Cyber Security Unit-1

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 19

GEETHANJALI INSTITUTE OF SCIENCE & TECHNOLOGY::NELLORE

IV B.TECH I SEMESTER –ECE


Name of the subject: CYBER SECURITY (20A05705a)
Faculty Name: K.Venkateswarlu

UNIT I Introduction to Cybercrime


Introduction, Cybercrime, and Information Security, Who are Cybercriminals, Classifications of
Cybercrimes, And Cybercrime: The legal Perspectives and Indian Perspective, Cybercrime and the Indian
ITA 2000, A Global Perspective on Cybercrimes.

Unit – 1
Introduction to Cyber Crime and Cyber Security

Cyber Crime
Meaning –Criminal activities carried out by means of computers or the internet.
Definition –
 Cybercrime is defined as a crime where a computer is the object of the crime or is used as
a tool to commit an offense.
 A cybercriminal may use a device to access a user's personal information, confidential
business information, government information, or disable a device.
 Cybercrime, also called computer crime, the use of a computer as an instrument to further
illegal ends, such as committing fraud, trafficking in child pornography and intellectual
property, stealing identities, or violating privacy.
 Cybercrime, especially through the Internet, has grown in importance as the computer has
become central to commerce, entertainment, and government.
 Cyber crime or computer-oriented crime is a crime that includes a computer and a
network. The computer may have been used in the execution of a crime or it may be the
target.

Cyber crime encloses a wide range of activities, but these can generally be divided into two
categories:
(a) Crimes that aim computer networks or devices. These types of crimes involve different
threats (like virus, bugs etc.) and denial-of-service attacks.
(b) Crimes that use computer networks to commit other criminal activities. These types of
crimes include cyber stalking, financial fraud or identity theft.

Origin of the word Cyber Crime


Cyber came from cybernetics. Cybernetics influences game, system, and organizational theory.
Cybernetics derived from the Greek kubernētēs which refers to a pilot or steersman. Related is the
Greek word kubernēsis which means “the gift of governance” and applies to leadership.

Information Security:

1|Page
Information security is concerned with safeguarding the data that resides on the network.

Information security measures include encryption, access control, and backup and recovery
systems.

Information security is more concerned with the policies and procedures that govern how data is
accessed, used, and protected.

Information security is often the responsibility of dedicated security professionals.

Information security also includes additional aspects such as authenticity, accountability, and
non-repudiation.

Information security measures are typically implemented at the data level, such as encryption
and access controls.

This is the age of universal electronic connectivity, where the activities like hacking, viruses,
electronic fraud are very common.

Unless security measures are taken, a network conversation or a distributed application can be
compromised easily.

Some simple examples are:

 Online purchases using a credit/debit card.


 A customer unknowingly being directed to a false website.
 A hacker sending a message to a person pretending to be someone else.

Network Security has been affected by two major developments over the last several decades.
First one is introduction of computers into organizations and the second one being introduction
of distributed systems and the use of networks and communication facilities for carrying data
between users & computers.

These two developments lead to ‘computer security’ and ‘network security’, where the computer
security deals with collection of tools designed to protect data and to thwart hackers.

Network security measures are needed to protect data during transmission. But keep in mind that,
it is the information and our ability to access that information that we are really trying to protect
and not the computers and networks.

Why We Need Information Security?

Because there are threats Threats A threat is an object, person, or other entity that represents a
constant danger to an asset The 2007 CSI survey 494 computer security practitioners

2|Page
 46% suffered security incidents

 29% reported to law enforcement

 Average annual loss $350,424

 1/5 suffered ‗targeted attack‘

 The source of the greatest financial losses?

 Most prevalent security problem

 Insider abuse of network access

 Threat Categories Acts of human error or failure.

 Compromises to intellectual property

 Deliberate acts of sabotage or vandalism

 Deliberate acts of theft

 Deliberate software attack

 Forces of nature

 Deviations in quality of service

 Technical hardware failures or errors

 Technical software failures or errors

 Technological obsolesce

Applications of Information Security:


1. Confidentiality: Information security ensures that sensitive information is kept
confidential and not disclosed to unauthorized individuals.
2. Integrity: Information security guarantees that data is accurate, complete, and reliable,
and that it has not been altered or modified in any way.
3. Availability: Information security makes sure that data is available when needed and that
it can be accessed by authorized users.
4. Authentication: Information security uses authentication methods to verify the identity of
users and ensure that they are authorized to access sensitive information.

