UNIT-II

CYBERCRIME AND CYBER LAW

What is Cybercrime?

Cybercrime is defined as a crime where a computer is the object of the crime or is used
as a tool to commit an offense. A cybercriminal may use a device to access a user’s personal
information, confidential business information, government information, or disable a device.
It is also a cybercrime to sell or elicit the above information online.Cybercriminals can be
individuals who are trading in illegal online content or scammers or even drug dealers.

some examples of cybercriminals:

- Black hat hackers

- Cyber stalkers
- Cyber terrorists
- Scammers

CLASSIFICATION OF CYBERCRIMES:
There are three major categories that cybercrime falls into: individual, property and
government. The types of methods used and difficulty levels vary depending on the category.

 Property: This is similar to a real-life instance of a criminal illegally possessing an

individual’s bank or credit card details. The hacker steals a person’s bank details to
gain access to funds, make purchases online or run phishing scams to get people to
give away their information. They could also use a malicious software to gain access
to a web page with confidential information.
 Individual: This category of cybercrime involves one individual distributing
malicious or illegal information online. This can include cyber stalking, distributing
pornography and trafficking.

 Government: This is the least common cybercrime, but is the most serious offense. A
crime against the government is also known as cyber terrorism. Government
cybercrime includes hacking government websites, military websites or distributing
propaganda. These criminals are usually terrorists or enemy governments of other
nations.

COMMON CYBERCRIMES:

DDoS Attacks
DDoS attacks are used to make an online service unavailable and take the network down by
overwhelming the site with traffic from a variety of sources. Large networks of infected
devices known as Botnets are created by depositing malware on users’ computers. The hacker
then hacks into the system once the network is down.

Botnets
Botnets are networks from compromised computers that are controlled externally by remote
hackers. The remote hackers then send spam or attack other computers through these botnets.
Botnets can also be used to act as malware and perform malicious tasks.
Identity Theft
This cybercrime occurs when a criminal gains access to a user’s personal information to steal
funds, access confidential information, or participate in tax or health insurance fraud. They
can also open a phone/internet account in your name, use your name to plan a criminal
activity and claim government benefits in your name. They may do this by finding out user’s
passwords through hacking, retrieving personal information from social media, or sending
phishing emails.

Cyber stalking
This kind of cybercrime involves online harassment where the user is subjected to a plethora
of online messages and emails. Typically cyber stalkers use social media, websites and search
engines to intimidate a user and in still fear. Usually, the cyber stalker knows their victim and
makes the person feel afraid or concerned for their safety.

Social Engineering
Social engineering involves criminals making direct contact with you usually by phone or
email. They want to gain your confidence and usually pose as a customer service agent so
you’ll give the necessary information needed. This is typically a password, the company you
work for, or bank information. Cybercriminals will find out what they can about you on the
internet and then attempt to add you as a friend on social accounts. Once they gain access to
an account, they can sell your information or secure accounts in your name.

PUPs
PUPS or Potentially Unwanted Programs are less threatening than other cybercrimes, but are
a type of malware. They uninstall necessary software in your system including search engines
and pre-downloaded apps. They can include spyware or adware, so it’s a good idea to install
an antivirus software to avoid the malicious download.

Phishing
This type of attack involves hackers sending malicious email attachments or URLs to users to
gain access to their accounts or computer. Cybercriminals are becoming more established and
many of these emails are not flagged as spam. Users are tricked into emails claiming they
need to change their password or update their billing information, giving criminals access.

Prohibited/Illegal Content
This cybercrime involves criminals sharing and distributing inappropriate content that can be
considered highly distressing and offensive. Offensive content can include, but is not limited
to, sexual activity between adults, videos with intense violent and videos of criminal activity.
Illegal content includes materials advocating terrorism-related acts and child exploitation
material. This type of content exists both on the everyday internet and on the dark web, an
anonymous network.

Online Scams
These are usually in the form of ads or spam emails that include promises of rewards or
offers of unrealistic amounts of money. Online scams include enticing offers that are “too
good to be true” and when clicked on can cause malware to interfere and compromise
information.
Exploit Kits
Exploit kits need a vulnerability (bug in the code of a software) in order to gain control of a
user’s computer. They are readymade tools criminals can buy online and use against anyone
with a computer. The exploit kits are upgraded regularly similar to normal software and are
available on dark web hacking forums.

History of Cybercrime

The malicious tie to hacking was first documented in the 1970s when early computerized
phones were becoming a target. Tech-savvy people known as “phreakers” found a way
around paying for long distance calls through a series of codes. They were the first hackers,
learning how to exploit the system by modifying hardware and software to steal long distance
phone time. This made people realize that computer systems were vulnerable to criminal
activity and the more complex systems became, the more susceptible they were to
cybercrime.

Fast Forward to 1990, where a large project named Operation Sundevil was exposed. FBI
agents confiscated 42 computers and over 20,000 floppy disks that were used by criminals for
illegal credit card use and telephone services. This operation involved over 100 FBI agents
and took two years to track down only a few of the suspects. However, it was seen as a great
public relations effort, because it was a way to show hackers that they will be watched and
prosecuted.

The Electronic Frontier Foundation was formed as a response to threats on public liberties
that take place when law enforcement makes a mistake or participates in unnecessary
activities to investigate a cybercrime. Their mission was to protect and defend consumers
from unlawful prosecution. While helpful, it also opened the door for hacker loopholes and
anonymous browsing where many criminals practice their illegal services.

Crime and cybercrime have become an increasingly large problem in our society, even with
the criminal justice system in place. Both in the public web space and dark web,
cybercriminals are highly skilled and are not easy to find. Read below to learn more about
how to combat cybercrime through cyber law.

Impact of Cybercrime on Society

Cybercrime has created a major threat to those who use the internet, with millions of users’
information stolen within the past few years. It has also made a major dent in many nations’
economies. IBM president and CEO Ginni Rometty described cybercrime as “the greatest
threat to every profession, every industry, every company in the world.” Read below for
shocking statistics on cybercrime’s impact on our society to date.

CYBER CRIME TARGETING COMPUTERS AND MOBILES:

Cybercrime is criminal activity that either targets or uses a computer, a computer network or
a networked device. Most cybercrime is committed by cybercriminals or hackers who want to
make money. However, occasionally cybercrime aims to damage computers or networks for
reasons other than profit. These could be political or personal.
 Cybercrime can be carried out by individuals or organizations. Some cybercriminals are
organized, use advanced techniques and are highly technically skilled. Others are novice
hackers.

What are the types of cybercrime?

Types of cybercrime include:

 Email and internet fraud.

 Identity fraud (where personal information is stolen and used).

 Theft of financial or card payment data.

 Theft and sale of corporate data.

 Cyberextortion (demanding money to prevent a threatened attack).

 Ransomware attacks (a type of cyberextortion).

 Cryptojacking (where hackers mine cryptocurrency using resources they do not own).
 Cyberespionage (where hackers access government or company data).

 Interfering with systems in a way that compromises a network.

 Infringing copyright.

 Illegal gambling.

 Selling illegal items online.

 Soliciting, producing, or possessing child pornography.

Cybercrime involves one or both of the following:

 Criminal activity targeting computers using viruses and other types of malware.
 Criminal activity using computers to commit other crimes.
Cybercriminals that target computers may infect them with malware to damage devices or
stop them working. They may also use malware to delete or steal data. Or cybercriminals
may stop users from using a website or network or prevent a business providing a software
service to its customers, which is called a Denial-of-Service (DoS) attack.
Cybercrime that uses computers to commit other crimes may involve using computers or
networks to spread malware, illegal information or illegal images.
Cybercriminals are often doing both at once. They may target computers with viruses first
and then use them to spread malware to other machines or throughout a network. Some
jurisdictions recognize a third category of cybercrime which is where a computer is used as
an accessory to crime. An example of this is using a computer to store stolen data.

