Computer crime, or cybercrime in India has been evolving rapidly in the 21st century. Technical support scams, along with impersonation of the IRS, are among the most common forms of confidence tricks used in order to receive money from unsuspecting victims.

The Information Technology Act, 2000, passed by the Parliament of India in May 2000, had aimed to curb cyber crimes and to provide a legal framework for e-commerce transactions.In 2001, India and United States had set up an India-US cyber security forum as part of a counter-terrorism dialogue.

Are WhatsApp messages admissible in court of law?

/in , , , /by

Are WhatsApp messages admissible in court of law?

The world around us is continuously evolving. The technology has laid down its foundations in every nook and corner of the world. In the present scenario of our country with ever-expanding technology ambiance, the admissibility of e-evidence has become the most germane issue. The advancement of technology brought a drastic change in the mode of communication of people.

Whatsapp chats, emails, text messages have become a prevalent mode of communication. Nowadays various electronic evidence such as DVD, hard-disk, SMS, mail site, etc is produced as evidence in court.

Applicability of law has to always resonate with technology advancement. The Indian computerized system began with the introduction of the Information Technology Act, 2000. This act inserted section 65A and 65B in the Indian evidence act 1872 which deals with the acceptability of electronic evidence in the court of law.

Admissibility of E-evidence; Are WhatsApp chats and E-mails admissible in Court? - Lawyers Blog Vkeel

Meaning Of Evidence 

The term evidence is defined under section 3 of the Indian evidence act 1872. Section 3 of the act includes the following

  1. Every statement which the court allows to be made by witnesses pertaining to the matter under investigation, such explanations are said to be oral evidence
  2. All documents including e-records produced in the court of law for its inspection, such documents are referred to be as documentary evidence.

Besides this, documentary evidence can be classified into two categories- primary evidence and secondary evidence. As per section 62 of the act, primary evidence means the original copy of the documents produced in the court for review. The legal definition of secondary evidence is given under section 63 of the act.

Secondary evidence is not the original document but those documents referred under section 63. It includes a copy of the original document, certified copies. Though a copy of a copy is not acceptable as evidence, those copies produced by mechanical process and copies of a copy compared with the original are admissible as secondary evidence.

Electronic Evidence 

IT act 2000 was amended in the year 2016 to include digital/electronic evidence as admissible evidence. Section 2 (1) (t) of the above act gives the legal definition of the electronic record. The electronic record refers to data, data produced image or sound, and any document sent or received in electronic form or computer-generated electronic data. Electronic data that is transmitted or stored digitally is admissible under section 63 of IEA as secondary evidence.

Section 64 of the act mandates that the content of documents should be proved by primary evidence but section 65 lists few exceptions to it. Section 65 clause (a)(c) and (d) provides for the circumstances where secondary evidence pertaining to the documents is held to be admissible. As per section 65-A, the content of the e-record has to be proved according to the guidelines laid down in section 65-B.

 

Section 65A-B is special legislation different from the documentary evidence procedure laid down in sections 63 and 65.  As per these sections, if the conditions listed below are complied by, then the data stored in electronic form which is printed/copied/stored or created by computer would be regarded as a document. Such documents would be admissible in the court of law without the need for an original copy or direct evidence. 

Conditions for admissibility of computer-outputs are listed in section 65-B (2)- 

  • The computer from which information of electronic record is obtained should have been regularly in use to save/process information for a regular activity carried by an individual having lawful control over it.
  • During feeding of information, the computer should have been working properly
  • Information in electronic-record should be of such nature that it is on a regular-basis fed into the computer during ordinary-activities.
  • Information contained in electronic-record should be a derivation or reproduction of the information stored/fed into the computer

Section 65-B(4) lists the conditions which need to be followed to record statement pertaining to the electronic record-

  • There has to be a certificate that recognizes the electronic record which contains the statement. That certificate –
  • Should describe the manner through which electronic-record is produced.
  • Mention all particulars of the device involved in such production
  • Should take care of conditions of Sec-65B(4)(explained above)
  • Signed by the responsible official which dealt with the operation of that device
  • Such certificate should also accompany the electronic record, for instance, computer printouts pertaining to which statement is sought to be given in evidence

Such safeguards need to be taken while dealing with electronic-evidence to ensure its authenticity.