3|Page
5. Authorization: Information security controls access to sensitive information and
resources to ensure that only authorized individuals can access them.
6. Non-repudiation: Information security ensures that the origin and authenticity of data can
be verified, so that users cannot deny sending or receiving certain data.

Who are cyber criminals?


A cybercriminal is an individual who commits cybercrimes, where he/she makes use
of the computer either as a tool or as a target or as both.

Types of Cyber Criminals:

1. Hackers:

The term hacker may refer to anyone with technical skills, however, it typically refers to an
individual who uses his or her skills to achieve unauthorized access to systems or networks so as
to commit crimes.

2. Organized Hackers:

These criminals embody organizations of cyber criminals, terrorists, and state- sponsored
hackers. Cyber criminals are typically teams of skilled criminals targeted on control, power, and
wealth.

These criminals are extremely organized, and should even give crime as a service. These
attackers are usually profoundly prepared and well-funded.

3. Internet stalkers:

Internet stalkers are people who maliciously monitor the web activity of their victims to acquire
personal data. This type of cyber crime is conducted through the use of social networking
platforms and malware, that are able to track an individual’s PC activity with little or no
detection.

4. Disgruntled Employees:

Disgruntled employees become hackers with a particular motive and also commit cyber crimes.
It is hard to believe that dissatisfied employees can become such malicious hackers.

In the previous time, they had the only option of going on strike against employers. But with the
advancement of technology there is increased in work on computers and the automation of
processes, it is simple for disgruntled employees to do more damage to their employers and
organization by committing cyber crimes. The attacks by such employees bring the entire system
down.

4|Page
Classification of Cyber Crimes:

Email spoofing
 Email spoofing is a form of cyber attack in which a hacker sends an email that has been
manipulated to seem as if it originated from a trusted source.
 For example, a spoofed email may pretend to be from a well-known shopping
website, asking the recipient to provide sensitive data, such as a password or credit
card number.
 Alternatively, a spoofed email may include a link that installs malware on the
user's device if clicked.
 An example of spoofing is when an email is sent from a false sender address, that
asks the recipient to provide sensitive data.
 This email could also contain a link to a malicious website that contains malware.
Spamming
 Spamming is the use of electronic messaging systems like e-mails and other digital
delivery systems and broadcast media to send unwanted bulk messages
indiscriminately.
 The term spamming is also applied to other media like in internet forums, instant
messaging, and mobile text messaging, social networking spam, junk fax transmissions,
television advertising and sharing network spam.
 Spam is any kind of unwanted, unsolicited digital communication that gets sent out
in bulk. Often spam is sent via email, but it can also be distributed via text
messages, phone calls, or social media.
Cyber defamation
 The tort of cyber defamation is an act of intentionally insulting, defaming or
offending another individual or a party through a virtual medium.
 It can be both written and oral.
 Defamation means giving an “injury to the reputation of a person” resulting from a
statement which is false. The term defamation is used in the section 499 of Indian
Penal Code, 1860.
 Cyber defamation is also known as internet defamation or online defamation in the
world of internet and its users.
 Cyber defamation is a new concept but it virtually defames a person through new
medium. The medium of defaming the individual's identity is through the help of
computers via internet.
Internet time theft

5|Page
 It refers to the theft in a manner where the unauthorized person uses internet hours
paid by another person.
 The authorized person gets access to another person's ISP user ID and password, either
by hacking or by illegal means without that person's knowledge.

 Basically, Internet time theft comes under hacking. It is the use by an


unauthorized person, of the Internet hours paid for by another person.

Salami Attack
 A salami attack is a small attack that can be repeated many times very efficiently.
Thus the combined output of the attack is great.

 In the example above, it refers to stealing the round-off from interest in bank
accounts.
 Even though it is less than 1 cent per account, when multiplied by millions of
accounts over many months, the adversary can retrieve quite a large amount. It is
also less likely to be noticeable since your average customer would assume that the
amount was rounded down to the nearest cent.

Data Diddling
 Data diddling is a type of cybercrime in which data is altered as it is entered into a
computer system, most often by a data entry clerk or a computer virus.
 Data diddling is an illegal or unauthorized data alteration. Changing data before or as
it is input into a computer or output.
 Example: Account executives can change the employee timesheet
information of employees before entering to the HR payroll application.

