SUHITA MUKHOPADHYAY, Company Secretary
CYBER CRIME & CYBER TERRORISM: The need to know Cyber Laws
“Mistakes like straws float on the surface
One who wants pearls must dive deep below”
Cyber law has emerged as a field for a new crop of professionals who may be called Techno-legal specialists. Since the emerging Digital Era indicates that “There is no business without e-business”, there will be no room for corporate professionals without a basic understanding of “Cyber Laws” Hence cyber law literacy amongst professionals as Chartered Accountants, Company Secretaries, Bankers, Insurance professionals, Law Enforcement Officers, and E-governance officials is as essential as the study of Company law or corporate law .
Cyber laws are required to combat cyber crime and cyber terrorism and this Article endeavours to delve deeper into the subject to understand various other nuances of Information technology Act,2000 which the Company Secretaries should be apprised of.
“The Modern Thief can steal more with a computer than with a gun”
Cyber Crime is a crime where cyberspace is used either as a tool ,target or both. This includes anything from downloading illegal music files to stealing millions of dollars from on-line bank accounts. Cyber crime also includes non-monetary offences ,such a s creating and distributing viruses on other computers or posting confidential business information on the Internet. However the most prominent form of cyber crime is identity theft, in which criminals use the internet to steal personal information from other users.
The first recorded Cyber crime took place in the year 1820. In 1820, Joseph Marie Jacquard, a textile manufacturer in France ,produced the loom. This device allowed the repetition of a series of steps in the weaving of special fabrics. This resulted in a fear amongst Jacquard’s employees that their traditional employment and livelihood were being threatened. They committed acts of sabotage to discourage Jacquard from further use of new technology. This is the first recorded Cyber Crime.
Reasons for Cyber Crime
1) Data storage in small space
Removal or deriving information through physical or virtual medium makes it much easier.
2) Easy to access:
Computer system is difficult to guard from unauthorized access. A logic bomb could be secretly implanted and key loggers can steal access codes. Advanced voice recorders, retina images etc. can fool biometric systems and bypass firewalls to get past many a security system.
Who are the Usual Cyber Criminals
Children and adolescents between the age group of 6-18 years : This delinquent behavior pattern in children is mostly due to inquisitiveness to know and explore things. Other reasons may be psychological or the thirst to prove themselves outstanding amongst other children in their group.
Organized Hackers : The hackers who organize themselves to fulfil certain objectives like political bias, fundamentalism etc.
Professional Hackers: They are motivated by the colour of money. These kind of hackers are mostly employed to hack the site of rivals and get credible , reliable and valuable information.
Discontented Employees: This group includes people who either get sacked by their employer or are dissatisfied by their employer.
Mode and Manner of committing Cyber Crime
I. Theft of Telecommunication services: By gaining access to an Organization’s telephone switchboard (PBX) individual or criminal organizations can obtain access to dial-in/dial out circuits and then make their own calls or sell call time to third parties. Offenders may gain access to the switchboard by impersonating a technician, by fraudulently obtaining an employee’s access code, or by using software available on the internet. In one case, computer hackers in the Unites States illegally obtained access to Scotland Yard’s telephone network and made £620,000 worth of international calls for which Scotland Yard was responsible.
II. Communications in furtherance of criminal conspiracies:
Activities of criminal organizations are enhanced by technology. There is evidence of telecommunications equipment being used to facilitate organized drug trafficking, gambling, prostitution, money laundering, child pornography and trade in weapons. The use of encryption technology may place criminal communications beyond the reach of law enforcement.
III. Telecommunications Piracy: Digital Technology permits reproduction & easy dissemination of print, graphics, sound and multimedia combinations. The temptation to reproduce copyrighted material for personal use, for sale at a lower price, or indeed for free distribution has proven irresistible to many. This has caused considerable concern to owners of copyrighted material. Each year it has been estimated that losses between US$ 15 and US$ 17 billion are sustained by industry by reason of copyright infringement.
IV. Dissmination of offensive Materials: Objectionable content exists in abundance in cyberspace. This includes among much else, sexually explicit materials, racist propaganda and instructions for the fabrication of explosive devices.’ Cyber stalking’ is indulged in which persistent messages are sent to an unwilling recipient.