CYBER CRIME – MOBILE SECURITY THREATS





Prerequisites – Cyber Crime, Prevention Tips Mobile devices are now an essential need for
every person for day-to-day tasks. As a result, the number of mobile users is rising
exponentially. This gives us the direction to think about the data they process and what
security mechanisms are being taken by mobile application developers to keep the user’s
data secure. There was a time when the biggest threat to the data was due to spyware which
runs silently on the computer background and steals user data. Now even mobile devices
are a fruit target for cyber-criminals to steal your data without even getting noticed. When it
comes to securing mobile data, use an antivirus application that tends to protect your data
from getting breached.
Types of Mobile Security Threats –
1. Web-Based Threats – These types of threats happen when people visit sites that appear
to be fine on the front-end but in reality, automatically download malicious content onto
the mobile devices. Also, many mobile applications continue to sync their data in the
background which poses a threat. These threats usually go unnoticed by the users.
 Phishing Through Links : Some legitimate-looking links are sent through
messages, emails, or social media platforms. They extract personal information by
tricking with several schemes. It is not possible to categorize them as real or fake as
they copy the original website.
 Forced Downloads : When you visit a page through anonymous links, it
automatically directs you to the download page. This method is called drive-by
downloads.
2. Physical Threats – These threats happen when someone physically tries to access your
device. When you lose your mobile, or it is stolen there is a possibility for physical
threats. Mobile devices carry your transactional data as well as has connected
applications to your bank accounts, which is a threat to your privacy breach.
 No Password Protection : With keeping all measures to secure your data, it is
surprising to know that some people find it difficult to use a password on their
devices, or they rather use a password that is easy to crack by hackers. This leads to
physical threats.
 Encryption : While using carrier networks they generally provide good encryption
while accessing servers. But while accessing some client and enterprise servers they
are explicitly managed. They are not end-to-end encrypted which can lead to
physical threats.
3. Network-Based Threats – Mobile network includes both Cellular and Local network
support such as Bluetooth and Wi-Fi. These are used to host network threats. These
threats are especially dangerous as the cyber-criminals can steal unencrypted data while
people use public WiFi networks.
 Public WiFi : While we are using our devices for every task, at public places we are
provided with public open WiFi which tends to be legitimate while they are
controlled by hackers which results in data leakage.

 Network Exploits : Network exploits are due to the vulnerabilities in the operating
system in your mobile devices. Once this software is connected to the network they
are capable of installing malware onto the device without being known.
4. Application-Based Threats – Websites available for software downloads are home to
these threats. They tend to be genuine software but in fact are specially designed to
carry malicious activities.
  Malware : Malware is designed to send unwanted messages to recipients and
further use your personal and business information by hacking your devices.
 Spyware : They are the software that are used to collect specific information about
an organization or person which later can be used for fraud and identity threats.
Steps to prevent from Mobile Security Threats –
 Prefer using communication apps that encrypt data transfers.
 Update your device software regularly to ensure protection against spyware threats.
 Create unique passwords for different accounts created while using mobile devices.
 Delete the non-active apps to limit the threat to data access and privacy.
 Categories your applications under Blacklist and Whitelist.
 Check for apps accessing location and storage.
 Do not allow forced downloads from browser.
 Check on security that stops sharing of network unnecessary.
 Do not add your data to public servers.

CYBER CRIME AGAINST WOMEN AND CHILDREN:

Internet surfing has become a regular practice for educational, social, entertainment, or
professional purposes in today’s digital world. Women have been working or learning using
online platforms and frequently accessing social media platforms. While most people are
engaged on the internet and other digital platforms for various educational and recreational
purposes, many miscreants use these digital tools to abuse and bully online users, especially
women. This type of criminal activity is called Cybercrime, as it involves using cyberspace.
Cybercrime can be defined as unlawful activities conducted through the internet and digital
devices intending to creep into the private space of others and disturb them with
objectionable content and misbehaviour. Cyber-crime affects women the most by subjecting
them to mental and emotional harassment.
Cyber Violence Against Women:
Cyber violence uses Computer Technology to access women’s personal information and use
the internet for harassment and exploitation. Women are becoming soft targets as they often
trust other people and are unaware of the consequences. Cybercrime has increased because it
is difficult to detect and prove and is seldom reported. Cybercrime is away from traditional
monitoring, investigation, or audit and requires specialists to understand the nature of the
crime. Cybercrime affects women the most by subjecting them to mental and emotional
harassment. Most women become distressed, humiliated, and depressed under this type of
crime which is challenging to address and resolve.
Types of Cyber Crime:
Cybercrime against women includes gender-based and sexual remarks and activities
performed through a computer network or mobile phones, affecting the dignity of women and
causing emotional distress. The different types of cybercrime against women are explained as
follows:
 Cyber Stalking: It includes attempting to contact the women via social networking sites
without any legitimate purpose, putting threatening messages on the chat page, and
constantly disturbing the victims with objectionable emails and messages to create mental
distress.
 Cyber Defamation: This activity involves defaming the victim through blackmailing and
disclosing their details or modified pictures. It often involves extorting and seeking sexual
favors from the victim.
 Cyber Hacking: When asked to click on unauthorised URLs or download apps that leak
all their personal information on their phones, the women became victims of cyber
hacking. The criminals utilise these details for unauthorised monetary transactions and
other unlawful activities.
 Cyber Bullying: It is an act of regular harassment and bullying of the victim through the
digital communication device by posting abusive and misleading content, pictures, or
videos and sending rape and death threats.
 Pornography: This criminal activity involves posting morphed images of victims and
using them for pornographic purposes, sometimes demanding money to remove them
from social networking sites.
 Cyber Grooming: In this case, a person builds a relationship with a woman through an
online platform and pressurizes her for undue favors or doing sexual acts.

Measures that can be taken for Online Safety:

 Keep a watch on irrelevant or fraudulent messages or emails.
 Avoid responding to emails asking for personal information.
 Avoid accessing fraudulent websites or apps that require personal information.
 Take care of the email address and password.
 Use strong and secure passwords and keep on changing regularly.
 Don’t click on unrecognized UPL or download unknown apps.
 Remain updated about cyber laws and policies.
Legal Provisions Related to Cyber Crime Against Women:
All users of cyberspace are subject to specific laws applicable worldwide. Cyber laws deal
with legal issues arising from networked computer technology and digital platforms. These
laws protect the victims against cybercrimes and help them address the issues and get
justice.
The following acts under the Indian Penal Code (IPC, 1860) section 354 mention the
following crimes as punishable under the law with rigorous imprisonment and fines.
 Section 354A: Demand for sexual favors or displaying objectionable pictures against a
woman’s consent or making sexual remarks and sexual harassment will cause the
imprisonment of up to 3 years with fines.
 Section 354C: An act of photographing or publishing a picture of a woman engaged in
a private act without her consent will lead to imprisonment of 3 to 7 years.
 Section 354D: Contacting a woman online and sending irrelevant emails/messages
despite the woman’s evident disinterest will cause the imprisonment of 5 years with
fines.
The Information Technology Act, 2000 also has provisions for punishment under the
following sections:
 Section 66C-Identify cyber hacking is a punishable offense with imprisonment of 3
years and fines of Rs. 1 lakh.
 Section 66E- Deals with the offense of capturing, publishing, or sending pictures of
women in circumstances that violate privacy. This causes imprisonment of 3 years.
 Section 67A- Makes it illegal to publish and transmit sexually explicit content and is
punishable with imprisonment of up to 5 to 7 years.
The Cybercrime Prevention Act of 2012 focuses on preventing and prosecuting offenders
involved in cybercrimes like violating privacy, confidentiality, and integrity of information
through computer-related criminal activities.
The Indecent Representation of Women (Prohibition) Act regulates and prohibits the
indecent representation of women through the media and publications, which also includes
the audio-visual media, the content in electronic form, and distribution of material on the
Internet, and the portrayal of women over the web.

