UNIT 01

UNIT 01
Q.1 what purpose section 66 of ITA 2000 used discuss in details?
-Ans: Section 66. Computer related offences
66. Computer related offences.-- If any person, dishonestly or fraudulently, does any act
referred to in section 43, he shall be punishable with imprisonment for a term which may
extend to three years or with fine which may extend to five lakh rupees or with both.
Explanation.--For the purposes of this section,--
(a) the word "dishonestly" shall have the meaning assigned to it in section 24 of the Indian
Penal Code (45 of 1860);
(b) the word "fraudulently" shall have the meaning assigned to it in section 25 of the Indian
Penal Code (45 of 1860).]
Section 66A. Punishment for sending offensive messages through communication service,
etc
India Code
Section 66A. Punishment for sending offensive messages through communication service,
etc.Previous Next
1 [66A. Punishment for sending offensive messages through communication service, etc.--
Any person who sends, by means of a computer resource or a communication device,
(a) any information that is grossly offensive or has menacing character; or
(b) any information which he knows to be false, but for the purpose of causing annoyance,
inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill
will, persistently by making use of such computer resource or a communication device;
(c) any electronic mail or electronic mail message for the purpose of causing annoyance or
inconvenience or to deceive or to mislead the addressee or recipient about the origin of such
messages,
shall be punishable with imprisonment for a term which may extend to three years and with
fine.
Explanation.--For the purposes of this section, terms "electronic mail" and "electronic mail
message" means a message or information created
transmitted or received on a computer, computer system, computer resource or
communication device including attachments in text, image, audio, video and any other
electronic record, which may be transmitted with the message.
 UNIT 01
Section 66B. Punishment for dishonestly receiving stolen computer resource or
communication device.
Whoever dishonestly receive or retains any stolen computer resource or communication
device knowing or having reason to believe the same to be stolen computer resource or
communication device, shall be punished with imprisonment of either description for a term
which may extend to three years or with fine which may extend to rupees one lakh or with
both.
Section 66C. Punishment for identity theft.
Whoever, fraudulently or dishonestly make use of the electronic signature, password or any
other unique identification feature of any other person, shall be punished with imprisonment
of either description for a term which may extend to three years and shall also be liable to
fine which may extend to rupees one lakh.
Section 66D. Punishment for cheating by personation by using computer resource.
Whoever, by means of any communication device or computer resource cheats by
personation, shall be punished with imprisonment of either description for a term which may
extend to three years and shall also be liable to fine which may extend to one lakh rupees.
Section 66E. Punishment for violation of privacy.
Whoever, intentionally or knowingly captures, publishes or transmits the image of a private
area of any person without his or her consent, under circumstances violating the privacy of
that person, shall be punished with imprisonment which may extend to three years or with
fine not exceeding two lakh rupees, or with both.
Explanation.--For the purposes of this section--
(a) transmit means to electronically send a visual image with the intent that it be viewed by
a person or persons
(b) capture, with respect to an image, means to videotape, photograph, film or record by any
means;
(c) private area means the naked or undergarment clad genitals, *[pubic area], buttocks or
female breast:
(d) publishes means reproduction in the printed or electronic form and making it available
for public;
(e) under circumstances violating privacy means circumstances in which a person can have a
reasonable expectation that--
(i) he or she could disrobe in privacy, without being concerned that an image of his private
area was being captured; or
 UNIT 01
(ii) any part of his or her private area would not be visible to the public, regardless of whether
that person is in a public or private place.

Q.2 What do you mean by cybercrime explain in details?

ANS:-
Cybercrime is criminal activity that either targets or uses a computer, a computer network or
a networked device. Most cybercrime is committed by cybercriminals or hackers who want
to make money. However, occasionally cybercrime aims to damage computers or networks
for reasons other than profit. These could be political or personal.
Cybercrime can be carried out by individuals or organizations. Some cybercriminals are
organized, use advanced techniques and are highly technically skilled. Others are novice
hackers.
Types of cybercrime include:
1.Email and internet fraud.
2.Identity fraud (where personal information is stolen and used).
3.Theft of financial or card payment data.
4. Theft and sale of corporate data.
5. Cyberextortion (demanding money to prevent a threatened attack).
6. Ransomware attacks (a type of cyberextortion).
7. Cryptojacking (where hackers mine cryptocurrency using resources they do not own).
8. Cyberespionage (where hackers access government or company data).
9. Soliciting, producing, or possessing child pornography.
Cybercrime involves one or both of the following:

