TRACKING CYBER CRIMES

8/7/2019 TRACKING CYBER CRIMES

1/61

TRACKING CYBERCRIMES &

perpetratorsY SAI SAKETH

NISHANTH KABRA

Inroduction to

Cyber Crime

The term cyber crime is a term

which is used wrongly. This

term has nowhere been defined

in any Act passed or enacted by

the Indian Parliament. The

concept of cyber crime is not different from the concept of

ordinary crimes. Both include breach of law.Any criminal

activity that uses a computer instrumentality, target or a means

for perpetuating further crimes comes within the ambit of cyber

crime points of similarity and deviance between both these forms

may be discussed.A generalized definition of cyber crime may be unlawful acts wherein the computer is either a tool or target or

both. The computer may be used as a tool in the following kinds

of activity- financial crimes, sale of illegal articles, pornography,

Formatted: Font: (Default) Verdana, 9 pt, BoFont color: Custom Color(RGB(88,89,90)), Ke

at 18 pt


2/61

online gambling, intellectual property crime, e-mail spoofing,

forgery, cyber defamation, cyber stalking logic bombs, Trojan

attacks, internet time thefts, web jacking, theft of computer

system, physically damaging the computer system.

There is apparently no distinction between cyber and

conventional crime. However on a deep introspection we may say

that there exists a fine line of demarcation between the

conventional and cyber crime, which is appreciable. The

demarcation lies in the involvement of the medium in cases of

cyber crime. The sine qua non for cyber crime is that there should

be an involvement, at any stage, of the virtual cyber medium.

The first recorded cyber crime took place in the year 1820!

That is not surprising considering the fact that the abacus,

which is thought to be the earliest form of a computer, has been

around since 3500 B.C. in India, Japan and China. The era of

modern computers, however, began with the analytical engine

of Charles Babbage. Cyber crime is an evil having its origin in

the growing dependence on computers in modern life. In a day

and age when everything from microwave ovens and

refrigerators to nuclear power plants is being run on

computers, cyber crime has assumed rather sinister

implications. Major cyber crimes in the recent past include theCitibank rip off. US $ 10 million were fraudulently transferred

out of the bank and into a bank account in Switzerland. A

Russian hacker group led by Vladimir Kevin, a renowned

hacker, perpetrated the attack. The group compromised the

bank's security systems. Vladimir was allegedly using his office

computer at AO Saturn, a computer firm in St. Petersburg,

Russia, to break into Citibank computers. He was finally

arrested on Heathrow airport on his way to Switzerland.


3/61

THE REASONS FOR CYBER CRIMES:

The reasons for the vulnerability of computers may be said to be:

1.Capacity to store data in comparatively small space-The computer has unique characteristic of storing data in a very

small space. This affords to remove or derive information either

through physical or virtual medium makes it much more easier.

2.Easy to access- The problem encountered in guarding a computer system from

unauthorised access is that there is every possibility of breach

not due to human error but due to the complex technology. By

secretly implanted logic bomb, key loggers that can steal access

codes, advanced voice recorders; retina imagers etc. that can

fool biometric systems and bypass firewalls can be utilized to

get past many a security system.

3.Complex-

The computers work on operating systems and these operating

systems in turn are composed of millions of codes. Human

mind is fallible and it is not possible that there might not be a

lapse at any stage. The cyber criminals take advantage of these

and penetrate into the computer system.

4.Negligence-

Negligence is very closely connected with human conduct. It is

therefore very probable that while protecting the computersystem there might be any negligence, which in turn provides a

cyber criminal to gain access and control over the computer

system.


4/61

5. Loss of evidence-

Loss of evidence is a very common & obvious problem as allthe data are routinely destroyed. Further collection of data

outside the territorial extent also paralyses this system of crime

investigation.

Law enforcers now have an added training space. Indias

third cyber lab, set up through public-private partnership to

train and hone the skills of law enforcement officials in tacklingcyber crimes, began operations in Bangalore.

The cyber lab will be run by Nasscom, the trade body of the

Indian software and services firms, and sponsored by Canara

Bank. The Bangalore cyber lab is expected to train about 1,000

officials of law enforcing agencies operating in the state police

department, law department, defence services, banks,

insurance and allied sectors, annually. The lab is housed at the

Corps of Detectives premises of the Karnataka police, which

also houses the country's first cyber crime police station.