CYBER CRIMES AGAINST CHILDREN:

The world is getting closer as daily web usage increases. The World Wide Web
may seem like a significant advancement, but unexpectedly, one of its benefits is that it
makes the world closer for its users, making it a smaller place to live. But one of its
drawbacks is Cybercrime. Cybercrime is any illicit activity that uses a computer as a tool or a
target. The problem with Cybercrime is that it is expanding steadily, and many people have
fallen victim to fraud, malicious software, hacking, and other forms of Cybercrime. Some
people misuse computers and the internet to commit crimes such as web hacking, email
bombing, cyber stalking.
Internet Crimes against Children:
In addition to these crimes, criminals also engage in child abuse online, other types of
cybercrime such as child exploitation, cyber bullying, possession of child pornography,
exposure to harmful content, and many more. Also, it has been observed that young children
or teenagers are the primary and easy targets for criminal activity as they are trusting, naive,
adventurous, and eager for attention and affection. For instance, the predator might approach
a young individual online and form an online friendship based on the same likes, interests,
and activities. Gifts and photos could be exchanged as a result of this. The predator tries to
gain the child’s trust to get what they want from the child. And this is why the government is
dedicated to laws, initiatives, and policies to ensure all Indians always have access to an
open, trusted, and accountable internet.
According to the NCRB data, the top five states reporting cyber crimes against children are
Uttar Pradesh (170), Karnataka (144), Maharashtra (137), Kerala (107), and Odisha (71).

FINANCIAL FRAUD:

Financial fraud happens when someone deprives you of your money, capital, or otherwise
harms your financial health through deceptive, misleading, or other illegal practices. This can
be done through a variety of methods such as identity theft or investment fraud.

For all types of financial fraud, it is important to report the crimes to the appropriate agencies
and law enforcement as soon as possible. Fraudulent charges should also be disputed or
canceled as soon as they are discovered. Furthermore, victims should gather all
documentation related to the crime (e.g. bank statements, credit reports, tax forms from
current and previous years) and continue to file important information throughout the
reporting process.

Common Types of Financial Crimes

For a detailed overview of common financial crimes and action steps for reporting please see
our Taking Action guide to financial crimes.
Identity theft:
Someone steals your personal financial information (e.g. credit card number, social security
number, bank account number) to make fraudulent charges or withdrawals from your
accounts. Sometimes people will use the information to open credit or bank accounts and
leave the victim liable for all the charges.

Identity theft often results in damaged credit rating, bounced checks/denied payments, and
being pursued by collections agencies.

Examples:

 Unfamiliar charges or purchases on your credit card or bank account statements.

 Perpetrators posing as a bank, government office, or official institution in order to
steal your personal financial information

Investment Fraud:
Selling investments or securities with false, misleading, or fraudulent information. This may
be false/grandiose promises, hiding/omitting key facts, and insider trading tips among other
things.

Examples:

 Ponzi schemes: Investment fraud scheme where returns are paid to investors using
new capital from newly recruited investors as opposed to interest and profits from
legitimate investments.
 Pump & Dump schemes: Stock traders or stock brokers purchase a stock at a low
value then entice other clients to buy the same stock in order to inflate its price. Those
who bought the stock at its low value then sell their shares and pocket the profit.
 Selling a business or real estate opportunity investment with bad, inaccurate, or false
information. Also includes omitting or hiding information that is important to an
investment decision.

Mortgage and Lending Fraud:

Someone else (often a friend or family member) opens a mortgage or loan using your
information or using false information or lenders selling you mortgage or loans with
inaccurate information, deceptive practices, and other high-pressure sales tactics.

Examples:

 Mortgage and loan modification services

 Predatory lending practices such as:
o Unjustified risk-based pricing
o Single-premium credit insurance
o Failure to present the loan price as negotiable
o Failure to clearly and accurately disclose terms and conditions
o Short-term loans with disproportionately high fees
o “Bait and switch” contract negotiations
o Servicing agent and securitization abuses
Mass Marketing Fraud:
Often committed using mass mailings, telephone calls, or spam emails. Mass marketing fraud
typically involves fake checks, charities, sweepstakes, lotteries, and exclusive club or honor
society invitations. These offers and letters are used to steal your personal financial
information or solicit contributions and fees to fraudulent organizations.

Examples:

 Fake charity donation solicitations

 Exclusive Club or Honor Society invites. Usually, invitations are sent through mail or
emailed and promise membership in a particular organization for a small fee or setting
up a recurring charge with no discernable service provided. Also used to steal
personal financial information.
 Award or Prize notifications. Also seen on the internet as “10,000th Visitor” type
notifications. Usually, ask for personal financial information or fee to be paid in order
for a prize to be delivered or award to be made official. If you do not remember
applying or entering a competition for the award or prize it is probably fraudulent.
 Phone calls claiming to be from the government, your bank, or other “official” agency

SOCIAL ENGINEERING ATTACKS:

Phishing:
Phishing scams are the most common type of social engineering attack. They typically take
the form of an email that looks as if it is from a legitimate source. Sometimes attackers will
attempt to coerce the victim into giving away credit card information or other personal data.
At other times, phishing emails are sent to obtain employee login information or other details
for use in an advanced attack against their company. Cybercrime attacks such as advanced
persistent threats (APTs) and ransom ware often start with phishing attempts.
Other examples of phishing you might come across are spear phishing, which targets specific
individuals instead of a wide group of people, and whaling, which targets high-profile
executives or the C-suite.
In recent times, attackers have been taking advantage of the growth in software as a service
(SaaS), such as Microsoft 365. These phishing campaigns usually take the form of a fake
email that claims to be from Microsoft. The email contains a request that the user log in and
reset their password because they haven't logged in recently, or claims there is a problem
with the account that needs their attention. The URL is included, enticing the user to click
and remedy the issue.
Watering hole attacks
Watering hole attacks are a very targeted type of social engineering. An attacker will set a
trap by compromising a website that is likely to be visited by a particular group of people,
rather than targeting that group directly. An example is industry websites that are frequently
visited by employees of a certain sector, such as energy or a public service. The perpetrators
behind a watering hole attack will compromise the website and aim to catch out an individual
from that target group. They are likely to carry out further attacks once that individual's data
or device has been compromised.
Business email compromise attacks
Business email compromise (BEC) attacks are a form of email fraud where the attacker
masquerades as a C-level executive and attempts to trick the recipient into performing their
business function, for an illegitimate purpose, such as wiring them money. Sometimes they
go as far as calling the individual and impersonating the executive.
Physical social engineering:
When talking about cybersecurity, we also need to talk about the physical aspects of
protecting data and assets. Certain people in your organization--such as help desk staff,
receptionists, and frequent travelers--are more at risk from physical social engineering
attacks, which happen in person.
Your organization should have effective physical security controls such as visitor logs, escort
requirements, and background checks. Employees in positions at higher risk for social-
engineering attacks may benefit from specialized training from physical social engineering
attacks.

USB baiting:
USB baiting sounds a bit unrealistic, but it happens more often than you might think.
Essentially what happens is that cybercriminals install malware onto USB sticks and leave
them in strategic places, hoping that someone will pick the USB up and plug it into a
corporate environment, thereby unwittingly unleashing malicious code into their
organization.