Forgery
 Forger" redirects here.
 When a perpetrator alters documents stored in computerized form, the crime
committed may be forgery. In this instance, computer systems are the target of
criminal activity.
 The term forgery usually describes a message related attack against a cryptographic
digital signature scheme. That is an attack trying to fabricate a digital signature for
a message without having access to the respective signer's private signing key.
 Among the many examples of this crime, taking another's work, whether it be
written or visual, such as a artwork, and attempting to distribute it as either your own
or as an original is an example of forgery.

6|Page
 Likewise, either creating fake documents or producing counterfeit items is
considered to be forgery as well.
Web Jacking
 Illegally seeking control of a website by taking over a domain is know as Web
Jacking.
 Web jacking attack method is one kind of trap which is spread by the attacker to
steal the sensitive data of any people, and those people got trapped who are not
aware about cyber security.
 Web jacking attack method is another type of social engineering phishing attack
where an attacker create a fake web page of victim website
 An attacker send it to the victim and when a victim click on that link, a message
display on the browser “the site abc.com has move on another address, click here to
go to the new location”
 If a victim does click on the link, he/she will redirect on the fake website page
where an attacker can ask for any sensitive data such as credit card number,
username, password etc.
Emanating from UseNet
 Usenet is a kind of discussion group where people can share views on topic of their
interest. The article posted to a newsgroup becomes available to all readers of the
newsgroup.
 By its very nature, Usenet groups may carry very offensive, harmful, inaccurate or
otherwise inappropriate material, or in some cases, postings that have been
mislabeled or are deceptive in another way.
 Therefore, it is expected that you will use caution and common sense and exercise
proper judgment when using Usenet, as well as use the service at your own risk.

Industrial Espionage
 Industrial espionage describes a series of covert activities in the corporate world
such as the theft of trade secrets by the removal, copying, or recording of
confidential or valuable information in a company. The information obtained is
meant for use by a competitor.
 Economic or industrial espionage commonly occurs in one of two ways.
i) a dissatisfied employee appropriates information to advance interests or to
damage the company.
ii) Secondly, a competitor or foreign government seeks information to advance its
own technological or financial interest.
 Industrial espionage and spying can occur in any industry -- from food and
7|Page
beverage to fashion and entertainment.
 However, technology is one of the most targeted industries.
 Key technology industries that are often targeted include computer, semiconductor,
electronics, automotive, aerospace, biotechnology, energy, pharmaceutical and high-
tech manufacturing.
Hacking
 Hacking refers to activities that seek to compromise digital devices, such as computers,
smartphones, tablets, and even entire networks.
 Hacking is an attempt to exploit a computer system or a private network inside a
computer. Simply put, it is the unauthorized access to or control over computer
network security systems for some illicit purpose.
 They can destroy, steal or even prevent authorized users from accessing the
system.
 Kevin Mitnick likely holds the title as the world's best hacker ever. Kevin Mitnick
started hacking at an early age. He broke into the realm of public attention in the
1980s after he hacked into the North American Defense Command
Types of Hackers
a) White Hat Hackers – These hackers utilize their programming aptitudes for a
good and lawful reason. These hackers may perform network penetration tests in an
attempt to compromise networks to discover network vulnerabilities. Security
vulnerabilities are then reported to developers to fix them.

b) Black Hat Hackers –


These hackers are unethical criminals who violate network security for personal gain.
They misuse vulnerabilities to bargain PC frameworks.

c) Gray Hat Hackers – These hackers carry out violations and do seemingly
deceptive things however not for individual addition or to cause harm. These
hackers may disclose a vulnerability to the affected organization after having
compromised their network.

Email bombing
 An email bomb or "mail bomb" is a malicious act in which a large number of
email messages are sent to a single email address in a short period of time. The
purpose of an email bomb is typically to overflow a user's inbox. In some cases, it
will also make the mail server unresponsive.
 Email bombing is often done from a single system in which one user sends
hundreds or thousands of messages to another user. In order to send the messages

8|Page
quickly, the email bomber may use a script to automate the process. By sending
emails with a script, it is possible to send several thousand messages per minute.
 Fortunately, most mail servers are capable of detecting email bombs before a large
number of messages are sent. For example, if the server detects that more than ten
messages are received from the same email address within one minute,
 it may block the sender's email address or IP address. This simple action will stop
the email bomb by rejecting additional emails from the sender.
Intrusion
 The definition of an intrusion is an unwelcome interruption or a situation where
somewhere private has an unwelcome visit or addition.

