Author: Shivangi Kumari, II Year of BBA.,LL.B from Galgotias University.
ABSTRACT
Cybercrime is a borderless problem, committed online by using electronic communication networks and information systems. Cyber security is a broad spectrum phrase andrelated to preventing any form of unauthorized and disingenuous access to a personal computer, a laptop, a Smartphone or major network. In the current era of online processing, maximum of the information is online and prone to cyber threats. There are a huge number of cyber threats and their behavior is difficult to early understanding hence difficult to restrict in the early phases of the cyber attacks. Cyber attacks may have some motivation behind it or may be processed unknowingly.
The attacks those knowingly can be considered as the cyber crime and they have serious impacts over the society in the form of economical disrupt, psychological disorder, threat to National defense etc. Restriction of cyber crimes is dependent on proper analysis of their behavior and understanding of their impacts over various levels of society.
Therefore, the current manuscript provides the understanding of cyber crimes and their impacts over society with the future trends of cyber crimes. Institutions such as the Computer Emergency Response Team (CERT-In), National Technical Research Organization (NTRO) and National Cyber Security Coordinator Centre are all doing a reasonable job. In this paper, we have also discussed the prevention technique, detention technique along with National Cyber Security Policy 2013 and Information Technology Act 2000.
KEYWORDS: Cybercrime, Trojans, Cyber stalking, Cyber Defamation, Cyber Law, India, IT ACT 2000
INTRODUCTION
With the advancement of technology, the way of conducting crime is becoming more sophisticated, complex and there had been a significant change in the outlook of the world from a human perspective. Cybercrime is a real threat to fast technology development. This technologies advent not only redefined human lifebut also redefined cyber crimes. The rapid growth of internet users and dependence drastically increased the risks of the commission of the crime. Cybercrime is also categorized into violent and non-violent cybercrime like cyber squatting, stalking, morphing, email spoofing, cyber bullying, piracy, vandalism, cyber fraud, etc.
Cybercrime is a broad term encompassing acts committed or facilitated by the use of computer technology. As regards the exact definition of cybercrime, it has not been statutorily defined in any statute or law as yet. Even the IT Act, 2000 does not contain the definition of cybercrime.
However, it may precisely be said to be those species of crime in which computer is either an object or a subject of conducting constituting the crime or it may be even both. Sometimes viruses are hidden in seemingly legitimate emails and advertisement on the web, which if once clicked infect the computer and due to this the person is not able to use their computers. The expanding reach of computers and the internet has made it easier for people to keep in touch across long distances. However, the means that enable the free flow of information and ideas over long distances also give rise to a worryingly high incidence of irresponsible behavior.
Background
What is the Cyber Crime? Some experts believe that cyber-crime is nothing more than ordinary crime committed by high tech computers where computer is either a tool or target or both and other experts view that cyber-crime is a new category of crime requiring a comprehensive new legal framework to address a unique nature of emerging technologies and the unique set of challenges that traditional crime do not deal with such as jurisdiction, international cooperation, intent and the difficulty of identifing the Prepetator.
TYPES OF CYBER-CRIMES:
a)Identity theft
When personal information of a person is stolen to use their financial resources or to take a loan or credit card in their name then such a crime is known as Identity theft. Eg. Some thieves use skimming device (Skimming is a method used by identity thieves to capture information from a cardholder) that easily can be placed over a card reader on an ATM or in any other places without looking out of the ordinary. When somebody swipes a debit or credit card at a compromised machine, the skimmer reads the information from the card's magnetic stripe & either stores it or transmits it to the hacker's device. A criminal can then use this information to make purchases. Some skimmers may also include a touchpad that allows the thief to enter a security code. Fraudsters can obtain information in various ways, & the technology which they use is becoming more sophisticated (advanced) & challenging to detect.
b)Cyber-terrorism
(Barry Collin first introduced the term cyber terrorisminthe 1980s, although just as experts have not formed a consent definition of terrorism, there is still no unifying definition of cyber terrorism).