MALWARE AND RANSOMWARE ATTACKS:

Malware is malicious software, which - if able to run - can cause harm in many ways,
including:

 causing a device to become locked or unusable

 stealing, deleting or encrypting data
 taking control of your devices to attack other organisations
 obtaining credentials which allow access to your organisation's systems or services that
you use
 'mining' cryptocurrency
 using services that may cost you money (e.g. premium rate phone calls).
Most Common Types of Malware Attacks?
1) Adware.
2) Fileless Malware.
3) Viruses.
4) Worms.
5) Trojans.
6) Bots.
7) Ransomware.
 8) Spyware.
RANSOMWARE:

Ransom ware is a type of malware (malicious software) used by cybercriminals. If a

computer or network has been infected with ransom ware, the ransom ware blocks access to
the system or encrypt its data. Cybercriminals demand ransom money from their victims in
exchange for releasing the data. In order to protect against ransomware infection, a
watchful eye and security software are recommended. Victims of malware attacks have three
options after an infection: they can either pay the ransom, try to remove the malware,
or restart the device. Attack vectors frequently used by extortion Trojans include
the Remote Desktop Protocol, phishing emails, and software vulnerabilities. A
ransomware attack can therefore target both individuals and companies.

In particular, two types of ransomware are very popular:

 Locker ransomware. This type of malware blocks basic computer functions. For example,
you may be denied access to the desktop, while the mouse and keyboard are partially
disabled. This allows you to continue to interact with the window containing the ransom
demand in order to make the payment. Apart from that, the computer is inoperable. But there
is good news: Locker malware doesn't usually target critical files; it generally just wants to
lock you out. Complete destruction of your data is therefore unlikely.
 Crypto ransomware. The aim of crypto ransomware is to encrypt your important data,
such as documents, pictures and videos, but not to interfere with basic computer functions.
This spreads panic because users can see their files but cannot access them. Crypto
developers often add a countdown to their ransom demand: "If you don't pay the ransom by
the deadline, all your files will be deleted." and due to the number of users who are unaware
of the need for backups in the cloud or on external physical storage devices, crypto
ransomware can have a devastating impact. Consequently, many victims pay the ransom
simply to get their files back.

ZERO DAY AND ZERO CLICK ATTACK:

 Zero-day exploit is a type of cyber security attack that occur on the same day the
software, hardware or firmware flaw is detected by the manufacturer. As it’s been
zero days since the security flaw was last exploit, the attack is termed as zero-day
exploit or zero-day attack. This kind of cyber-attacks are considered dangerous
because the developer have not had the chance to fix the flaw yet. Zero-day exploit
typically targets large organizations, government departments, firmware, hardware
devices, IoT, users having access to valuable business data, etc.
 Working of Zero-day Exploit:
 A software is developed and released without knowing the fact that it has a security
vulnerability. An attacker identifies or exploits this vulnerability before the
developers identifies or fixes the same. While still the vulnerability is open and
unpatched, exploiting the vulnerability, the hacker attacks and compromises the
software which can lead to data theft, unauthorized access or crashing of the
software itself. After the attacker attacks the target, the public or developer
identifies the attack and tries to figure out the patch. The developer identifies the fix
and releases the update to safe guard its new user.


Zero-day Exploit Detection:

Probability of detecting zero day exploit is rare or in other words, the attack leaves no
opportunity for detection. But there are a few ways to identify the existing known
vulnerabilities.
1. Signature Based – In this method, the occurrence pattern of known vulnerability can be
detected with the help of pattern matching. Even though this method cannot detect the
malware code used for zero-day exploit, it is capable of detecting known attacks like
SQL injection that may lead to zero-day vulnerability. While a developer may not be
able to detect zero-day attack, the system firewall may be able to detect and protect
against few known specific attack types such as XSS , SQL injection, etc.
2. Statistical Techniques – By monitoring the normal activity, this technique learns the
normal behavior of the network. When the system identifies any deviation from normal
profile it will detect a probability of vulnerability.
3. Behavior Based – The implementation of behavior based detection typically depends
on a ‘honeypot’. A honeypot is a security mechanism that is developed to detect the
presence of hackers or hacking attempts.
4. Hybrid Techniques – This hybrid technique use the advantage of statistical, behavioral
and traditional signature based defense mechanism. They are comparatively more
effective as the weaknesses of any single detection technique will not break the
security.
Zero-day Exploit Prevention : As zero-day exploits cannot be easily discovered,
prevention of the zero-day exploit becomes difficult. There is hardly any ways to protect
against zero-day exploit as we don’t have any idea about its occurrence well in advance.
We can reduce the level of risk opting any of the following strategies:
 Implementation of IP security protocol ( IPSec) .
 Usage of virtual local area networks.
 Deployment of intrusion detection system (IDS) or intrusion prevention system (IPS) .
 Usage of network access control protocols.
 Usage of security schemes such as Wi-Fi Protected Access 2.
 Keeping all systems up to date.
 Performing periodic vulnerability scanning.

ZERO-CLICK ATTACK:

A zero-click exploit is designed to work without user interaction, which means that it needs
to achieve code execution on its own. Most zero-click exploits are designed to take advantage
of vulnerabilities in applications that accept and process untrusted data. Common examples
include SMS and other messaging platforms, email apps, and phone apps.

These applications accept data from an untrusted source and process it before presenting it to
the user. If this data processing code contains an unpatched vulnerability, then a carefully
crafted message could exploit this vulnerability, allowing the malicious message or phone
call to run malicious code on the device.

Receiving an email, receiving an SMS, and similar actions don’t require user interaction;
smartphones display notifications based on the contents of an SMS or other message before
 the user decides to open and read it. A well-crafted malicious message can install malware,
delete itself, and suppress notifications to give the user no indication that the attack has
occurred.

Types of Zero Click Exploits:

Smartphones are the most common and widely-known target of zero-click attacks. These
devices use various communications apps, including SMS, phone, messaging, and social
media apps. This provides a wide attack surface for attackers looking for an exploitable
vulnerability.

Certain groups are well-known for identifying and weaponizing zero-click exploits. For
example, the NSO Group has identified and created exploits for several zero-click
vulnerabilities in iPhones and Android devices and the apps that run on them. These
vulnerabilities are exploited to deliver the company’s Pegasus spyware, which is sold to
governments for use in law enforcement, intelligence collection, and, in many cases,
monitoring of journalists, activists, and other persons of interest.

While the NSO Group is the most well-known purveyor of spyware that exploits zero-click
vulnerabilities, it is not the only group with this capability. The company has direct
competitors, and other cyber threat actors have the ability to detect and weaponize these
vulnerabilities as well.

How to Protect Yourself from Zero-Click Exploits

The entire purpose of zero-click exploits is to evade detection by the user. Since there is no
need for user interaction, there is no opportunity for the target to identify the threat and refuse
to fall for it. However, this does not mean that it is impossible to protect against these attacks.
Instead of responding to an attack in progress, mitigating the threat of zero-click exploits
requires proactive, preventative actions, such as:

 Updating Apps and Devices: Zero-click exploits take advantage of unpatched vulnerabilities
in device operating systems and applications. Keeping devices and apps up-to-date can
reduce devices’ vulnerability to these attacks.

 Installing Anti-Spyware and Anti-Malware Solutions: Zero-click exploits are commonly

used to deploy spyware and other malware to devices. Using anti-spyware and anti-malware
 solutions that can detect and remediate these infections can mitigate the impact of a
successful zero-click exploit.

 Avoid Unsafe Applications: Applications downloaded from third-party app stores or

sideloaded onto a device are more likely to contain exploitable vulnerabilities. Only installing
reputable apps from trusted app stores can minimize exploitability.

CYBERCRIMINALS MODUS-OPERANDI:

Understanding Modus Operandi (MO) is critical. Knowing the tactics, timing and unique
characteristics from those targeting you is key to bolstering a defence.

An MO is simple a particular way or method of doing something, especially one that is

characteristic. It's a recognizable pattern. For example, a criminal might break into a specific
type of lock or window in a certain way, leave evidence of particular behaviour that seems
unusual or notable, or leave or take some specific item from a crime scene.