 When you are having a quiet nap in your backyard and your neighbor's dog comes
in uninvited and jumps all over you to wake you up, this is an example of an intrusion.

 A network intrusion refers to any unauthorized activity on a digital network.


Network intrusions often involve stealing valuable network resources and almost
always jeopardize the security of networks and/or their data.

 In order to proactively detect and respond to network intrusions, organizations and


their cybersecurity teams need to have a thorough understanding of how network
intrusions work and implement network intrusion, detection, and response systems
that are designed with attack techniques and cover-up methods in mind.
Password sniffing
 Password Sniffing is a hacking technique that uses a special software application
that allows a hacker to steal usernames and passwords simply by observing and
passively recording network traffic. This often happens on public WiFi networks
where it is relatively easy to spy on weak or unencrypted traffic.

 Password sniffing is an attack on the Internet that is used to steal user names and
passwords from the network. Today, it is mostly of historical interest, as most
protocols nowadays use strong encryption for passwords. However, it used to be the
worst security problem on the Internet in the 1990s, when news of major password
sniffing attacks were almost weekly.

 The typical implementation of a password sniffing attack involves gaining access


to a computer connected to a local area network and installing a password
sniffer on it.

 The password sniffer is a small program that listens to all traffic in the attached
network(s), builds data streams out of TCP/IP packets,and extracts user names and
passwords from those streams that contain protocols that send cleartext passwords.

9|Page
 The attack can also be performed in switches, routers, and printers. It is common
nowadays for attackers to install presence on such devices.

 They don't run anti-virus and aren't easy to audit. Furthermore, traffic naturally
goes through switches and routers, so no extra network packets need to be sent to fool
switches into sending traffic of interest to the listening node.

Credit card fraud


 Credit card fraud occurs when an unauthorized person gains access to your
information and uses it to make purchases. ... Skimming your credit card, such as at
a gas station pump. Hacking your computer. Calling about fake prizes or wire
transfers.
 Here criminals make purchases or obtain cash advances using a credit card account
assigned to you. This can occur through one of your existing accounts, via theft of
your physical credit card or your account numbers and PINs, or by means of new
credit card accounts being opened in your name without your knowledge. Once
they're in, thieves then run up charges and stick you and your credit card company
with the bill.

Identity Theft
 Identity theft is the crime of obtaining the personal or financial information of
another person to use their identity to commit fraud, such as making unauthorized
transactions or purchases.

Cyber Crime and Cybe Security – The legal Perspective:

Cybercrime and legal landscape around the world


Cybercrime is a crime done with the misuse of information technology for unauthorized or
illegal access, electronic fraud; like deletion, alteration, interception, concealment of data,
forgery etc. Cybercrime is an international crime as it has been affected by the worldwide
revolution in information and communication
Cybercrime is a growing concern to countries at all levels of developments and affects both,
buyers and sellers.
While 154 countries (79 per cent) have enacted cybercrime legislation, the pattern varies
by region: Europe has the highest adoption rate (93 per cent) and Asia and the Pacific the
lowest (55 per cent).
The evolving cybercrime landscape and resulting skills gaps are a significant challenge for law
enforcement agencies and prosecutors, especially for cross-border enforcement.

List of Top 3 Countries with the highest rate of Cybercrime (source:

10 | P a g e
BusinessWeek/Symantec)

1. United States of America. Share of malicious computer activity: 23%


2. China. Share of malicious computer activity: 9%
3. Germany. Share of malicious computer activity: 6%

China–United States cooperation is one of the most striking progress recently, because
they are the top two source countries of cybercrime.

Need of Cyber Law

In today’s techno-savvy environment, the world is becoming more and more digitally
sophisticated and so are the crimes. Internet was initially developed as a research and
information sharing tool and was in an unregulated manner.

As the time passed by it became more transactional with e-business, e-commerce, e-


governance and e-procurement etc. All legal issues related to internet crime are dealt with
through cyber laws.

As the number of internet users is on the rise, the need for cyber laws and their application
has also gathered great momentum.

In today’s highly digitalized world, almost everyone is affected by cyber law. For
example:

 Almost all transactions in shares are in demat form.