Criminal activity targeting computers using viruses and other types of malware.
Criminal activity using computers to commit other crimes.
Cybercriminals that target computers may infect them with malware to damage devices or
stop them working. They may also use malware to delete or steal data. Or cybercriminals
may stop users from using a website or network or prevent a business providing a software
service to its customers, which is called a Denial-of-Service (DoS) attack.
 UNIT 01
Cybercrime that uses computers to commit other crimes may involve using computers or
networks to spread malware, illegal information or illegal images.
Cybercriminals are often doing both at once. They may target computers with viruses first
and then use them to spread malware to other machines or throughout a network. Some
jurisdictions recognize a third category of cybercrime which is where a computer is used as
an accessory to crime. An example of this is using a computer to store stolen data.

Q.3Explain 4 type of classification of cybercrime?

ANS:- Cyber crimes can be classified in to 4 major categories as the following:
1) Cyber crime against Individual
2) Cyber crime Against Property
3) Cyber crime Against Organization
4) Cyber crime Against Society
1) Against Individuals
(i) Email spoofing : A spoofed email is one in which the e-mail header is forged so that the
mail appears to originate from one source but actually has been sent from another source.
(ii) Spamming : Spamming means sending multiple copies of unsolicited mails or mass e-mails
such as chain letters.
(iii) Cyber Defamation : This occurs when defamation takes place with the help of computers
and/or the Internet. E.g. someone publishes defamatory matter about someone on a website
or sends e-mails containing defamatory information.
(iv) Harassment & Cyber stalking : Cyber Stalking Means following an individual's activity over
internet. It can be done with the help of many protocols available such as e- mail, chat rooms,
user net groups.
2) Against Property
(i) Credit Card Fraud : As the name suggests, this is a fraud that happens by the use of a credit
card. This generally happens if someone gets to know the card number or the card gets
stolen.
(ii) Intellectual Property crimes : These include Software piracy: Illegal copying of programs,
distribution of copies of software. Copyright infringement: Using copyrighted material
without proper permission. Trademarks violations: Using trademarks and associated rights
without permission of the actual holder. Theft of computer source code: Stealing, destroying
or misusing the source code of a computer.
 UNIT 01
(iii) Internet time theft : This happens by the usage of the Internet hours by an unauthorized
person which is actually paid by another person.
(3) Against Organisations
(i) Unauthorized Accessing of Computer: Accessing the computer/network without
permission from the owner. It can be of 2 forms:
a) Changing/deleting data: Unauthorized changing of data.
b) Computer voyeur: The criminal reads or copies confidential or proprietary information,
but the data is neither deleted nor changed.
(ii) Denial Of Service : When Internet server is flooded with continuous bogus requests so as
to denying legitimate users to use the server or to crash the server.
iii) Computer contamination / Virus attack : A computer virus is a computer program that can
infect other computer programs by modifying them in such a way as to include a (possibly
evolved) copy of it. Viruses can be file infecting or affecting boot sector of the computer.
Worms, unlike viruses do not need the host to attach themselves to.
(iv) Email Bombing : Sending large numbers of mails to the individual or company or mail
servers thereby ultimately resulting into crashing.
(v) Salami Attack : When negligible amounts are removed & accumulated in to something
larger. These attacks are used for the commission of financial crimes.
(vi) Logic Bomb : It is an event dependent program. As soon as the designated event occurs,
it crashes the computer, release a virus or any other harmful possibilities.
(vii) Trojan Horse : This is an unauthorized program which functions from inside what seems
to be an authorized program, thereby concealing what it is actually doing.
(viii) Data diddling : This kind of an attack involves altering raw data just before it is processed
by a computer and then changing it back after the processing is completed.
(4) Against society
(i) Forgery :
Currency notes, revenue stamps, mark sheets etc. can be forged using computers and high
quality scanners and printers.
(ii) Cyber Terrorism :
Use of computer resources to intimidate or coerce people and carry out the activities of
terrorism.
(iii) Web Jacking :Hackers gain access and control over the website of another, even they
change the content of website for fulfilling political objective or for money.
 UNIT 01
Q 4 . Explain: a) Email spoofing b) Spamming c) Internet time Theft d) Denial of service e)
Computer contamination f) Email Bombing g) Salami attack
ANS: a) Email spoofing
Email spoofing is a type of cyberattack that targets businesses by using emails with forged
sender addresses. Because the recipient trusts the alleged sender, they are more likely to
open the email and interact with its contents, such as a malicious link or attachment.
Phishing
Most email spoofing attempts lead to phishing attacks. A phishing email can appear to be
from your bank, employer or boss, or use techniques to coerce information out of you by
pretending, for example, to be a government agency.
The hacker could steal existing account credentials, deploy ransomware, or acquire enough
information to open a new fraudulent account.
Masking Identity
A spoofed email is anonymous. Hackers sometimes use spoofed emails to mask their identity
and pre-establish trust with the user by appearing to be from a reputable organization or
person.
Avoid Spam Filters
Hackers use spoofed emails as a means to get around email spam filtering. When an email is
spoofed, it is unlikely to be caught in spam filters, and may often look like an email you get
everyday.
Identity Theft
When the spoofed email appears to be trustworthy, many unsuspecting users send personal
information and credentials to hackers. For example, hackers may ask for healthcare
information or identity verification.
Real world email spoofing example
One example of an email spoofing campaign used to leverage a second-stage wire fraud
attack was common enough to become the subject of an IRS bulletin. In this attack, spoofed
emails that appeared to come from executives in targeted organizations were sent to
employees in HR or payroll. The fraudulent emails urgently requested a list of all employees
and their W-2 forms. So far, this was a standard email spoofing scam. But there was a twist—
the phishing scam was followed up by another asking the employee to make a wire transfer.
This stage of the attack was a business email compromise, or BEC attack. This two-stage scam
is still observed in frequent use today
b) Spamming
 UNIT 01
Malspam
Short for “malware spam” or “malicious spam,” malspam is a spam message that delivers
malware to your device. Unsuspecting readers who click on a link or open an email
attachment end up with some type of malware including ransomware, Trojans, bots, info-
stealers, cryptominers, spyware, and keyloggers. A common delivery method is to include
malicious scripts in an attachment of a familiar type like a Word document, PDF file, or
PowerPoint presentation. Once the attachment is opened, the scripts run and retrieve the
malware payload.