V. Electronic Money laundering & Tax Evasion: Electronic funds transfer has assisted in concealing and in moving the proceeds of crime. Emerging technologies will greatly assist in concealing the origin of ill-gotten gains. Legitimately derived income may also be more easily concealed from taxation authorities. The development of informal banking institutions and parallel banking systems may permit central bank supervision to be bypassed, but can also facilitate the evasion of cash transaction reporting requirements in those nations which have them. With the emergence and proliferation of various technologies of electronic commerce, one can easily envisage how traditional countermeasures against money laundering and tax evasion may soon be of limited value.
VI. Cyber Terrorism/ Electronic Vandalism: Cyber Terrorism is the premeditated use of disruptive activities, or the threat thereof in cyberspace with the intention to further social, ideological, religious, political or similar objectives, or to intimidate any person in furtherance of such objectives.
Cyber Terrorism is a global concern. Defence Planners around the world are investing substantially in information warfare –means of disrupting the information technology infrastructure of defence systems. Attempts were made to disrupt the computer systems of the Sri Lankan Government and of the World Atlantic Treaty Organization during the 1999 bombing of Belgrade. In another case which illustrates the transnational reach of extortionists involved a number of German Hackers who compromised the system of an Internet Service Provider in South Florida, disabling eight of the ISPs ten servers. The offenders obtained personal information and credit card details of 10,000 subscribers and ultimately extortionists were arrested with the co-operation between the US and German Authorities.
CLASSIFICATION OF CYBER CRIME
Against Government Against individuals Against Property
I. AGAINST INDIVIDUALS: Cyber crime is effected through
a) Harassment via e-mails
b) Cyber-stalking- Following a person’s movement across the internet by posting messages on the bulletin boards frequented by the victim, entering chatroom frequented by the victim, constantly bombarding the victim with e-mails
c) Dissemination of obscene materials: This may include the hosting of website containing these prohibitive materials.
d) Unauthorized control over computer system or Hacking
e) E-mail spoofing : A spoofed e-mail may be said to be one which misinterprets its origin. It shows its origin to be different from which actually it originates.
III. AGAINST PROPERTY: Cyber crime also includes computer vandalism or destruction of other’s property, transmission of harmful programmes. A Mumbai based upstart engineering company lost much money in the business when the rival company, stole the technical database from their computers with the help of a corporate cyber spy.
IV. AGAINST GOVERNMENT: The medium of cyberspace is being used by individuals and groups to threaten international governments as also to terrorize the citizens of a country.
Cyber Wars are real and alarming
Hackers attack with bots, viruses and Trojans instead of planes or armoured vehicles, and missiles and systematically create online “trapdoors” to invade servers and computers and steal banking passwords and money besides disabling communication links.
v In March 2009, a cyber spy network dubbed Ghost Net allegedly used servers mainly based in China to tap into classified documents from Government and private organizations in 103 countries including computers of Tibetan exiles. China denied the claim.
v In 2007 ,the US Government reportedly suffered an “espionage Pearl Harbour” where an unknown foreign power broke into all its high tech agencies and downloaded terabytes of information.
v In May 17, 2007 the Estonian parliament, ministries, banks and media were targeted after which the North Atlantic Treaty Organization ( NTO) established the cooperative Cyber Defence Centre of Excellence ( CCDCOE) in Tallinn, Estonia.
v In December 2009, a cyber attack dubbed “ Operation Aurora” by security firm McAfee was launched from China against Google and over 20 other Companies . China denied this attack but Google said that it would shift base out of China though it is yet to do so.
v Around 6000 Indian Websites were defaced in 2009 according to Indian Computer Emergency Response Team (CERT).
India – not ready for Cyber war
Online security expert Vijay Mukhi concurs that India is not prepared to fight a cyber war despite the fact that most banks have their data online. In India, reason online security experts, the apathy towards strengthening online security stems from the fact that the maximum attacks we have seen are defacing a site or largely sending denial of services (DoS).But that may not be the case for long with India deciding to digitize its data and make them available to all citizens online. Setting up of State Wide Area Network (SWAN) connections and important e-governance programmes-including that of MCA 21,e-passport and e-office-are cases in point. “ Cyber attacks have changed over the period of years. Earlier attacks were much simpler” cautions Kartik Shahani, regional director –India-SAARC McAfee. His firm’s global threat intelligence data suggest that India has recently replaced (China, Russia and Romania) as the richest hunting ground for hackers. Shivarama Krishnan, Executive Director and partner, PwC concurs that India need to be well prepared for any eventuality. If someone wants to paralyse American Banks or the retail sector, India is the best target as most of the maintenance and operational processes are managed out of India. So india’s preparedness to fight Cyberwar has to be higher.