Judicial Precedents Over Admissibility Of Electronic Records

The court in State (NCT of Delhi) v. Navjot Sandhudealt with the issue of admissibility of evidence of call records. The accused questioned the authenticity of the evidence and alleged that such evidence shouldn’t be held admissible as procedure laid down in section 65B clause 4 was not followed.

The court held evidence of call records to be admissible as they were taken from the computer by a mechanical procedure and certified by an official. The court observed that irrespective of following the conditions laid down in section 65B, a person is not proscribed to adduce secondary evidence under sections 63 and 65 of the Indian evidence act. The court held that merely because conditions of section 65B(4) are not fulfilled, that doesn’t bar adducing the same evidence under other provisions of the act.

Whether WhatsApp chats are primary evidence or secondary evidence?

In the case of Girwar Singh v. CBI, the court-appointed a committee to examine the veracity and authenticity of electronic evidence. It was found that the evidence submitted to the court was not a copy of the original document, but it was copied multiple times and on various devices. The court ruled that in this case, e-evidence was inadmissible.

Similarly, in the case of Vikas Garg v state of Haryana, the trial court relied on WhatsApp conversation to convict the accused of the offence of rape. Later on, Punjab and Haryana high court ignored the chats which were incontestable evidence of rape and abuse of the victim. Supreme Court stayed the bail application of the accused and the matter is still pending in the court.

Whether the condition of certificate u/s 65-B(4) mandatory?

Anvar P.V. Versus P.K. Basheer is one of the important judgments where the court discussed several issues regarding the admissibility of electronic evidence in the court of law. The court observed that secondary evidence stored in CD/DVD/drive is inadmissible u/s 65A and 65B unless it complies with the condition of the certificate mentioned in section 65-B (4).

Conditions mentioned in section 65-B(4) discussed above are necessary to comply to ensure the authenticity of the electronic evidence. The court further held that e-evidence submitted without certificate can’t be held admissible by oral evidence and not even by the statement of experts under section 45A of the act.

Electronic records could easily be affected, tampered with, changed, transposed, or damaged and so forth without such safeguards, the entire trial dependent on verification of electronic records can eventually lead to injustice. The court, in this case, ruled that secondary evidence of electronic evidence shall be entirely governed by section 65A-B of the act, and sections 63 and 65 have application in such cases.

In contrast to Anvar case the court relaxed the certificate condition of section 65-B(4) in case Shafi Mohammad v. Territory of H.P [5] in certain scenarios – a) when the device from which the document is produced is not in the possession of the party b) this condition being a procedural one could also be relaxed in the interest of justice.

The two contrasting positions regarding certificate were finally settled in Arjun Panditrao Khotkar v. Kailash Kushanrao Gorantyal & Ors[6]. The court held that the condition of the certificate mentioned under section 65B (4) is mandatory for secondary evidence of electronic data to be admissible in court.

The court further reasoned that this condition is redundant if the original document is itself produced. If the device in which the original information is first stored is brought in the court, compliance with the conditions of section 65-B (4) is not necessary.

Few conditions to be satisfied for admissibility of WhatsApp chats as secondary evidence

As held in various Indian high courts, WhatsApp chats are considered to be electronic evidence and are admissible in court if the following conditions are satisfied-

  • The receiver should have received the message.
  • Cell phones should not have been damaged.
  • The sender should have the mens rea to send those messages.

Significance of blue ticks

In SBI cards and payment services Pvt. Ltd. v. Rohit Jadhav the court observed that if blue ticks are seen over the messaging app, it would be conclusive proof that the receiver has received the message and it would be considered legitimate evidence.

In another case Shamsudin Bin Mohd. Yosuf v. Suhaila Binti Sulaiman, the high court held that even in the case where most of the communication takes place on WhatsApp, there was an oral valid agreement between the parties. 

Conclusion

Whatsapp chats are admissible as secondary evidence in the court of law if certain conditions as discussed above are satisfied. The Judiciary’s stance over the admissibility of electronic evidence is to ensure its credibility and evidentiary value as such evidence could be easily damaged or tampered with.

This progressive stance of courts is the outcome of recognizing the nature of the e-record itself. Current legislation and precedents regarding the admissibility of electronic evidence present a myriad of issues that still remains unresolved. Issues pertaining to the procedure of preserving them, ascertaining their veracity, finding original authors, retrieving them, are still being debated and a progressive precedent in this penumbral area is awaited.