Spam calls and spam texts:Have you ever received a robocall? That’s call spam. A text
message from an unknown sender urging you to click an unknown link? That’s referred to as
text message spam or “smishing,” a combination of SMS and phishing.
If you’re receiving spam calls and texts on your Android or iPhone, most major carriers give
you an option to report spam. Blocking numbers is another way to combat mobile spam. In
the US, you can add your phone number to the National Do Not Call Registry to try to cut
down on the amount of unwanted sales calls you receive, but you should still be alert to
scammers who ignore the list.
c)Internet time Theft
Internet Time Theft: The person who gets access to someone else's ISP user ID and password,
either by hacking or by gaining access to it by illegal means, uses it to access the Internet
without the other person's knowledge. You can identify time theft if your Internet time has
to be recharged often, despite infrequent usage. This offence is usually covered under IPC
and the Indian Telegraph Act.
d )Denial of service
A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network,
making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target
with traffic, or sending it information that triggers a crash. In both instances, the DoS attack
deprives legitimate users (i.e. employees, members, or account holders) of the service or
resource they expected.
Victims of DoS attacks often target web servers of high-profile organizations such as banking,
commerce, and media companies, or government and trade organizations. Though DoS
attacks do not typically result in the theft or loss of significant information or other assets,
they can cost the victim a great deal of time and money to handle.
There are two general methods of DoS attacks: flooding services or crashing services. Flood
attacks occur when the system receives too much traffic for the server to buffer, causing
them to slow down and eventually stop. Popular flood attacks include:
 UNIT 01
Buffer overflow attacks – the most common DoS attack. The concept is to send more traffic
to a network address than the programmers have built the system to handle. It includes the
attacks listed below, in addition to others that are designed to exploit bugs specific to certain
applications or networks
ICMP flood – leverages misconfigured network devices by sending spoofed packets that ping
every computer on the targeted network, instead of just one specific machine. The network
is then triggered to amplify the traffic. This attack is also known as the smurf attack or ping
of death.
SYN flood – sends a request to connect to a server, but never completes the handshake.
Continues until all open ports are saturated with requests and none are available for
legitimate users to connect to.
Other DoS attacks simply exploit vulnerabilities that cause the target system or service to
crash. In these attacks, input is sent that takes advantage of bugs in the target that
subsequently crash or severely destabilize the system, so that it can’t be accessed or used.
E )Computer contamination
NRS 205.4737 "Computer contaminant" defined.
1. "Computer contaminant" means any data, information, image, program, signal or sound
that is designed or has the capability to:
(a) Contaminate, corrupt, consume, damage, destroy, disrupt, modify, record or transmit; or
(b) Cause to be contaminated, corrupted, consumed, damaged, destroyed, disrupted,
modified, recorded or transmitted,
any other data, information, image, program, signal or sound contained in a computer,
system or network without the knowledge or consent of the person who owns the other
data, information, image, program, signal or sound or the computer, system or network