1. Passwords should be strictly guarded
2. Use latest and update antivirus software to guard against virus attacks
3. Use of Cyber Café should be avoided
4. Use of firewalls may be beneficial
5. Web servers running public sites must be physically separate protected from internal corporate network
6. It is better to use a security programme that gives control over the cookies and send information back to the site as leaving the cookies unguarded might prove fatal.
Regulating ‘Indian’ Cyberspace –Statutory Provisions which a Company Secretary should know
Information Technology Bill passed by the Indian Parliament in may 2000 notified as the IT Act 2000 has received the assent of the president on 9th June,2000.This Act provides legal recognition for electronic commerce and accords stringent punishments to cyber criminals.
Cyber contravention may result in civil prosecution and the judicial proceedings are carried before the adjudicating officer. Offenders are liable to pay damages depending on the nature of offence by way of compensation to the victim upto an amount not exceeding Rupees 1 crore. Section 65 to 74 of the IT Act deal with various offences. Cyber offences may result in criminal prosecution ,the offender liable to punishment with fine or imprisonment or both. The offences are classified into cognizable or non-cognizable and bailable or non-bailable. Section 45 provides for residuary penalty for offences under section 43 & 44. Residuary penalty is limited to Rs.25000/-.
OFFENCES COVERED UNDER IPC & SPECIAL LAWS
1. Sec 503 IPC- Criminal Intimidation : Sending threatening messages by e-mail
Whoever threatens another with any injury to his person, reputation or property, or to the person or reputation of anyone in whom that person is interested, with intent to cause alarm to that person, commits criminal intimidation.
2. Sec 499 IPC :Sending de-famatory messages by e-mail : Whoever by words either spoken or intended to be read or by signs or by visible representations,makes or publishes any imputation concerning any person intending to harm,or knowing or having reason to believe that such imputation,will harm the reputation of such person,is said to defame that person.
3. Sec 463, 464, 468,469 IPC: Forgery of electronic Records, E-mail spoofing
a. Sec 463-Forgery: Whoever makes any false documents or electronic record with intent to cause damage or injury to the public or to any person, or to enter into express or implied contract, or with intent to commit fraud ,commits forgery.
b. Sec 464- Making a false document : A person is said to make a false document or a false electronic record when he dishonestly or fraudulently makes, signs,seals or executes a document, makes or transmits any electronic record, affixes any digital signature on any electronic record, with the intention of causing it to be believed that such document, electronic record or digital signature was made, signed, sealed, executed transmitted or affixed by or by the authority of a person whom he knows that it was not made, signed, sealed, executed or affixed
c. Sec 468: Forgery for the purpose of cheating: Whoever commits forgery, intending that the document or Electronic Record forged shall be used for the purpose of cheating, shall be punished with imprisonment and liable to fine.
d. Sec 469: Whoever commits forgery intending that document or electronic record forged shall harm the reputation of any party shall be subject to imprisonment or appropriate fine.
4. Bogus Websites, Cyber Frauds:
a. Sec 420 IPC : Cheating and dishonestly inducing delivery of property
Whoever cheats and thereby dishonestly induces the person deceived, any property or makes, alters, or destroys whole or part of a valuable security shall be punished with imprisonment and also liable to fine.
b. Sec 383 IPC: Extortion:
c. Sec 500: Punishment for defamation: Whoever defames another shall be punished with simple imprisonment or liable to fine.
d. Sec 506,507 IPC: Whoever commits the offence of criminal intimidation shall be punished with imprisonment. Whoever commits the offence of criminal intimidation by an anonymous communication shall be punished with imprisonment.
5. Piracy-Sec 53, 63, 63B Copyright act
6. Obscenity- Sec 292,293,294 IPC, Indecent Representation of Women Act
7. Theft of computer hardware: Sec 378,379 IPC
IT ACT,2000
Section 77A of the IT Act provides that the ‘offences under sections 66, 66A, 72 and 72A may be compounded by the aggrieved person.’
Section 66 : If a person dishonestly or fraudulently does any act which damages the computer or the computer system, he is liable to a fine of up to five lakhs or be imprisoned for a term of up to three years. A host of new sections have been added to section 66 as sections 66A to 66F prescribing punishment for offenses such as obscene electronic message transmissions, identity theft, cheating by impersonation using computer resource, violation of privacy and cyber terrorism.
