Cyber Crime

                            INTRODUCTION

The term ‘cyber crime’ is a misnomer. This term has nowhere been defined in any statute /Act passed or enacted by the Indian Parliament. The concept of cyber crime is not radically different from the concept of conventional crime. Both include conduct whether act or omission, which cause breach of rules of law and counterbalanced by the sanction of the state.

Cyber crime is criminal activity done using computers and the Internet. This includes anything from downloading illegal music files to stealing millions of dollars from online bank accounts. Cyber crime also includes non-monetary offences, such as creating and distributing viruses on other computers or posting confidential business information on the Internet.

Perhaps the most prominent form of cyber crime is identity theft, in which criminals use the Internet to steal personal information from other users. Two of the most common ways this is done is through phishing and pharming. Both of these methods lure users to fake websites (that appear to be legitimate), where they are asked to enter personal information. This includes login information, such as usernames and passwords, phone numbers, addresses, credit card numbers, bank account numbers, and other information criminals can use to "steal" another person's identity. For this reason, it is smart to always check the URL or Web address of a site to make sure it is legitimate before entering your personal information.

Because cyber crime covers such a broad scope of criminal activity, the examples above are only a few of the thousands of crimes that are considered cyber crimes. While computers and the Internet have made our lives easier in many ways, it is unfortunate that people also use these technologies to take advantage of others. Therefore, it is smart to protect yourself by using antivirus and spy ware blocking software and being careful where you enter your personal information.

Before evaluating the concept of cyber crime it is obvious that the concept of conventional crime be discussed and the points of similarity and deviance between both these forms may be discussed.

CONVENTIONAL CRIME

Crime is a social and economic phenomenon and is as old as the human society. Crime is a legal concept and has the sanction of the law. Crime or an offence is “a legal wrong that can be followed by criminal proceedings which may result into punishment.”

(1)     The hallmark of criminality is that, it is breach of the criminal law.           Per Lord Atkin “the criminal quality of an act cannot be discovered      by reference to any standard but one: is the act prohibited with   penal consequences”.

(2)     A crime may be said to be any conduct accompanied by act or        omission prohibited by law and consequential breach of which is       visited by penal consequences.

                   DEFINITION OF CYBER CRIME

Cyber crime is the latest and perhaps the most complicated problem in the cyber world. “Cyber crime may be said to be those species, of which, genus is the conventional crime, and where either the computer is an object or subject of the conduct constituting crime” [1]. “Any criminal activity that uses a computer either as an instrumentality, target or a means for perpetuating further crimes comes within the ambit of cyber crime” [2]

A generalized definition of cyber crime may be “ unlawful acts wherein the computer is either a tool or target or both”(3) The computer may be used as a tool in the following kinds of activity- financial crimes, sale of illegal articles, pornography, online gambling, intellectual property crime, e-mail spoofing, forgery, cyber defamation, cyber stalking. The computer may however be target for unlawful acts in the following cases-

unauthorized access to computer/ computer system/ computer networks, theft of information contained in the electronic form, e-mail bombing, data did ling, salami attacks, logic bombs, Trojan attacks, internet time thefts, web jacking, theft of computer system, physically damaging the computer system.

The Oxford Reference Online defines cyber crime as crime committed over the Internet. The Encyclopaedia Britannica defines cyber crime as any crime that is committed by means of special knowledge or expert use of computer technology.

Cyber crime could reasonably include a wide variety of criminal offences and activities. The scope of this definition becomes wider with a frequent companion or substitute term “computer-related crime.” Examples activities that are considered

cyber crime can be found in the United Nations Manual on the Prevention and Control of Computer-Related Crime. The manual includes fraud, forgery, computer sabotage, unauthorised access and copying of computer programs as examples of cyber crime. (www.uncjin.org/Documents/EighthCongress.html) Malaysia was amongst the first few countries in the world to introduce cyber laws. An

example of such cyber is the Computer Crimes Act 1997. This cyber law addresses and looks into areas of cyber crime activities [3]

REASONS FOR CYBER CRIME

Hart in his work “ The Concept of Law” has said ‘human beings are vulnerable so rule of law is required to protect them’. Applying this to the cyberspace we may say that computers are vulnerable so rule of law is required to protect and safeguard them against cyber crime. The reasons for the vulnerability of computers may be said to be:

1       Capacity to store data in comparatively small space-

The computer has unique characteristic of storing data in a very small space. This affords to remove or derive information either through physical or virtual medium makes it much more easier.

2       Easy to access-

The problem encountered in guarding a computer system from unauthorised access is that there is every possibility of breach not due to human error but due to the complex technology. By secretly implanted logic bomb, key loggers that can steal access codes, advanced voice recorders; retina imagers etc. that can fool biometric systems and bypass firewalls can be utilized to get past many a security system.

3.      Complex-

The computers work on operating systems and these operating systems in turn are composed of millions of codes. Human mind is fallible and it is not possible that there might not be a lapse at any stage. The cyber criminals take advantage of these lacunas and penetrate into the computer system.

4.      Negligence-

Negligence is very closely connected with human conduct. It is therefore very probable that while protecting the computer system there might be any negligence, which in turn provides a cyber criminal to gain access and control over the computer system.

5.      Loss of evidence-

Loss of evidence is a very common & obvious problem as all the data are routinely destroyed. Further collection of data outside the territorial extent also paralyses this system of crime investigation.

CYBER CRIMINALS

The cyber criminals constitute of various groups/ category. This division may be justified on the basis of the object that they have in their mind. The following are the category of cyber criminals-

1.       Children and adolescents between the age group of 6 – 18 years

The simple reason for this type of delinquent behaviour pattern in children is seen mostly due to the inquisitiveness to know and explore the things.  Other cognate reason may be to prove themselves to be outstanding amongst other children in their group. Further the reasons may be psychological even. E.g. the Bal Bharati (Delhi) case was the outcome of harassment of the delinquent by his friends.

