

Scanned by CamScanner