Section 66A: If any person sends by means of a computer resource or a communication any content which is grossly offensive or has a menacing character or which is not true but is sent to create nuisance, annoyance, criminal intimidation, hatred or ill will etc. shall be imprisoned for an imprisonment term which may be up to three years combined with a fine.
Section 67 of the old Act is amended to reduce the term of imprisonment for publishing or transmitting obscene material in electronic form to three years from five years for first conviction and increase the fine thereof from Indian Rupees 100,000 (approximately USD 2000) to Indian Rupees 500,000 (approximately USD 10,000).
A host of new sections have been inserted as Sections 67 A to 67C. While Sections 67 A and 67 B insert penal provisions in respect of offences of publishing or transmitting material containing sexually explicit act and child pornography in electronic form, section 67C deals with the obligation of an intermediary to preserve and retain such information as may be specified for such duration and in such manner and format as the Central Government may prescribe.
In view of the increasing threat of terrorism in the country, the new amendments include an amended section 69 giving power to the State to issue directions for interception or monitoring of decryption of any information through any computer resource. Further, sections 69 A and 69 B, two new sections, grant power to the state to issue directions for blocking for public access of any information through any computer resource and to authorize to monitor and collect traffic data or information through any computer resource for cyber security.
Section 72: If a person is found in possession of some information like electronic record, book, register, correspondence and he is found disclosing it to any third party without the consent of the person concerned, then he shall be punished with imprisonment for a term which may be up to two years, or a fine which may extend to One Lakh rupees, or with both.
Section 72A: If any person while providing services under the terms of the contract, has secured access to any material containing personal information about another person, with the intent to cause wrongful loss or wrongful gain discloses the information, without the person’s consent or in breach of a lawful contract, shall be punished with imprisonment for a term which may extend to three years or with fine which may extend to five lakh rupees or with both.
Gradation of severity of computer related offences under Section 66 has been amended, now if an offence is committed dishonestly or fraudulently then punishment is for a term which may extend to three years or a fine which may extend to Rs 5 lakhs or with both;
Section 43(A) is related to handling of sensitive personal data or information with reasonable security practices and procedures. This section has been inserted to protect sensitive personal data or information possessed, dealt or handled by a body corporate in a computer resource which such body corporate owns, controls or operates. If such body corporate is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, it shall be liable to pay damages by way of compensation to the person so affected.
Snapshot of Important Cyber law Provisions in India
Offence
Section under IT Act
Tampering with Computer source documents
Sec.65
Hacking with Computer systems, Data alteration
Sec.66
Publishing obscene information
Sec.67
Un-authorized access to protected system
Sec.70
Breach of Confidentiality and Privacy
Sec.72
Publishing false digital signature certificates
Sec.73
NOTE: Sec.78 of I.T. Act empowers Deputy Superintendent Of Police to investigate cases falling under this Act.
Computer Related Crimes Covered under Indian Penal Code and Special Laws
Offence
Section
Sending threatening messages by email
Sec 503 IPC
Sending defamatory messages by email
Sec 499 IPC
Forgery of electronic records
Sec 463 IPC
Bogus websites, cyber frauds
Sec 420 IPC
Email spoofing
Sec 463 IPC
Web-Jacking
Sec 383 IPC
E-Mail Abuse
Sec 500 IPC
Online sale of Drugs
NDPS Act
Online sale of Arms
Arms Act
Role of Company Secretary in Information Technology
1. Compliance with Cyber laws and other laws
2. Conducting Board Meetings through Video Conferencing and
tele-conferencing
3. Advising on IT related IPR
4. Developing Management Reports & controls
5. Maintaining statutory records in electronic form
6. E-filing of forms/documents under MCA-21 and other statutory authorities
Conclusion
Today, increasing number of Corporations are embracing a new paradigm in the way they approach enterprise security. They have engaged not only IT Experts but also professionals like lawyers and Company Secretaries to combat with the Cyber crime menace.
The world has finally woken up and understood that cyber security needs a global approach and is a very serious matter," The Internet places a profound and staggering degree of information and knowledge at our fingertips. The Internet is the ultimate library and encyclopedia. It enables an army of telecommuting working men and women to work at home. It facilitates instant back and forth communication by e-mail. Online, we read newspapers and listen to music. The Internet is where we can advertise goods for sale on e-bay and purchase all sorts of items at retail stores. However, this boon of knowledge is not without ill effects and unless arrested will prove to be a bane to the world.