The cyber lab will aim at strengthening the legal infrastructure

and creating an effective enforcement framework.

The lab proposes to train cops on the familiarisation on areas

such as internet use, e-mail and online transactions and

education on what constitutes cyber crime. Post-training, they

would be able to carry out various tasks like analysing and

scrutinizing data on hard disks, e-mail tracking, extracting

evidence using Internet and mobile phones and on cyber crime-related legislation.

The Canara Bank, as part of the bank's social responsibility of


5/61

an eco-system for checking cyber crimes, especially frauds

taking place in the use of Internet banking, ATMs, credit and

debit cards and e-booking of tickets.

CYBER CRIMINALS:

The cyber criminals constitute of various groups/ category. This

division may be justified on the basis of the object that they have

in their mind. The following are the category of cyber criminals-

1. Children and adolescents between the age group of 6 18

years

The simple reason for this type of delinquent behaviourpattern in children is seen mostly due to the inquisitiveness to

know and explore the things. Other cognate reason may be to

prove themselves to be outstanding amongst other children in

their group. Further the reasons may be psychological even.

2. Organised hackers-

These kinds of hackers are mostly organised together to fulfil

certain objective. The reason may be to fulfil their political

bias, fundamentalism, etc.

3. Professional hackers

Their work is motivated by money. These kinds of hackers are

mostly employed to hack the site of the rivals information.

Further they are employed to crack the system of the employer

basically as a measure to make it safer by detecting the loopholes.

4. Discontented employees-

This group include those people who have been either sacked

by their employer or are dissatisfied with their employer. Toavenge they normally hack the system of their employee.

MODE AND MANNER OF COMMITING CYBER

CRIME:


6/61

1.Unauthorized access to computer systems or networks /Hacking-

This kind of offence is normally referred as hacking in to avoid

any confusion we would not interchangeably use the word

hacking for unauthorized access as the latter has wide

connotation.

2.Theft of information contained in electronic form- This includes information stored in computer hard disks,

removable storage media etc. Theft may be either by

appropriating the data physically or by tampering them

through the virtual medium.

3.Email bombing- This kind of activity refers to sending large numbers of mail to

the victim, which may be an individual or a company or even

mail servers there by ultimately resulting into crashing.

4.Data diddling- This kind of an attack involves altering raw data just before a

computer processes it and then changing it back after theprocessing is completed. The electricity boardfaced similar

problem of data diddling while the department was being

computerizing.

5. Virus / worm attacks-

Viruses are programs that attach themselves to a computer or

a file and then circulate themselves to other files and to other

computers on a network. They usually affect the data on a

computer, either by altering or deleting it. Worms, unlike

viruses do not need the host to attach themselves to. Theymerely make functional copies of themselves and do this

repeatedly till they eat up all the available space on a

computer's memory.


7/61

9.Trojan attacks- This term has its origin in the word Trojan horse. In

software field this means an unauthorized programme, which

passively gains control over anothers system by representing

itself as an authorised programme. The most common form of

installing a Trojan is through e-mail. E.g. a Trojan was

installed in the computer of a lady film directorin the U.S. while

chatting. The cyber criminal through the web cam installed in

the computer obtained her nude photographs. He further

harassed this lady.

10. Internet time thefts- Normally in these kinds of thefts the Internet surfing hours of

the victim are used up by another person. This is done by

gaining access to the login ID and the password. E.g. Colonel

Bajwas case- the Internet hours were used up by any other

person. This was perhaps one of the first reported cases related

to cyber crime in India. However this case made the police

infamous as to their lack of understanding of the nature of

cyber crime.

11. Web jacking-

This term is derived from the term hi jacking. In these

kinds of offences the hacker gains access and control over

the web site of another. He may even mutilate or change the

information on the site. This may be done for fulfilling

political objectives or for money.

a. Criminals Can Operate Anonymously Over the Computer

Networks.

1. Be careful about talking to "strangers" on a computer

network. Who are these people anyway? Remember thatpeople online may not be who they seem at first.


8/61

2. Tell a grown-up right away if you come across any

information that makes you feel uncomfortable.

3. Do not give out any sensitive or personal information about

you or your family in an Internet "chat room."

b. Hackers Invade Privacy

1. Define a hacker - A hacker is someone who breaks into

computers sometimes to read private e-mails and other files.