g)Salami attack
A salami attack is a method of cybercrime that attackers or a hacker typically used to commit
financial crimes. Cybercriminals steal money or resources from financial accounts on a
system one at a time. This attack occurs when several minor attacks combine to create a
sturdy attack. because of this sort of cybercrime, these attacks frequently go undetected.
Salami attacks are used for the commission of economic crimes Those who are found guilty
of such an attack face punishment under Section 66 of the IT Act.

Working of Salami attack:

 UNIT 01
During this kind of attack, an awfully insignificant change is introduced that goes completely
unnoticed. as an example, a bank accountant inserts a program, into the bank’s servers, that
deducts a satiny low amount of cash from the account of each customer. No account holder
will probably notice this Unauthorized debit, but the bank accountant will make an outsized
amount of cash each month. as an example, an employee of a bank in the USA was
terminated from his job. Disgruntled at having been supposedly mistreated by his employers
the person first introduced a logic bomb into the bank’s systems.

Prevention From Salami attack:

Users are encouraged to oversee their weekly transactions and month-to-month bank
statements to shield their bank accounts from being hindered by a salami attack. you’ll
monitor any potential charges on your account by actively scanning through these activities.
If you have got any issues with any strange charges on your account, contact your bank.
Financial institutions, like banks, should also update their security so that the attacker
doesn’t become conversant in how the framework is meant. Banks should advise customers
on the due to report any money deduction that they weren’t tuned in to.

Types of Salami attacks:

Salami Slicing: Salami Slicing occurs when the attackers/hacker get customer information,
like Bank/credit card details and other similar sort of detail by using an online database the
attacker/hacker deduct an awfully touch of cash from each account and these amounts add
up to an oversized amount of cash and this can be often invisibly to deduct such amount.
because the amount is tiny. thanks to the limited amount of cash the bulk of individuals
doesn’t report the deduction. as an example, suppose an attacker/hacker withdraws ₹0.0001
from each checking account. Nobody will notice so, an oversized sum is produced when one
dollar is deducted from each account holder at that bank and the attacker got a stack of cash.
Penny Shaving: when the attackers/hacker steal money in small amounts. By using rounding
to the closest within the transactions. so, change is so small so, nobody can detect such dough
in a single transaction
H )Email Bombing:
On Internet usage, an email bomb is a form of net abuse that sends large volumes of email
to an address to overflow the mailbox, overwhelm the server where the email address is
hosted in a denial-of-service attack (DoS attack) or as a smoke screen to distract the attention
from important email messages indicating a security breach.
 UNIT 01
I )Salami attack
A salami attack is a method of cybercrime that attackers or a hacker typically used to commit
financial crimes. Cybercriminals steal money or resources from financial accounts on a
system one at a time. This attack occurs when several minor attacks combine to create a
sturdy attack. because of this sort of cybercrime, these attacks frequently go undetected.
Salami attacks are used for the commission of economic crimes Those who are found guilty
of such an attack face punishment under Section 66 of the IT Act.
Working of Salami attack:
During this kind of attack, an awfully insignificant change is introduced that goes completely
unnoticed. as an example, a bank accountant inserts a program, into the bank’s servers, that
deducts a satiny low amount of cash from the account of each customer. No account holder
will probably notice this Unauthorized debit, but the bank accountant will make an outsized
amount of cash each month. as an example, an employee of a bank in the USA was
terminated from his job. Disgruntled at having been supposedly mistreated by his employers
the person first introduced a logic bomb into the bank’s systems.
Prevention From Salami attack:
Users are encouraged to oversee their weekly transactions and month-to-month bank
statements to shield their bank accounts from being hindered by a salami attack. you’ll
monitor any potential charges on your account by actively scanning through these activities.
If you have got any issues with any strange charges on your account, contact your bank.
Financial institutions, like banks, should also update their security so that the attacker
doesn’t become conversant in how the framework is meant. Banks should advise customers
on the due to report any money deduction that they weren’t tuned in to.
Types of Salami attacks:
Salami Slicing: Salami Slicing occurs when the attackers/hacker get customer information,
like Bank/credit card details and other similar sort of detail by using an online database the
attacker/hacker deduct an awfully touch of cash from each account and these amounts add
up to an oversized amount of cash and this can be often invisibly to deduct such amount.
because the amount is tiny. thanks to the limited amount of cash the bulk of individuals
doesn’t report the deduction. as an example, suppose an attacker/hacker withdraws ₹0.0001
from each checking account. Nobody will notice so, an oversized sum is produced when one
dollar is deducted from each account holder at that bank and the attacker got a stack of cash.
Penny Shaving: when the attackers/hacker steal money in small amounts. By using rounding
to the closest within the transactions. so, change is so small so, nobody can detect such dough
in a single transaction
Q.5Explain preventive measure for information security in consideration of cyber-attacks
 UNIT 01
ANS-1. Train your staff.
One of the most common ways cyber criminals get access to your data is through your
employees. They’ll send fraudulent emails impersonating someone in your organisation and
will either ask for personal details or for access to certain files. Links often seem legitimate
to an untrained eye and it’s easy to fall into the trap. This is why employee awareness is
vital.One of the most efficient ways to protect against cyber attacks and all types of data
breaches is to train your employees on cyber attack prevention and inform them of current
cyber attacks.
They need to:
Check links before clicking them
Check email addresses from the received email (have a look here on how to check it)
Use common sense before sending sensitive information. If a request seems odd, it probably
is. It’s better to
check via a phone call with the person in question before actioning the “request”
2. Keep your software and systems fully up to date.
Often cyber attacks happen because your systems or software aren’t fully up to date, leaving
weaknesses. So cybercriminals exploit these weaknesses to gain access to your network.
Once they are in – it’s often too late to take preventative action.
To counteract this, it’s smart to invest in a patch management system that will manage all
software and system updates, keeping your system resilient and up to date.
3. Ensure Endpoint Protection.
Endpoint protection protects networks that are remotely bridged to devices. Mobile devices,
tablets and laptops that are connected to corporate networks give access paths to security
threats. These paths need protected with specific endpoint protection software.
4. Install a Firewall.
There are so many different types of sophisticated data breaches and new ones surface every
day and even make comebacks.Putting your network behind a firewall is one of the most
effective ways to defend yourself from any cyber attack. A firewall system will block any brute
force attacks made on your network and/or systems before it can do any damage, something
we can help you with.
5. Backup your data.
In the event of a disaster (often a cyber attack) you must have your data backed up to avoid
serious downtime, loss of data and serious financial loss.
 UNIT 01
7. Wifi Security.
Who doesn’t have a wifi enabled device in 2020? And that’s exactly the danger, any device
can get infected by connecting to a network, if this infected device then connects to your
business network your entire system is at serious risk.Securing your wifi networks and hiding
them is one of the safest things you can do for you systems. With wireless technology
developing more and more everyday there’s thousands of devices that can connect to your
network and compromise you.
8. Employee personal accounts.
Every employee needs their own login for every application and program. Several users
connecting under the same credentials can put your business at risk.Having separate logins
for each staff member will help you reduce the number of attack fronts. Users only log in
once each day and will only use their own set of logins. Greater security isn’t the only benefit,
you’ll also get improved usability.

