Cyber Law and Ethics

Faculty,
S.Priyanka
Assistant Professor
CSE dept
 Course Objectives
Objectives:
1. To familiarize various Cyber laws and IT Acts
2. To give cyber security regulations and forensics
3. To study the risk managements and code of ethics
 Unit -1
• Cyber laws and rights in today's digital age: IT Act, Intellectual
Property Issues connected with use and management of
Digital Data The similar Acts of other countries.
• Information Warfare: Nature of information warfare, including
computer crime and information terrorism; Threats to
information resources, including military and economic
espionage,
communications eavesdropping, computer break-ins, denial-
of-service, destruction and modification of data, distortion and
fabrication of information, forgery, control and disruption of
information How, electronic bombs, and sops and perception
management.
Introduction
• The Information Technology (IT) Act, along with intellectual
property (IP) issues related to the use and management of
digital data, is a crucial aspect of modern legal frameworks
globally. Let's delve into these topics and explore similar acts
in other countries.
 The Indian IT Act
• This act was published in year 2000 for the purpose of
providing legal recognition for transactions carried out by
means of electronic data interchange and other means of
electronic communication ,commonly referred to as electronic
commerce.
• Another purpose of the Indian IT act was to amend the Indian
Penal Code(IPC), the Indian Evidence Act 1872, the Banker’s
Book Evidence Act 1891 and The Reserve Bank of India Act
1934.
• The Indian IT Act underwent some important changes to
accommodate the current cybercrime scenario.
• Amending a Law: Legislative bodies may
propose and pass amendments to existing
laws to update regulations, address loopholes,
or reflect societal changes. For instance,
amending a data protection law to include
stricter penalties for data breaches.
IT ACT
The Information Technology (IT) Act is a crucial legislation that governs various
aspects of digital activities, electronic commerce, cyber security, and data
protection. Here are the key components and provisions of the IT Act:
1. Electronic Governance
• The IT Act facilitates electronic governance by recognizing electronic
records and digital signatures as legally valid, thus enabling electronic
transactions and communication.
2. Cybercrimes and Offenses
• The Act defines various cybercrimes and prescribes penalties for offenses
such as unauthorized access to computer systems, hacking, data theft, and
spreading malicious software.
3. Data Protection and Privacy
• It lays down rules for the protection and privacy of electronic data and
personal information. The Act establishes regulations for the collection,
processing, storage, and transmission of data to ensure confidentiality and
integrity.
4. Digital Signatures and Certificates
• The Act provides a legal framework for the use of digital signatures
and digital certificates, ensuring their validity and authenticity in
electronic transactions.
5. Intermediaries' Liability
• It outlines the responsibilities and liabilities of intermediaries such as
internet service providers (ISPs), web hosting companies, and social
media platforms regarding user-generated content and data
transmission.
6. Cybersecurity Measures
• The Act mandates the establishment of Computer Emergency
Response Teams (CERTs) to respond to cyber security incidents and
promote cybersecurity awareness and best practices.
7. Adjudication and Appellate Mechanisms
• The Act establishes adjudicating officers and appellate tribunals to handle
disputes, grievances, and legal proceedings related to electronic
transactions, cybercrimes, and data breaches.
8. Digital Copyright and Intellectual Property
• It addresses issues related to digital copyright infringement, anti-
circumvention measures, and intellectual property rights protection in
digital environments.
Conclusion
• The Information Technology Act plays a crucial role in
regulating digital activities, ensuring cyber security, protecting
data privacy, and promoting electronic governance and
commerce. Compliance with the provisions of the Act is
essential for businesses, organizations, and individuals
engaged in digital transactions and online activities to
mitigate legal risks and uphold digital trust and security.
 The Indian ITA 2000
Sections 65,66,67,71,72,73 and 74 in Chapter XI of the Indian ITA2000 that are relevant
to cyber crime in legal context