2. What is your privacy worth?

What information about you or your parents do you think

should be considered private? For example, medical

information, a diary, your grades, how much money your

parents owe, how much money your family has in a savings

account or in a home safe, and your letters to a friend.

Would this kind of invasion of your privacy be any different

than someone breaking into your school locker or yourhouse to get this information about you and your family?

c. Hackers Destroy "Property" in the Form of Computer Files

or Records.

1. Hackers delete or alter files.

2. When you write something, like a term paper or report, how

important is it to be able to find it again? Would this be

different if someone broke into your locker and stole yourterm paper?

3. How important is it that data in computers like your term

paper, a letter, your bank records, and medical records, not


9/61

be altered? How important is it for a drug company or a

pharmacy to not have its computer files altered or deleted by

hackers? What would happen if a hacker altered the

chemical formulas for prescription drugs, or the flight

patterns and other data in air traffic control computers?

What does the term "tamper" mean? To interfere in a

harmful way or to alter improperly.Is tampering with

computer files different from tampering that occurs on

paper files or records?

d. Hackers Injure Other Computer Users by Destroying

Information Systems

1. Hackers cause victims to spend time and money checking

and re-securing systems after break-in. They also cause

them to interrupt service. They think it's fine to break-in

and snoop in other people's files as long as they don't alter

anything. They think that no harm has been done.

2. Hackers steal telephone and computer time and share

unauthorized access codes and passwords. Much of the

stealing is very low-tech. "Social engineering" is a term used

among crackers for cracking techniques that rely on

weaknesses in human beings rather than on software.

"Dumpster diving" is the practice of sifting refuse from an

office or technical

installation to extract confidential data, especially security

compromising information. Who do you think pays for this?

How much stealing of computer time do you think there is?

For example, there is $2 billion annually in telephone toll

fraud alone. Would you want someone going through your

garbage? Have you ever thrown away private papers orpersonal notes?

3. Hackers crash systems that cause them to malfunction and

not work. How do we use computer information systems in


10/61

our daily lives? What could happen if computers suddenly

stopped working? For example, would public health and

safety be disrupted and lives be endangered if computers

went down?

e. Computer "Pirates" Steal Intellectual Property

1. Intellectual property is the physical expression of ideas

contained in books, music, plays, movies, and computer

software. Computer pirates steal valuable property when

they copy software, music, graphics/pictures, movies, books

(all available on the Internet).

How is the person who produced or developed these forms of

entertainment harmed? Is this different from stealing a

product (computer hardware) which someone has invented

and manufactured? Who pays for this theft?

2. It may seem simple and safe to copy recordings, movies andcomputer programs by installing a peer-to-peer (P2P) file

sharing software program. However, most material that you

may want to copy is protected by copyright which means

that you are restricted from making copies unless you have

permission to do so. Making copies of intellectual

propertyincluding music, movies and software--without the

right to do so is illegal. P2P software and the files traded on

the P2P networks may

also harm your computer by installing viruses or spy ware, or

allow others to access the files contained on your hard drivebeyond those you intend to share.


11/61

3. Copyright violations have civil and criminal remedies.

a.) Civil remedy: copyright holder can sue infringer for moneyto cover loss of sales or other loss caused by infringement.

b.) Criminal remedy: jail or fine paid to the government (not

copyright holder) where person infringes a copyright for

commercial advantage or private gain. For example, a

person who makes multiple copies of a video, and sell the

copies.

Defining Cyber Crime

Defining cyber crimes, as "acts that are punishable by the

Information Technology Act" would be unsuitable as the

Indian Penal Code also covers many cyber crimes, such as

email spoofing and cyber defamation, sending threatening

emails etc. A simple yet sturdy definition of cyber crime

would be "unlawful acts wherein the computer is either a

tool or a target or both".

Financial crimes

This would include cheating, credit card frauds.

Sale of illegal articles

This would include sale of narcotics, weapons and wildlife etc.,

Online gambling

There are millions of websites; all hosted on servers abroad,

that offer online gambling. In fact, it is believed that many of

these websites are actually fronts for money laundering.


12/61

Email spoofing

A spoofed email is one that appears to originate from one

source but actually has been sent from another source.