SUHITA MUKHOPADHYAY, Company Secretary of Century Extrusions Limited
secretary@centuryextrusions.com
CYBER CRIME & CYBER TERRORISM: The need to know Cyber Laws
“Mistakes like straws float on the surface
One who wants pearls must dive deep below”
Cyber law has emerged as a field for a new crop of professionals who may be called Techno-legal specialists. Since the emerging Digital Era indicates that “There is no business without e-business”, there will be no room for corporate professionals without a basic understanding of “Cyber Laws” Hence cyber law literacy amongst professionals as Chartered Accountants, Company Secretaries, Bankers, Insurance professionals, Law Enforcement Officers, and E-governance officials is as essential as the study of Company law or corporate law .
Cyber laws are required to combat cyber crime and cyber terrorism and this Article endeavours to delve deeper into the subject to understand various other nuances of Information technology Act,2000 which the Company Secretaries should be apprised of.
“The Modern Thief can steal more with a computer than with a gun”
Cyber Crime is a crime where cyberspace is used either as a tool ,target or both. This includes anything from downloading illegal music files to stealing millions of dollars from on-line bank accounts. Cyber crime also includes non-monetary offences ,such a s creating and distributing viruses on other computers or posting confidential business information on the Internet. However the most prominent form of cyber crime is identity theft, in which criminals use the internet to steal personal information from other users.
The first recorded Cyber crime took place in the year 1820. In 1820, Joseph Marie Jacquard, a textile manufacturer in France ,produced the loom. This device allowed the repetition of a series of steps in the weaving of special fabrics. This resulted in a fear amongst Jacquard’s employees that their traditional employment and livelihood were being threatened. They committed acts of sabotage to discourage Jacquard from further use of new technology. This is the first recorded Cyber Crime
Reasons for Cyber Crime
1) Data storage in small space
Removal or deriving information through physical or virtual medium makes it much easier.
2) Easy to access:
Computer system is difficult to guard from unauthorized access. A logic bomb could be secretly implanted and key loggers can steal access codes. Advanced voice recorders, retina images etc. can fool biometric systems and bypass firewalls to get past many a security system.
Who are the Usual Cyber Criminals
Children and adolescents between the age group of 6-18 years : This delinquent behavior pattern in children is mostly due to inquisitiveness to know and explore things. Other reasons may be psychological or the thirst to prove themselves outstanding amongst other children in their group.
Organized Hackers : The hackers who organize themselves to fulfil certain objectives like political bias, fundamentalism etc.
Professional Hackers: They are motivated by the colour of money. These kind of hackers are mostly employed to hack the site of rivals and get credible , reliable and valuable information.
Discontented Employees: This group includes people who either get sacked by their employer or are dissatisfied by their employer.
Mode and Manner of committing Cyber Crime
I. Theft of Telecommunication services: By gaining access to an Organization’s telephone switchboard (PBX) individual or criminal organizations can obtain access to dial-in/dial out circuits and then make their own calls or sell call time to third parties. Offenders may gain access to the switchboard by impersonating a technician, by fraudulently obtaining an employee’s access code, or by using software available on the internet. In one case, computer hackers in the Unites States illegally obtained access to Scotland Yard’s telephone network and made £620,000 worth of international calls for which Scotland Yard was responsible.
II. Communications in furtherance of criminal conspiracies:
Activities of criminal organizations are enhanced by technology. There is evidence of telecommunications equipment being used to facilitate organized drug trafficking, gambling, prostitution, money laundering, child pornography and trade in weapons. The use of encryption technology may place criminal communications beyond the reach of law enforcement.
III. Telecommunications Piracy: Digital Technology permits reproduction & easy dissemination of print, graphics, sound and multimedia combinations. The temptation to reproduce copyrighted material for personal use, for sale at a lower price, or indeed for free distribution has proven irresistible to many. This has caused considerable concern to owners of copyrighted material. Each year it has been estimated that losses between US$ 15 and US$ 17 billion are sustained by industry by reason of copyright infringement.
IV. Dissmination of offensive Materials: Objectionable content exists in abundance in cyberspace. This includes among much else, sexually explicit materials, racist propaganda and instructions for the fabrication of explosive devices.’ Cyber stalking’ is indulged in which persistent messages are sent to an unwilling recipient.
V. Electronic Money laundering & Tax Evasion: Electronic funds transfer has assisted in concealing and in moving the proceeds of crime. Emerging technologies will greatly assist in concealing the origin of ill-gotten gains. Legitimately derived income may also be more easily concealed from taxation authorities. The development of informal banking institutions and parallel banking systems may permit central bank supervision to be bypassed, but can also facilitate the evasion of cash transaction reporting requirements in those nations which have them. With the emergence and proliferation of various technologies of electronic commerce, one can easily envisage how traditional countermeasures against money laundering and tax evasion may soon be of limited value.
