CYBER LAW AND IPR

UNIT -1B

Cyber Crime and Criminal Justice: New technologies create new criminal
opportunities but few new types of crime. What distinguishes Cybercrime from
traditional criminal activity?

Obviously, one difference is the use of the digital computer, but technology alone is
insufficient for any distinction that might exist between different realms of criminal
activity.

Criminals do not need a computer to commit fraud, traffic in child pornography and
intellectual property, steal an identity, or violate someone’s privacy. All those
activities existed before the “cyber” prefix became ubiquitous. Cybercrime,
especially involving the Internet, represents an extension of existing criminal
behavior alongside some novel illegal activities.

Most Cybercrime is an attack on information about individuals, corporations, or

governments. Although the attacks do not take place on a physical body, they do
take place on the personal or corporate virtual body, which is the set of
informational attributes that define people and institutions on the Internet. In other
words, in the digital age our virtual identities are essential elements of everyday
life: we are a bundle of numbers and identifiers in multiple computer databases
owned by governments and corporations. Cybercrime highlights the centrality of
networked computers in our lives, as well as the fragility of such seemingly solid
facts as individual identity.

Criminal justice: is the delivery of justice to those who have been accused of
committing crimes. The criminal justice system is a series of government
agencies and institutions. Goals include the rehabilitation of offenders, preventing
other crimes, and moral support for victims. The primary institutions of the criminal
justice system are the police, prosecution and defense lawyers, the courts and the
prisons system.
The criminal justice system consists of three main parts:

1. Law enforcement agencies, usually the police

2. Courts and accompanying prosecution and defense lawyers

3. Agencies for detaining and supervising offenders, such as prisons and

probation agencies.
In the criminal justice system, these distinct agencies operate together as the
principal means of maintaining the rule of law within society.

Information Technology Act, 2000 (India): The Information Technology Act, 2000
also Known as an IT Act is an act proposed by the Indian Parliament reported on
17th October 2000. This Information Technology Act is based on the United Nations
Model law on Electronic Commerce 1996 (UNCITRAL Model) which was suggested by
the General Assembly of United Nations by a resolution dated on 30th January,
1997. It is the most important law in India dealing with Cybercrime and E-
Commerce.

The main objective of this act is to carry lawful and trustworthy electronic, digital
and online transactions and alleviate or reduce cybercrimes. The IT Act has 13
chapters and 90 sections. The last four sections that starts from ‘section 91 –
section 94’, deals with the revisions to the Indian Penal Code 1860.

The IT Act, 2000 has two schedules:

First Schedule –

Deals with documents to which the Act shall not apply.

Second Schedule –

Deals with electronic signature or electronic authentication method.

The offenses and the punishments in IT Act 2000 :

The offenses and the punishments that falls under the IT Act, 2000 are as follows :-

 Tampering with the computer source documents.

 Directions of Controller to a subscriber to extend facilities to decrypt

information.
 Publishing of information which is obscene in electronic form.
  Penalty for breach of confidentiality and privacy.
 Hacking for malicious purposes.
 Penalty for publishing Digital Signature Certificate false in certain particulars.
 Penalty for misrepresentation.
 Confiscation.
 Power to investigate offences.
 Protected System.
 Penalties for confiscation not to interfere with other punishments.
 Act to apply for offence or contravention committed outside India.
 Publication for fraud purposes.
 Power of Controller to give directions.

Sections and Punishments under Information Technology Act, 2000 are as

follows :

SECTION PUNISHMENT
This section of IT Act, 2000 states that any act of destroying,
altering or stealing computer system/network or deleting data with
Section 43 malicious intentions without authorization from owner of the
computer is liable for the payment to be made to owner as
compensation for damages.
This section of IT Act, 2000 states that any corporate body dealing
with sensitive information that fails to implement reasonable
Section 43A
security practices causing loss of other person will also liable as
convict for compensation to the affected party.
Hacking of a Computer System with malicious intentions like fraud
Section 66 will be punished with 3 years imprisonment or the fine of
Rs.5,00,000 or both.
Fraud or dishonesty using or transmitting information or identity
Section 66
theft is punishable with 3 years imprisonment or Rs. 1,00,000 fine or
B, C, D
both.
This Section is for Violation of privacy by transmitting image of
Section 66
private area is punishable with 3 years imprisonment or 2,00,000
E
fine or both.
This Section is on Cyber Terrorism affecting unity, integrity,
Section 66
security, sovereignty of India through digital medium is liable for life
F
imprisonment.
Section 67 This section states publishing obscene information or pornography
or transmission of obscene content in public is liable for
 imprisonment up to 5 years or fine of Rs. 10,00,000 or both.