Forgery

Counterfeit currency notes, postage and revenue stamps, mark

sheets etc can be forged using sophisticated computers,

printers and scanners. Outside many colleges across India,

one finds touts soliciting the sale of fake mark sheets or even

certificates. These are made using computers, and high

quality scanners and printers. In fact, this has becoming a

booming business involving thousands of Rupees being given to

student gangs in exchange for these bogus but authentic

looking certificates.

Cyber Defamation

This occurs when defamation takes place with the help of

computers and / or the Internet. E.g. someone publishes

defamatory matter about someone on a website or sends e-

mails containing defamatory information to all

of that person's friends.

Cyber stalking


13/61

The Oxford dictionary defines stalking as "pursuing

stealthily". Cyber stalking involves following a person's

movements across the Internet by posting messages

(sometimes threatening) on the bulletin boards frequented

by the victim, entering the chat-rooms frequented by the

victim, constantly bombarding the victim with emails etc.

Frequently Used Cyber Crimes

Unauthorized access to computer systems or networks

This activity is commonly referred to as hacking. The Indian

law has however given a different connotation to the term

hacking, so we will not use the term "unauthorized access"

interchangeably with the term "hacking". Theft of

information contained in electronic form

This includes information stored in computer hard disks,

removable storage media etc

Email bombing

Email bombing refers to sending a large number of emails to

the victim resulting in the victim's email account (in case of

an individual) or mail servers (in case of a company or an

email service provider) crashing.

Some of the major email related crimes are:

1. Email spoofing

2. Sending malicious codes through email


14/61

3. Email bombing

4. Sending threatening emails

5. Defamatory emails

6. Email frauds

Data diddling

This kind of an attack involves altering raw data just before it

is processed by a computer and then changing it back afterthe processing is completed. Electricity Boards in India have

been victims to data diddling programs inserted when

private parties were computerizing their systems.

Salami attacks

These attacks are used for the commission of financial crimes.

The key here is to make the alteration so insignificant that in

a single case it would go completely unnoticed.

Denial of Service attack

This involves flooding a computer resource with more requests

than it can handle. This causes the resource (e.g. a web

server) to crash thereby denying authorized users the service

offered by the resource. Another variation to a typical denial

of service attack is known as a Distributed Denial of Service

(DDoS) attack wherein the perpetrators are many and are

geographically widespread. It is very difficult to control suchattacks. The attack is initiated by sending excessive demands

to


15/61

the victim's computer(s), exceeding the limit that the victim's

servers can support and making the servers crash.

Virus / worm attacks

Viruses are programs that attach themselves to a computer or

a file and then circulate themselves to other files and to

other computers on a network. They usually affect the data

on a computer, either by altering or deleting it. Worms,

unlike viruses do not need the host to attach themselves to.

They merely make functional copies of themselves and do

this repeatedly till they eat up all the available space on acomputer's memory

Logic bombs

These are event dependent programs. This implies that these

programs are created to do something only when a certain

event (known as a trigger event) occurs. E.g. even some

viruses may be termed logic bombs because they lie dormant

all through the year and become active only on a particulardate

Trojan attacks

A Trojan as this program is aptly called, is an unauthorized

program which functions from inside what seems to be an

authorized program, thereby concealing what it is actually

doing.

Internet time thefts


16/61

This connotes the usage by an unauthorized person of the

Internet hours paid for by another person. In a case

reported before the enactment of the Information

Technology Act, 2000 Colonel Bajwa, a resident of New

Delhi, asked a nearby net caf owner to come and set up his

Internet connection. For this purpose, the net caf owner

needed to know his username and password. After having

set up the connection he went away with knowing the

present username and password. He then sold this

information to another net cafe. One week later Colonel

Bajwa found that his Internet hours were almost over. Out

of the 100 hours that he had bought, 94 hours had been used

up within the span of that week. Surprised, he reported theincident to the Delhi police. The police could not believe that

time could be stolen. They were not aware of the concept of

time-theft at all. Colonel Bajwa's report was rejected. He

decided to approach The Times of India, New Delhi. They,

in turn carried a report about the inadequacy of the New

Delhi Police in handling cyber crimes. The Commissioner of

Police, Delhi then took the case into his own hands and the

police under his directions raided and arrested the net cafe

owner under the charge of theft as defined by the Indian

Penal Code. The net caf owner spent several weeks locked

up in Tihar jail before being granted bail.