2.      Organised hackers-

These kinds of hackers are mostly organised together to fulfil certain objective. The reason may be to fulfil their political bias, fundamentalism, etc. The Pakistanis are said to be one of the best quality hackers in the world. They mainly target the Indian government sites with the purpose to fulfil their political objectives. Further the NASA as well as the Microsoft sites is always under attack by the hackers.

3.      Professional hackers / crackers –

Their work is motivated by the colour of money. These kinds of hackers are mostly employed to hack the site of the rivals and get credible, reliable and valuable information. Further they are ven employed to crack the system of the employer basically as a measure to make it safer by detecting the loopholes.

4.       Discontented employees-

This group include those people who have been either sacked by their employer or are dissatisfied with their employer. To avenge they normally hack the system of their employee.

MODE AND MANNER OF COMMITING CYBER                                        CRIME

Mode and manner of committing cyber crime [4]

1.      Theft of Telecommunications Services

The "phone phreakers" of three decades ago set a precedent for what has become a major criminal industry. By gaining access to an organization’s telephone switchboard (PBX) individuals or criminal organizations can obtain access to dial-in/dial-out circuits and then make their own calls or sell call time to third parties (Gold 1999). Offenders may gain access to the switchboard by impersonating a technician, by fraudulently obtaining an employee's access code, or by using software available on the internet. Some sophisticated offenders loop between PBX systems to evade detection. Additional forms of service theft include capturing "calling card" details and on-selling calls charged to the calling card account, and counterfeiting or illicit reprogramming of stored value telephone cards.

                                                      It has been suggested that as long ago as 1990, security failures at one major telecommunications carrier cost approximately £290 million, and that more recently, up to 5% of total industry turnover has been lost to fraud (Schieck 1995: 2-5; Newman 1998). Costs to individual subscribers can also be significant In one case, computer hackers in the United States illegally obtained access to Scotland Yard's telephone network and made £620,000 worth of international calls for which Scotland Yard was responsible (Tendler and Nuttall 1996).

2.      Communications in Furtherance of Criminal Conspiracies

Just as legitimate organizations in the private and public sectors rely upon information systems for communications and record keeping, so too are the activities of criminal organizations enhanced by technology.

There is evidence of telecommunications equipment being used to facilitate organized drug trafficking, gambling, prostitution, money laundering, child pornography and trade in weapons (in those jurisdictions where such activities are illegal). The use of encryption technology may place criminal communications beyond the reach of law enforcement.

The use of computer networks to produce and distribute child pornography has become the subject of increasing attention. Today, these materials can be imported across national borders at the speed of light (Grant, David and Grabosky 1997). The more overt manifestations of internet child pornography entail a modest degree of organization, as required by the infrastructure of IRC and WWW, but the activity appears largely confined to individuals.

By contrast, some of the less publicly visible traffic in child pornography activity appears to entail a greater degree of organization. Although knowledge is confined to that conduct which has been the target of successful police investigation, there appear to have been a number of networks which extend cross-nationally, use sophisticated technologies of concealment, and entail a significant degree of coordination.

Illustrative of such activity was the Wonderland Club, an international network with members in at least 14 nations ranging from Europe, to North America, to Australia. Access to the group was password protected, and content was encrypted. Police investigation of the activity, codenamed "Operation Cathedral" resulted in approximately 100 arrests around the world, and the seizure of over 100,000 images in September, 1998.

3.      Telecommunications Piracy

Digital technology permits perfect reproduction and easy dissemination of print, graphics, sound, and multimedia combinations. The temptation to reproduce copyrighted material for personal use, for sale at a lower price, or indeed, for free distribution, has proven irresistable to many.

This has caused considerable concern to owners of copyrighted material. Each year, it has been estimated that losses of between US$15 and US$17 billion are sustained by industry by reason of copyright infringement (United States, Information Infrastructure Task Force 1995, 131).

The Software Publishers Association has estimated that $7.4 billion worth of software was lost to piracy in 1993 with $2 billion of that being stolen from the Internet (Meyer and Underwood 1994).

Ryan (1998) puts the cost of foreign piracy to American industry at more than $10 billion in 1996, including $1.8 billion in the film industry, $1.2 billion in music, $3.8 billion in business application software, and $690 million in book publishing.

According to the Straits Times (8/11/99) A copy of the most recent James Bond Film The World is Not Enough, was available free on the internet before its official release.

When creators of a work, in whatever medium, are unable to profit from their creations, there can be a chilling effect on creative effort generally, in addition to financial loss.

4.      Dissemination of Offensive Materials

Content considered by some to be objectionable exists in abundance in cyberspace. This includes, among much else, sexually explicit materials, racist propaganda, and instructions for the fabrication of incendiary and explosive devices. Telecommunications systems can also be used for harassing, threatening or intrusive communications, from the traditional obscene telephone call to its contemporary manifestation in "cyber-stalking", in which persistent messages are sent to an unwilling recipient.

One man allegedly stole nude photographs of his former girlfriend and her new boyfriend and posted them on the Internet, along with her name, address and telephone number. The unfortunate couple, residents of Kenosha, Wisconsin, received phone calls and e-mails from strangers as far away as Denmark who said they had seen the photos on the Internet. Investigations also revealed that the suspect was maintaining records about the woman's movements and compiling information about her family (Spice and Sink 1999).

In another case a rejected suitor posted invitations on the Internet under the name of a 28-year-old woman, the would-be object of his affections, that said that she had fantasies of rape and gang rape. He then communicated via email with men who replied to the solicitations and gave out personal information about the woman, including her address, phone number, details of her physical appearance and how to bypass her home security system. Strange men turned up at her home on six different occasions and she received many obscene phone calls. While the woman was not physically assaulted, she would not answer the phone, was afraid to leave her home, and lost her job (Miller 1999; Miller and Maharaj 1999).