The jurisprudence over the admissibility of electronic evidence is still in its nascent stage even after two decades since the IT act of 2000 was passed. The applicability of laws should resonate with the development of technology. It is expected that in recent years the present lacuna in law would be addressed by amendments and progressive judgments.

THE PERSONAL DATA PROTECTION BILL, 2019

/in , /by

THE PERSONAL DATA PROTECTION BILL, 2019

Recently, the Personal Data Protection Bill, 2019 was introduced in Lok Sabha.

THE PERSONAL DATA PROTECTION BILL, 2019

THE PERSONAL DATA PROTECTION BILL, 2019

The need for Data Protection Bill

Protection of privacy:

  • India has more than 62 crore internet users, whose personal data is shared online. With supreme Court declaring Right to Privacy a Fundamental right (K.S. Puttaswamy case) protecting individual privacy is constitutional duty of the state.

Check snooping or surveillance by various agencies:

  • Recently, 121 Indian citizens’ WhatsApp accounts were hacked by an Israeli software called Pegasus. The Facebook–Cambridge Analytica data scandal of 2018 where personal data of millions of peoples’ Facebook profiles without their consent was used for political advertising purposes.

Economic losses:

  • The average cost of data breach in India is Rs 12.8 crore, with per capita cost per lost or stolen record reaching Rs 5,019 in 2018, as per a study by IBM; Moreover, data is being considered as new oil in 21st century. Without proper data regulations or data localisation norms, Global firms like Google, Face book are benefitting from data collected from Indians.
  • Increasing sophistication of cyber-crimes: The root cause for 51 per cent of data breaches was malicious or criminal attacks, in India as per IBM study.

Key features of the Personal Data Protection Bill

Personal data (data that can identify an individual):

The bill talks about various types of personal data, such as:

    • Sensitive personal data (related to finances, health, official identifiers, sex life, sexual orientation, bio-metric, genetics, transgender status, intersex status, caste or tribe, religious or political belief or affiliation)
    • Critical personal data (military or national security data and the government can define it from time to time)
    • General personal data- other than sensitive and critical personal data.

Applicability of the Data Protection Bill

  • The Bill governs the processing of personal data by, Government, companies incorporated in India and foreign companies dealing with personal data of individuals in India.
  • Obligations of data fiduciary (an entity or individual who collects and decides the means and purpose of processing personal data):
    • Personal data can be processed only for specific, clear and lawful purpose.
    • All data fiduciaries must undertake certain transparency and accountability measures such as:
      • implementing security safeguards (such as data encryption and preventing misuse of data)
      • instituting grievance redressal mechanisms to address complaints of individuals.
  • Rights of the data principal (the individual whose data is being collected and processed): These include the right to:
    • obtain confirmation from the fiduciary on whether their personal data has been processed
    • restrict continuing disclosure of their personal data by a fiduciary, if it is no longer necessary or consent is withdrawn. It also includes the right to be forgotten which will allow users to erase their personal data published online and give them the freedom to ask entities such as Facebook and Twitter to delete any data they do not want in the public domain.
  • Grounds for processing personal data: The Bill allows processing of data by fiduciaries only if consent is provided by the individual. However, in certain circumstances, personal data can be processed without consent. These include:
    • if required by the State for providing benefits to the individual
    • legal proceedings
    • to respond to a medical emergency

Social media intermediaries:

  • Platforms with larger number of users and having potential to impact electoral democracy or public order, have certain obligations, which include providing a voluntary user verification mechanism for users in India. According to official sources, while the process can be voluntary for users and can be completely designed by the company, it will decrease the anonymity of users and “prevent trolling”.

Data Protection Authority:

  • The Bill sets up a Data Protection Authority which may, take steps to protect interests of individuals, prevent misuse of personal data, ensure compliance with the Bill.

Transfer of data outside India:

  • Sensitive personal data may be transferred outside India for processing if explicitly consented to by the individual and subject to certain additional conditions. However, such sensitive personal data should continue to be stored in India. Critical personal data can only be processed in India. Personal data other than sensitive and critical personal data don’t have such localisation mandates.