Web jacking

This occurs when someone forcefully takes control of a website

(by cracking the password and later changing it). The actual

owner of the website does not have any more control over

what appears on that website In a recent incident reported

in the USA the owner of a hobby website for children

received an e-mail informing her that a group of hackershad gained control over her website.


17/61

Theft of computer system

This type of offence involves the theft of a computer, somepart's of a computer or a peripheral attached to the

computer.

Physically damaging a computer system. This crime is

committed by physically damaging a computer or its

peripherals.

Cyber Criminals

Kids (age group 9-16 etc.)

It seems really difficult to believe but it is true. Most amateur

hackers and cyber criminals are teenagers. To them, who

have just begun to understand what appears to be a lot

about computers, it is a matter of pride to have hacked into

a computer system or a website. There is also that little issue

of appearing really smart among friends. These young rebels

may also commit cyber crimes without really knowing that

they are doing anything wrong.

Organized hacktivists

Hacktivists are hackers with a particular (mostly political)

motive. In other cases this reason can be social activism,

religious activism, etc.The attacks on approximately 200

prominent Indian websites by a group of hackers known as

Pakistani Cyber Warriors are a good example of political

hacktivists at work.

Disgruntled employees


18/61

One can hardly believe how spiteful displeased employees can

become. Till now they had the option of going on strike

against their bosses. Now, with the increase independence on

computers and the automation of processes, it is easier for

disgruntled employees to do more harm to their employers

by committing computer related crimes, which can bring

entire systems down.

Professional hackers (corporate espionage)

Extensive computerization has resulted in business

organizations storing all their information in electronicform. Rival organizations employ hackers to steal industrial

secrets and other information that could be beneficial to

them. The temptation to use professional hackers for

industrial espionage also stems from the fact that physical

presence required to gain access to important documents is

rendered needless if hacking can retrieve those.

The World's Most Famous Hackers

Vladimir Levin

His claim to fame is that this mathematician who graduated

from St. Petersburg Tekhnologichesky University was the

brain behind the Russian hacker gang that cheated

Citibank's computers into giving out $10 million. Although

his first use of a computer is unknown Vladimir was

allegedly using his office computer at AO Saturn, a

computer firm in St.Petersburg, Russia, to break into

Citibank computers. Vladimir Levin was arrested at the

Heathrow airport in 1995. Tools used by him includedcomputer, computer games and disks, a camcorder, music

speakers and a TV set all of which were found by the

Russian police at his apartment. During his trial, Levin


19/61

alleged that one of his defence lawyers was actually an FBI

agent.

Johan Helsingius

He was known to run the world's most popular re-mailer

programme called penet.fi. Surprisingly, this re-mailer, the

busiest in the world, was run on an ordinary 486 with a 200-

megabyte hard drive. His other idiosyncrasy was that he

never tried to remain anonymous.The Finnish police raided

Johan in 1995 due to a complaint by the Church of

Scientology that a penet.fi customer was posting the"church's" secrets on the Net. At that time Johan had to

abandon the re-mailer.

Kevin Mitnick

Kevin Mitnick alias on the Net was Condor. As a teenager

Kevin Mitnick could not afford his own computer. He would

therefore go to a Radio Shack store and use the models kept

there for demonstration to dial into other computers.One ofthe unusual things about Mitnick was that he used the

Internet Relay Chat (IRC) to send messages to his friends. A

judge sentenced him

to one year in a residential treatment center. There, Kevin

enrolled in a 12-step program to rid him of what the judge

also termed his "computer addiction". Mitnick was

immortalized when he became the first hacker to have his

face put on an FBI "most wanted" poster. His repeated

offences - and an image of a teenage hacker who refused to

grow up - made him The Lost Boy of Cyberspace.

Robert Morris


20/61

He was known to the Internet community as "rtm". But he was

distinguished by much more than his fame as a hacker. He

was the son of the chief scientist at the National Computer

Security Center -- part of the National Security Agency

(NSA), USA. In addition, this graduate from Cornell

University rocketed to fame because of the Internet worm,

which he unleashed in 1988, practically maiming the

fledgling Internet. Thousands of computers were infected

and subsequently crashed. Suddenly,

the term "hacker" became common in every household in

America. Surprisingly, Robert's father is to be held

responsible for introducing him to the world of computers.He brought the original Enigma cryptographic machines

home from the NSA. Later, as a teenager, Morris was

recognized as a star user at the Bell Labs network where he

had an account. This recognition was due to his earlier

forays into hacking.