One former university student in California used email to harass 5 female students in 1998. He bought information on the Internet about the women using a professor's credit card and then sent 100 messages including death threats, graphic sexual descriptions and references to their daily activities. He apparently made the threats in response to perceived teasing about his appearance (Associated Press 1999a).

Computer networks may also be used in furtherance of extortion. The Sunday Times (London) reported in 1996 that over 40 financial institutions in Britain and the United States had been attacked electronically over the previous three years. In England, financial institutions were reported to have paid significant amounts to sophisticated computer criminals who threatened to wipe out computer systems. (The Sunday Times, June 2, 1996). The article cited four incidents between 1993 and 1995 in which a total of 42.5 million Pounds Sterling were paid by senior executives of the organizations concerned, who were convinced of the extortionists' capacity to crash their computer systems (Denning 1999 233-4).

5.      Electronic Money Laundering and Tax Evasion

For some time now, electronic funds transfers have assisted in concealing and in moving the proceeds of crime. Emerging technologies will greatly assist in concealing the origin of ill-gotten gains. Legitimately derived income may also be more easily concealed from taxation authorities. Large financial institutions will no longer be the only ones with the ability to achieve electronic funds transfers transiting numerous jurisdictions at the speed of light. The development of informal banking institutions and parallel banking systems may permit central bank supervision to be bypassed, but can also facilitate the evasion of cash transaction reporting requirements in those nations which have them. Traditional underground banks, which have flourished in Asian countries for centuries, will enjoy even greater capacity through the use of telecommunications.

With the emergence and proliferation of various technologies of electronic commerce, one can easily envisage how traditional countermeasures against money laundering and tax evasion may soon be of limited value. I may soon be able to sell you a quantity of heroin, in return for an untraceable transfer of stored value to my "smart-card", which I then download anonymously to my account in a financial institution situated in an overseas jurisdiction which protects the privacy of banking clients. I can discreetly draw upon these funds as and when I may require, downloading them back to my stored value card (Wahlert 1996).

6.      Electronic Vandalism, Terrorism and Extortion

As never before, western industrial society is dependent upon complex data processing and telecommunications systems. Damage to, or interference with, any of these systems can lead to catastrophic consequences. Whether motivated by curiosity or vindictiveness electronic intruders cause inconvenience at best, and have the potential for inflicting massive harm (Hundley and Anderson 1995, Schwartau 1994).

While this potential has yet to be realised, a number of individuals and protest groups have hacked the official web pages of various governmental and commercial organisations (Rathmell 1997). http://www.2600.com/hacked_pages/ (visited 4 January 2000). This may also operate in reverse: early in 1999 an organised hacking incident was apparently directed at a server which hosted the Internet domain for East Timor, which at the time was seeking its independence from Indonesia (Creed 1999).

Defence planners around the world are investing substantially in information warfare - means of disrupting the information technology infrastructure of defense systems (Stix 1995). Attempts were made to disrupt the computer systems of the Sri Lankan Government (Associated Press 1998), and of the North Atlantic Treaty Organization during the 1999 bombing of Belgrade (BBC 1999). One case, which illustrates the transnational reach of extortionists, involved a number of German hackers who compromised the system of an Internet service provider in South Florida, disabling eight of the ISPs ten servers. The offenders obtained personal information and credit card details of 10,000 subscribers, and, communicating via electronic mail through one of the compromised accounts, demanded that US$30,000 be delivered to a mail drop in Germany. Co-operation between US and German authorities resulted in the arrest of the extortionists (Bauer 1998).

More recently, an extortionist in Eastern Europe obtained the credit card details of customers of a North American based on-line music retailer, and published some on the Internet when the retailer refused to comply with his demands (Markoff 2000).

7.      Sales and Investment Fraud

As electronic commerce becomes more prevalent, the application of digital technology to fraudulent endeavours will be that much greater. The use of the telephone for fraudulent sales pitches, deceptive charitable solicitations, or bogus investment overtures is increasingly common. Cyberspace now abounds with a wide variety of investment opportunities, from traditional securities such as stocks and bonds, to more exotic opportunities such as coconut farming, the sale and leaseback of automatic teller machines, and worldwide telephone lotteries (Cella and Stark 1997 837-844). Indeed, the digital age has been accompanied by unprecedented opportunities for misinformation. Fraudsters now enjoy direct access to millions of prospective victims around the world, instantaneously and at minimal cost.

Classic pyramid schemes and "Exciting, Low-Risk Investment Opportunities" are not uncommon. The technology of the World Wide Web is ideally suited to investment solicitations. In the words of two SEC staff "At very little cost, and from the privacy of a basement office or living room, the fraudster can produce a home page that looks better and more sophisticated than that of a Fortune 500 company" (Cella and Stark 1997, 822).

8.      Illegal Interception of Telecommunications

Developments in telecommunications provide new opportunities for electronic eavesdropping. From activities as time-honoured as surveillance of an unfaithful spouse, to the newest forms of political and industrial espionage, telecommunications interception has increasing applications. Here again, technological developments create new vulnerabilities. The electromagnetic signals emitted by a computer may themselves be intercepted. Cables may act as broadcast antennas. Existing law does not prevent the remote monitoring of computer radiation.

It has been reported that the notorious American hacker Kevin Poulsen was able to gain access to law enforcement and national security wiretap data prior to his arrest in 1991 (Littman 1997). In 1995, hackers employed by a criminal organization attacked the communications system of the Amsterdam Police. The hackers succeeded in gaining police operational intelligence, and in disrupting police communications (Rathmell 1997).

9.      Electronic Funds Transfer Fraud

Electronic funds transfer systems have begun to proliferate, and so has the risk that such transactions may be intercepted and diverted. Valid credit card numbers can be intercepted electronically, as well as physically; the digital information stored on a card can be counterfeited.