Exemptions:

  • The central government can exempt any of its agencies from the provisions of the Act, in interest of security of state, public order, sovereignty and integrity of India and friendly relations with foreign states, for preventing incitement to commission of any cognizable offence (i.e. arrest without warrant) relating to the above matters.
  • Processing of personal data is also exempted from provisions of the Bill for certain other purposes such as, prevention, investigation, or prosecution of any offence, personal, domestic, journalistic purposes
  • Sharing of non-personal data with government: The central government may direct data fiduciaries to provide it with any, non-personal data, anonymised personal data (where it is not possible to identify data principal) for better targeting of services.

Criticisms of the bill

  • There are significant departures in the current bill from the draft Bill prepared by the Justice B N Srikrishna committee in 2018.
  • Data Protection Authority’s composition is dominated by the government, as contrasted with the diverse and independent composition as suggested in the committee’s draft.
    • There is a blanket power of exemption from all provisions of the law (including access to personal data without consent, citing national security, investigation and prosecution of any offence, public order) in favour of a government agency. This could amount to surveillance.
  • A report from the IT Ministry’s Artificial Intelligence (AI) Committee contradicts foundational aspects of the Bill, as it suggests:
    • India should maintain free flow of data stating that India has been one of the biggest beneficiaries of the global data flows. Limitations on the free and open flow of data can seriously hinder the ability of economy to remain competitive.
    • Focus should be placed on implementation and enforcement instead of over-regulation. Sectoral entities are more appropriate regulators than an overarching authority.
    • Legislation alone is not enough unless supported by an adequate implementation ecosystem including an effective grievance redressal system and user awareness.
      • E.g. security and government access are not achieved by mere localisation, as the encryption keys may still be out of reach of national agencies.

Conclusion
Considering the data privacy as the fundamental right of a citizen and economic downturns of the potential breaches in data, government need to reconsider all the above pending issues. A robust Personal data protection law is the need of the hour. Due importance needs to be given on public awareness, better implementation and regulation and efficient grievance redressal as well.

Career in Ethical Hacking

/in , /by

What is Ethical Hacking?

With the growth of the Internet, computer security has become a major concern for businesses and governments. They want to be able to take advantage of the Internet for electronic commerce, advertising, information distribution and access, and other pursuits, but they are worried about the possibility of being HACKED. At the same time, the potential customers of these services are worried about maintaining control of personal information that varies from credit card numbers to social security numbers and home addresses.

In their search for a way to approach the problem, organizations came to realize that one of the best ways to evaluate the intruder threat to their interests would be to have independent computer security professionals attempt to break into their computer systems. This scheme is similar to having independent auditors come into an organization to verify its bookkeeping records.

In the case of computer security, these TIGER TEAMS or ETHICAL HACKERS would employ the same tools and techniques as the intruders, but they would neither damage the target systems nor steal information. Instead, they would evaluate the target systems’ security and re-port back to the owners with the vulnerabilities they found and instructions for how to remedy them

History and Now….

Whilst in the 80’s hacking was common only amongst computer programmers with vast experience and knowledge of multiple technologies, now almost anyone can hack given the availability of the fiercest software’s available freely on the internet. “You no longer need to be a genius to hack. I say all you need is the Internet and the Desire.

After the events of 9/11 of WTC , we are no longer able to expect a common and traditional mode of attack. An attack can come in any mode and from any source. The best way to defend ourselves is to think like the enemy as this will allow us to predict their next move.

In November 2002, the International Council of E-Commerce Consultants (EC-Council), a leading provider of e-Business certification and Internet Security programs, announced a new certification program designed to provide security education and training services for penetration testing professionals.

The EC-Council developed a unique five day security training course called “Ethical Hacking & Countermeasures,” which prepares students for the CEH exam 310-50. As the only course of its kind in the world leading to an Ethical Hacker Certification, it teaches how hackers hack, the tools they use, how to hack via Linux and Windows 2000, how to hack firewalls and how to implement an effective security framework for both e-commerce and day to day operation and how to apply countermeasures to avoid those risks. The Certified Ethical Hacker certification has become the fastest growing certification in the security industry.
There are four basic kinds of hacks:

IP Hack: Someone can be hired to hack a specific IP address, giving them little or no information beforehand (You have to be careful if the IP address is an overseas server. You cant hack the wrong IP address, like a foreign government’s computers, causing an international incident.);

Application Hack: A much more sophisticated hack that you can is diving deep into databases and down production servers. Only experienced hackers, with strict guidelines governing their actions, will be allowed to perform such tests. Organisation will never hire a “reformed” black-hat hacker for this type of test;

Physical Infrastructure Hack: This is where you can try to get into your facilities to access your systems or go dumpster diving looking for confidential information such as passwords discarded on sticky notes; and

Wireless Hack: Here you can exploit wireless access points from the back of a van. and report the findings back to employers instead of stealing  passwords. You can check out employers tele workers as well to see if home offices are a source of entry to there organisations network.