 Almost all companies extensively depend upon their computer networks and
keep their valuable data in electronic form.
 Government forms including income tax returns, company law forms etc. are
now filled in electronic form.
 Consumers are increasingly using credit/debit cards for shopping.
 Most people are using email, phones and SMS messages for communication.
 Even in “non-cyber crime” cases, important evidence is found in computers/cell
phones eg: in cases of murder, divorce, kidnapping, tax evasion, organized
crime, terrorist operations, counterfeit currency etc.
Cybercrime cases such as online banking frauds, online share trading fraud,
source code theft, credit card fraud, tax evasion, virus attacks, cyber sabotage,
phishing attacks, email hijacking, denial of service, hacking, pornography etc.
are becoming common.
Digital signatures and e-contracts are fast replacing conventional method of transacting
business.

11 | P a g e
Technology is never a disputed issue but for whom and at what cost has been the issue in
the ambit of governance.

The cyber revolution holds the promise of quickly reaching the masses as opposed to the
earlier technologies, which had a trickle-down effect. Such a promise and potential can
only be realized with an appropriate legal regime based on a given socio-economic matrix.

Need for Cyber Law in India

Cyber-law is important in a country like India where the internet is used to a large extent.
The law is enacted to save people and organizations from cybercrime and other internet-
related crimes.

It protects the privacy of every individual and organization. Before the enactment of
Cyber-law, no specific law existed in India to deal with cybercrime.

As per rules and regulations of the Cyber-law, a person who commits cybercrime is liable
to get punishment. If anyone violates and breaks the provisions of the law, then it allows
another person or organization to take legal action against that person.

Cyber Law also called IT Law is the law regarding Information-technology including
computers and internet. It is related to legal informatics and supervises the digital
circulation of information, software, information security and e- commerce.

 The Information Technology Act, 2000 (also known as ITA-2000, or the IT Act)
is an Act of the Indian Parliament (No 21 of 2000) notified on17th October 2000.

Information Technology Act, 2000

Enacted by Parliament of India

Enacted 9 June 2000

Assented to 9 June 2000

Signed 9 May 2000

The Information Technology Act, 2000 provides legal recognition to the transaction done
via electronic exchange of data and other electronic means of communication or electronic
commerce transactions.

12 | P a g e
Objectives of the Act

The Information Technology Act, 2000 provides legal recognition to the transaction done
via electronic exchange of data and other electronic means of communication or electronic
commerce transactions.

This also involves the use of alternatives to a paper-based method of


communication and information storage to facilitate the electronic filing of documents
with the Government agencies.

Further, this act amended the Indian Penal Code 1860, the Indian Evidence Act 1872, the
Bankers’ Books Evidence Act 1891, and the Reserve Bank of India Act 1934.

The objectives of the Act are as follows:

i. Grant legal recognition to all transactions done via electronic exchange of data or
other electronic means of communication or e-commerce, in place of the earlier
paper-based method of communication.

ii. Give legal recognition to digital signatures for the authentication of any information
or matters requiring legal authentication

iii. Facilitate the electronic filing of documents with Government agencies and also
departments

iv. Facilitate the electronic storage of data

v. Give legal sanction and also facilitate the electronic transfer of funds between
banks and financial institutions

vi. Grant legal recognition to bankers under the Evidence Act, 1891 and the
Reserve Bank of India Act, 1934, for keeping the books of accounts in electronic
form.

Features of the Information Technology Act, 2000

i. All electronic contracts made through secure electronic channels are


legally valid.
ii. Legal recognition for digital signatures.
iii. Security measures for electronic records and also digital signatures are in
place
iv. A procedure for the appointment of adjudicating officers for holding
inquiries under the Act is finalized.
13 | P a g e
v. Provision for establishing a Cyber Regulatory Appellant Tribunal under the
Act. Further, this tribunal will handle all appeals made against the order of
the Controller or Adjudicating Officer.
vi. An appeal against the order of the Cyber Appellant Tribunal is possible
only in the High Court
vii. Digital Signatures will use an asymmetric cryptosystem and also a hash
function
viii. Provision for the appointment of the Controller of Certifying Authorities
(CCA) to license and regulate the working of Certifying Authorities. The
Controller to act as a repository of all digital signatures.
ix. The Act applies to offences or contraventions committed outside India
x. Senior police officers and other officers can enter any public place and
search and arrest without warrant
xi. Provisions for the constitution of a Cyber Regulations Advisory Committee
to advise the Central Government and Controller.