Of course, we don't need Willie Sutton to remind us that banks are where they keep the money. In 1994, a Russian hacker Vladimir Levin, operating from St Petersburg, accessed the computers of Citibank's central wire transfer department, and transferred funds from large corporate accounts to other accounts which had been opened by his accomplices in The United States, the Netherlands, Finland, Germany, and Israel. Officials from one of the corporate victims, located in Argentina, notified the bank, and the suspect accounts, located in San Francisco, were frozen. The accomplice was arrested. Another accomplice was caught attempting to withdraw funds from an account in Rotterdam. Although Russian law precluded Levin's extradition, he was arrested during a visit to the United States and subsequently imprisoned. (Denning 1999, 55).

The above forms of computer-related crime are not necessarily mutually exclusive, and need not occur in isolation. Just as an armed robber might steal an automobile to facilitate a quick getaway, so too can one steal telecommunications services and use them for purposes of vandalism, fraud, or in furtherance of a criminal conspiracy.1 Computer-related crime may be compound in nature, combining two or more of the generic forms outlined above.

The various activities of Kevin Mitnick, as described in Hafner and Markoff (1991) are illustrative.

CLASSIFICATION

The subject of cyber crime may be broadly classified under the following three groups. They are-

1.      Against Individuals

          a.      their person &

          b.       their property of an individual

2.      Against Organization

          a.      Government

          b.       Firm, Company, Group of Individuals.

3.      Against Society at large

The following are the crimes, which can be committed against the followings group

Against Individuals: –

                             i.        Harassment via e-mails.

                             ii.       Cyber-stalking.

                             iii.      Dissemination of obscene material.

                             iv.      Defamation.

                             v.       Unauthorized control/access over computer                                               system.

                             vi.      Indecent exposure

                             vii.     Email spoofing

                             viii.    Cheating & Fraud

Against Individual Property: -

                             i.        Computer vandalism.

                             ii.       Transmitting virus.

                             iii.      Netrespass

                             iv.      Unauthorized control/access over computer                                               system.

                             v.       Intellectual Property crimes

                             vi.      Internet time thefts

Against Organization: -

                   i.        Unauthorized control/access over computer system

                   ii.       Possession of unauthorized information.

                   iii.      Cyber terrorism against the government                                           organization.

                   iv.      Distribution of pirated software etc.

Against Society at large: -

                   i.        Pornography (basically child pornography).

                   ii.       Polluting the youth through indecent exposure.

                   iii.      Trafficking

                   iv.      Financial crimes

                   v.       Sale of illegal articles

                   vi.      Online gambling

                   vii.     Forgery

The above mentioned offences may discussed in brief as follows:

1.      Harassment via e-mails

Harassment through e-mails is not a new concept. It is very similar to harassing through letters. Recently I had received a mail from a lady wherein she complained about the same. Her former boy friend was sending her mails constantly sometimes emotionally blackmailing her and also threatening her. This is a very common type of harassment via e-mails.

2.      Cyber-stalking

The Oxford dictionary defines stalking as "pursuing stealthily". Cyber stalking   involves following a person's movements across the Internet by posting messages (sometimes threatening) on the bulletin boards frequented by the victim, entering the chat-rooms frequented by the victim, constantly bombarding the victim with emails etc.

3.      Dissemination of obscene material/ Indecent exposure/ Pornography (basically child pornography) / Polluting through indecent exposure

Pornography on the net may take various forms. It may include the hosting of web site containing these prohibited materials.Use of computers for producing these obscene materials. Downloading through the Internet, obscene materials. These obscene matters may cause harm to the mind of the adolescent and tend to deprave or corrupt their mind. Two known cases of pornography are the Delhi Bal Bharati case and the Bombay case wherein two Swiss couple used to force the slum children for obscene photographs. The Mumbai police later arrested them.

 4.     Defamation

It is an act of imputing any person with intent to lower the person in the estimation of the right-thinking members of society generally or to cause him to be shunned or avoided or to expose him to hatred, contempt or ridicule. Cyber defamation is not different from conventional defamation except the involvement of a virtual medium. E.g. the mail account of Rohit was hacked and some mails were sent from his account to some of his batch mates regarding his affair with a girl with intent to defame him.

5.      Unauthorized control/access over computer system

This activity is commonly referred to as hacking. The Indian law has however given a different connotation to the term hacking, so we will not use the term "unauthorized access" interchangeably with the term "hacking" to prevent confusion as the term used in the Act of 2000 is much wider than hacking.

6.      E mail spoofing

A spoofed e-mail may be said to be one, which misrepresents its origin. It shows it's origin to be different from which actually it originates. Recently spoofed mails were sent on the name of Mr. Na.Vijayashankar (naavi.org), which contained virus.    

                                     Rajesh Manyar, a graduate student at Purdue University in Indiana, was arrested for threatening to detonate a nuclear device in the college campus. The alleged e- mail was sent from the account of another student to the vice president for student services. However the mail was traced to be sent from the account of Rajesh Manyar.[5] 

7.      Computer vandalism

Vandalism means deliberately destroying or damaging property of another. Thus computer vandalism may include within its purview any kind of physical harm done to the computer of any person. These acts may take the form of the theft of a computer, some part of a computer or a peripheral attached to the computer or by physically damaging a computer or its peripherals.

8.      Transmitting virus/worms

This topic has been adequately dealt herein above.

9.      Intellectual Property crimes / Distribution of pirated software

Intellectual property consists of a bundle of rights. Any unlawful act by which the owner is deprived completely or partially of his rights is an offence. The common form of IPR violation may be said to be software piracy, copyright infringement, trademark and service mark violation, theft of computer source code, etc.