 

For any of these tests, a reputable firm with clearly defined methodologies to hire you, and you could be part of it.

 

Scope

Career as a Ethical Hacker with/with out necessary Certification Opens a wide range of scope due to lot foray of international organisations in India, Indians are known to be good mathematicians this gives them edge over other countries employees. A Ethical Hacker can see growth path towards handling a complete Networking Department  as he knows the things at system level. Loyalty towards profession and employee pay key role

Salaries are no bar for such a profession.

 

Digital Signature Laws in India

/in , /by

Digital signatures are given legal recognition under the Information Technology (IT) Act, enabling them to be as valid as signatures on paper. By affixing a digital signature to an electronic document, the writer or owner of the document may establish his rights over its content, and file a lawsuit if the same is violated.

The clause for digital signatures has been defined under Section 4 of the IT Act to primarily facilitate e-governance and e-commerce. Remember, this section of the IT Act overrides other laws, such as the Consumer Protection Act, which tends to become general legislations to facilitate electronic transactions.

Legalities for Creating a Valid Digital Signature

Section 14 of the IT Act has established certain guidelines for creating a valid and secured digital signature.

The section states that at the time of fixing a digital signature:

  • It should be unique.
  • It’s security procedure must be agreed to by both parties.
  • It is capable of identifying all parties or subscribers of the electronic document.

 

Limits to Recognition of Digital Signature

Digital signatures on all electronic records and contracts are considered valid under section 4 of the IT Act, except in the case of:

  • A will.
  • A negotiable instrument.
  • A document of title.
  • A contract for disposition of an immovable property.
  • A trust or power of attorney.
  • A document notified by the Central Government.

Indian laws, including the Indian Contract Act, require these documents to be written and attested in writing. Further, in India, paper documents are perceived to be far more reliable and trustworthy than electronic documents.

Some may argue that having these limitations on legal recognition of digital signatures would bar the growth of electronic transactions. However, these laws are meant to safeguard the interest of the online visitors.

To obtain a legally valid digital certificate as per Indian IT Act from the licensed Certifying Authorities (CA) operating under the Root Certifying Authority of India (RCAI), Controller of Certifying Authorities (CCA) of India. (http://www.cca.gov.in/) >

Steps for obtaining Digital Certificate

  1. Visit the site of the licensed CA using internet browser.
  2. Apply for a digital certificates
  • Digital Signature,non-repudiation certificate(used for Signing) and
  • Key Encipherment Certificate (used for encrypting Bid Document) with Organization name for the designated individual with organization name.
  • Ensure the Digital Certificate is legally valid in India.
  1. For making payment for Digital Certificate and submission of documents required for issue of the Digital Certificate, follow the instructions on the CA’s website.

Links to some licensed CA’s are provided below:

http://www.tcs-ca.tcs.co.in
http://www.safescrypt.com
http://www.mtnltrustline.com
http://www.ncodesolutions.com

What is a USB Token?

  • It is secure Device, used specifically to carry Digital Certificates.
  • USB Tokens offer military grade security and the contents are also encrypted internally.
  • A virus cannot affect USB Token, and the digital Certificate stored would always be secure.
  • When you insert the Token, it automatically copies the certificate to the browser and when you remove the Token it automatically removes the certificate from the browser.
  • The Private key never leaves the Token and signing takes place within the Token itself. So, the security is guaranteed.

 

CYBER CRIMES AND THE LAW

/in , /by

In the era of cyber world as the usage of computers became more popular, there was expansion in the growth of technology as well, and the term ‘Cyber’ became more familiar to the people. The evolution of Information Technology (IT) gave birth to the cyber space wherein internet provides equal opportunities to all the people to access any information, data storage, analyse etc. with the use of high technology. Due to increase in the number of netizens, misuse of technology in the cyberspace was clutching up which gave birth to cyber crimes at the domestic and international level as well.

Though the word Crime carries its general meaning as “a legal wrong that can be followed by criminal proceedings which may result into punishment” whereas Cyber Crime may be “unlawful acts wherein the computer is either a tool or target or both”.