When a threat of extortion (Blackmail) or any kind of harm is being subjected or perceived towards a person, organization, group or state, it is known as the crime of Cyber Terrorism. Generally, it includes well-planned attack strategies before attacking the Government & corporate computer system. By this narrow definition, it is difficult to identify any instances of cyber terrorism. Cyber terrorismcan be also defined as the intentional use of computer, networks, and public internet to cause destruction & harm for personal objectives. Objectives may be political or ideological since this can be seen as a form ofterrorism. If any incident in the cyber world can create terror, it may be called a Cyber-terrorism.
c)Cyber bullying
When a teenager or adolescent harasses, defames, or intimidates someone with the use of the internet, phone, chat rooms, instant messaging or any other social network then the person is said to be committing the crime of Cyber bullying. It can start as early as age eight or nine, but the majority of cyber bullyingtakes place in the teenage years, up to age 17. Most often, it's sustained & repeated over some time. But whether it's sharing one humiliating photo or 1,000 harmful text messages, it can damage ayoung person's feelings, self-esteem, reputation & mental health. The range of cyber bullyingstatistics is wide, & is frequently changing as new technology emerges & different social networking sites pop up. When the same crime is done by adults it is known as Cyber-stalking.
d)Hacking
It has now become so common that, even the highly secured websites of government bodies get hacked within a fraction of seconds, the social media accounts of common people are a very easy task for the hackers to hack to getcertain information. The most common method of hacking is that the hacker usually sends some links to the email or any social account of the victim & the moment the user clicks open that link, the hacker gets access to the IP Addressof a system which is being used by a user. We can also see such cases where we get spam messages in our e-mails, in message box reading that we have won some amount of prize money & in return, they ask us about our bank details & other personal information. This is where many people fall into the trap of the hacker's, even the educated ones.
These types of cybercrimes are something that we see daily. Every eight out of ten people have been in some of the other way fallen into such traps of cyber crimes & have been victimized.
e)DEFAMATION
While every individual has his/her right to speech on internet platforms as well, but if their statements cross a line & harm the reputation of any individual or organization, then they can be charged with the Defamation Law. In law, attackinganother’s reputation by a false publication (communication to a third party) tending to bring the person into disrepute. It is on the internet where people can get into trouble with libel. While some web sites screen posts for inflammatory or illegal content, the screening systems are not geared to examine every post for libellous (false) content. If you are accused of defamation or slander, truth is an absolute defence to the allegation. If what you said is true, there is no case. If the case is brought by a public figure & you can prove you were only negligent in weighing whether the statement was false, that can be a defence as well.
f)Harassment & Stalking
A lot of people think stalking is something that just happens to celebrities, but the reality is that it can happen to anyone. Harassment & stalking are strictly prohibited over internet platforms as well. Cyber laws protect the victims & prosecute (accuse) the offender against this offence. Cases involving stalking & harassmentcan be difficult to prosecute because of their nature are likely to require sensitive handling, especially regarding the care of the victim. Closely connected groups may also be subjected to collective harassment. The primary intention of this type of harassment is not generallydirected at an individual but rather at members of a group. This can also include members of the same family, residents of a particular neighborhood, groups of a specific identity including ethnicity or sexuality.
g)DDOS attacks
A distributed denial-of-service (DDoS) attack is one of the most powerful weapons on the internet. When you hear about a website being brought down by hackers that means it has become a victim of a DDoS attack. In short, it means that hackers have attempted to make a website or computer unavailable or out of service by flooding or crashing the website with too much traffic which the systems cannot bear.Distributed denial-of-service attacks target websites & online services. The aim is to submerge them with more traffic than the server or network can accommodate or take in. The goal is to provide & render the website or service inoperable (incurable) The traffic can consist of incoming messages, requests for connections, or fake packets. In some cases, the targeted victims are threatened with a DDoS attack or attacked at a low level. This may be combined with an extortion (blackmail) threat of a more devastating attack unless the company pays a crypto currency(digital currency in which encryption techniques are used to regulate the generation of units of currency) The theory behind a DDoS attack is simple, although attacks can range in their level of sophistication (experience)
IMPACT OF CYBER-CRIMES
Individuals &businesses can suffer significant financial loss because of cyber-crime with the most obvious impact being theft. Loss of business can also be significant in a single occurrence. Besides, the reputational damage can also be a significant factor following the cybercrime. Businesses can be intentionally attacked because they have a high profile & possess valuable data, or there is some other publicity benefit in a successful attack to disgrace them.