                                           The Hyderabad Court has in a land mark judgement has convicted three people and sentenced them to six months imprisonment and fine of 50,000 each for unauthorized copying and sell of pirated software. [6]

10.    Cyber terrorism against the government organization

At this juncture a necessity may be felt that what is the need to distinguish between cyber terrorism and cyber crime. Both are criminal acts. However there is a compelling need to distinguish between both these crimes. A cyber crime is generally a domestic issue, which may have international consequences, however cyber terrorism is a global concern, which has domestic as well as international consequences.  The common form of these terrorist attacks on the Internet is by distributed denial of service attacks, hate websites and hate emails, attacks on sensitive computer networks, etc.  Technology savvy terrorists are using 512-bit encryption, which is next to impossible to decrypt. The recent example may be cited of – Osama Bin Laden, the LTTE, attack on America’s army deployment system during Iraq war.

Cyber terrorism may be defined to be “ the premeditated use of disruptive activities, or the threat thereof, in cyber space, with the intention to further social, ideological, religious, political or similar objectives, or to intimidate any person in furtherance of such objectives” (4)

Another definition may be attempted to cover within its ambit every act of cyber terrorism.

A terrorist means a person who indulges in wanton killing of persons or in violence or in disruption of services or means of communications essential to the community or in damaging property with the view to –

          (i)      putting the public or any section of the public in fear; or

          (ii)     affecting adversely the harmony between different        religious,              racial, language or regional groups or castes or communities;           or

          (iii)    coercing or overawing the government established by                      law; or

          (iv)    endangering the sovereignty and integrity of the nation

          and a cyber terrorist is the person who uses the computer system as a means or ends to achieve the above objectives. Every act done in pursuance thereof is an act of cyber terrorism.

11.    Trafficking

Trafficking may assume different forms. It may be trafficking in drugs, human beings, arms weapons etc. These forms of trafficking are going unchecked because they are carried on under pseudonyms. A racket was busted in Chennai where drugs were being sold under the pseudonym of honey. 

12.    Fraud & Cheating

Online fraud and cheating is one of the most lucrative businesses that are growing today in the cyber space. It may assume different forms. Some of the cases of online fraud and cheating that have come to light are those pertaining to credit card crimes, contractual crimes, offering jobs, etc.

Recently the Court of Metropolitan Magistrate Delhi [7] found guilty a 24-year-old engineer working in a call centre, of fraudulently gaining the details of Campa's credit card and bought a television and a cordless phone from Sony website. Metropolitan magistrate Gulshan Kumar convicted Azim for cheating under IPC, but did not send him to jail. Instead, Azim was asked to furnish a personal bond of Rs 20,000, and was released on a year's probation.

                PREVENTION OF CYBER CRIME

Prevention is always better than cure. It is always better to take certain precaution while operating the net. A  should make them his part of cyber life. Saileshkumar Zarkar, technical advisor and network security consultant to the Mumbai Police Cyber crime Cell, advocates the 5P mantra for online security: Precaution, Prevention, Protection, Preservation and Perseverance.  A netizen should keep in mind the following things-

1.       To prevent cyber stalking avoid disclosing any information   pertaining to oneself. This is as good as disclosing your identity to     strangers in public place.

2.       Always avoid sending any photograph online particularly to          strangers and chat friends as there have been incidents of misuse of           the photographs.

3.       Always use latest and up date anti virus software to guard against virus attacks.

4.       Always keep back up volumes so that one may not suffer data loss          in case of virus contamination

5.       Never send your credit card number to any site that is not secured,          to guard against frauds.

6.       Always keep a watch on the sites that your children are accessing   to prevent any kind of harassment or depravation in children.

7.       It is better to use a security programme that gives control over the cookies and send information back to the site as leaving the cookies unguarded might prove fatal.

8.       Web site owners should watch traffic and check any irregularity on          the site. Putting host-based intrusion detection devices on servers         may do this.

9.       Use of firewalls may be beneficial.

10.     Web servers running public sites must be physically separate         protected from internal corporate network.

Adjudication of a Cyber Crime - On the directions of the Bombay High Court the Central Government has by a notification dated 25.03.03 has decided that the Secretary to the Information Technology Department in each state by designation would be appointed as the AO for each state.

                             STATUTORY PROVISONS

The Indian parliament considered it necessary to give effect to the resolution by which the General Assembly adopted Model Law on Electronic Commerce adopted by the United Nations Commission on Trade Law. As a consequence of which the Information Technology Act 2000 was passed and enforced on 17th May 2000.the preamble of this Act states its objective to legalise e-commerce and further amend the Indian Penal Code 1860, the Indian Evidence Act 1872, the Banker’s Book Evidence Act1891 and   the Reserve Bank of India Act 1934.  The basic purpose to incorporate the changes in these Acts is to make them compatible with the Act of 2000. So that they may regulate and control the affairs of the cyber world in an effective manner.            

The Information Technology Act deals with the various cyber crimes in chapters IX & XI. The important sections are Ss. 43,65 [8]. Section 43 in particular deals with the unauthorised access, unauthorised downloading, virus attacks or any contaminant, causes damage, disruption, denial of access, interference with the service availed by a person. This section provide for a fine up to Rs. 1 Crore by way of remedy. Section 65 deals with ‘tampering with computer source documents’ and provides for imprisonment up to 3 years or fine, which may extend up to 2 years or both. Section [9] deals with ‘hacking with computer system’ and provides for imprisonment up to 3 years or fine, which may extend up to 2 years or both. Further section 67 deals with publication of obscene material and provides for imprisonment up to a term of 10 years and also with fine up to Rs. 2 lakhs. [10]

  ANALYSIS OF THE STATUTORY PROVISONS

The Information Technology Act 2000 was undoubtedly a welcome step at a time when there was no legislation on this specialised field. The Act has however during its application has proved to be inadequate to a certain extent. The various loopholes in the Act are-

1.      The hurry in which the legislation was passed, without sufficient public debate, did not   really serve the desired purpose

Experts are of the opinion that one of the reasons for the inadequacy of the legislation has been the hurry in which it was passed by the parliament and it is also a fact that sufficient time was not given for public debate.