VI. Cyber Terrorism/ Electronic Vandalism: Cyber Terrorism is the premeditated use of disruptive activities, or the threat thereof in cyberspace with the intention to further social, ideological, religious, political or similar objectives, or to intimidate any person in furtherance of such objectives.
Cyber Terrorism is a global concern. Defence Planners around the world are investing substantially in information warfare –means of disrupting the information technology infrastructure of defence systems. Attempts were made to disrupt the computer systems of the Sri Lankan Government and of the World Atlantic Treaty Organization during the 1999 bombing of Belgrade. In another case which illustrates the transnational reach of extortionists involved a number of German Hackers who compromised the system of an Internet Service Provider in South Florida, disabling eight of the ISPs ten servers. The offenders obtained personal information and credit card details of 10,000 subscribers and ultimately extortionists were arrested with the co-operation between the US and German Authorities.
CLASSIFICATION OF CYBER CRIME
Against Government Against individuals Against Property
I. AGAINST INDIVIDUALS: Cyber crime is effected through
a) Harassment via e-mails
b) Cyber-stalking- Following a person’s movement across the internet by posting messages on the bulletin boards frequented by the victim, entering chatroom frequented by the victim, constantly bombarding the victim with e-mails
c) Dissemination of obscene materials: This may include the hosting of website containing these prohibitive materials.
d) Unauthorized control over computer system or Hacking
e) E-mail spoofing : A spoofed e-mail may be said to be one which misinterprets its origin. It shows its origin to be different from which actually it originates.
III. AGAINST PROPERTY: Cyber crime also includes computer vandalism or destruction of other’s property, transmission of harmful programmes. A Mumbai based upstart engineering company lost much money in the business when the rival company, stole the technical database from their computers with the help of a corporate cyber spy.
IV. AGAINST GOVERNMENT: The medium of cyberspace is being used by individuals and groups to threaten international governments as also to terrorize the citizens of a country.
Cyber Wars are real and alarming
Hackers attack with bots, viruses and Trojans instead of planes or armoured vehicles, and missiles and systematically create online “trapdoors” to invade servers and computers and steal banking passwords and money besides disabling communication links.
v In March 2009, a cyber spy network dubbed Ghost Net allegedly used servers mainly based in China to tap into classified documents from Government and private organizations in 103 countries including computers of Tibetan exiles. China denied the claim.
v In 2007 ,the US Government reportedly suffered an “espionage Pearl Harbour” where an unknown foreign power broke into all its high tech agencies and downloaded terabytes of information.
v In May 17, 2007 the Estonian parliament, ministries, banks and media were targeted after which the North Atlantic Treaty Organization ( NTO) established the cooperative Cyber Defence Centre of Excellence ( CCDCOE) in Tallinn, Estonia.
v In December 2009, a cyber attack dubbed “ Operation Aurora” by security firm McAfee was launched from China against Google and over 20 other Companies . China denied this attack but Google said that it would shift base out of China though it is yet to do so.
v Around 6000 Indian Websites were defaced in 2009 according to Indian Computer Emergency Response Team (CERT).
India – not ready for Cyber war
Online security expert Vijay Mukhi concurs that India is not prepared to fight a cyber war despite the fact that most banks have their data online. In India, reason online security experts, the apathy towards strengthening online security stems from the fact that the maximum attacks we have seen are defacing a site or largely sending denial of services (DoS).But that may not be the case for long with India deciding to digitize its data and make them available to all citizens online. Setting up of State Wide Area Network (SWAN) connections and important e-governance programmes-including that of MCA 21,e-passport and e-office-are cases in point. “ Cyber attacks have changed over the period of years. Earlier attacks were much simpler” cautions Kartik Shahani, regional director –India-SAARC McAfee. His firm’s global threat intelligence data suggest that India has recently replaced (China, Russia and Romania) as the richest hunting ground for hackers. Shivarama Krishnan, Executive Director and partner, PwC concurs that India need to be well prepared for any eventuality. If someone wants to paralyse American Banks or the retail sector, India is the best target as most of the maintenance and operational processes are managed out of India. So india’s preparedness to fight Cyberwar has to be higher.