The Role of Cybercriminals in Ransomware Attacks

While individual attackers can carry out ransomware attacks, most attacks are carried out by
organized criminal groups. These groups are often highly sophisticated and have access to
significant resources. They are able to carry out attacks on a large scale and can target
multiple victims at once.

One of the key advantages of using a criminal group to carry out a ransomware attack is that
it provides a level of anonymity for the individual attackers. The group can act as a buffer
between the attackers and the victims, making it more difficult for law enforcement agencies
to track down the individuals responsible.

Factors in Ransomware Profiles

The usual personality traits of ransomware gang members are:

1. (1) financially driven;

2. (2) high level of technical skill; and

3. (3) located in countries with weak or non-existent cybercrime laws.

They also understand the ransomware process. Ransomware itself is malicious code that
encrypts data. We all generally know that. But that's not "the process".

The process is an organized, productized and well-tuned set of actors, actions and activities
that involve "IABs" (Initial Access brokers, digital mercenaries (affiliates). The head gang
members have their mercenaries each do different tasks without knowing (1) who is behind it
all; (2) who heads up the crime gangs; (3) or even who the other peers are. It's all orchestrated
by the head gang members. Like true organized crime of the Mafia.
The platforms are unlike anything most could even imagine -a single pane of glass smoother
than Salesforce, which can handle the entire transaction-from extortion, money laundering, to
exfiltrating (stealing) data, encrypting backups, spying, communication with victims and
morr.

Common Characteristics of Ransomware Attackers

While ransomware attackers come from a wide range of backgrounds and have different
motives, there are some common characteristics that can be identified. One of these is a lack
of empathy for their victims. Ransomware attackers are willing to cause significant harm to
others in order to achieve their goals.

Another characteristic of ransomware attackers is their willingness to take risks. They are
aware that their actions are illegal and can result in significant penalties, but they are willing
to take that risk in order to make money. This means that they are often highly motivated and
determined individuals.

Another motivation behind ransomware attacks is revenge. In some cases, attackers may
target a particular individual or organization because they perceive them as having wronged
them in some way. This can be a particularly dangerous motivation, as the attacker may be
willing to go to extreme lengths to achieve their goal.

Finally, some ransomware attackers may be motivated by ideology. For example, they may
target organizations that they perceive as being unethical or harmful to society. While this is a
less common motivation, it can still be a significant factor in some attacks.

What is the modus operandi of a cyber-attack?

Cyber attackers don’t want you to understand what they’re doing. The less you know, the
more opportunity they have to fraudulently extract funds from your organisation. A skilled
and determined cyber criminal can use multiple entry points to navigate around defences,
breach your network in minutes and evade detection for months.

This is how they do it.

1. Reconnaissance and compromise

The initial reconnaissance period prior to an attack involves criminals researching and
gathering information about the target organisation. They look for network ranges, IP
addresses and domain names. Attackers also try to find the email addresses of key players in
an organisation, or identify vulnerable employees by sending phishing emails. They also scan
for network vulnerabilities. These activities can take months, but the attackers are patient.

2. Obtain credentials

After accessing the network, criminals try to infiltrate further into the network by acquiring
access privileges. Attackers use various tools to help them steal credentials, allowing them to
upgrade their access to administrator level, and penetrate back-office and operational
networks silently.
 3. Submit fraudulent messages

Attackers infiltrate the network using malicious programmes that allow them to hide in
multiple systems and inject malware into critical systems. At this point, they can start to
submit fraudulent payment instructions by impersonating an operator or approver.

4. Hide evidence:

Once fraudulent payments have been sent, attackers proceed to cover their tracks, hiding
evidence of their actions. Using various tools and techniques, they delete or manipulate
records, and corrupt systems to confuse forensic experts.

REPORTING OF CYBERCRIME:
National Cybercrime Reporting Portal (NCRP):
This portal is an initiative of Government of India to facilitate victims/complainants reporting
cybercrime online. This portal caters to cyber crimes complaints only, with special focus on
cybercrimes against women and children. Complaints reported on this portal are dealt with by
law enforcement agencies/police based on the information provided. For prompt action, it is
imperative to provide correct and accurate details while filing complaints.
Helpline number 1930:
1930 is national cybercrime helpline. If you fall victim to a financial fraud, you can call this
number with necessary details, such as your name, contact information, your account number
along with the details of the account that you transferred the money to.
File an online complaint:
If you are a victim of cybercrime, or if you see a cybercrime against women and children,
you can report it to https://cybercrime.gov.in/. You can file a report anonymously too.
Here too, while filing a complaint, ensure that you have necessary documents, like your bank
account number, account to which you transferred the amount and your contact number
which is linked to the bank. You can also track the status of your complaint once you file it.
In case of anonymous complaints, you do not need to provide any personal information.
However, information related to the incident / complaint should be complete for the police
authorities to take necessary action. You will need to provide key information such as your
name, phone number, email address, details of the incident/ complaint and necessary
information supporting the complaint, etc.
You will need to register yourself using your mobile number. You will receive a One Time
Password (OTP) on your mobile number. The OTP remains valid for 30 minutes only. Once
you successfully register your mobile number on the portal, you will be able to report the
complaint.
The complaints reported on the portal shall be handled by the State/UT police authorities
concerned. Once your complaint is submitted, you will receive a confirmation message in the
portal itself. In case you have filed a complaint through the ‘Report and Track’ option or
Report Other Cybercrime’ section available on the portal, you will receive a SMS and an e-
mail with a complaint reference number on your registered mobile number and e-mail id.
Contact nearest police station:
If you are unable to file a report online or through the helpline number, you can visit the
nearest police station and register a complaint. The police officials will then do the needful
and transfer the case to the cyber cell.
Other helpline numbers:
Nationalpolice helplinenumber:112
Nationalwomenhelplinenumber:181
Toll-free police control room number: 100

WHAT IS CYBERSECURITY RISK MITIGATION:

Cybersecurity risk mitigation involves the use of security policies and processes to reduce the
overall risk or impact of a cybersecurity threat. In regard to cybersecurity, risk mitigation can
be separated into three elements: prevention, detection, and remediation. As cybercriminals’
techniques rise in sophistication, your organization’s cybersecurity risk mitigation strategies
will have to adapt to maintain the upper hand.

cybersecurity risk mitigation strategies

1. Conduct a cybersecurity risk assessment:

The first step in a cybersecurity risk mitigation strategy should be to conduct a cybersecurity
risk assessment, which can help uncover potential gaps in your organization’s security
controls. A risk assessment can offer insight into the assets that need to be protected and the
security controls currently in place. Conducting a cybersecurity risk assessment can also help
your organization’s IT security team identify areas of vulnerability that could be potentially
exploited and prioritize which vulnerabilities should be remediated first. Security ratings are
a great way to gain a real-time look at your organization’s cybersecurity posture, as well as
that of your third- and fourth-party vendors.

2. Establish network access controls:

Once you have assessed your assets and identified high-priority problem areas, the next step
is to establish network access controls to help mitigate the risk of insider threats. Many
organizations are turning to security systems such as zero trust, which assesses trust and user
access privileges on an as-needed basis depending on each user’s specific job function. This
helps minimize both the likelihood and impact of threats or attacks that occur due to
employee negligence or a simple lack of awareness of cybersecurity best practices.
Additionally, as the number of connected devices on a network increases, endpoint
security has also become a growing concern.

3. Implement firewalls and antivirus software

Another important cybersecurity risk mitigation strategy involves the installation of security
solutions such as firewalls and antivirus software. These technological defenses offer an
additional barrier to your computer or network. Firewalls act as a buffer between the outside
world and your network, which gives your organization greater control over incoming and
outgoing traffic. Similarly, antivirus software searches your device and/or network to identify
any potentially malicious threats.