Hacking: Hacking in Cybersecurity refers to the misuse of devices like computers,

smartphones, tablets, and networks to cause damage to or corrupt systems, gather
information on users, steal data and documents, or disrupt data-related activity.

A traditional view of hackers is a lone rogue programmer who is highly skilled in

coding and modifying computer software and hardware systems. But this narrow
view does not cover the true technical nature of hacking.

Hackers are increasingly growing in sophistication, using stealthy attack methods

designed to go completely unnoticed by Cybersecurity software and IT teams. They
are also highly skilled in creating attack vectors that trick users into opening
malicious attachments or links and freely giving up their sensitive personal data.

Types of Hacking/Hackers:

Black Hat Hackers: Black hat hackers are the "bad guys" of the hacking scene.
They go out of their way to discover vulnerabilities in computer systems and
software to exploit them for financial gain or for more malicious purposes, such as
to gain reputation, carry out corporate espionage, or as part of a nation-state
hacking campaign.

These individuals’ actions can inflict serious damage on both computer users and
the organizations they work for. They can steal sensitive personal information,
compromise computer and financial systems, and alter or take down the
functionality of websites and critical networks.

White Hat Hackers: White hat hackers can be seen as the “good guys” who
attempt to prevent the success of black hat hackers through proactive hacking.
They use their technical skills to break into systems to assess and test the level of
network security, also known as ethical hacking. This helps expose vulnerabilities in
systems before black hat hackers can detect and exploit them.

The techniques white hat hackers use are similar to or even identical to those of
black hat hackers, but these individuals are hired by organizations to test and
discover potential holes in their security defenses.
Grey Hat Hackers: Grey hat hackers sit somewhere between the good and the
bad guys. Unlike black hat hackers, they attempt to violate standards and principles
but without intending to do harm or gain financially. Their actions are typically
carried out for the common good.

For example, they may exploit a vulnerability to raise awareness that it exists, but
unlike white hat hackers, they do so publicly. This alerts malicious actors to the
existence of the vulnerability.

Devices Most Vulnerable To Hacking

Smart Devices: Smart devices, such as smartphones, are lucrative targets for
hackers. Android devices, in particular, have a more open-source and inconsistent
software development process than Apple devices, which puts them at risk of data
theft or corruption. However, hackers are increasingly targeting the millions of
devices connected to the Internet of Things (IoT).

Webcams: Webcams built into computers are a common hacking target, mainly
because hacking them is a simple process. Hackers typically gain access to a
computer using a Remote Access Trojan (RAT) in rootkit malware, which allows
them to not only spy on users but also read their messages, see their browsing
activity, take screenshots, and hijack their webcam.

Routers: Hacking routers enables an attacker to gain access to data sent and
received across them and networks that are accessed on them. Hackers can also
hijack a router to carry out wider malicious acts such as distributed denial-of-service
(DDoS) attacks, Domain Name System (DNS) spoofing, or cryptomining.

Email: Email is one of the most common targets of cyberattacks. It is used to

spread malware and ransomware and as a tactic for phishing attacks, which enable
attackers to target victims with malicious attachments or links.

Jail broken Phones: Jail breaking a phone means removing restrictions imposed
on its operating system to enable the user to install applications or other software
not available through its official app store. Aside from being a violation of the end-
user’s license agreement with the phone developer, jail breaking exposes many
vulnerabilities. Hackers can target jail broken phones, which allows them to steal
any data on the device but also extend their attack to connected networks and
systems.