• Section65:Tampering with computer source documents

• Section66:Computer related offences
• Section67:Punishment for publishing or transmitting obscene material
in electronic form
• Section71:Penalty for misrepresentation
• Section72:Penalty for breach of confidentiality and privacy
• Section73:Penalty for publishing Digital signature certificate false in
certain particulars
• Section74:Publication Digital signature certificate for fraud purposes.
• Please refer the following link to understand the above sections and
penallities from chapter XI of the indian ITA 2000
• Reference:
https://kanoongpt.in/bare-acts/the-information-technology-act-2000
COMMON CYBER-CRIME CASE SCENARIOS AND THE APPLICABLE LEGAL
SECTIONS
Refer the following link:
https://www.linkedin.com/pulse/common-cyber-crime-case-scenarios-
applicable-legal-manoj-purandare-/
 Intellectual property rights (IPR)
• Intellectual property rights (IPR) refer to legal rights that protect creations
of the mind, such as inventions, literary and artistic works, designs,
symbols, names, and images used in commerce. These rights give creators
and innovators exclusive rights to use their creations for a certain period
of time, allowing them to benefit financially and have control over how
their creations are used by others.
 There are several types of intellectual property rights, including:

• Patents: Patents protect inventions and new processes, granting the

inventor exclusive rights to make, use, and sell their invention for a
limited period (usually 20 years) in exchange for public disclosure of
the invention.
• Copyrights: Copyrights protect original literary, artistic, and creative
works such as books, music, paintings, and software. Copyright gives
the creator exclusive rights to reproduce, distribute, perform, and
display their work for a limited time (often the life of the author plus
70 years).
• Trademarks: Trademarks protect symbols, names, slogans, and
logos used to identify and distinguish goods and services in the
marketplace. Trademark rights prevent others from using similar
marks that may cause confusion among consumers.
• Trade Secrets: Trade secrets are confidential information, such as
formulas, processes, customer lists, and strategies, that provide a
competitive advantage to businesses. Unlike patents, trade secrets are not
publicly disclosed and can be protected indefinitely as long as they remain
confidential.
• Industrial Designs: Industrial designs protect the visual appearance of a
product or its ornamental features. They ensure that the unique design
elements of a product are not copied or imitated by others.
 Intellectual Property Issues
Intellectual property (IP) issues connected with digital data encompass several
areas:
• Copyright Infringement: Unauthorized reproduction, distribution, or use of
copyrighted digital content.
• Trademark Violations: Unauthorized use of trademarks in digital contexts,
such as domain names or online advertisements.
• Patent Protection: Issues arise regarding software patents, especially in the
context of software development and innovation.
• Digital Rights Management (DRM): DRM technologies are used to protect
digital content from unauthorized access, copying, and distribution. They
employ encryption, access controls, and licensing mechanisms to enforce
usage rights and prevent piracy.
• Data Privacy and Protection: Organizations must comply with data protection
laws and regulations when collecting, storing, and processing personal data.
Unauthorized access, data breaches, and mishandling of sensitive information
can lead to legal liabilities and reputational damage.
• Cybersecurity and IP Protection: Cybersecurity threats such as hacking,
data breaches, ransomware attacks, and insider threats can compromise
intellectual property stored in digital systems. Robust cybersecurity
measures, data encryption, access controls, and employee training are
crucial for safeguarding sensitive IP assets.

Addressing these intellectual property issues requires a combination of legal

frameworks, technological solutions, policy interventions, and awareness
among stakeholders. Collaboration between IP experts, legal professionals,
technology specialists, and business leaders is essential to develop effective
strategies for managing digital data while protecting intellectual property
rights.
 Acts of other countries
Cyber crime and legal landscape around the
world
• Crime-A legal concept and has sanction of law.
• “Crime or an offense is a legal wrong that can be followed by criminal
proceedings which may result into punishment”
• We start with legislative analysis in Asia –pacific region (with regard to
Online safety, data privacy and online child safety) followed by
Spam laws ,Online protection for Children
Anti-Spam laws in CANADA
Federal Laws in the US about cybercrime.
EU legal framework to prevent cybercrime.
Cybercrime legislation in African countries
• Privacy Protection-the provision of assurances by means of
law ,technology design and industry practice that personal
information will be collected , exchanged and used fairly.
• Data Protection –Keeping personal information secret and creating
a trusted framework for collection, exchange and use of personal
information in commercial and governmental contexts.
• Data protection laws permit and even facilitate, the commercial
and governmental use of personal data while providing to
individuals
A)control over what to disclose
B)awareness about how their personal data will be used.
C)rights to insist that data are accurate and up to date
D)Protection
Cyber crime law scenario in Asia-pacific region

(Australia,China,Hongkong,India,Indonesia,Japan,Malaysia,New
Zealand,Philippines,Singapore,Thailand,South Korea and Vietnam)
• Challenges involved in this region
1. lack of awareness of information security issues
2.increasing complexity , capacity and reach of ICT
3.Annonymity afforded by these technologies.
4.Transnational nature of communication network.