10. Passwords.
Having the same password setup for everything can be dangerous. Once a hacker figures out
your password, they now have access to everything in your system and any application you
use.Having different passwords setup for every application you use is a real benefit to your
security, and changing them often will maintain a high level of protection against external
and internal threats.
Q.6 Explain the term with example: 1) Logic Bomb 2) data diddling 3) forgery 4) cyber
terrorism 5) web jacking 6) cyber defamation 7) Trojan Horse
ANS- a) Logic bomb: A logic bomb is a set of instructions in a program carrying a malicious
payload that can attack an operating system, program, or network. It only goes off after
certain conditions are met. A simple example of these conditions is a specific date or time. A
more complex example is when an organization fires an employee and logs their dismissal in
their system.A logic bomb usually carries a computer virus or a computer worm. Even though
some people use the two terms interchangeably, they’re not the types of malware.
Examples of logic bombs
Although logic bombs are a common attack vector for disgruntled employees, state-
sponsored agents can also use them. One of the most frequently told examples of a logic
bomb incident occurred in 1982 and was known as the Trans-Siberian Pipeline incident. The
story of this incident had the makings of a spy movie, from the KGB and the CIA to secret
documents and international intrigue. Interestingly, it may have sounded like a spy novel
because some of the story could have been a hoax.
 UNIT 01
b)Data Diddling: A data diddling attack is based on how the user input or transactions are
validated or processed. In a data diddling attack, the user modifies the transaction data on
client side and forwards it to the server. If no proper validation is done on the server-side,
the modified data by the attacker is processed and results in a loss for the target. For
example, while purchasing items on a retail website like Amazon, if the data in a transaction
like quantity of items, price of each item, etc., are not validated on server-side once
submitted by the buyer, a malicious buyer can change this data for his/her own personal gain

c)Forgery:Duplicate currency notes, certificates, postage, etc. can be forged using

sophisticated computers, printers, and scanners. This is a blooming business now-a-days to
cell fake certificates or mark sheets outside many colleges.

Q.7Discuss Indian Legal perspectives on cybercrime?