2.      “Cyberlaws, in their very preamble and aim, state that they are targeted at aiding e-commerce, and are not meant to regulate cybercrime”

Mr. Pavan Duggal holds the opinion that the main intention of the legislators has been to provide for a law to regulate the e-commerce and with that aim the I.T.Act 2000 was passed, which also is one of the reasons for its inadequacy to deal with cases of cyber crime.

At this point I would like to express my respectful dissent with Mr. Duggal. I feel that the above statement by Mr. Duggal is not fundamentally correct. The reason being that the preamble does state that the Act aims at legalising e-commerce. However it does not stop here. It further amends the I.P.C., Evidence Act, Banker’s Book Evidence and RBI Act also. The Act also aims to deal with all matters connected therewith or incidental thereto.  It is a cardinal rule of interpretation that “text should be read as a whole to gather the meaning”. It seems that the above statement has been made in total disregard of this rule of interpretation.  The preamble, if read as a whole, makes it very clear that the Act equally aims at legalising e-commerce and to curb any offences arising there from.

3. Cyber torts

The recent cases including Cyber stalking cyber harassment, cyber nuisance, and cyber defamation have shown that the I.T.Act 2000 has not dealt with those offences. Further it is also contended that in future new forms of cyber crime will emerge which even need to be   taken care of. Therefore India should sign the cyber crime convention. However the I.T.Act 2000 read with the Penal Code is capable of dealing with these felonies.

 4.     Cyber crime in the Act is neither comprehensive nor exhaustive

Mr. Duggal believes that we need dedicated legislation on cyber crime that can supplement the Indian Penal Code. The contemporary view is held by Mr. Prathamesh Popat who has stated- "The IT Act, 2000 is not comprehensive enough and doesn't even define the term 'cyber crime". (8) Mr. Duggal has further commented, “India, as a nation, has to cope with an urgent need to regulate and punish those committing cyber crimes, but with no specific provisions to do so. Supporters of the Indian Penal Code School vehemently argue that IPC has stood the test of time and that it is not necessary to incorporate any special laws on cyber crime. This is because it is debated by them that the IPC alone is sufficient for all kinds of crime. However, in practical terms, the argument does not have appropriate backing. It has to be distinctly understood that cyber crime and cyberspace are completely new whelms, where numerous new possibilities and opportunities emerge by the day in the form of new kinds of crimes.”(6)                                                      

I feel that a new legislation on cyber crime is totally unwarranted. The reason is that the new legislation not come alone but will bring with it the same confusion, the same dissatisfaction and the same desire to supplant it by further new legislation. Mr. Duggal has stated above the need to supplement IPC by a new legislation. If that is the issue then the present legislation along with the Penal Code when read harmoniously and co- jointly is sufficient to deal with the present problems of cyber crime. Further there are other legislations to deal with the intellectual property crimes on the cyber space such as the Patents Act, Copy Right Act, Trade Marks Act.

5.      Ambiguity in the definitions

The definition of hacking provided in section 66 of the Act is very wide and capable of misapplication. There is every possibility of this section being misapplied and in fact the Delhi court has misapplied it. The infamous go2nextjob has made it very clear that what may be the fate of a person who is booked under section 66 or the constant threat under which the netizens are till s. 66 exists in its present form.

Further section 67 is also vague to certain extent. It is difficult to define the term lascivious information or obscene pornographic informa­tion.  Further our inability to deal with the cases of cyber pornography  has been proved by the Bal Bharati case.       

6.      Uniform law

Mr. Vinod Kumar (9) holds the opinion that the need of the hour is a worldwide uniform cyber law to combat cyber crime. Cyber crime is a global phenomenon and therefore the initiative to fight it should come from the same level. E.g. the author of the love bug virus was appreciated by his countrymen.

7.      Lack of awareness

One important reason that the Act of 2000 is not achieving complete success is the lack of awareness among the s about their rights. Further most of the cases are going unreported. If the people are vigilant about their rights the law definitely protects their right. E.g. the Delhi high court in October 2002 prevented a person from selling Microsoft pirated software over an auction site. Achievement was also made in the case before the court of metropolitan magistrate Delhi wherein a person was convicted for online cheating by buying Sony products using a stolen credit card. (17)

8.      Jurisdiction issues

Jurisdiction is also one of the debatable issues in the cases of cyber crime due to the very universal nature of cyber space. With the ever-growing arms of cyber space the territorial concept seems to vanish. New methods of dispute resolution should give way to the conventional  methods. The Act of 2000 is very silent on these issues.

9.      Extra territorial application

Though S.75 provides for extra-territorial operations of this law, but they could be meaningful only when backed with provisions recognizing orders and warrants for Information issued by competent authorities outside their jurisdiction and measure for cooperation for exchange of material and evidence of computer crimes between law enforcement agencies.

10.    Raising a cyber army

By using the word ‘cyber army’ by no means I want to convey the idea of virtual army, rather I am laying emphasis on the need for a well equipped task force to deal with the new trends of hi tech crime. The government has taken a leap in this direction by constituting cyber crime cells in all metropolitan and other important cities. Further the establishment of the Cyber Crime Investigation Cell (CCIC) of the Central Bureau of Investigation (CBI) 11) is definitely a welcome step in this direction. There are man cases in which the C.B.I has achieved success. The present position of cases of cyber crime (17) is –

Case 1: When a woman at an MNC started receiving obscene calls, CBI found her colleague had posted her personal details on Mumbaidating.com.