Only few countries of Asia Pacific region have proper legal and regulatory
frameworks to meet these challenges.

The nature of Internet security and privacy legislation vary widely in Asia
pacific region.
 Acts of other countries.
Australian Cyber crime Act 2001
• came into effect in Australia in April 2002
This act introduces new offences to Criminal code Act 1995
1.Serious offences under Division 477
section 477.1 :Unauthorised access, section 477.2:modification or section 477.3: impairment
with intent to commit a serious offense
2.Other offenses under Division 478
Section 478.1:unauthorised access to ,or modification of, restricted data
Section 478.2:Unauthorised impairment of data in a computer disk
Section 478.3:Possession or control of data with intent to commit a computer
Offense
Section 478.4:Producing , supplying or obtaining data with intent to commit a computer Offense
This Act has drawn considerable criticism: it criminalises far too much too easily, leading to
severe consequences for IT professionals.
IT professional must now take more care in the performance of their duties, and must be much
more aware of how their actions may be construed, to avoid risk of prosecution for their
well-intentioned actions.
• Online Safety and Cybercrime laws in Asia-pacific region:
• The extent and nature of internet safety, security and privacy
legislation in Asia-pacific region vary widely.
• In some areas computer security laws and online child safety laws
there exist international norms on the best approach to regulation.
• Council of Europe’s(COE’S) convention on cyber crime they have
international norm on criminalization of computer-related conduct
and the international centre for missing and exploited
children(ICMEC) has developed authoritative model legislation that
criminalizes the production of, and certain dealings with, child
pornography.
• However in other areas such as privacy laws and Spam there seem
to be no international law
• In privacy arena, there are numerous regional norms such as Asia-pacific
Economic Cooperation (APEC) Privacy framework and EU’s Data Protection
Directive, but an international norm on the best approach to data protection
regulation has not yet been reached.
• However COE’s convention on Cybercrime serves as the benchmark legislation.
• Titles 1, 2 and 5 of the Council of Europe’s Convention on Cybercrime serve as
the benchmark legislation for this part of the analysis.
• Title 1 contains a number of “core offences” that criminalise unauthorised
access to, and illicit tampering with, systems, programs or data,misuse of device
offences.
• Title 2 of the Convention, on the other hand, criminalises the computer-
facilitated commission of fraud and forgery.
• Title 5 provides for liability for those that assist in the commission of the core
and computer-related offences discussed above
• The Alignment status of various Asia-pacific countries with regard to benchmark
legislation is shown in below table
• The countries in favourable alignment their governments have enacted robust
computer security laws that cover most of the core and computer related
offenses found in the CoE’s convention on Cybercrime.
• The computer security laws in China , hongkong, Japan and South Korea are
moderately aligned .
• Malaysia, Philippines and Vietnam : moderately to weakly aligned
• The Law on Information Technology of Vietnam, enacted in 2006, serves as
the primary legal framework governing various aspects of information
technology (IT) in the country
• Vietnam's Law on E-Transactions, which was enacted in 2005 and became
effective in 2006, is a crucial piece of legislation that governs electronic
transactions within the country.
• In india ITA 2000 prohibits many activities that constitute core offenses under
the convention, IT ACT but does not for most part criminalize these activities-
it merely provides significant liability damages.
• Indonesia’s Bill on Electronic Information and Transactions (EIT) is weakly
aligned with the convention.EIT regulates various aspects of electronic
transactions, digital content, and online activities in Indonesia.
 Microsoft Drafted Model Privacy bill.
• In the privacy and spam areas, Microsoft has prepared its own
legislation (in the case of privacy) and list of features (in the case of
spam).
• Microsoft-drafted model privacy bill serves as benchmark legislation in
data privacy arena.
• The Model Bill applies to private sector organisations that collect, store,
use or disclose personally identifiable information of more than 5,000
individuals.
• As per FIPs Regulated organisations must make available a privacy
notice prior to collection of personally identifiable information, the
regulated organisation must obtain the consent of the data subject
(either explicit, opt-out or implied )
• Privacy notice is considered as a mature privacy practice in organization.
• From privacy perspective there are two types of information about
individuals:
1.aggreated information-Statistical information that is not personally
identifiable.EX-domain names,website traffic counts.
2.PII-information that can be traced to a particular individual.Ex-SSN in
USA,PAN in India,email address, phone number, etc.
Microsift’s Model bill contains provisions for access and correction as well as
security related provisions-such as breach notification is triggered when
there is a security breach.(misuse of resident’s unencrypted sensitive
financial information.)
• Vietnam, the Law on Information Technology 2006 contains a limited data
protection regime that applies to the collection, use and disclosure of
personal information in a networked environment. The E-Transactions
Law contains similar provisions that address how to handle personal
information collected as part of an electronic transaction.
• The Philippine Department of Trade and Industry has recently made
administrative order that contains guidelines for the protection of
personal data held by private sector organisations.
• Malaysia there is no comprehensive data protection legislation, but the
(generally voluntary) General Consumer Code developed pursuant to the
Communications and Multimedia Act 1998 contains provisions that relate
to the protection of personal information collected by licensed
telecommunications service providers.
• China, India, Indonesia and Singapore have not enacted data protection
legislation.They are currently considering data protection legislation.APEC
privacy framework served as trigger to reform in this area.
 APEC framework on privacy
• The APEC (Asia-Pacific Economic Cooperation) framework on
information privacy protection is a set of principles and guidelines
developed by the member economies of APEC to promote consistent
and effective protection of personal information across the Asia-
Pacific region
• Today belongs to “global economy” and information flows are vital to
conducting business in a global economy.
• The APEC privacy framework is a practical policy approach to enable
accountability in the flow of data while preventing obstacles to trade.
• The framework provides clear guidance and direction to businesses in
APEC member economies on common privacy issues and impact of
this issues on various legitimate business models.
• Modern consumer privacy interests must be protected.
 The APEC framework on information privacy protection key
components:

• Consistency: Member economies strive to develop and implement privacy laws and
policies that are consistent with the APEC Privacy Framework and other relevant
international privacy standards.
• Accountability: Organizations collecting and processing personal information are
accountable for complying with privacy laws and ensuring the protection of personal
information.
• Transparency: Organizations are required to be transparent about their data practices,
including informing individuals about the purposes for which their personal information
is collected, used, and disclosed.
• Choice: Individuals should have the ability to exercise control over their personal
information, including the ability to consent to the collection, use, and disclosure of their
information.
• Security: Organizations are responsible for implementing appropriate security measures
to protect personal information against unauthorized access, use, or disclosure.
• Access and Correction: Individuals should have the right to access their personal
information held by organizations and request corrections to inaccuracies.
• Redress: Mechanisms should be in place to provide individuals with avenues for seeking
redress in cases of privacy violations or breaches.
• Data is digital currency that fuels the growth in
many of today’s economies.
• This framework will facilitate responsible
information flows.
• Which creates basis for increased trade and E-
commerce to flourish.
• It explores new ways of information sharing
and cooperation across agencies and enables
transfers of information across borders
 Spam laws:
Microsoft contains effective anti-spam legislation
• The Microsoft-drafted checklist of features of effective anti-spam
legislation serves as the benchmark legislation for this part of the
analysis.
• The checklist contains the usual prohibitions on transmitting
commercial electronic messages without an unsubscribe facility or
accurate sender and header information, and provides that
customers should be able to opt-out from the receipt of
commercial electronic messages on a product-line basis or a
company-wide basis
• Effective anti-spam legislation should also include strong anti-
address harvesting and dictionary attack measures, as well as
service provider liability provisions that preserve the right of ISPs
and email service providers to combat spam.
LEGISLATIVE STATUS IN THE REGION
 India and Anti-spam legislation
• Spam legislation is non-existent in india.ITA 2000 doesn’t discuss the
issue of spamming at all.
• Spam is harmful because of the following reasons:
• Content: Commercial messages might promote dubious or fake
ventures, transmit messages with sexually explicit material, contain
harmful embedded code and attachments.
• Internet resources consumed: Significant proportion of all E-mail
traffic constitute of spam resulting in massive consumption of n/w
bandwidth.
• Threat to Internet Security: Spammers frequently tap into SMTP
servers and direct them to send copies of a message to a long list of
recipients.A company’s reputation will be damaged if it is associated
with spam.
• If one assumes spam is bad ,there are many countervailing issues with
regard to restriction of spam.They are:
• In india there are strong and explicit freedom of speech protections.
Commercial advertising is part of freedom of speech ,that is the reason
why some legislators and advocates argue that anti-spam legislation has
to be very specific that it has to limit itself to only “commercial E-mail”
• By specifically targeting commercial email in anti-spam legislation, they
can strike a balance between protecting freedom of expression and
regulating potentially harmful or unwanted commercial activities.
• Consumer protection laws exist to protect consumer from fraudulent
and deceptive advertising.
• Legislation prohibiting pornography already exists. So internet users
have some protection from receiving pornographic materials via spam.
• In the absence of specific anti-spam
legislation, jurisdictions such as India,
Indonesia, Malaysia, and Taiwan rely on their
existing computer security and/or consumer
protection laws to regulate spam activity.
• Also, it is increasingly being accepted by
legislatures in the region that specific anti-
spam legislation is necessary to reduce spam
volumes.
 Online Protection for Children
• The International Centre for Missing and Exploited
Children(ICMEC) has developed authoritative model legislation
that criminalizes the production of, and certain dealings with,
child pornography.
• ICMEC’s model child pornography legislation serve as the
benchmark instrument for this part of the analysis.
• The use of computer systems in the commission of sexual
offences against children, the Convention requires signatories
to criminalise acts such as the production of child pornography
for the purpose of its distribution through a computer system,
and offering, making available, distributing or transmitting
child pornography through a computer system.
• In ICMEC’s view, effective child pornography legislation
must specifically apply to child pornography and not just
pornography in general.