Dennis Ritchie and Ken Thompson

He was also known as dmr and Ken were the legendary coders

who designed the UNIX system for mini-computers in 1969.

They were the creative geniuses behind Bell Labs' computer

science operating group. UNIX really helped users and soon

became a standard language. One of the tools used by them

included Plan 9, the next-generation operating system,

created

after UNIX by Rob Pike, their colleague at bell Labs. Dennis

also has the distinction of being the author of the C

programming language.

Denial of Service Tools


21/61

Denial-of-service (or DoS) attacks are usually launched to

make a particular service unavailable to someone who is

authorized to use it. These attacks may be launched using

one single computer or many computers across the world. In

the latter scenario, the attack is known as a distributed

denial of service attack. Usually these attacks do not

necessitate the need to get access into anyone's system.

These attacks have been getting decidedly more popular as

more and more people realize the amount and magnitude of

loss, which can be caused through them.

What are the reasons that a hacker may want to resort to a

DoS attack? He may have installed a Trojan in the victim's

computer but needed to have the computer restarted to

activate the Trojan. The other good reason also may be that

a business may want to harm a competitor by crashing his

systems.

Denial-of-service attacks have had an impressive history

having, in the past, blocked out websites like Amazon, CNN,

Yahoo and eBay. The attack is initiated by sending excessive

demands to the victim's computer's, exceeding the limit that

the victim's servers can support and making the servers

crash. Sometimes, many computers are entrenched in this

process

by installing a Trojan on them; taking control of them and

then making them send numerous demands to the targeted

computer. On the other side, the victim of such an attackmay see many such demands (sometimes even numbering

tens of thousands) coming from computers from around the

world. Unfortunately, to be able to gain control over a


22/61

malicious denial-of-service attack would require tracing all

the computers involved in the attack and then informing the

owners of those systems about the attack. The compromised

system would need to be shut down or then cleaned. This

process, which sounds fairly simple, may prove very difficult

to achieve across national and later organizational borders.

Even when the source(s) of the attack are traced there are

many problems, which the victim may be faced with. He will

need to inform all the involved organizations in control of

the attacking computers and ask them to either clean the

systems or shut them down. Across international boundaries

this may prove to be a titanic task. The staff of the

organization may not understand the language. They may

not be present if the attack were to be launched during the

night or during weekends.

The computers that may have to be shut down may be vital for

their processes and the staff may not have the authority to

shut them down. The staff may not understand the attack,

system administration, network topology, or any number of

things that may delay or halt shutting down the attackingcomputer's. Or, more simply, the organization may not have

the desire to help.

If there are hundreds or even thousands of computers on the

attack, with problems like the ones mentioned above, the

victim may not be able to stop the attack for days by which

time the damage would have been done. His servers would

be completely incapacitated to administer to so many

demands and consequently would crash.


23/61

It is very simple for anyone to launch an attack because denial-

of-service tools can easily be procured from the Net. The

major versions of distributed denial of service attack tools

are Trinoo (or trin00), TFN, TFN2K and Stacheldraht.

Denial-of-Service tools allow the attackers to automate and

preset the times and frequencies of such attacks so that the

attack is launched and then stopped to be launched once

again later. This makes it very difficult, in fact almost

impossible, to trace the

source of the attack.

These tools also provide another service by which the attacking

computer can change its source address randomly thereby

making it seem as if the attack is originating from many

thousands of computers while in reality there may be only a

few. Distributed denial-of-service attacks are a very

perturbing problem for law enforcement agencies mainly

because they

are very difficult to trace. In addition, usually these attacks are

directed towards very sensitive systems or networks

sometimes even those that are vital to national security.

Sometimes, even when the perpetrators can be traced,

international extradition laws may prove to be a hitch in

bringing them under the authority of the law.

How Can We Prevent Computer Crime?

a. By Educating Everyone.

For example, users and systems operators; people who holdpersonal data and the people about whom it is held; people

who create intellectual property and those who buy it; and

the criminals. We must educate people to:


24/61

1. Understand how technology can be used to help or hurt

others.

2. Think about what it would be like to be the victim of a

computer hacker or computer pirate.

b. By Practicing Safe Computing.

1. Always ask: Who has or may have access to my log-in

address?

2. Remember: People such as computer hackers and pirates

who hurt others through computer technology are not

"cool." They are breaking the law. backed by someconsideration for it.