Ans:Cyber Law also called IT Law is the law regarding Information-technology including
computers and the internet. It is related to legal informatics and supervises the digital
circulation of information, software, information security, and e-commerce.
IT law does not consist of a separate area of law rather it encloses aspects of contract,
intellectual property, privacy, and data protection laws. Intellectual property is a key element
of IT law. The area of software license is controversial and still evolving in Europe and
elsewhere.
According to the Ministry of Electronics and Information Technology, Government of India :
Cyber Laws yields legal recognition to electronic documents and a structure to support e-
filing and e-commerce transactions and also provides a legal structure to reduce, check cyber
crimes.
Importance of Cyber Law:
1. It covers all transactions over the internet.
2. It keeps eye on all activities over the internet.
3. It touches every action and every reaction in cyberspace.
Area of Cyber Law:
Cyber laws contain different types of purposes. Some laws create rules for how individuals
and companies may use computers and the internet while some laws protect people from
 UNIT 01
becoming the victims of crime through unscrupulous activities on the internet. The major
areas of cyber law include:
1.Fraud:
Consumers depend on cyber laws to protect them from online fraud. Laws are made to
prevent identity theft, credit card theft, and other financial crimes that happen online. A
person who commits identity theft may face confederate or state criminal charges. They
might also encounter a civil action brought by a victim. Cyber lawyers work to both defend
and prosecute against allegations of fraud using the internet.
2.Copyright:
The internet has made copyright violations easier. In the early days of online communication,
copyright violations were too easy. Both companies and individuals need lawyers to bring an
action to impose copyright protections. Copyright violation is an area of cyber law that
protects the rights of individuals and companies to profit from their creative works.
3.Defamation:
Several personnel uses the internet to speak their mind. When people use the internet to say
things that are not true, it can cross the line into defamation. Defamation laws are civil laws
that save individuals from fake public statements that can harm a business or someone’s
reputation. When people use the internet to make statements that violate civil laws, that is
called Defamation law.
4.Harassment and Stalking:
Sometimes online statements can violate criminal laws that forbid harassment and stalking.
When a person makes threatening statements again and again about someone else online,
there is a violation of both civil and criminal laws. Cyber lawyers both prosecute and defend
people when stalking occurs using the internet and other forms of electronic communication.
5.Freedom of Speech:
Freedom of speech is an important area of cyber law. Even though cyber laws forbid certain
behaviors online, freedom of speech laws also allows people to speak their minds. Cyber
lawyers must advise their clients on the limits of free speech including laws that prohibit
obscenity. Cyber lawyers may also defend their clients when there is a debate about whether
their actions consist of permissible free speech.
6.Trade Secrets:
Companies doing business online often depend on cyber laws to protect their trade secrets.
For example, Google and other online search engines spend lots of time developing the
algorithms that produce search results. They also spend a great deal of time developing other
 UNIT 01
features like maps, intelligent assistance, and flight search services to name a few. Cyber laws
help thethese companies to take legal action as necessary to protect their trade secrets.
7.Contracts and Employment Law:
Every time you click a button that says you agree to the terms and conditions of using a
website, you have used cyber law. There are terms and conditions for every website that are
somehow related to privacy concerns.
Advantages of Cyber Law:
•Organizations are now able to carry out e-commerce using the legal infrastructure provided
by the Act.
•Digital signatures have been given legal validity and sanction in the Act.
•It has opened the doors for the entry of corporate companies for issuing Digital Signatures
Certificates in the business of being Certifying Authorities.
•It allows Government to issue notifications on the web thus heralding e-governance.
•It gives authority to the companies or organizations to file any form, application, or any
other document with any office, authority, body, or agency owned or controlled by the
suitable Government in e-form using such e-form as may be prescribed by the suitable
Government.
•The IT Act also addresses the important issues of security, which are so critical to the
success of electronic transactions.
•Cyber Law provides both hardware and software security.
Q.8Discuss Global Legal perspectives on cybercrime?
Ans:
In Australia, cybercrime has narrow statutory meaning as used in the Cyber Crime Act 2001,
which details offenses against computer data and systems. In the Council of Europe’s (CoE)
Cyber Crime Treaty, cybercrime is used as an umbrella term to refer to an array of criminal
activity including offenses against computer data and systems, computer-related offenses,
content offenses and copy-right offenses.
The Spam legislation scenario mentions “none” about India as far as E-mail legislation in
India is concerned. The legislation refers to India as a “loose” legislation, although there is a
mention in Section 67 of ITA 2000. About 30 countries have enacted some form of anti-spam
legislation. There are also technical solutions by ISPs and end-users.
Inspite of this, so far there has been no significant impact on the volume of spam. Spam is
used to support fraudulent and criminal activities. As there are no national boundaries to
 UNIT 01
such crimes under cybercrime realm, it requires international cooperation between those
who seek to enforce anti-spam laws.
Q9What is ITA 2000 explain in details?
Ans:
The Information Technology Act, 2000 also Known as an IT Act is an act proposed by the
Indian Parliament reported on 17th October 2000. This Information Technology Act is based
on the United Nations Model law on Electronic Commerce 1996 (UNCITRAL Model) which
was suggested by the General Assembly of United Nations by a resolution dated on 30th
January, 1997. It is the most important law in India dealing with Cybercrime and E-Commerce.
The main objective of this act is to carry lawful and trustworthy electronic, digital and online
transactions and alleviate or reduce cybercrimes. The IT Act has 13 chapters and 90 sections.
The last four sections that starts from ‘section 91 – section 94’, deals with the revisions to
the Indian Penal Code 1860.
The IT Act, 2000 has two schedules:
• First Schedule –
Deals with documents to which the Act shall not apply.
• Second Schedule –
Deals with electronic signature or electronic authentication method.
The offences and the punishments in IT Act 2000 :
The offences and the punishments that falls under the IT Act, 2000 are as follows :-
1. Tampering with the computer source documents.
2. Directions of Controller to a subscriber to extend facilities to decrypt information.
3. Publishing of information which is obscene in electronic form.
4. Penalty for breach of confidentiality and privacy.
5. Hacking for malicious purposes.
6. Penalty for publishing Digital Signature Certificate false in certain particulars.
7. Penalty for misrepresentation.
8. Confiscation.
9. Power to investigate offences.
10. Protected System.
 UNIT 01
11. Penalties for confiscation not to interfere with other punishments.
12. Act to apply for offence or contravention committed outside India.
13. Publication for fraud purposes.
14. Power of Controller to give directions.
Sections and Punishments under Information Technology Act, 2000 are as follows :
SECTION PUNISHMENT
Section 43 This section of IT Act, 2000 states that any act of destroying, altering or stealing
computer system/network or deleting data with malicious intentions without authorization
from owner of the computer is liable for the payment to be made to owner as compensation
for damages.
Section 43A This section of IT Act, 2000 states that any corporate body dealing with sensitive
information that fails to implement reasonable security practices causing loss of other person
will also liable as convict for compensation to the affected party.
Section 66 Hacking of a Computer System with malicious intentions like fraud will be
punished with 3 years imprisonment or the fine of Rs.5,00,000 or both.
Section 66 B, C, D Fraud or dishonesty using or transmitting information or identity theft is
punishable with 3 years imprisonment or Rs. 1,00,000 fine or both.
Section 66 E This Section is for Violation of privacy by transmitting image or private area is
punishable with 3 years imprisonment or 2,00,000 fine or both.
Section 66 F This Section is on Cyber Terrorism affecting unity, integrity, security, sovereignty
of India through digital medium is liable for life imprisonment.
Section 67 This section states publishing obscene information or pornography or
transmission of obscene content in public is liable for imprisonment up to 5 years or fine of
Rs. 10,00,000 or both.
Q.10Discuss as per ITA 2000 section 43 a, b, c, d, e & f in details?
Ans:
Section 43A Power to arrest, search, etc
A. Power to arrest, search, etc.-Any officer of the Designated Authority empowered in this
behalf, by general or special order of the Central Government or the State Government, as
the case may be, knowing of a design to commit any offence under this Act or has reason to
believe from personal knowledge or information given by any person and taken in writing
that any person has committed an offence punishable under this Act or from any document,
article or any other thing which may furnish evidence of the commission of such offence or
 UNIT 01
from any illegally acquired property or any document or other article which may furnish
evidence of holding any illegally acquired property which is liable for seizure or freezing or
forfeiture under this Chapter is kept or concealed in any building, conveyance or place, may
authorise any officer subordinate to him to arrest such a person or search such building,
conveyance or place whether by day or by night or himself arrest such a person or search a
such building, conveyance or place.