• Accordingly, the legislation must include a definition of
child pornography (where a child is a person under the age
of 18 irrespective of the age of consent to sexual relations).
• Effective online child safety legislation should also expressly
criminalise the possession of child pornography regardless
of the intent to distribute, and require ISPs to report
suspected child pornography to relevant authorities.
• Of all the areas of law considered by this regional overview, online child
safety laws are the least developed in the region.
• Only five of the fourteen jurisdictions – Australia, Hong Kong, Japan, South
Korea and Taiwan – have enacted legislation that specifically addresses child
pornography, and three of the fourteen jurisdictions – Australia, Hong Kong
and Taiwan – have enacted legislation that contains computer-facilitated child
pornography offences.
• India, Indonesia, Malaysia, the Philippines, Singapore and Vietnam do not
have legislation that specifically addresses child pornography.
• In several Asia Pacific jurisdictions, including Malaysia, Singapore and
Vietnam, primary responsibility for content control lies with ISPs and content
hosts (or in the case of Vietnam, the State, society and schools), and as such,
it is these entities that will be held responsible if obscene material is made
available using their services or to children for whom they are responsible.
While this approach to content control does not need for specific child
pornography legislation.
• It does reduce the availability of child pornography online which is the main
aim of specific child pornography legislation .
 Anti –Spam laws in CANADA
• Canada has its own set of laws and regulations
that govern electronic communications,
privacy, and related issues, such as the
Personal Information Protection and
Electronic Documents Act (PIPEDA) ,Privacy
Act and the Canadian Anti-Spam Legislation
(CASL)
• In Canada, the two main pieces of legislation
that address privacy and the protection of
personal information are the Personal
Information Protection and Electronic
Documents Act (PIPEDA) and the Privacy Act.
Here's a brief overview of each:
• Personal Information Protection and Electronic Documents
Act (PIPEDA):
– PIPEDA is a federal privacy law that governs the collection, use,
and disclosure of personal information by private sector
organizations in Canada.
– PIPEDA establishes rules regarding the consent individuals must
provide for the collection, use, and disclosure of their personal
information.
– It also outlines individuals' rights to access and request
corrections to their personal information held by organizations.
– PIPEDA sets out principles for the protection of personal
information, including safeguards for its security and the retention
of data only as long as necessary.
• Privacy Act:
– The Privacy Act applies to federal government
institutions in Canada and governs how they collect,
use, and disclose personal information.
– It grants individuals the right to access their personal
information held by federal government institutions
and request corrections if necessary.
– The Privacy Act sets out restrictions on the disclosure
of personal information by government institutions
and establishes safeguards for the protection of
personal information.
 ECPA- Electronic Commerce Protection Act.
• ECPA law is designed to promote and protect electronic communications
while discouraging the abuse of these resources that impair relaibility,
efficiency of electronic activities;Protect the privacy and the security of
confidential information and strengthen the confidence of Canadians in
the use of electronic means of communication and commercial activities.
• ECPA defines an commercial electronic message as an electronic message
that consists of a) the content b) the hyperlinks c) the contact
information, where the purpose is to encourage participation in
commercial activity like
• 1. purchase , sell or lease a product , goods, a service ,or an interest in a
land etc.
• 2.Offers to provide business , investment or gaming oppurtunity.
• 3.Advertise or promote anything referred above.
• 4.Promote a person or public image of a person ,as being a person who
does anything referred above activities.
• According to ECPA ,Commercial Email can only be send to a
recipient who has consented to receiving it.
• All messages being sent must:
• 1.Clearly identify the person who sent the message- Add
physical postal address and company name to all E-mails.
• 2.Provide a method where the recipient can readily contact
the person responsible for sending the message- Enable
replies to go to your customer service and stop using No-
Reply.
• 3.Provide a working Unsubscribe mechanism,t hat removes
an address within 10 days-faster the better.
 Florida Computer Crimes Act
" Florida Computer Crimes Act,“ This Act outlines various offenses related to computer
crimes and provides penalties for individuals convicted of these offenses.
• Some key provisions and aspects of the Florida Computer Crimes Act include:
• Unauthorized Access to Computer Systems: The Act prohibits unauthorized access to