Where there is a weakness, they will try to exploit it. Imagining crimeless society is a myth, crime is an omnipresent phenomenon, & it is a non-separable part of social existence. One can deny that crime is a social phenomenon, it is omnipresent, & there is nothing new in crime as it is one of the characteristic features of the all societies existed till now, whether its a civilized or uncivilized & it is one of the basic instincts of all human behavior. Also, some individuals are victims of crime in a more specific sense. The victims of crime may lose anything that has value. Safety, peace, money, & property are perhaps basic values because they contribute to the satisfaction of many wishes. Therefore, all businesses need to understand the cyber threats they may face, & take the appropriate steps to safeguard against themselves.
PREVENTION OF CYBERCRIME
Prevention is always better than cure. It is always better to take certain precaution while operating the net. A should make them his part of cyber life. A netizen should keep in mind the following things.To prevent cyber stalkingavoid disclosing any information about oneself.
This is as good as disclosing your identity to strangers in public place.Always avoid sending any photograph online particularly to strangers and chat friends as there have been incidents of misuse of the photographs.Always use latest and update antivirus software to g1uard against virus attacks.Always keep back up volumes so that one may not suffer data loss in case of virus contamination.
Never send your credit card number to any site that is not secured, to guard against frauds.Always keep a watch on the sites that your children are accessing to prevent any kind of harassment or deprivation in children.It is better to use a security programme that gives control over the cookies and send information back to the site as leaving the cookies unguarded might prove fatal.Web site owners should watch traffic and check any irregularity on the site. Putting host-based intrusion detection devices on servers may do this.Use of firewalls may be beneficial.Web servers running public sites must be physically separate protected from the internal corporate network.
SOME JUDGEMENTAL CASES RELATED TO CYBER CRIME
-Electronic Evidence by WhatsApp | Mukul Vs State of Punjab (2018)
-Pornography Obscenity (S67A) Case conviction | State Vs Jayanta Das(2017) (Odisha)
-Cyber Cafe Owner Liability (S67C) Conviction | State Vs Vishal Bogade + 1(Maharashtra
-Cyber Stalking Case Conviction | State Vs Yogesh Prabhu (cyber cell Mumbai
- Data Theft Case Conviction S43(a) & S(66)| State Vs Prabhakar sampath (Hyderabad )
- Nigerian Email Scam Case Conviction | State Vs Opara chilezien Joseph & Ors (Mah.)
Section 66A Stuck Down Case | Shreya Singhal Vs UOI
LAWS RELATED TO CYBERSECURITY IN INDIA
National CyberSecurity Policy, 2013 The NCSP offers a 14-point strategy to establish a secure cyber-ecosystem and assurance framework. It centres on the product, process/technology, and the personnel that form the basic building blocks of any cyber securitysystem. Itseeks to promote global best practices in information security (IS) and compliance through standards and guidelines. The International Organization for Standardization/International Electro TechnicalCommission (ISO/IEC) 2001 is the best-known standard in the family providing requirements for an information security management system (ISMS). It includes IS system audits, penetration testing and vulnerability assessments, formal risk assessments and risk management processes, as well as a cyber-crisis management plan for all entities within the government and critical sectors.
Information Technology Act, 2000The IT Act, 2000 was designed in response to the increased risk of cyber attacks.It seeks to reduce the digital divide to bring about societal transformatio.
The IT Act is umbrella legislation that primarily aims to regulate electronic commerce as well as to gradually promote a culture of e-governance in India.As such, it calls for comprehensive cyber securitylegislation to address growing threats to information infrastructure systems and networks and suggests a new specialized professional institutional structure to meet the cyber securitychallenge.
National Technical Research Organization(NTRO)The National Technical Research Organization(NTRO) is a technical intelligence agency under the National Security Advisor in the Prime Minister Office, India. It was set up in 2004.It also includes National Institute of Cryptology Research and Development (NICRD), which is first of its kind in Asia.The agency develops technology capabilities in aviation and remote sensing, data gathering and processing, cyber security, cryptology systems, strategic hardware and software development and strategic monitoring.
International CooperationIndia should foster closer collaboration between all those involved to ensure a safe cyberspace.
There must be enhanced cooperation among nations and reaffirmed a global call to action for all United Nations member nations to not attack the core of the Internet even when in a state of war.