PREVENTION OF CYBER CRIME
1. Passwords should be strictly guarded
2. Use latest and update antivirus software to guard against virus attacks
3. Use of Cyber Café should be avoided
4. Use of firewalls may be beneficial
5. Web servers running public sites must be physically separate protected from internal corporate network
6. It is better to use a security programme that gives control over the cookies and send information back to the site as leaving the cookies unguarded might prove fatal.
Regulating ‘Indian’ Cyberspace –Statutory Provisions which a Company Secretary should know
Information Technology Bill passed by the Indian Parliament in may 2000 notified as the IT Act 2000 has received the assent of the president on 9th June,2000.This Act provides legal recognition for electronic commerce and accords stringent punishments to cyber criminals.
Cyber contravention may result in civil prosecution and the judicial proceedings are carried before the adjudicating officer. Offenders are liable to pay damages depending on the nature of offence by way of compensation to the victim upto an amount not exceeding Rupees 1 crore. Section 65 to 74 of the IT Act deal with various offences. Cyber offences may result in criminal prosecution ,the offender liable to punishment with fine or imprisonment or both. The offences are classified into cognizable or non-cognizable and bailable or non-bailable. Section 45 provides for residuary penalty for offences under section 43 & 44. Residuary penalty is limited to Rs.25000/-.
OFFENCES COVERED UNDER IPC & SPECIAL LAWS
1. Sec 503 IPC- Criminal Intimidation : Sending threatening messages by e-mail
Whoever threatens another with any injury to his person, reputation or property, or to the person or reputation of anyone in whom that person is interested, with intent to cause alarm to that person, commits criminal intimidation.
2. Sec 499 IPC :Sending de-famatory messages by e-mail : Whoever by words either spoken or intended to be read or by signs or by visible representations,makes or publishes any imputation concerning any person intending to harm,or knowing or having reason to believe that such imputation,will harm the reputation of such person,is said to defame that person.
3. Sec 463, 464, 468,469 IPC: Forgery of electronic Records, E-mail spoofing
a. Sec 463-Forgery: Whoever makes any false documents or electronic record with intent to cause damage or injury to the public or to any person, or to enter into express or implied contract, or with intent to commit fraud ,commits forgery.
b. Sec 464- Making a false document : A person is said to make a false document or a false electronic record when he dishonestly or fraudulently makes, signs,seals or executes a document, makes or transmits any electronic record, affixes any digital signature on any electronic record, with the intention of causing it to be believed that such document, electronic record or digital signature was made, signed, sealed, executed transmitted or affixed by or by the authority of a person whom he knows that it was not made, signed, sealed, executed or affixed
c. Sec 468: Forgery for the purpose of cheating: Whoever commits forgery, intending that the document or Electronic Record forged shall be used for the purpose of cheating, shall be punished with imprisonment and liable to fine.
d. Sec 469: Whoever commits forgery intending that document or electronic record forged shall harm the reputation of any party shall be subject to imprisonment or appropriate fine.
4. Bogus Websites, Cyber Frauds:
a. Sec 420 IPC : Cheating and dishonestly inducing delivery of property
Whoever cheats and thereby dishonestly induces the person deceived, any property or makes, alters, or destroys whole or part of a valuable security shall be punished with imprisonment and also liable to fine.
b. Sec 383 IPC: Extortion:
c. Sec 500: Punishment for defamation: Whoever defames another shall be punished with simple imprisonment or liable to fine.
d. Sec 506,507 IPC: Whoever commits the offence of criminal intimidation shall be punished with imprisonment. Whoever commits the offence of criminal intimidation by an anonymous communication shall be punished with imprisonment.
5. Piracy-Sec 53, 63, 63B Copyright act
6. Obscenity- Sec 292,293,294 IPC, Indecent Representation of Women Act
7. Theft of computer hardware: Sec 378,379 IPC
IT ACT,2000
Section 77A of the IT Act provides that the ‘offences under sections 66, 66A, 72 and 72A may be compounded by the aggrieved person.’
Section 66 : If a person dishonestly or fraudulently does any act which damages the computer or the computer system, he is liable to a fine of up to five lakhs or be imprisoned for a term of up to three years. A host of new sections have been added to section 66 as sections 66A to 66F prescribing punishment for offenses such as obscene electronic message transmissions, identity theft, cheating by impersonation using computer resource, violation of privacy and cyber terrorism.
Section 66A: If any person sends by means of a computer resource or a communication any content which is grossly offensive or has a menacing character or which is not true but is sent to create nuisance, annoyance, criminal intimidation, hatred or ill will etc. shall be imprisoned for an imprisonment term which may be up to three years combined with a fine.
