Popular Posts

Friday, 27 August 2010

What is Cyber Crime?

In 1820, Joseph-Marie jacquard, a textile manufacturer in France, produced the loom.  This device allowed the repetition of a series of steps in the weaving of special fabrics.  This resulted in a fear amongst Jacquard’s employees that their traditional employment and livelihood were being threatened.  They committed acts of sabotage to discourage Jacquard from further use of the new technology.  This is the first recorded cyber crime!

In a day and age when everything from microwave ovens and refrigerators to nuclear power plants is being run on computers, cyber crime has assumed rather sinister implications.

Major Cyber crimes in the recent past include the Citibank rip off. US $ 10 million were fraudulently transferred out of the bank and into a bank account in Switzerland.  The attack was perpetrated by a Russian hacker group led by Vladimir Kevin, a renowned hacker.  The group compromised the bank’s security systems.  Vladimir was allegedly using his office computer at AO Saturn, a computer firm in St.Petersburg, Russia, to break into Citibank computers.  He was finally arrested on Heathrow airport on his way to Switzerland.

The abuse of computers has also given birth to a gamut of new age crimes that are addressed by the IT Act 2000.  Defining Cyber crimes as “acts that are punishable by the IT Act would be unsuitable as the IPC also covers many cyber crimes, such as e-mail spoofing and cyber defamation, sending threatening e-mails etc.
A sturdy definition of cyber crime would be “unlawful acts wherein the computer is either a tool or a target or both”.  Let us examine the acts wherein the computer is a tool.

1. Financial Crimes
This would include cheating credit card frauds money laundering etc.

2. Cyber pornography
This would include pornographic websites; pornographic magazines produced using computers (to publish and print the material) and the Internet.

3. Sale of illegal articles
This would include sale of narcotics, weapons and wildlife etc.  Many of the auction sites even in India are believed to be selling cocaine in the name of ‘honey’.

4. Online gambling

5. Intellectual Property crimes
These include software piracy, copyright infringement, trademarks violations, theft of computer source code etc.

6. E-mail spoofing
A spoofed e-mail is one that appears to originate from one source but actually has been sent from another source.  E-mail spoofing can also cause monetary damage.

7. Forgery
Counterfeit currency notes, postage and revenue stamps, mark sheets etc can be forged using sophisticated computers, printers and scanners.  These are made using computers and high quality scanners and printers.

8. Cyber Defamation:
This occurs when defamation takes place with the help of computers.  During investigation it was revealed that the person sending those e-mails was none other than Surekha’s Stepfather.  He had sent these e-mails so as to break up the marriage.  The girl’s marriage would have caused him to lose control of her property of which he has the guardian till she got married.

9. Cyber stalking
The Oxford dictionary defines stalking as “pursuing stealthily”.  Wherein the computer is the target for an unlawful act, it may be noted that in these activities the computer may also be a tool. 

1.       Unauthorised access to computer systems or networks
            This activity is commonly referred to as hacking.  “Unauthorised access” interchangeably with the term “hacking”.

2.       Theft of information contained in electronic form:

3.       E-mail bombing:
                        It refers to sending a large number of emails to the victim resulting in the victim’s e-mail  account or mail servers crashing.

4.       Data diddling:
            It involves altering raw data just before it is processed by a computer and then changing it   back after the processing is completed.

5.       Salami attacks:
            These attacks are used for the commission of financial crimes.  E.g. A bank employee inserts a program, into the bank’s servers, that deducts a small amount of money (say Rs.5 a month) from the account of every customer.  No account holder will probably notice this unauthorized debit, but the bank employee will make a sizable amount of money every month. An    employee of a bank in USA was dismissed from his job.  The man first introduced a logic

bomb into the bank’s system.  Logic bombs are programmes, which are activated on the occurrence of a particular predefined event.  The logic bomb was programmed to take ten cents from all the accounts in the bank and put them into the account of the person whose   name was alphabetically the last in the bank’s rosters.  Then he went and opened an account    in the name of Zeigler.  The amount being withdrawn from each of the accounts in the bank was so insignificant that neither any of the account holders nor the bank officials noticed the      fault.  It was brought to their notice when a person by the name of Ziegler opened his account   in that bank.  He was surprised to find a sizable amount of money being transferred into his           account every Saturday.