25/61

CLASSIFICATION:

The subject of cyber crime may be broadly classified under the

following three groups. They are-

1. Against Individuals

a. their person &

b. their property of an individual

2. Against Organization

a. Government

c. Firm, Company, Group of Individuals.

3. Against Society at large


26/61

The following are the crimes, which can be committed against the

followings group

Against Individuals:

i. Harassment via e-mails.

ii. Cyber-stalking.

iii. Dissemination of obscene material.

iv. Defamation.

v. Unauthorized control/access over computer system.

vi. Indecent exposure

vii. Email spoofing

viii. Cheating & Fraud


27/61

Against Individual Property: -

i. Computer vandalism.

ii. Transmitting virus.

iii. Netrespass

iv. Unauthorized control/access over computer system.

v. Intellectual Property crimes

vi. Internet time thefts

Against Organization: -

i. Unauthorized control/access over computer system

ii. Possession of unauthorized information.


28/61

iii. Cyber terrorism against the government organization.

iv. Distribution of pirated software etc.

Against Society at large: -

i. Pornography (basically child pornography).

ii. Polluting the youth through indecent exposure.

iii. Trafficking

iv. Financial crimes

v.Sale of illegal articles

vi.Online gambling

vii. Forgery


29/61

The above mentioned offences may discussed in brief as follows:

1. Harassment via e-mails-

Harassment through e-mails is not a new concept. It is very

similar to harassing through letters. Recently I had received a mail

from a lady wherein she complained about the same. Her former boy

friend was sending her mails constantly sometimes emotionally

blackmailing her and also threatening her. This is a very common type

of harassment via e-mails.

2. Cyber-stalking-

The Oxford dictionary defines stalking as "pursuing stealthily". Cyber

stalking involves following a person's movements across the Internet

by posting messages (sometimes threatening) on the bulletin boards

frequented by the victim, entering the chat-rooms frequented by the

victim, constantly bombarding the victim with emails etc.

3. Dissemination of obscene material/ Indecent exposure/

Pornography (basically child pornography) / Polluting through

indecent exposure-


30/61

Pornography on the net may take various forms. It may include the

hosting of web site containing these prohibited materials. Use of

computers for producing these obscene materials. Downloading

through the Internet, obscene materials. These obscene matters may

cause harm to the mind of the adolescent and tend to deprave or

corrupt their mind. Two known cases of pornography are the Delhi

Bal Bharati case and the Bombay case wherein two Swiss couple used

to force the slum children for obscene photographs. The Mumbai

police later arrested them.

4. Defamation

It is an act of imputing any person with intent to lower the person in

the estimation of the right-thinking members of society generally or

to cause him to be shunned or avoided or to expose him to hatred,

contempt or ridicule. Cyber defamation is not different from

conventional defamation except the involvement of a virtual medium.

E.g. the mail account of Rohit was hacked and some mails were sentfrom his account to some of his batch mates regarding his affair with a

girl with intent to defame him.

4. Unauthorized control/access over computer system-


31/61

This activity is commonly referred to as hacking. The Indian law has

however given a different connotation to the term hacking, so we will

not use the term "unauthorized access" interchangeably with the term

"hacking" to prevent confusion as the term used in the Act of 2000 is

much wider than hacking.

5. E mail spoofing-

A spoofed e-mail may be said to be one, which misrepresents its

origin. It shows it's origin to be different from which actually it

originates. Recently spoofed mails were sent on the name of Mr.

Na.Vijayashankar (naavi.org), which contained virus.

Rajesh Manyar, a graduate student at Purdue University in Indiana,

was arrested for threatening to detonate a nuclear device in thecollege campus. The alleged e- mail was sent from the account of

another student to the vice president for student services. However

the mail was traced to be sent from the account of Rajesh Manyar.(15)

6. Computer vandalism-


32/61

Vandalism means deliberately destroying or damaging property of

another. Thus computer vandalism may include within its purview

any kind of physical harm done to the computer of any person. These

acts may take the form of the theft of a computer, some part of a

computer or a peripheral attached to the computer or by physically

damaging a computer or its peripherals.

7. Transmitting virus/worms-

This topic has been adequately dealt herein above.