4. Create a patch management schedule

Many software providers release patches consistently, and today’s cybercriminals are aware
of that. Threat actors can quickly exploit vulnerabilities that remain unpatched. Organizations
should be aware of the typical patch release schedule among their service or software
providers to create an effective patch management schedulethat can help your organization’s
IT security team stay ahead of attackers.

5. Continuously monitor network traffic

Proactive action is one of the most effective strategies for mitigating cybersecurity risk. With
roughly 2,200 attacks occurring every day, the only way to truly stay ahead of cybercriminals
is to continuously monitor network traffic, as well as your organization’s cybersecurity
posture. To truly enable real-time threat detection and cybersecurity risk mitigation, consider
tools that allow you to gain a comprehensive view of your entire IT ecosystem at any point in
time, rather than just a manual, static point in time. Continuous monitoring allows your IT
security team to actively identify new threats and determine the optimal path to remediate
them.

6. Build an incident response plan

Ensuring that everyone, including both the IT security team and non-technical employees,
knows what they’re responsible for in the event of a data breach or attack can make it easier
to have resources in place and ready to go. This is known as an incident response plan, and it
is one of the most critical components to mitigating cyber risk in your organization’s
evolving network environments. Threats can come from anywhere, and they are continuously
growing in sophistication, meaning it’s becoming increasingly difficult to completely prevent
data breaches. An incident response plan helps your organization do as much as possible to
remain proactively prepared so your team can move quickly and efficiently to remediate any
issues.

7. Examine the physical security of your business

Many organizations think it’s enough to simply manage the digital piece of cybersecurity
risks. However, the physical premises of your business are equally as important. Conducting
a cybersecurity risk assessment will help determine if critical data and infrastructure are safe
from a data breach and will help identify if the back-up and protection policies you have in
place are sound and up-to-date.

8. Minimize your attack surface

Attack surface refers to the areas of vulnerabilities or entry points that cybercriminals can use
to access sensitive information and data. This can be anything from web applications and
software to employees. Minimizing your attack surface includes assessing the following:

1. Physical attack surface: any business assets that a cybercriminal can exploit if they
have physical access to the business building, premises, etc.
2. Digital attack surface: any assets that are accessible via the internet or outside a
firewall. This can include anything from known assets such as corporate servers to
unknown assets such as applications that impersonate your business.
3. Social engineering attack surface: this involves the manipulation of your employees
by a cybercriminal to release sensitive information and data about your business.

CYBERCRIME: THE LEGAL PERSPECTIVES

In the first comprehensive presentation of computer crime, Computer Crime: Criminal Justice
Resource Manual (1979), computer-related crime was defined as: any illegal act for which
knowledge of computer technology is essential for a successful prosecution. International
legal aspects of computer crimes were studied in 1983. In that study, computer crime was
defined as: encompasses any illegal act for which knowledge of computer technology is
essential for its perpetration.

Globalized information systems accommodate an increasing number of transnational

offenses. The network context of cybercrime makes it one of the most globalized offenses of
the present and the most modernized threats of the future. This problem can be resolved in
two ways: 1) To divide information systems into segments bordered by state boundaries 2)
To incorporate the legal system into an integrated entity. The first solution is impractical.

IT ACT, 2000
The Information Technology Act, 2000 was enacted by the Indian Parliament in 2000. It is
the primary law in India for matters related to cybercrime and e-commerce.

 The act was enacted to give legal sanction to electronic commerce and electronic
transactions, to enable e-governance, and also to prevent cybercrime.
 Under this law, for any crime involving a computer or a network located in India,
foreign nationals can also be charged.
 The law prescribes penalties for various cybercrimes and fraud through
digital/electronic format.
 It also gives legal recognition to digital signatures.
 The IT Act also amended certain provisions of the Indian Penal Code (IPC), the
Banker’s Book Evidence Act, 1891, the Indian Evidence Act, 1872 and the Reserve
Bank of India Act, 1934 to modify these laws to make them compliant with new
digital technologies.
 In the wake of the recent Indo-China border clash, the Government of India banned
various Chinese apps under the Information Technology Act. Read more about this in
an RSTV titled, ‘TikTok, Other Chinese Apps Banned’.

AMENDMENTS:
1. The Amendments to the Information Technology Act, 2000 have been shown in revision
mode with footnotes explaining the amendments.

2. As the technologies and applications in IT sector change very rapidly, some of the
provisions related to parameters that may change from time to time have been amended to
provide for the new developments to be incorporated by changes in rules/govt.
notifications. This would enable the law to be amended and approved much faster and
would keep our laws in line with the changing technological environment.

3. Sub-section 4 of Section 1 relates to “Exclusion”. In view of changing needs, operation of

this section has been made more flexible through prescription of such exception by rules
rather than being part of the main Act.

4. The Act is being made technology neutral with minimum change in the existing IT Act
2000. This has been made by amendment of Section 4 of the Act to provide for electronic
signature with digital signature as one of the types of electronic signature and by enabling
the details of other forms of electronic signature to be provided in the Rules to be issued
by the Central Government from time to time. This is an enabling provision for the
Central Government to exercise as and when the technology other than digital signature
matures. Then there will be no need to amend the Act and the issue of rules will be
sufficient. Consequently the term digital is changed to electronic in other sections.

5. In Section 4, the main aspect of electronic signature for legal recognition, namely, its
reliability have been provided consistent with the UNCITRAL Model on Electronic
Commerce.
6. Section 6(2)(b) has been amended to allow public-private partnership in e-governance
delivery of services.

7. A new Section 10 has been added for “Formulation and Validity of Electronic Contracts”.

8. Relationship between CCA, CA and Subscribers (Sections 17 to 42) have been revisited
on the basis of the recent operational experiences and certain amendments proposed.

9. In view recent concerns about the operating provisions in IT Act related to “Data
Protection and Privacy” in addition to contractual agreements between the parties, the
existing Sections (viz. 43, 65, 66 and 72) have been revisited and some amendments/more
stringent provisions have been provided for. Notably amongst these are:

(i) Proposal at Sec. 43(2) related to handling of sensitive personal data or

information with reasonable security practices and procedures thereto
(ii) Gradation of severity of computer related offences under Section 66,
committed dishonestly or fradulently and punishment thereof
(iii) Proposed additional Section 72 (2) for breach of confidentiality with intent to
cause injury to a subscriber.

10. Language of Section 66 related to computer related offences has been revised to be in
lines with Section 43 related to penalty for damage to computer resource. These have
been graded with the degree of severity of offence when done by any person, dishonestly
or fraudulently without the permission of the owner. Sometimes because of lack of
knowledge or for curiosity, new learners/Netizens unintentionally or without knowing
that it is not correct to do so end up doing certain undesirable act on the Net. For a
country like India where we are trying to enhance the positive use of Internet and working
towards reducing the digital divide, it need to be ensured that new users do not get scared
away because of publicity of computer related offences. Section 43 acts as a reassuring
Section to a common Nitizen. IT Act in order to ensure that it promotes the use of e-
commerce, e-governance and other online uses has been cautious not to use the word
cyber crime in the text.

11. Section 67 related to Obscenity in electronic form has been revised to bring in line with
IPC and other laws but fine has been increased because of ease of such operation in
electronic form; link-up with Section 79 w.r.t. liability of intermediary in certain cases
has been provided.

12. A new section on Section 67 (2) has been added to address child pornography with higher
punishment, a globally accepted offense.
13. A new phenomenon of video voyeurism has emerged in recent times where images of
private area of an individual are captured without his knowledge and then transmitted
widely without his consent thus violating privacy rights. This has been specifically
addressed in a new proposed sub-section 72(3).

14. A new Section 68(A) has been proposed for providing modes and methods for encryption
for secure use of the electronic medium, as recommended by earlier Inter Ministerial
Working Group on Cyber Laws & Cyber Forensics (IMWG).