6.       Denial of service attack
                        This involves flooding a computer resource with more requests than it can handle.  This causes the resource (eg. a web server) to crash thereby denying authorized users the                                 service offered by the resource.

7.       Virus/worm attacks
                        Viruses are programs that attach themselves to a computer or a file and then circulate                                themselves to other files and to other computers on a network.  Affect the date on a                                    computer, by altering or deleting it.  Worms, unlike viruses do not need the host to attach                                   themselves to.  They merely make functional copies of themselves and do this repeatedly                     till they eat up all the available space on a computer’s memory.  The VBS LOVELETTER                                   virus (better known as Love Bug or the ILOVEYOU virus) was reportedly written by a                               Filipino undergraduate. It became the world’s most prevalent virus.  It struck one in every                five personal computers in the world.

8.       Logic bombs
                        These programs are created to do something only when a certain event occurs.

9.       Trojan attacks:

10.   Internet time thefts:
                        This connotes the usage by an authorized person of the internet hours paid for by another   person.  Col.Bajwa, a resident of New Delhi, asked a nearby net café owner to come and  set up his internet connection.  For this purpose, the net café owner needed to know his                                username and password.  He went away with knowing the present username and                              password. He then sold this information to another net café.  One week later Col.Bajwa                                   found that his internet hours were almost over.  Out of the 100 hours that he had                                           bought, 94 hours had been used up within the span of that week.  Surprised, he reported                             the incident to the Delhi Police.

11.   Web jacking
                        This occurs when some one forcefully takes control of a website (by cracking the password                         and later changing it).  The actual owner of the website does not have any more control                                     over what appears on that website.

12.   Theft of computer system

13.   Physically damaging a computer system.


1. Use of PKI is strongly recommended.

            By proper use of Public Key Infrastructure.  Applications like digital signatures.  The Indian law specifically recognizes digital signatures as being the only accepted mode of authentication of electronic records.  The use of other cryptography based applications like secure socket layer etc are also strongly recommended.

2. Stringent penalty for computer crimes.  Imprisonment upto 10 years and damages in crores of rupees for various computer crimes.  Law enforcement agencies in various part of India are fast gearing upto tackle computer crime.  The formation of cyber crime investigation cells in various cities and specifically the cyber Crime Police Station at Bangalore, Karnataka.  Organisations and individuals must immediately report any

incident of computer crime and abuse to the local law enforcement authorities.  The guilty do not so scot-free and that a deterrent is created for others who dare to commit computer crime and abuse.

Data Theft
Data theft would be covered under section 66 of the IT Act 2000 which recommends a punishment of upto 3 years imprisonment and/or fine upto Rs.2 lakh.

E-mail abuse
Sending pornographic or obscene e-mails are punishable under section 67 of the IT Act.  Under this section, an offence is punishable on first conviction with imprisonment for a term, which may extend to five years and with fine, which may extend to one lakh rupees. 

A second or subsequent conviction the recommended punishment is imprisonment for a term, which may extend to 10 years and also with fine which may extend to Rs.2 lakhs. 

E-mails that are defamatory in nature are punishable under section 500 of the IPC which recommends an imprisonment of upto 2 years or a fine or both.

Threatening emails are punishable under the provisions of the IPC pertaining to criminal intimidation, insult and annoyance (Chapter XXII)

Data Alteration
Section 66 of the IT Act covers unauthorized alteration of data.  This section deals with hacking.  According to this section, unauthorised alteration of data is punishable with 3 years imprisonment and/or fine upto Rs.2 lakh.

Unauthorised Access
Section 43 of the IT Act, which provides for a penalty of upto Rs.1 crore for this offence.

Virus & malicious code
Introduction of a computer virus or contaminant is covered by section 43 of the IT Act, which provides for a compensation of upto Rs.1 crore for this offence.  This malicious code loss of data occurs then section 66 of the IT Act will also be applicable.

Denial of Service
This category dealt with under section 43 of the IT Act, which provides for a compensation of upto Rs.1 crore for this offence.
Email spoofing
It is covered under provisions of the IPC relating to forgery (chapter XVIII) page 70

No comments:

Related Posts Plugin for WordPress, Blogger...