Status: Probe on

Case 2: CBI arrested a man from UP, Mohammed Feroz, who placed ads offering jobs in Germany. He talked to applicants via e-mail and asked them to deposit money in his bank account in Delhi.

Status: Chargesheet not filed

Case 3: The official web-site of the Central Board of Direct Taxes was hacked last year. As Pakistan-based hackers were responsible, authorities there were informed through Interpol.

Status: Pak not cooperating.

11.    Cyber savvy bench

Cyber savvy judges are the need of the day. Judiciary plays a vital role in shaping the enactment according to the order of the day. One such stage, which needs appreciation, is the P.I.L., which the Kerela High Court has accepted through an email. The role of the judges in today’s word may be gathered by the statement- judges carve ‘law is’ to ‘law ought to be’. Mr T.K.Vishwanathan, member secretary, Law Commission , has highlighted  the requirements for introducing e-courts in India. In his article published in The Hindu he has stated “if there is one area of Governance where IT can make a huge difference to Indian public is in the Judicial System”.

12.    Dynamic form of cyber crime

Speaking on the dynamic nature of cyber crime FBI Director Louis Freeh has said, "In short, even though we have markedly improved our capabilities to fight cyber intrusions the problem is growing even faster and we are falling further behind.”  The (de)creativity of human mind cannot be checked by any law. Thus the only way out is the liberal construction while applying the statutory provisions to cyber crime cases. 

13.    Hesitation to report offences

As stated above one of the fatal drawbacks of the Act has been the cases going unreported. One obvious reason is the non-cooperative police force. This was proved by the Delhi time theft case. "The police are a powerful force today which can play an instrumental role in preventing cybercrime. At the same time, it can also end up wielding the rod and harassing innocent s, preventing them from going about their normal cyber business."(10) This attitude of the administration is also revelled by incident that took place at Merrut  and Belgam. (for the facts of these incidents refer to naavi.com). For complete realisation of the provisions of this Act a cooperative police force is require.

  INTERNATIONAL LAW ENFORCEMENT IN                                  CYBERSPACE

Computer-related crime

Computer-related crime, otherwise known as cyber crime, refers to

attacks against the infrastructure of computer systems on the internet

or private networks. Crimes such as online practices of forgery and

fraud are also considered as cyber crimes. The digital world has

enabled the use of computers and other communication tools, not

only as weapons from which traditional crimes can be committed,

but also the creation of new crimes brought about by the very

existence of such technology. And for these new crimes, older

legislative instruments have become inadequate and difficult to apply

to such an environment. Developing countries have become ideal

breeding grounds as well as targets for online criminals. This is

mainly due to the fact that many of these countries are new to the

online environment and technology in general. This is added to the

rapid development and proliferation of advanced technological tools,

software and know-how through ICTS. Developed countries

themselves have only started dealing with these issues in the past

decade or so, and it is a fact that technology progresses at a much

faster pace than legislative bodies and governmental authorities

respond. It is therefore not surprising that many criminals seek haven

in countries where cyber crime laws do not yet exist in order to

commit criminal acts without fear of criminal sanctions.

Consequently, the more immediate concern is to elaborate and

implement legislation which will be able to deal with cyber crime

appropriately. Several international conventions exist which already

try to deal with these new, sometimes complex, issues and adopt an

appropriate framework for them

International

The United Nations Resolutions 55/63 [11] and 56/121 [12] on

Combating the Criminal Misuse of Information Technology

(Annex 36) tried to address the problem of safe havens for those who

criminally misuse information technologies by requesting that States

put into place laws to eliminate such havens. Recommendations

included increased cooperation in law enforcement during

investigation and prosecution of computer-related crime, the

protection of confidentiality, availability and integrity of computer

systems from unauthorized impairment by the legal system.

Preservation of data in investigations of such crimes was an

important concern as well as fast access to such data and the

penalization of criminal abuse.

Two further Resolutions were adopted, Resolutions 57/239 and

58/199 [13] on the Creation of a Global Culture of Security and the

Protection of Criminal Information Infrastructure.

The first Resolution focused principally on the need for States to take

action domestically on nine goals: awareness, responsibility,

response, ethics, democracy, risk assessment, security design and

implementation, security management and reassessment. The second

Resolution noted the interdependence on information infrastructures

with other sectors of global infrastructure critical for public services.

The Annex to the Resolution listed different elements for protecting

critical infrastructures.

The Eleventh UN Congress on Crime and Prevention and Criminal

Justice, which took place in April 2005, undertook a Workshop

which looked at measures to combat computer-related crime. The

Workshop report identified several different types of computer related

crime and has tried to elaborate a conceptual model with

regard to definitions of cyber crime. This included illegal criminal

conduct in the case of crimes directed at computing and

communication technologies themselves, crimes involving the use of

digital technologies, as well as crimes involving the incidental use of

computers with respect to the commission of other crimes, making

the computer a source of digital evidence. Crimes that target ICTs

include theft of telecommunications and computer services by using

hacking techniques in order to gain unauthorized access, password

cracking, digital cloning, and credit card fraud. Other conduct, such

as denial of service attacks, can effectively crash servers and

websites, but this has been dealt with under the availability chapter.

CONCLUSION

With all new wonders, come new worries. The internet is no

exception. In just over a decade, this technological miracle has

brought societies the world over closer together than in the whole

history of international relations. Unfortunately, this has meant that

disruption of its infrastructure will have a global effect. The internet

can only ever be as secure as its weakest link. In order to strengthen

the overall infrastructure, efforts by each country must be made at a

supranational level in an attempt to cooperate and coordinate with

each other so as to come to harmonized terms on matters regarding

security. In light of the tremendous growth of electronic commerce,

the potential for many developing countries is great. Minimum

physical infrastructure is required, and thus capital investment, which

previously would have been used in construction and production on

physical locations, can be used for launching and securing online

business.