Section 67 of the old Act is amended to reduce the term of imprisonment for publishing or transmitting obscene material in electronic form to three years from five years for first conviction and increase the fine thereof from Indian Rupees 100,000 (approximately USD 2000) to Indian Rupees 500,000 (approximately USD 10,000).
A host of new sections have been inserted as Sections 67 A to 67C. While Sections 67 A and 67 B insert penal provisions in respect of offences of publishing or transmitting material containing sexually explicit act and child pornography in electronic form, section 67C deals with the obligation of an intermediary to preserve and retain such information as may be specified for such duration and in such manner and format as the Central Government may prescribe.
In view of the increasing threat of terrorism in the country, the new amendments include an amended section 69 giving power to the State to issue directions for interception or monitoring of decryption of any information through any computer resource. Further, sections 69 A and 69 B, two new sections, grant power to the state to issue directions for blocking for public access of any information through any computer resource and to authorize to monitor and collect traffic data or information through any computer resource for cyber security.
Section 72: If a person is found in possession of some information like electronic record, book, register, correspondence and he is found disclosing it to any third party without the consent of the person concerned, then he shall be punished with imprisonment for a term which may be up to two years, or a fine which may extend to One Lakh rupees, or with both.
Section 72A: If any person while providing services under the terms of the contract, has secured access to any material containing personal information about another person, with the intent to cause wrongful loss or wrongful gain discloses the information, without the person’s consent or in breach of a lawful contract, shall be punished with imprisonment for a term which may extend to three years or with fine which may extend to five lakh rupees or with both.
Gradation of severity of computer related offences under Section 66 has been amended, now if an offence is committed dishonestly or fraudulently then punishment is for a term which may extend to three years or a fine which may extend to Rs 5 lakhs or with both;
Section 43(A) is related to handling of sensitive personal data or information with reasonable security practices and procedures. This section has been inserted to protect sensitive personal data or information possessed, dealt or handled by a body corporate in a computer resource which such body corporate owns, controls or operates. If such body corporate is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, it shall be liable to pay damages by way of compensation to the person so affected.
Snapshot of Important Cyber law Provisions in India
Offence
Section under IT Act
Tampering with Computer source documents
Sec.65
Hacking with Computer systems, Data alteration
Sec.66
Publishing obscene information
Sec.67
Un-authorized access to protected system
Sec.70
Breach of Confidentiality and Privacy
Sec.72
Publishing false digital signature certificates
Sec.73
NOTE: Sec.78 of I.T. Act empowers Deputy Superintendent Of Police to investigate cases falling under this Act.
Computer Related Crimes Covered under Indian Penal Code and Special Laws
Offence
Section
Sending threatening messages by email
Sec 503 IPC
Sending defamatory messages by email
Sec 499 IPC
Forgery of electronic records
Sec 463 IPC
Bogus websites, cyber frauds
Sec 420 IPC
Email spoofing
Sec 463 IPC
Web-Jacking
Sec 383 IPC
E-Mail Abuse
Sec 500 IPC
Online sale of Drugs
NDPS Act
Online sale of Arms
Arms Act
Role of Company Secretary in Information Technology
1. Compliance with Cyber laws and other laws
2. Conducting Board Meetings through Video Conferencing and
tele-conferencing
3. Advising on IT related IPR
4. Developing Management Reports & controls
5. Maintaining statutory records in electronic form
6. E-filing of forms/documents under MCA-21 and other statutory authorities
Conclusion
Today, increasing number of Corporations are embracing a new paradigm in the way they approach enterprise security. They have engaged not only IT Experts but also professionals like lawyers and Company Secretaries to combat with the Cyber crime menace.
The world has finally woken up and understood that cyber security needs a global approach and is a very serious matter," The Internet places a profound and staggering degree of information and knowledge at our fingertips. The Internet is the ultimate library and encyclopedia. It enables an army of telecommuting working men and women to work at home. It facilitates instant back and forth communication by e-mail. Online, we read newspapers and listen to music. The Internet is where we can advertise goods for sale on e-bay and purchase all sorts of items at retail stores. However, this boon of knowledge is not without ill effects and unless arrested will prove to be a bane to the world.
Join LAWyersClubIndia's network for daily News Updates, Judgment Summaries, Articles, Forum Threads, Online Law Courses, and MUCH MORE!!"
Tags :Others