Section 43B Procedure of arrest, seizure, etc

B. Procedure of arrest, seizure, etc-(1) Any officer arresting a person under section 43A shall,
as soon as may be, inform him of the grounds for such arrest.
(2) Every person arrested and article seized under section 43A shall be forwarded without
unnecessary delay to the officer-in-charge of the nearest police station.
(3) The authority or officer to whom any person or article is forwarded under sub-section (2)
shall, with all convenient dispatch, take such measures as may be necessary in accordance
with the provisions of the Code.]

Section 43C Application of provisions of Code

43C. Application of provisions of Code-The provisions of the Code shall apply, insofar as they
are not inconsistent with the provisions of this Act, to all arrests, searches and seizures made
under this Act.]

Section 43D Modified application of certain provisions of the Code

1[43D. Modified application of certain provisions of the Code.-(1) Notwithstanding anything
contained in the Code or any other law, every offence punishable under this Act shall be
deemed to be a cognizable offence within the meaning of clause (c) of section 2 of the Code,
and "cognizable case" as defined in that clause shall be construed accordingly.
(2) Section 167 of the Code shall apply in relation to a case involving an offence punishable
under this Act subject to the modification that in sub-section (2),-
(a) the references to "fifteen days", "ninety days" and "sixty days", wherever they occur, shall
be construed as references to "thirty days", "ninety days" and "ninety days" respectively; and
(b) after the proviso, the following provisos shall be inserted, namely:-
 UNIT 01
"Provided further that if it is not possible to complete the investigation within the said period
of ninety days, the Court may if it is satisfied with the report of the Public Prosecutor
indicating the progress of the investigation and the specific reasons for the detention of the
accused beyond the said period of ninety days, extend the said period up to one hundred and
eighty days:
Provided also that if the police officer making the investigation under this Act, requests, for
the purposes of investigation, for police custody from judicial custody of any person in judicial
custody, he shall file an affidavit stating the reasons for doing so and shall also explain the
delay, if any, for requesting such police custody.
(3) Section 268 of the Code shall apply in relation to a case involving an offence punishable
under this Act subject to the modification that-
(a) the reference in sub-section (1) thereof
(i) to "the State Government" shall be construed as a reference to …