Amendments in Indian IT act


A major amendment was made in 2008. It introduced Section 66A which penalized
sending "offensive messages". It also introduced Section 69, which gave authorities the
power of "interception or monitoring or decryption of any information through any
computer resource".

According to a recent Ministry of Communication & Information Technology news


release, the Information Technology (Amendment) Act, 2008 has come into effect in India
from October 27, 2009. The Act has received mixed responses. While some are happy
about the Indian government's attempt to curtail usage of the internet for terrorist
activities, others feel that the surveillance powers received by government are prone to
misuse.
The Information Technology (Amendment) 2008 Act has been debated since it was
passed by the Indian Parliament in December 2008, about a month after the terrorist attacks in
Mumbai.

Certain sections like Section 69 which provides authority to the Indian government for
interception, monitoring, decryption and blocking electronic data traffic have come under
major criticism. "The Act has provided Indian government with the power of surveillance,
monitoring and blocking data traffic. The new powers under the amendment act tend to give
Indian government a texture and color of being a surveillance state,"

Cyber Crime and Punishment in India:-

14 | P a g e
Penalties under Cyber Crimes:-

a) Section 43 and 66 –
Section 43 and 66 of the IT Act punishes a person committing data theft, transmitting
virus into a system, hacking, destroying data, or denying access to the network to an
authorized person with maximum imprisonment up to 3 years or a fine of rupees 5 lacs or
both. At the same time data theft is also punishable under Section 378 and Section 424 of
IPC with maximum imprisonment of 3 years or fine or both; and imprisonment of 2 years
or fine or both respectively. Denying access to an authorized person or damaging a
computer system is penalized under Section 426 of IPC with imprisonment of up to 3
months or fine or both.

66E - Tampering with computer source documents is a punishable offence under Section
65 of the IT Act. Section 66E provides the punishment for violation of privacy. It states
that if any person captures, publishes, or distributes an image of a private area of a person
without his/her consent has committed a breach of privacy and is punishable with
imprisonment up to 3 years or a fine up to 2 lacs or both.

66F
Section 66F covers a crucial matter which is cyber terrorism and prescribes punishment
for the same. It provides the acts which constitute cyber terrorism like denial of access or
penetrating through a network or transmitting virus/malware utilizing which he is likely to
cause death or injury to any person, which is all done with the purpose to threat the
integrity, sovereignty, unity, and security of India or create terror in the minds of its
citizen.

66B and 66 C
Section 66B of the IT Act and Section 411 of IPC deal with the offense of dishonestly
receiving stolen computer resources or devices.

Section 66C of the IT Act prescribes punishment for identity theft and states that any
person who uses the identity credentials of a person for fraud or in a dishonest manner is
liable for punishment with imprisonment up to 3 years and a fine up to Rupees 3 lacs.
Cheating by personation using a computer resource is punishable under Section 66D of the
IT Act.

Similar provisions for these offenses are given under IPC under Section 419, 463, 465,
and 468. IT Act not only punishes persons but corporate as well if they fail to implement
and maintain a reasonable and diligent mechanism to protect the sensitive data of any
person in their possession. Such a body corporate is liable to pay compensation to the
aggrieved person who has suffered a loss due to the negligence of the corporation.

15 | P a g e
Apart from the provisions for punishment, the IT Act also empowers the Central
Government to issue directions to block access of any information on an intermediary or
computer resource for the public, if it feels necessary in the interest of the State. It can also
intercept, decrypt or monitor such information.

Date – 10 Dec 2021

Cyber Crime and Punishment in India:-

The IT Act 2000 w1as mainly to ensure legal recognition of e-commerce within India. Due
to this most provisions are mainly concerned with establishing digital certification
processes within the country. Cybercrime as a term was not defined in the act. It only
delved with few instances of computer-related crimes. These acts as defined in Chapter XI
of the Act are:
1. Section 43– Illegal access, the introduction of the virus, denial of services, causing
damage and manipulating computer accounts.
2. Section 65– Tampering, destroying and concealing computer code.
3. Section 66– Acts of hacking leading to wrongful loss or damage.
4. Section 67– Acts related to publishing, transmission or causing publication of
obscene/ lascivious in nature.
Punishment in Section 65 and 66 is three years or fine up to two lakh rupees or both. For
Section 67 the first time offenders can be punished up to 5 years with a fine up to one
lakhs of rupees. A subsequent offense can lead to ten years of punishment and fine up to
two lakhs of rupees.