The world 1st computer specific law was enacted in the year 1970 by the German State of Hesse in the form of ‘Data Protection Act, 1970’ with the advancement of cyber technology. With the emergence of technology the misuse of technology has also expanded to its optimum level and then there arises a need of strict statutory laws to regulate the criminal activities in the cyber world and to protect technological advancement system. It is under these circumstances Indian parliament passed its “INFORMATION TECHNOLOGY ACT, 2000” on 17th oct to have its exhaustive law to deal with the technology in the field of e-commerce, e-governance, e-banking as well as penalties and punishments in the field of cyber crimes.

  • Cyber Crimes Actually Means: It could be hackers vandalizing your site, viewing confidential information, stealing trade secrets or intellectual property with the use of internet. It can also include ‘denial of services’ and viruses attacks preventing regular traffic from reaching your site. Cyber crimes are not limited to outsiders except in case of viruses and with respect to security related cyber crimes that usually done by the employees of particular company who can easily access the password and data storage of the company for their benefits. Cyber crimes also includes criminal activities done with the use of computers which further perpetuates crimes i.e. financial crimes, sale of illegal articles, pornography, online gambling, intellectual property crime, e-mail, spoofing, forgery, cyber defamation, cyber stalking, unauthorized access to Computer system, theft of information contained in the electronic form, e-mail bombing, physically damaging the computer system etc.
  • Classifications Of Cyber Crimes: Cyber Crimes which are growing day by day, it is very difficult to find out what is actually a cyber crime and what is the conventional crime so to come out of this confusion, cyber crimes can be classified under different categories which are as follows:
  1. Cyber Crimes against Persons:

There are certain offences which affects the personality of individuals can be defined as:

  • Harassment via E-Mails: It is very common type of harassment through sending letters, attachments of files & folders i.e. via e-mails. At present harassment is common as usage of social sites i.e. Facebook, Twitter etc. increasing day by day.
  • Cyber-Stalking: It means expressed or implied a physical threat that creates fear through the use to computer technology such as internet, e-mail, phones, text messages, webcam, websites or videos.
  • Dissemination of Obscene Material: It includes Indecent exposure/ Pornography (basically child pornography), hosting of web site containing these prohibited materials. These obscene matters may cause harm to the mind of the adolescent and tend to deprave or corrupt their mind.
  • Defamation: It is an act of imputing any person with intent to lower down the dignity of the person by hacking his mail account and sending some mails with using vulgar language to unknown persons mail account.
  • Hacking: It means unauthorized control/access over computer system and act of hacking completely destroys the whole data as well as computer programmes. Hackers usually hacks telecommunication and mobile network.
  • Cracking: It is amongst the gravest cyber crimes known till date. It is a dreadful feeling to know that a stranger has broken into your computer systems without your knowledge and consent and has tampered with precious confidential data and information.
  • E-Mail Spoofing: A spoofed e-mail may be said to be one, which misrepresents its origin. It shows it’s origin to be different from which actually it originates.
  • SMS Spoofing: Spoofing is a blocking through spam which means the unwanted uninvited messages. Here a offender steals identity of another in the form of mobile phone number and sending SMS via internet and receiver gets the SMS from the mobile phone number of the victim. It is very serious cyber crime against any individual.
  • Carding: It means false ATM cards i.e. Debit and Credit cards used by criminals for their monetary benefits through withdrawing money from the victim’s bank account mala-fidely. There is always unauthorized use of ATM cards in this type of cyber crimes.
  • Cheating & Fraud: It means the person who is doing the act of cyber crime i.e. stealing password and data storage has done it with having guilty mind which leads to fraud and cheating.
  • Child Pornography: It involves the use of computer networks to create, distribute, or access materials that sexually exploit underage children.
  • Assault by Threat: refers to threatening a person with fear for their lives or lives of their families through the use of a computer network i.e. E-mail, videos or phones.
  1. Crimes Against Persons Property:

As there is rapid growth in the international trade where businesses and consumers are increasingly using computers to create, transmit and to store information in the electronic form instead of traditional paper documents. There are certain offences which affects persons property which are as follows:

  •  Intellectual Property Crimes: Intellectual property consists of a bundle of rights. Any unlawful act by which the owner is deprived completely or partially of his rights is an offence. The common form of IPR violation may be said to be software piracy, infringement of copyright, trademark, patents, designs and service mark violation, theft of computer source code, etc.
  • Cyber Squatting: It means where two persons claim for the same Domain Name either by claiming that they had registered the name first on by right of using it before the other or using something similar to that previously. For example two similar names i.e. www.yahoo.com and www.yaahoo.com.
  • Cyber Vandalism: Vandalism means deliberately destroying or damaging property of another. Thus cyber vandalism means destroying or damaging the data when a network service is stopped or disrupted. It may include within its purview any kind of physical harm done to the computer of any person. These acts may take the form of the theft of a computer, some part of a computer or a peripheral attached to the computer.
  • Hacking Computer System: Hacktivism attacks those included Famous Twitter, blogging platform by unauthorized access/control over the computer. Due to the hacking activity there will be loss of data as well as computer. Also research especially indicates that those attacks were not mainly intended for financial gain too and to diminish the reputation of particular person or company.
  • Transmitting Virus: Viruses are programs that attach themselves to a computer or a file and then circulate themselves to other files and to other computers on a network. They usually affect the data on a computer, either by altering or deleting it. Worm attacks plays major role in affecting the computerize system of the individuals.
  • Cyber Trespass: It means to access someone’s computer without the right authorization of the owner and does not disturb, alter, misuse, or damage data or system by using wireless internet connection.
  • Internet Time Thefts: Basically, Internet time theft comes under hacking. It is the use by an unauthorised person, of the Internet hours paid for by another person. The person who gets access to someone else’s ISP user ID and password, either by hacking or by gaining access to it by illegal means, uses it to access the Internet without the other person’s knowledge. You can identify time theft if your Internet time has to be recharged often, despite infrequent usage.
  1. Cybercrimes Against Government:

There are certain offences done by group of persons intending to threaten the international governments by using internet facilities. It includes:

  •  Cyber Terrorism: Cyber terrorism is a major burning issue in the domestic as well as global concern. The common form of these terrorist attacks on the Internet is by distributed denial of service attacks, hate websites and hate e-mails, attacks on sensitive computer networks etc. Cyber terrorism activities endanger the sovereignty and integrity of the nation.
  • Cyber Warfare: It refers to politically motivated hacking to conduct sabotage and espionage. It is a form of information warfare sometimes seen as analogous to conventional warfare although this analogy is controversial for both its accuracy and its political motivation.
  • Distribution of pirated software: It means distributing pirated software from one computer to another intending to destroy the data and official records of the government.
  • Possession of Unauthorized Information: It is very easy to access any information by the terrorists with the aid of internet and to possess that information for political, religious, social, ideological objectives.
  1. Cybercrimes Against Society at large:

An unlawful act done with the intention of causing harm to the cyberspace will affect large number of persons. These offences includes:

  •  Child Pornography: It involves the use of computer networks to create, distribute, or access materials that sexually exploit underage children. It also includes activities concerning indecent exposure and obscenity.
  • Cyber Trafficking: It may be trafficking in drugs, human beings, arms weapons etc. which affects large number of persons. Trafficking in the cyberspace is also a gravest crime.
  • Online Gambling: Online fraud and cheating is one of the most lucrative businesses that are growing today in the cyber space. There are many cases that have come to light are those pertaining to credit card crimes, contractual crimes, offering jobs, etc.
  • Financial Crimes: This type of offence is common as there is rapid growth in the users of networking sites and phone networking where culprit will try to attack by sending bogus mails or messages through internet. Ex: Using credit cards by obtaining password illegally.
  • Forgery: It means to deceive large number of persons by sending threatening mails as online business transactions are becoming the habitual need of today’s life style.

Affects To Whom: Cyber Crimes always affects the companies of any size because almost all the companies gain an online presence and take advantage of the rapid gains in the technology but greater attention to be given to its security risks. In the modern cyber world cyber crimes is the major issue which is affecting individual as well as society at large too.

Need of Cyber Law: information technology has spread throughout the world. The computer is used in each and every sector wherein cyberspace provides equal opportunities to all for economic growth and human development. As the user of cyberspace grows increasingly diverse and the range of online interaction expands, there is expansion in the cyber crimes i.e. breach of online contracts, perpetration of online torts and crimes etc. Due to these consequences there was need to adopt a strict law by the cyber space authority to regulate criminal activities relating to cyber and to provide better administration of justice to the victim of cyber crime. In the modern cyber technology world it is very much necessary to regulate cyber crimes and most importantly cyber law should be made stricter in the case of cyber terrorism and hackers.