15. Section 69 related to power to issue directions for interception or monitoring or

decryption of any information through any computer resource has been amended to take
care of the concern of MHA and also on lines with the recommendations of IMWG.

16. A new section 78 A (Examiners of Electronic Evidence) has been added to notify the
examiners of electronic evidence by the Central Government. This will help the
Judiciary/Adjudicating officers in handling technical issues.

17. Section 79 has been revised to bring-out explicitly the extent of liability of intermediary
in certain cases. EU Directive on E-Commerce 2000/31/EC issued on June 8 th 2000 has
been used as guiding principles. Power to make rules w.r.t the functioning of the
“Intermediary” including “Cyber Cafes” has been provided for under Section 87.

18. In order to use IT as a tool for socio-economic development, as explained in para 10

above, particularly to promote e-commerce, e-governance, its uses in health, learning,
creating more opportunities for employment, reducing digital divide amongst others, it is
necessary to encourage society to go through the learning experience. In order to enable
this to happen, it has been made clear that the normal provisions of CrPC will apply,
except that only DSP’s and above will be authorized to investigate the offences.

19. The amendment to the 1st Schedule (Indian Penal Code) and 2nd Schedule (Indian
Evidence Act) around the recommendations of earlier IMWG has been incorporated.
However, the term digital signature would be replaced by electronic signature at suitable
places.

CYBERCRIME AND OFFENCES:

Sections and Punishments under Information Technology Act, 2000 are as follows :

SECTION PUNISHMENT
Section 43 This section of IT Act, 2000 states that any act of destroying, altering or
stealing computer system/network or deleting data with malicious
intentions without authorization from owner of the computer is liable for
 the payment to be made to owner as compensation for damages.
This section of IT Act, 2000 states that any corporate body dealing with
sensitive information that fails to implement reasonable security practices
causing loss of other person will also liable as convict for compensation to
Section 43A the affected party.
Hacking of a Computer System with malicious intentions like fraud will
Section 66 be punished with 3 years imprisonment or the fine of Rs.5,00,000 or both.
Section 66 Fraud or dishonesty using or transmitting information or identity theft is
B, C, D punishable with 3 years imprisonment or Rs. 1,00,000 fine or both.
Section 66 This Section is for Violation of privacy by transmitting image of private
E area is punishable with 3 years imprisonment or 2,00,000 fine or both.
This Section is on Cyber Terrorism affecting unity, integrity, security,
sovereignty of India through digital medium is liable for life
Section 66 F imprisonment.
This section states publishing obscene information or pornography or
transmission of obscene content in public is liable for imprisonment up to
Section 67 5 years or fine of Rs. 10,00,000 or both.

A. Niti Ayog :- In January 2015 this institution was fomed with a vision of National
Development. In pursuing it’s objective e – governance and technology penetration got
attention of this body. As a result of it this institution got related with cyber crimes in India.
The NITI Aayog serves as the apex public policy think tank of the Government of India, and
the nodal agency tasked with catalyzing economic development, and fostering cooperative
federalism through the involvement of State Governments of India in the economic policy-
making process using a bottom-up approach.

B. National Investigation Act 2008 (NIA) : An Act to constitute an investigation agency at

the national level to investigate and prosecute offences affecting the sovereignty, security and
integrity of India, security of State, friendly relations with foreign States and offences under
Acts enacted to implement international treaties, agreements, conventions and resolutions of
the United Nations, its agencies and other international organisations and for matters
connected therewith or incidental thereto. This Institution is also related with Interstate and
International offences. Related to terrorism and other offences. In 93 cases charge sheet was
filed and out of that 13 were decided.

C. National Technical Research Organization (NTRO): The organization was founded in

2004. The main thrust is Development of Technology and Technological Development. This
covers areas like aviation, remote sencing, cryptography and cyber security. The NTRO acts
as the primary advisor on security issues to the Prime Minister and the Union Council of
Ministers of India. It also provides technical intelligence to other Indian agencies. NTRO’s
activities include satellite and terrestrial monitoring.

D. National Critical Information Infrastructure Protection Centre : It is an organisation

of the Government of India created under the Section 70A of the Information Technology
Act, 2000 (amended 2008), through a gazette notification on 16 January 2014. Based in New
Delhi, India, it is designated as the National Nodal Agency in terms of Critical Information
Infrastructure Protection. It is a unit of the National Technical Research Organisation
(NTRO) and therefore comes under the Prime Minister’s Office (PMO). NCIIP has identified
i. Power & Energy, ii. Banking, Financial Services & Insurance, iii. Telecom, iv Transport, v.
Government and vi. Strategic & Public Enterprises as critical sectors. Aim of the organization
is to protect critical information infrastructure in the country. It is decided by the policy that
all government websites are to be hosted on infrastructure of National Informatics Center.
National Cyber Security policy was formed on 02.07.2013.

E. Indian Cyber Crime Coordination Centre (I4C) : Home Ministry prepared a road map
for tackling cyber crime. Press notification of December 2015 announced creation of I4C to
fight against cyber crime. Creation was accepted in principle in May 2013 itself and finalized
in September 2014 but nothing remarkable happened till recently in this respect.
F. National Association of Software and Services Companies (NASSCOM) : This is a not
for profit trade association of Information Technology and BPO companies which was
established in 1988. As today there are 1850 companies are registered. This association
represent vital Information Technology and allied industries like BPO and KPO. NASSCOM
is dedicated to expanding India’s role in the global IT order by creating a conducive business
environment, simplifying policies and procedures, promoting intellectual capital and
strengthening the talent pool. Objective of this organization is setting strategic direction,
Policy Advocacy and collaboration of best practices.

G. Data Security Council of India : is a premier industry body on data protection in India,
setup by NASSCOM, committed to making cyberspace safe, secure and trusted by
establishing best practices, standards and initiatives in cyber security and privacy. DSCI
brings together national governments, their agencies, industry sectors including IT-BPM,
BFSI, Telecom, industry associations, data protection authorities and think tanks for public
advocacy, thought leadership, capacity building and outreach initiatives. Tagline is
“Promoting Data Protection”. This organization coordinate with government and industry.
Organization was founded in August 2008. Initiatives of this organization includes Data
Security, Data Privacy and Cyber Crime Awareness. In April 2015 it launched “Cyber Crime
Material Level 2” – This enables police personnel to investigate online offence.

H. Indian Computing Emergency Response Team (CERT In) : This institution comes
with in Department of Electronics and Information Technology (DeITY) and founded in
2004. It has been declared as nodal agency in India under section 70B of the Information
Technology Act 2000. It has legal authority to issue direction for blocking public access to
information. It is Authorized to monitor and collect traffic data or information. Main
Functions of organization are –

a. Collection, Analysis and Dissemination of Information on cyber incidents,

b. Forecast and alert of cyber security incidents,

c. Emergency measures for cyber security,

d. Coordination of cyber incidents,

e. Issue Guidelines on Information security and

f. Other prescribed functions. After IT amendment Act which made effective in 2009 Section
69 was challenged as an enactment against freedom of expression. Information Bureau
notification dated 25.04.2011 clarified that “Occurrence of public emergency and interest of
public safety is sin qua non for the application of the section.

I. Central Bureau of Investigation (CBI) : This organization function under Department of

Personnel, Ministry of Personnel, Pension and Public services under Government of India. It
has been entrusted with the task of “Preservation of values in public life and ensure health of
economy”. This organization is a nodal police agency of Interpol. CBI succeeded Delhi
Special Police Establishment (DSPE) with enlarged functions, vide resolution of ministry of
Home affairs, GOI April, 1963. It has specialized structure to with cyber crime : a. Cyber
crime research and development unit, b. Cyber crime Lab, c. Cyber crime Investigation cell
and d. Network Monitoring Centre.