Prevention from Getting Hacked:

There are several key steps and best practices that organizations and users can
follow to ensure they limit their chances of getting hacked.
Software Update: Hackers are constantly on the lookout for vulnerabilities or
holes in security that have not been seen or patched. Therefore, updating software
and operating systems are both crucial to preventing users and organizations from
getting hacked. They must enable automatic updates and ensure the latest
software version is always installed on all of their devices and programs.

Use Unique Passwords for Different Accounts: Weak passwords or account

credentials and poor password practices are the most common cause of data
breaches and cyberattacks. It is vital to not only use strong passwords that are
difficult for hackers to crack but also to never use the same password for different
accounts. Using unique passwords is crucial to limiting hackers’ effectiveness.

HTTPS Encryption: Spoofed websites are another common vehicle for data theft,
when hackers create a scam website that looks legitimate but will actually steal the
credentials that users enter. It is important to look for the Hypertext Transfer
Protocol Secure (HTTPS) prefix at the start of a web address. For example:
https://www.fortinet.com.

Avoid Clicking on Ads or Strange Links: Advertisements like pop-up ads are
also widely used by hackers. When clicked, they lead the user to inadvertently
download malware or spyware onto their device. Links should be treated carefully,
and strange links within email messages or on social media, in particular, should
never be clicked. These can be used by hackers to install malware on a device or
lead users to spoofed websites.

Change the Default Username and Password on Your Router and Smart
Devices: Routers and smart devices come with default usernames and passwords.
However, as providers ship millions of devices, there is a risk that the credentials
are not unique, which heightens the chances of hackers breaking into them. It is
best practice to set a unique username and password combination for these types
of devices.

Protect Yourself Against Hacking: There are further steps that users and
organizations can take to protect themselves against the threat of hacking.
Download from First-party Sources: Only download applications or software
from trusted organizations and first-party sources. Downloading content from
unknown sources means users do not fully know what they are accessing, and the
software can be infected with malware, viruses, or Trojans.

Install Antivirus Software: Having antivirus software installed on devices is

crucial to spotting potential malicious files, activity, and bad actors. A trusted
antivirus tool protects users and organizations from the latest malware, spyware,
and viruses and uses advanced detection engines to block and prevent new and
evolving threats.

Use a VPN: Using a virtual private network (VPN) allows users to browse the
internet securely. It hides their location and prevents hackers from intercepting
their data or browsing activity.

Do Not Login as an Admin by Default: "Admin" is one of the most commonly

used usernames by IT departments, and hackers use this information to target
organizations. Signing in with this name makes you a hacking target, so do not log
in with it by default.

Use a Password Manager: Creating strong, unique passwords is a security best

practice, but remembering them is difficult. Password managers are useful tools for
helping people use strong, hard-to-crack passwords without having to worry about
remembering them.

Use Two-factor Authentication: Two-factor authentication (2FA) removes

people's reliance on passwords and provides more certainty that the person
accessing an account is who they say they are. When a user logs in to their account,
they are then prompted to provide another piece of identity evidence, such as their
fingerprint or a code sent to their device.

Brush Up on Anti-phishing Techniques: Users must understand the techniques

that hackers deploy to target them. This is especially the case with anti phishing
and ransomware, which help users know the telltale signs of a phishing email or a
ransomware attack or ransomware settlements.
What is Ethical Hacking? How Legal is Ethical Hacking?

Ethical hacking refers to the actions carried out by white hat security hackers. It
involves gaining access to computer systems and networks to test for potential
vulnerabilities, and then fixing any identified weaknesses.

Using these technical skills for ethical hacking purposes is legal, provided the
individual has written permission from the system or network owner, protects the
organization’s privacy, and reports all weaknesses they find to the organization and
its vendors.

FAQs

What is hacking?

Hacking is the act of compromising digital devices and networks by gaining

unauthorized access to an account or computer system. A key part of
understanding hacking is understanding the intent behind it, which usually involves
the hacker seeking access to digital infrastructure, application data, and stealing
sensitive customer information that could damage companies if leaked online.
When hacking is used to solicit money, it’s referred to as ransomware.

What are the seven types of hackers?