Salient Features Of Information Technology Amendment Act


Information Technology Act Amendment which came into force after Presidential assent
in February 2009 has the following salient features:

 Liability of body corporate towards Sensitive Personal Data-New amendment


was brought in changes in Section 43 of IT Act 2000 in which for the first time
anybody corporate which deals with sensitive personal information does not have
adequate controls resulting in wrongful loss or wrongful gain to any person is
liable to pay damages to that person to the tune of five crores.
16 | P a g e
 Introduction of virus, manipulating accounts, denial of services etc made
punishable-Section 66 has been amended to include offenses punishable as per
section 43 which has also been amended to include offenses as listed above;
punishment may lead to imprisonment which may extend to three years or with
fine which may extend to five lakh rupees or with both. This is a change from an
earlier position where the introduction ofthe virus, manipulating someone’s account
has been made punishable with imprisonment for the first time.
 Phishing and Spam- While this has not been mentioned specifically but this can
be interpreted in the provisions mentioned here in Section 66 A. Through this
section sending of menacing ( frightening ), annoying messages and also
misleading information about the origin of the message has become punishable
with imprisonment up to three years and fine.
 Stolen Computer resource or communication device – Newly added
Section 66B has been introduced to tackle with acts of dishonestly receiving and
retaining any stolen computer resource. This has also been made punishable with
three years or fine of one lakh rupees or both.
 Misuse of Digital Signature-Section 66C. Dishonest use of somebody else’s
digital signature has been made punishable with imprisonment which may extend
to three years and shall also be liable to fine with may extend to rupees one lakh.
 Cheating-Cheating using computer resource has been made punished with
imprisonment of either description for a term which may extend to three years and
shall also be liable to fine which may extend to one lakh rupee (Section 66D).
 Cyber terrorism- The newly introduced Section 66F talks about acts of cyber
terror which threatens the unity, integrity or sovereignty of India or strike terror in
the people or any section of the people include
 Child Pornography– Newly introduced Section 67 B attempts to address the issue
of child pornography. Through this section it has made the publication or
transmission of material in any electronic form which depicts children engaged in
sexually explicit act or conduct, anyone who creates, facilitates or records these
acts and images punishable with imprisonment of five years and fine which may
extend up to ten lakhs in first offence and seven years and fine of ten lakhs on

17 | P a g e
subsequent offence.
Digital Signature

A digital signature is a way to identify yourself online. Just like passports, driving licenses,
and PAN cards allow you to prove your identity offline, digital signatures let you prove
your identity online. To do this, you need a digital signature certificate and that lets you
sign documents digitally.

Digital signatures work by proving that a digital message or document was not modified—
intentionally or unintentionally—from the time it was signed. Digital signatures do this by
generating a unique hash of the message or document and encrypting it using the sender's
private key.

You can use digital signature certificates to e-file your income tax returns, for a Registrar
of Companies e-filing, online auctions (such as e-tenders), and to sign documents such as
PDFs.

Digital signatures were given legal status in India, by Information Technology (IT ACT
2000) in the year 2000. It granted e-signatures on electronic documents, the same legal
status as the handwritten signatures on physical documents.

The IT Act, 2000 introduced the concept of digital signatures under Sec. 2(1)(p) as
authentication of any electronic record by a subscriber, i.e., a person in whose name the
Digital Signature Certificate' (DSC) is issued,by means of an electronic method or
procedure in accordance with the provisions of Sec. 3

A Global Perspective on Cybercrimes:


In Australia, cybercrime has narrow statutory meaning as used in the Cyber Crime Act 2001,
which details offenses against computer data and systems. In the Council of Europe’s (CoE)
Cyber Crime Treaty, cybercrime is used as an umbrella term to refer to an array of criminal
activity including offenses against computer data and systems, computer-related offenses,
content offenses and copy-right offenses.

18 | P a g e
The Spam legislation scenario mentions “none” about India as far as E-mail legislation in India
is concerned. The legislation refers to India as a “loose” legislation, although there is a mention
in Section 67 of ITA 2000. About 30 countries have enacted some form of anti-spam legislation.
There are also technical solutions by ISPs and end-users.

Inspite of this, so far there has been no significant impact on the volume of spam. Spam is used
to support fraudulent and criminal activities. As there are no national boundaries to such crimes
under cybercrime realm, it requires international cooperation between those who seek to enforce
anti-spam laws.

………………………………….********************…………………………

19 | P a g e

You might also like