computer systems, networks, or data, with the intent to commit an offense or defraud.
• Unauthorized Modification or Destruction of Computer Data: It is illegal to knowingly
and without authorization modify, destroy, or damage computer data, programs, or
systems.
• Unauthorized Use of Computer Resources: The Act prohibits unauthorized use of
computer resources, such as networks or services, to disrupt or impair their
functionality.
• Unauthorized Disclosure of Confidential Information: It is unlawful to disclose
confidential information obtained through unauthorized access to computer systems
or networks.
• Penalties: Individuals face various penalties, including fines, imprisonment, and
restitution to victims.
• Overall, the Florida Computer Crimes Act aims to address and deter various forms of
computer-related offenses, including hacking, data theft, and cyber fraud, within the
state of Florida.
 The EU legal framework for information
privacy to prevent cybercrime.
• Data Protection Directive known as EU directive which regulates
the processing of personal information within EU . In 1995
European commission implemented the EU directive.
• In the EU,cybercrime law is primarily based on the CoE’s
convention on cybercrime.Under the convention , member states
are obliged to criminalize:
1.Illegal access to computer system.
2.Illegal interception of data.
3.interferring with computer system without rights.
4.data forgery
5.infringement of copyright- related rights online.
6.Interference with functioning of the computer system.
7.Child pornography- related offenses.
• In principle, there are similarities between the
US regulation and law enforcement of
cybercrime in EU.
• Cyberfraud ,making intentional false
representation online is a federal offense in US.
• Identity theft that takes place in form of
unauthorised use of another person’s SSN,
driver’s license , Work ID or credit card online is
also a federal crime.
 Cybercrime Legislation in the African
Region
• African regions are in urgent need for legislation to fight cybercrime.
• Africa is witnessing explosive growth in ICTs.
• African countries have inadequate action and controls to protect computers
and networks, for which reason they become targets of attack.
• A great deal of criminal activity is said to take place from this part of the world.
• Nigerian 419 scam-a young Zambian who hacked into a government website
and replace the picture of the former president Frederick Chiluba with a
cartoon!
• In early 2008, a good number of South African banks became victims of
Phishing attacks. Credit card related frauds are on rise in the continent,
especially in Eygpt, South Africa , Kenya , Ghana and Nigeria.
• Email scams seem to be African speciality , with West African countries among
major perpetrators.
• Some members of African Union (Mauritius, South Africa
and Zambia) have adopted cybercrime legislation.
• For example in Bostwana , cybercrime bill is passed 2nd
reading in parliament, expected to go for 3 rd reading in near
future before it is signed into law.
• In Gambia - Information and Communication Bill 2008 has
been introduced.
• In East Africa region including Tanzania , Kenya and Uganda
progress on cybercrime legislation is slow except Uganda.
• Uganda-Computer Misuse Bill was introduced in 2008 and
legislative process has been started.
• Overall process of strengthening of legislation has been
initiated in a large number of African countries, but the
process is rather slow sometimes incoherent(not clear) and
not necessarily taking into account international standards.
• The ability to investigate, prosecute and adjudicate
cybercrime and cooperate internationally is limited.
• African countries develop legislation that is not compatible
or harmonized with that of other countries-there is a
serious risk that of countries providing servers and services
to the country with which cooperation would be most
necessary.
• In South Africa “peace and security” is recognised as the essential human
right.
• South Africa is one of the most developed and prosperous economies in
the African region.
• We will understand the legislative position of South Africa about
cyberlaws.
• South Africa has got legislation governing “Spam”.Electronic
communications and Transactions Act (ECT Act).
• The purpose of the ECT act is “ to provide for the facilitation and
regulation of electronic communications and transactions; to provide for
the development of a national e-Strategy for the Republic; to promote
universal access to electronic transactions; to prevent abuse of
information systems ; to encourage use of e-government services; and to
provide for the matters connect with cybercrimes”
• As part of South Africa’s determination to
collaborate on cyber security with other
stakeholders at regional , national and global
levels ,South Africa has joined the Southern Africa
Development Community that consists of 14 African
countries-on track to harmonize their internet laws
to effectively deal with computer-related crimes.
• It is said that all the SADC countries agreed to alter
parts of their cybercrime laws and come up with
common rules.
 10 BIGGEST CYBER ESPIONAGE CASES