CERT-InMeanwhile, to handle emergencies and ensure crisis management, another institution, Computer Emergency Response Team-India (CERT-In) has been created.It operates 24/7 to help users respond to cyber securityincidents.CERT-In has established links with international CERTs and security agencies to facilitate the exchange of information on the latest cyber securitythreats and international best practices.
Advantages of Cyber Laws
The IT Act 2000 attempts to change outdated laws and provides ways to deal with cyber crimes. We need such laws so that people can perform purchase transactions over the Net through credit cards without fear of misuse.
The Act offers the much-needed legal framework so that information is not denied legal effect, validity or enforceability, solely on the ground that it is in the form of electronic records. The Act seeks to empower government departments to accept filing, creating and retention of official documents in the digital format. The Act has also proposed a legal framework for the authentication and origin of electronic records / communications through digital signature.
From the perspective of e-commerce in India, the IT Act 2000 and its provisions contain many positive aspects. Firstly, the implications of these provisions for the e-businesses would be that email would now be a valid and legal form of communication in our country that can be duly produced and approved in a court of law.
Companies shall now be able to carry out electronic commerce using the legal infrastructure provided by the Act.
Digital signatures have been given legal validity and sanction in the Act.
The Act throws open the doors for the entry of corporate companies in
the business of being Certifying Authorities for issuing Digital
Signatures Certificates.
The Act now allows Government to issue notification on the web thus
heralding e-governance.
The Act enables the companies to file any form, application or any
other document with any office, authority, body or agency owned or
controlled by the appropriate Government in electronic form by means of such electronic form as may be prescribed by the appropriate Government.
The IT Act also addresses the important issues of security, which are so critical to the success of electronic transactions. The Act has given a legal definition to the concept of secure digital signatures that would be required to have been passed through a system of a security procedure, as stipulated by the Government at a later date.
Under the IT Act, 2000, it shall now be possible for corporates to have a statutory remedy in case if anyone breaks into their computer systems or network and causes damages or copies data. The remedy provided by the Act is in the form of monetary damages, not exceeding Rs. 1 crore.
Proposed Changes in IT Act 2000
It is found that there should be the provision for the following –
a. Trap and Trace orders. The new IT Act should make such legislation that it is
easier for cyber investigators to obtain “trap and trace” orders. “Trap and
trace devices are used to capture incoming IP packets to identify the packet‟s
origins. Due to the ease with which hackers are able to “spoof” their true
origin, the most effective way to reconstruct the path of a virus, DoS or
hacking assault is to follow a chain of trapping devices that logged the original
malicious packets as they arrived at each individual router or server. In a case
of single telephone company, it has been relatively easy for investigators to
obtain trap and trace orders but today one communication is being carried byeveral different {ISPs}, by one or more telephone company or one or more
cell company and very soon by one or more satellite company. Once the
segment of the route goes beyond the court‟s jurisdiction, investigators must
then go the next jurisdiction and file a request for a trap and trace order for the
next segment. The new legislation would authorize the issuance of a single
order to completely trace an on-line communication from start to finish.
b. We proposed new legislation such that makes young perpetrators fifteen years
of age and older eligible for offences in serious computer crime.
c. The Cyber Cafes, Computer Training Centre, and other Institute where
computer is the mode of training should be incorporated under some act.
Defence cyber security
An increase in the volume and scale of cyber attacks on defence infrastructure has heightened the need for cyber security. A proposal is already pending before the Ministry of Defence to set up a dedicated tri-service command with the Indian Air Force, army and navy for cyber security. It is time to enhance cyber capabilities so that the defence forces can deploy both defensive and offensive cyber operations to protect vital national interests.
CONCLUSION
The capacity of the human mind is unfathomable. It is not possible to eliminate cyber crime from the cyberspace. It is quite possible to check them. History is the witness that no legislation has succeeded in eliminating crime from the globe. The only possible step is to make people aware of their rights and duties (to report the crime asa collective duty towards the society) and further making the application of the laws more stringent to check crime.Remember, cybercriminals are evolving as well in terms of computer knowledge per technological advancement made. Nevertheless, business should employ practices where their employees follow proper safety practices to ensure that integrity and confidentially of stored information is kept at all times to combat cybercrimes. With all these safety practices implemented, it can be said that the safety of many clients stored information is optimal.