Credibility in a country’s e-commerce activities heavily relies on the

validity and authenticity of electronic contractual relationships. If

legislative enforcement cannot be guaranteed, then contractual

relations will be undermined. Electronic contracts and electronic

evidence have become an accepted format in the courts and

recognized by governments in many developed countries. With the

use of encryption technologies, electronic signatures have become

binding on contractual documents. Cryptographic techniques such as

the Public Key Infrastructure have become one of the most reliable

technologies to date for authenticating individuals. This form of

electronic signature has become internationally recognized, with

involvement by the United Nations with the UNCITRAL Model Law

on Electronic Signatures of 2001. Encryption technologies also help

secure confidentiality of communication, for contractual and noncontractual communication alike.

Privacy, however, has become another matter. Although encryption

technologies may be applied to protect users’ privacy, not all data

about a user will be under his control. Collection of data by public

and commercial entities remains widely accepted but calls for

protection of the data have reached listening ears in the European

Union. Data protection directives have been pronounced at Union

level, and Member States have enacted laws to protect users’ data

online. However, such laws cannot reach further than their own

jurisdiction, and as long as users can access websites and impart

personal identifying information to a site in a country where no data

protection laws exist for electronic communications, then their own

data protection laws cannot protect that information without a mutual

recognition and cooperation treaty between the two countries.

Privacy has also been threatened by the ever growing problem of

unsolicited commercial e-mails, otherwise known as spam. Spam

represents a significant challenge to users, internet service providers,

states and legal systems worldwide. The cost of spam is significant

and growing, and its increasing volume threatens to destroy the

utility of electronic communications [14] During the ITU WSIS

Thematic Meeting on Countering Spam in July 2004, the Chairman’s

Report emphasized the importance of a comprehensive approach to

solving the problem of spam and made legal governance one of the

necessary means. During the 2005 ITU Thematic Meeting on

Cyber security in July 2005, a comparative analysis of spam laws was

undertaken in order to optimize the pursuit for a model law in this

area. It is suggested in this analysis that an alignment and conformity

of legal rules can improve the enforcer’s ability to operate, as

spammers do, across jurisdictional borders.

Additionally, it is suggested that the creation of a model law would

reduce the cost and challenges for legal systems that have not yet

addressed spam issues, stating that these countries could enact and

implement the law, with confidence that it approaches a set of best

practices in this area. The analysis, however, underlines that a model

law is not an instant solution to the spam problem. Cleaning up spam

is a question of resources, enforcement and the effective integration

of anti-spam laws with existing technology, market and norms-based

approaches. Regulators will have to work closely with technical

experts to track spammers down and collect electronic evidence of

violations. It is a not just a question of implementation of anti-spam

laws, but also of effective enforcement.

This problem has become increasingly important over the past few years, as a significant percentage of spam promotes some type of fraud against the recipient, from phishing scams to viruses used for denial of service

attacks, including illegal financial schemes and offers for products of

dubious quality or legality.[15]

Cybercrime has also taken on a global scale, with criminals basing

themselves in countries with little or no legislation against

cybercrime. However, with international instruments such as the

Council of Europe’s Convention on Cybercrime 2001, ratification of

such a treaty by countries could prove extremely valuable in fighting

cybercrime at an international level. Although many countries have

signed, only a few have ratified it, and the legislative and

enforcement authorities in many countries are slow on the uptake.

Countries should be aware, however, that, with the current pace of

technological developments, the international dimension of

cybercrime, and consequently of cybersecurity, is yet unchartered.

The targets of attacks affect the whole of the internet and although, at

the moment, the main targets are private companies and individual

end users, it will not be long before attacks on critical infrastructure

become common.

Developing countries are the most concerned with this. Lack of

security can and will effectively spoil the benefits of the internet,

both on an economic and governmental scale. Furthermore, failure to

ensure adequate minimum security standards will negatively affect

the rest of the world, and might even lead to a refusal by other

countries to connect with a country, thus excluding it from the new

world order. It is clear that international cooperation cannot be

limited to technological considerations. Law enforcement and

national security must also play a determining role. But ensuring

security in cyberspace will require an international law enforcement

effort. It will also be imperative that countries cooperate with each

other, and that real efforts are made to assist developing countries,

which often lack experience and legal knowledge on this front. It is

vital that countries do not underestimate the importance of securing

cyberspace if the internet is to flourish to its full capacity, bestowing

its benefits on a global scale.

Bibliography

Granville Williams

 Proprietary Articles Trade Association v. A.G.for Canada (1932)

 Nagpal R. – What is Cyber Crime

Nagpal R-  Defining Cyber Terrorism

Duggal Pawan – The Internet: Legal Dimensions

Duggal Pawan - Is this Treaty a Treat

Duggal Pawan -  Cybercrime

Kapoor G.V. - Byte by Byte

Kumar Vinod – Winning the Battle against Cyber Crime

Mehta Dewang- Role of Police In Tackling Internet Crimes   

Postal address

                   Superintendent of Police, 

                   Cyber Crime Investigation Cell, 

                   5th Floor, Block No.3, CGO Complex, 

                   Lodhi Road, New Delhi – 110 003

                   Phone: 4362203, 4392424

                   e-mail- cbiccic@bol.net.in

                                      Main Sources

International

UN Resolutions 55/63 of 4 December 2000 and 56/121 of 19 December 2001 on Combating the Criminal Misuse of Information Technology.

UN Resolutions 57/239 and 58/199 of 23 December 2003 on the Creation of a Global Culture of Security and the Protection of Criminal Information Infrastructure.

Eleventh UN Congress on Crime and Prevention and Criminal Justice, April 2005, Workshop 6: Measures to combat computer-related crime.

UN recommendations on fighting cybercrime as published by the Computer Crime Research Center in May 2005.

Council of Europe Convention on Cybercrime, 2001.