• https://securityaffairs.com/66617/hacking/cyb
er-espionage-cases.html
 Information warfare
• Information warfare encompasses a broad range of activities aimed at
manipulating, disrupting, or influencing information and communication
systems for strategic or political purposes. This includes computer crime
and information terrorism, which are forms of information warfare that
exploit digital technologies for malicious ends.
• Computer Crime:
– Definition: Computer crime refers to illegal activities that involve the
use of computers, networks, or digital technologies. It encompasses a
wide range of offenses, including hacking, malware distribution,
identity theft, fraud, and denial-of-service attacks.
– Motivations: Perpetrators of computer crime may include hackers,
cybercriminal groups, insiders, and state-sponsored actors.
Motivations can vary, including financial gain, espionage, political
activism, or sabotage.
– Methods: Computer criminals employ various techniques to exploit
vulnerabilities in computer systems and networks. This may involve
unauthorized access, exploitation of software vulnerabilities, social
engineering tactics, or phishing scams.
– Impact: Computer crime can have significant consequences, including
financial losses, data breaches, disruption of services, reputational
damage, and compromise of sensitive information.
 Information Terrorism:
– Definition: Information terrorism involves the use of information and
communication technologies to spread fear, create chaos, or advance
ideological or political agendas. It encompasses cyberattacks,
propaganda, disinformation campaigns, and psychological warfare.
– Motivations: Information terrorists seek to achieve their objectives
through the dissemination of misinformation, propaganda, or
psychological manipulation. Motivations may include political
extremism, ideological conflicts, or religious extremism.
– Methods: Information terrorists may employ various tactics, including
hacking, spreading fake news or propaganda, conducting coordinated
disinformation campaigns, and launching cyberattacks against critical
infrastructure or government systems.
– Impact: Information terrorism can undermine public trust, sow
discord, incite violence, and destabilize societies. It can lead to political
unrest, social polarization, and erosion of democratic institutions.
 Military espionage
• Military espionage, also known as espionage or spying, refers to the
clandestine gathering of sensitive military information, secrets, plans, or
technologies by individuals, organizations, or governments from rival or
enemy nations. Military espionage aims to obtain strategic or tactical
advantages, intelligence, or insights that can be used for military planning,
defense, or offensive operations. Here are some key aspects of military
espionage:
• Objectives:
• Military espionage aims to obtain classified information about the military
capabilities, strategies, intentions, and vulnerabilities of rival or enemy
nations.
• Information sought through military espionage may include troop
movements, weapon systems, defense plans, intelligence operations,
communications networks, and research and development projects.
• Actors:
– Military espionage can be conducted by state actors, intelligence
agencies, military personnel, diplomatic staff, or non-state actors,
such as intelligence operatives, double agents, or mercenaries.
– Espionage activities may be carried out by foreign governments,
rival military organizations, intelligence services, or covert agents
operating on behalf of state or non-state actors.
• Motivations:
– Motivations for military espionage include gaining strategic
advantages, assessing adversary capabilities, monitoring military
developments, preventing surprise attacks, and protecting
national security interests.
 Military Espionage in the Digital World:

• Cyber Espionage: Military espionage increasingly relies on

cyber espionage techniques to infiltrate, monitor, and gather
intelligence from adversaries' military networks, defense
contractors, and government agencies.
• Cyber Operations: State-sponsored actors engage in cyber
operations, such as hacking, malware deployment, and
network intrusions, to steal classified military information,
disrupt military operations, or gain strategic advantages.
• Cyber Warfare: Military powers develop offensive cyber
capabilities to conduct cyber warfare, including disrupting
adversaries' critical infrastructure, targeting command and
control systems, and conducting covert intelligence gathering.
 Economic Espionage in the Digital World:

• Intellectual Property Theft: Economic espionage involves stealing

trade secrets, proprietary technologies, research and
development data, and other intellectual property from
corporations, research institutions, and government agencies.
• Cyber-Enabled Economic Espionage: State-sponsored actors and
cybercriminal groups use cyber techniques, such as hacking,
phishing, and social engineering, to infiltrate corporate networks,
compromise sensitive data, and gain a competitive advantage in
economic sectors.
• Industrial Sabotage: Economic espionage may also involve
sabotage or disruption of competitors' operations, supply chains,
or critical infrastructure through cyberattacks, insider threats, or
disinformation campaigns
 Threats to information resources
Classification of cyber crimes
• Cyber crimes are classified as follows:
• Crimes against individual
Email spoofing,Phishing,Spamming,Cyberdefamation,Cyberstalking and
harassment.
• Cyber crime against property
Credit card frauds,Intellectual property crimes,Internet time of theft.
• Cyber crime against organization
Unauthorised accessing of computer,password sniffing,Denail-of-service
attack,virus,Trojan horse,logic bomb,mail bomb,Industrial
spying/industrial espionage,computer network intusions,software piracy.
• Crime against society
Forgery,cyberterrorism,web jacking.
Classification by Informational Impact
• An attack on a targeted system has potential
to impact sensitive information in various
ways.
• A committed resource must be able defend
information warfare strategies in an effort to
protect themselves against theft, disruption,
distortion, denial of service, or destruction of
sensitive information assets.
• Distort - A distortion in information, usually when an attack has
caused a modification of a file. When an attack involves distort, it
is a change to data within a file, or modification of information
from the victim.
• Disrupt - A disruption in services, usually from a Denial of
Service. When an attack involves disrupt, it is an access change,
or removal of access to victim or to information.
• Destruct - A destruction of information, usually when an attack
has caused a deletion of files or removal of access. Destruct is the
most malicious impact, as it involves the file deletion, or removal
of information from the victim.
• Disclosure - A disclosure of information, usually providing an
attacker with a view of information they would normally not have
access to. It is unauthorized disclosure of information, with the
possibility of leading to other compromises.
Preventive measures from threats to information resources:

• Stay away from suspect websites/weblinks: Avoid downloading

free/pirated software that aften get infected by Trojans, worms and virus.
• Connect only to secured Wireless networks, do not connect to open wi-fi
hotspots.Avoid providing network a name which can be easily identified.
• Install Anti-virus solution: protects from malware, access to phishing
sites, scan files, SMSs and MMSs.
• Spam Filters: this application prevents and blocks SMS, Phone calls, MMS
and emails from unwanted sources.
• Firewall: Prevents network-related attacks by refusing connection with
untrusted network.
• Access Control: Access control restricts the access to user and process to
resources or services.
• Authentication: this process prevents unauthorized access to device.
• Applying patches (Regular software updates): Applying patches the
vendor has released due to some vulnerability within software in use.
New updates will be provided as patches which you can apply on existing
application or system so that your application will have all the required
security updates.
• IDS - Intrusion Detection System
It is a device or software that analyses the network traffic and detects
malicious activities.
Prevention based IDS analyses the traffic flow in order to detect and
prevent vulnerability exploits.To prevent dos ,MIM attacks.
• To prevent SQL injection attacks input validation, user inputs need to be
checked and cleaned properly ,modify error reports SQL error reports
should not be displayed to outside users, developer should handle or
configure the error reports carefully.