Penalty For Damage To Computer System: According to the Section: 43 of ‘Information Technology Act, 2000’ whoever does any act of destroys, deletes, alters and disrupts or causes disruption of any computer with the intention of damaging of the whole data of the computer system without the permission of the owner of the computer, shall be liable to pay fine upto 1crore to the person so affected by way of remedy. According to the Section:43A which is inserted by ‘Information Technology(Amendment) Act, 2008’ where a body corporate is maintaining and protecting the data of the persons as provided by the central government, if there is any negligent act or failure in protecting the data/ information then a body corporate shall be liable to pay compensation to person so affected. And Section 66 deals with ‘hacking with computer system’ and provides for imprisonment up to 3 years or fine, which may extend up to 2 years or both.

 

Case Study-Attacks on Cyberspace: 

  • Worm Attack: The Robert Tappan Morris well Known as First Hacker, Son of former National Security Agency Scientist Robert Morris, was the first person to be prosecuted under the ‘Computer and Fraud Act, 1986’. He has created worm while at Cornell as student claiming that he intended to use the worm to check how large the internet was that time. The worm was uncontrollable due to which around 6000 computer machines were destroyed and many computers were shut down until they had completely malfunctioned. He was ultimately sentenced to three years probation, 400 hours of community service and assessed a fine of $10500. So there must be strict laws to punish the criminals who are involved in cyber crime activities.
  • Hacker Attack: Fred Cohen, a Ph.D. student at the University of Southern California wrote a short program in the year 1983, as an experiment, that could “infect” computers, make copies of itself, and spread from one machine to another. It was beginning & it was hidden inside a larger, legitimate program, which was loaded into a computer on a floppy disk and many computers were sold which can be accommodate at present too. Other computer scientists had warned that computer viruses were possible, but Cohen’s was the first to be documented. A professor of his suggested the name “virus”. Cohen now runs a computer security firm.
  • Internet Hacker: Wang Qun, who was known by the nickname of “playgirl”, was arrested by chinese police in the Hubei province first ever arrest of an internet hacker in China. He was a 19 year old computing student, arrested in connection with the alleged posting of pornographic material on the homepages of several government-run web sites. Wang had openly boasted in internet chat rooms that he had also hacked over 30 other web sites too.

 

Preventive Measures For Cyber Crimes:

Prevention is always better than cure. A netizen should take certain precautions while operating the internet and should follow certain preventive measures for cyber crimes which can be defined as:

  • Identification of exposures through education will assist responsible companies and firms to meet these challenges.
  • One should avoid disclosing any personal information to strangers via e-mail or while chatting.
  • One must avoid sending any photograph to strangers by online as misusing of photograph incidents increasing day by day.
  • An update Anti-virus software to guard against virus attacks should be used by all the netizens and should also keep back up volumes so that one may not suffer data loss in case of virus contamination.
  • A person should never send his credit card number to any site that is not secured, to guard against frauds.
  •  It is always the parents who have to keep a watch on the sites that your children are accessing, to prevent any kind of harassment or depravation in children.
  • Web site owners should watch traffic and check any irregularity on the site. It is the responsibility of the web site owners to adopt some policy for preventing cyber crimes as number of internet users are growing day by day.
  • Web servers running public sites must be physically separately protected from internal corporate network.
  •  It is better to use a security programmes by the body corporate to control information on sites.
  • Strict statutory laws need to be passed by the Legislatures keeping in mind the interest of netizens.
  • IT department should pass certain guidelines and notifications for the protection of computer system and should also bring out with some more strict laws to breakdown the criminal activities relating to cyberspace.
  • As Cyber Crime is the major threat to all the countries worldwide, certain steps should be taken at the international level for preventing the cybercrime.
  • A complete justice must be provided to the victims of cyber crimes by way of compensatory remedy and offenders to be punished with highest type of punishment so that it will anticipate the criminals of cyber crime.

Conclusion:

Since users of computer system and internet are increasing worldwide, where it is easy to access any information easily within a few seconds by using internet which is the medium for huge information and a large base of communications around the world. Certain precautionary measures should be taken by netizens while using the internet which will assist in challenging this major threat Cyber Crime.