J. Investigation Bureau (IB): This is the oldest investigation agency which was founded in
the end of 19th It comes under the ministry of Home Affairs, it was earlier used by British for
gathering intelligence about external invasions and confidential information. Top posts under
this organization are held by officers of Police, Revenue services and Army.

K. Research and Analysis Wing (RAW): It is a Foreign Intelligence Agency of India, it is

not under any department but a separate outfit – work as a wing of cabinate secretariat. It was
started in early 1960s after Chinese aggression in India.

L. Directorate of Enforcement : This is Financial Investigation Agency under Department

of Revenue, ministry of Finance. This organization has been given specific task of
implementation of Foreign Exchange Management Act (FEMA) 1999 and Prevention of
Money Laundering Act (PMLA)

SOME INDIAN CASE STUDIES:

1.CyberJurisdiction

Internet creates virtual world. There are no demarcated boundaries between the people who
utilize the web. The utility extends to information, e-banking, e-commerce, communication
etc. the technology is open to hacking, pornography, gambling, identity-theft etc.
This requires understanding of jurisdiction. Various principles have been evolved to decide
the jurisdiction. To mention (1) minimum contest test (2) personal jurisdiction (3) long arm
statutes. With reference to Indian situation section 75 of Information Technology Act, 2000
contents the provisions regarding jurisdiction. Section 13(3), (4) and (5) also deal with cause
of action which is of significance in internet transactions.
Jurisdiction can also be decided on the basis of choice of law, location of server, defendant’s
domicile, and place of performance of contract, plaintiff’s domicile and purposeful
availment.

2.OpenSourceLicensing

Open source licensing is resorted to by many sites. However this has certain legal issues.
Basically there can be an issue of copyright. Other relevant issues are questions of
enforceability on account of clash of local legislation and international agreement. The rights
of a programmer warranties and software patent also needs to detailed study.

3.PuneCitibankMphasiSCallCenterFraud

US $ 3,50,000 from accounts of four US customers were dishonestly transferred to bogus

accounts. This will give a lot of ammunition to those lobbying against outsourcing in US.
Such cases happen all over the world but when it happens in India it is a serious matter and
we can not ignore it. It is a case of sourcing engineering. Some employees gained the
confidence of the customer and obtained their PIN numbers to commit fraud. They got these
under the guise of helping the customers out of difficult situations. Highest security prevails
in the call centers in India as they know that they will lose their business. There was not as
much of breach of security but of sourcing engineering.

The call center employees are checked when they go in and out so they can not copy down
numbers and therefore they could not have noted these down. They must have remembered
these numbers, gone out immediately to a cyber café and accessed the Citibank accounts of the
customers.

All accounts were opened in Pune and the customers complained that the money from their
accounts was transferred to Pune accounts and that’s how the criminals were traced. Police has
been able to prove the honesty of the call center and has frozen the accounts where the money
was transferred.

There is need for a strict background check of the call center executives. However, best of
background checks can not eliminate the bad elements from coming in and breaching security.
We must still ensure such checks when a person is hired. There is need for a national ID and a
national data base where a name can be referred to. In this case preliminary investigations do
not reveal that the criminals had any crime history. Customer education is very important so
customers do not get taken for a ride. Most banks are guilt of not doing this.

4.Baazee.comcase

CEO of Baazee.com was arrested in December 2004 because a CD with objectionable material
was being sold on the website. The CD was also being sold in the markets in Delhi. The
Mumbai city police and the Delhi Police got into action. The CEO was later released on bail.
This opened up the question as to what kind of distinction do we draw between Internet
Service Provider and Content Provider. The burden rests on the accused that he was the
Service Provider and not the Content Provider. It also raises a lot of issues regarding how the
police should handle the cyber crime cases and a lot of education is required.

5.StateofTamilNaduVsSuhasKatti

The Case of Suhas Katti is notable for the fact that the conviction was achieved successfully
within a relatively quick time of 7 months from the filing of the FIR. Considering that similar
cases have been pending in other states for a much longer time, the efficient handling of the
case which happened to be the first case of the Chennai Cyber Crime Cell going to trial
deserves a special mention.

The case related to posting of obscene, defamatory and annoying message about a divorcee
woman in the yahoo message group. E-Mails were also forwarded to the victim for
information by the accused through a false e-mail account opened by him in the name of the
victim. The posting of the message resulted in annoying phone calls to the lady in the belief
that she was soliciting.

Based on a complaint made by the victim in February 2004, the Police traced the accused to
Mumbai and arrested him within the next few days. The accused was a known family friend of
the victim and was reportedly interested in marrying her. She however married another person.
This marriage later ended in divorce and the accused started contacting her once again. On her
reluctance to marry him, the accused took up the harassment through the Internet.
On 24-3-2004 Charge Sheet was filed u/s 67 of IT Act 2000, 469 and 509 IPC before The
Hon’ble Addl. CMM Egmore by citing 18 witnesses and 34 documents and material objects.
The same was taken on file in C.C.NO.4680/2004. On the prosecution side 12 witnesses were
examined and entire documents were marked as Exhibits.

The Defence argued that the offending mails would have been given either by ex-husband of
the complainant or the complainant her self to implicate the accused as accused alleged to have
turned down the request of the complainant to marry her.

Further the Defence counsel argued that some of the documentary evidence was not
sustainable under Section 65 B of the Indian Evidence Act. However, the court relied upon the
expert witnesses and other evidence produced before it, including the witnesses of the Cyber
Cafe owners and came to the conclusion that the crime was conclusively proved. Ld.
Additional Chief Metropolitan Magistrate, Egmore, delivered the judgement on 5-11-04 as
follows:

“ The accused is found guilty of offences under section 469, 509 IPC and 67 of IT Act 2000
and the accused is convicted and is sentenced for the offence to undergo RI for 2 years under
469 IPC and to pay fine of Rs.500/-and for the offence u/s 509 IPC sentenced to undergo 1
year Simple imprisonment and to pay fine of Rs.500/- and for the offence u/s 67 of IT Act
2000 to undergo RI for 2 years and to pay fine of Rs.4000/- All sentences to run concurrently.”

The accused paid fine amount and he was lodged at Central Prison, Chennai. This is
considered as the first case convicted under section 67 of Information Technology Act 2000 in
India.

6.Parliamentattackcase

Bureau of Police Research and Development at Hyderabad had handled some of the top cyber
cases, including analysing and retrieving information from the laptop recovered from terrorist,
who attacked Parliament. The laptop which was seized from the two terrorists, who were
gunned down when Parliament was under siege on December 13 2001, was sent to Computer
Forensics Division of BPRD after computer experts at Delhi failed to trace much out of its
contents.

The laptop contained several evidences that confirmed of the two terrorists’ motives, namely
the sticker of the Ministry of Home that they had made on the laptop and pasted on their
ambassador car to gain entry into Parliament House and the the fake ID card that one of the
two terrorists was carrying with a Government of India emblem and seal.

The emblems (of the three lions) were carefully scanned and the seal was also craftly made
along with residential address of Jammu and Kashmir. But careful detection proved that it was
all forged and made on the laptop.

7.AndhraPradeshTaxCase

Dubious tactics of a prominent businessman from Andhra Pradesh was exposed after officials
of the department got hold of computers used by the accused person. The owner of a plastics
firm was arrested and Rs 22 crore cash was recovered from his house by sleuths of the
Vigilance Department. They sought an explanation from him regarding the unaccounted cash
within 10 days.

The accused person submitted 6,000 vouchers to prove the legitimacy of trade and thought his
offence would go undetected but after careful scrutiny of vouchers and contents of his
computers it revealed that all of them were made after the raids were conducted.

It later revealed that the accused was running five businesses under the guise of one company
and used fake and computerised vouchers to show sales records and save tax.