There are many different types of hackers, the most common of which are black,
grey, and white hat hackers. Black hat hackers are the bad guys—the cyber
criminals. The white hat or ethical hackers are the good guys, while grey hat
hackers are somewhere in the middle.

Other common hacker types include blue hat hackers, which are amateur hackers
who carry out malicious acts like revenge attacks, red hat hackers, who search for
black hat hackers to prevent their attacks, and green hat hackers, who want to
learn about and observe hacking techniques on hacking forums.

Other common hacker types are cyber terrorists, hacktivists, state- or nation-
sponsored hackers, script kiddies, malicious insiders, and elite hackers. Some
hacker groups are very well organized and continue to find new ways to identify
weaknesses and organize security penetration of large and small organizations.
What is the biggest hack in history?
The biggest hack in history is thought to be the data breach against Yahoo! The
2013 attack compromised around 3 billion people, and the company revealed that
every Yahoo! customer was affected by it.

Which country has the most hackers? China is believed to be the country with
the highest number of dangerous hackers. Most of the major cyberattacks that
occurred around the world can be traced back to China.

Teenage web vandals:

Keys Terms:
Graffiti: form of visual communication, usually illegal, involving the unauthorized
marking of public space by an individual or group. Although the common image of
graffiti is a stylistic symbol or phrase spray-painted on a wall by a member of a
street gang, some graffiti is not gang-related.

The US Department of Justice defines vandalism as “willful or malicious destruction,

injury, disfigurement, or defacement of any public or private property, real or
personal, without the consent of the owner or persons having custody or control.”
Vandalism includes a wide variety of acts, including graffiti, damaging property
(smashing mailboxes, trashing empty buildings or school property, breaking
windows, etc.), stealing street signs, arson, egging homes or cars, toilet papering
homes, and other types of mischief.

Why do teens engage in vandalism?

There are a number of reasons why a teen might vandalize property. They could be
bowing down to peer pressure. Someone dared them to do it, or the girl they like
admires someone else who vandalizes, or perhaps it could be part of an initiation in
a gang. Sometimes teens make poor decisions when they are bored. For example, a
teen might view stealing a street sign as a fun way to pass time where no one gets
hurt. Another reason could be for revenge. A teen is angry at someone and tries to
get back at that person by damaging their property. Finally, it is possible in the case
of graffiti, that the teen considers their vandalism as a form of self-expression or
art.
How does a parent know if their teen is engaging in vandalism?
Unfortunately, vandalism is very easy for a teen to hide. Unless they bring a street
sign home as a souvenir, there is no ‘evidence’ to find, and rarely do they act
differently than they normally do. That’s why it is important for parents to do two
things: (1) simply talk about vandalism with your children and explain why it is not a
good idea, and (2) know where your teens are at all times because a teen who
knows his parent cares and is involved is more likely to avoid becoming a vandal.
We also offer some prevention tips at the end of this article.

How does a parent explain the problems vandalism cause?

It is important that parents explain how to distinguish pranks from vandalism.
Often, teens think vandalism is a ‘victimless crime’; in other words, they don’t
believe they’re hurting anyone by spray painting graffiti on a brick building, or
tossing a few eggs at a neighbor’s car. Help them see the ramifications of their
actions. Explain to them that vandalism costs taxpayers a lot of money because the
property must be repaired and the crime must be investigated. That takes money
away from other important things that your teen may care about. For example,
because the school has to use money to cover up graffiti, they may have to cut out
art programs. Besides repairing damage, there are other high costs to teen
vandalism. Publicly viewable vandalism changes the atmosphere of a place. It may
give the impression that the people in the area do not value their space and that
the area is not well-protected and perhaps unsafe.
If you find out your child has vandalized something, the best consequence is to
make them clean it up and/or pay for repairs. When they have to scrape off the
gross, dried egg and they see that it takes off paint, the message will be loud and
clear. If you happen to have a graffiti artist on your hands, then it’s important to
provide them with a sanctioned place to stage his art or opportunities to put the
talent to a positive use.
Finally, it’s important that parents communicate that vandalism is a crime. If they
are caught, they can be charged with a crime and that will stain their permanent
record as they try to go to college and start a career.
What is the best way to prevent vandalism?
First of all, if you see an area that has been damaged or defaced by teen vandalism,
report it immediately. If it’s your own property, make any necessary repairs as soon
as you are cleared to do so by local authorities. Often, vandals will re-hit an area if
they believe nobody is watching or nobody cares that it has been defaced.
But one of the best ways to keep teens from engaging in vandalism, or really in any
negative or risky behavior, is to provide teens with positive options to use their free
time. Encourage your teen to take up a sport, club, exercise class, or extracurricular
activity. Allow them to get a job babysitting, mowing lawns, or walking dogs, which
will instill a strong work ethic and help them earn extra money while keeping them
busy. Check the YMCA, churches, Boys and Girls Clubs, 4H, and other youth
nonprofits for safe teen activities. Often, teens can take classes at the local
community college and transfer the credits to the college of their choice after high
school. They can take most electives without a prerequisite, and might enjoy the
taste of adulthood that goes along with taking classes at a higher learning
institution.

Cyber Fraud and Cheating-It means the person who is doing the act of
cyber-crime i.e. stealing password and data storage has done it with having guilty mind
which leads to fraud and cheating.

Defamation-The offense of injuring a person's character, fame, or reputation by false and malicious
statements. Any derogatory statement, which is designed to injure a person’s business or reputation,
constitutes cyber defamation. Defamation can be accomplished as libel or slander.

Cyber defamation occurs when defamation takes place with the help of computers and / or the Internet.
E.g. Someone publishes defamatory matter about someone on a website or sends e-mails containing
defamatory information to all of that person’s friends.

Harassment -Harassment is a form of discrimination. It involves any unwanted physical or verbal.

Behavior that offends or humiliates you. Generally, harassment is a behavior that persists over time.
Serious one - time incidents can also sometimes be considered harassment.

E-mail Abuse-Email Abuse, also known as junk email, is a type of electronic spam where unsolicited
messages are sent by email. Many email spam messages are commercial in nature but may also contain
disguised links that appear to be for familiar websites but in fact lead to phishing web sites or sites that
are hosting malware.

Spam email may also include malware as scripts or other executable file
attachments (Trojans).

Other IT Act Offences-The offences included in the IT Act 2000 are as

follows:
• Tampering with the computer source documents.
• Hacking with computer system.
• Publishing of information which is obscene in electronic form.
• Power of Controller to give directions
• Directions of Controller to a subscriber to extend facilities to decrypt information
• Protected system
• Penalty for misrepresentation
• Penalty for breach of confidentiality and privacy
• Penalty for publishing Digital Signature Certificate false in certain particulars
• Publication for fraudulent purpose
• Act to apply for offence or contravention committed outside India
• Confiscation
. Penalties or confiscation not to interfere with other punishments.
• Power to investigate offences

Monetary Penalties-A Monetary Penalty is a civil penalty imposed by a regulator

for a contravention of an Act, regulation or by-law. It is issued upon discovery of an
unlawful event, and is due and payables subject only to any rights of review that
may be available under the AMP's implementing scheme. It is regulatory in nature,
rather than criminal, and is intended to secure compliance with a regulatory
scheme, and it can be employed with the use of other administrative sanctions,
such as demerit points and license suspensions.

Electronic Governance - In this era of computer where every word is getting

prefixed by word ‘E’, Government of India is also not lacking behind and to provide
its services to the citizens at their fingertips the Government is also turning in E-
Governance. E-Governance is nothing but providing Government Services cheaper,
faster and efficiently to the citizens through internet and computer.

The Information Technology Act, 2000 gives recognition to the Electronic

Governance. Chapter III, Section 4 to Section 10-A, of the Act provides for the
provisions regarding Electronic Governance. Section 4 and 5gives Legal Recognition
to electronic records and electronic signatures. Section 6 of the Act authenticates
use of electronic record and electronic signatures in Government and its agencies.
The aim electronic government is to ensure transparency in Government. It also
makes the Government accessible to the citizen residing in the most remote village
of the country.