8. Intellectual Property crimes / Distribution of pirated software-

Intellectual property consists of a bundle of rights. Any unlawful act

by which the owner is deprived completely or partially of his rights is

an offence. The common form of IPR violation may be said to be

software piracy, copyright infringement, trademark and service mark

violation, theft of computer source code, etc.


33/61

9. Cyber terrorism against the government organization

At this juncture a necessity may be felt that what is the need to

distinguish between cyber terrorism and cyber crime. Both are

criminal acts. However there is a compelling need to distinguish

between both these crimes. A cyber crime is generally a domestic

issue, which may have international consequences, however cyber

terrorism is a global concern, which has domestic as well as

international consequences. The common form of these terrorist

attacks on the Internet is by distributed denial of service attacks, hatewebsites and hate emails, attacks on sensitive computer networks,

etc. Technology savvy terrorists are using 512-bit encryption, which

is next to impossible to decrypt. The recent example may be cited of

Osama Bin Laden, the LTTE, attack on Americas army deployment

system during Iraq war.

Cyber terrorism may be defined to be the premeditated use of

disruptive activities, or the threat thereof, in cyber space, with theintention to further social, ideological, religious, political or similar

objectives, or to intimidate any person in furtherance of such

objectives (4)

Another definition may be attempted to cover within its ambit every

act of cyber terrorism.


34/61

A terrorist means a person who indulges in wanton killing of persons

or in violence or in disruption of services or means of

communications essential to the community or in damaging property

with the view to

(1) putting the public or any section of the public in fear; or

(2) affecting adversely the harmony between different religious,

racial, language or regional groups or castes or communities; or

(3) coercing or overawing the government established by law; or

(4) endangering the sovereignty and integrity of the nation

and a cyber terrorist is the person who uses the computer system as a

means or ends to achieve the above objectives. Every act done in

pursuance thereof is an act of cyber terrorism.

10.Trafficking

What is a Computer Crime?


35/61

a. Criminals Can Operate Anonymously Over the Computer Networks.

1. Be careful about talking to "strangers" on a computer network. Who

are these people anyway? Remember that people online may not be

who they seem at first. Never respond to messages or bulletin board

items that are: Suggestive of something improper or indecent;

Obscene, filthy, or offensive to accepted standards of decency;

Belligerent, hostile, combative, very aggressive; and Threaten to do

harm or danger towards you or another

2. Tell a grown-up right away if you come across any information that

makes you feel uncomfortable.

3. Do not give out any sensitive or personal information about you or

your family in an Internet "chat room." Be sure that you are dealing

with someone you and your parents know and trust before giving out

any personal information about yourself via e-mail.

4. Never arrange a face-to-face meeting without telling your parents

or guardians. If your parent or guardian agrees to the meeting, you

should meet in a public place and have a parent or guardian go with

you.

b. Hackers Invade Privacy

1. Define a hacker - A hacker is someone who breaks into computers

sometimes to read private e-mails and other files.

2. What is your privacy worth?


36/61

What information about you or your parents do you think should be

considered private? For example, medical information, a diary, your

grades, how much money your parents owe, how much money your

family has in a savings account or in a home safe, and your letters to a

friend.

Would this kind of invasion of your privacy be any different than

someone breaking into your school locker or your house to get this

information about you and your family?

c. Hackers Destroy "Property" in the Form of Computer Files or

Records.

1. Hackers delete or alter files.

2. When you write something, like a term paper or report, how

important is it to be able to find it again? Would this be different ifsomeone broke into your locker and stole your term paper?

3. How important is it that data in computers like your term paper, a

letter, your bank records, and medical records, not be altered? How

important is it for a drug company or a pharmacy to not have its

computer files altered or deleted by hackers? What would happen if a

hacker altered the chemical formulas for prescription drugs, or the

flight patterns and other data in air traffic control computers? What

does the term "tamper" mean? To interfere in a harmful way or to

alter improperly.Is tampering with computer files different fromtampering that occurs on paper files or records?


37/61

d. Hackers Injure Other Computer Users by Destroying Information

Systems

1. Hackers cause victims to spend time and money checking and re-

securing systems after break-in. They also cause them to interrupt

service. They think it's fine to break-in and snoop in other people's

files as long as they don't alter anything. They think that no harm has

been done.

2. Hackers steal telephone and computer time and share

unauthorized access codes and passwords. Much of the stealing is

very low-tech. "Social engineering" is a term used among crackers forcracking techniques that rely on weaknesses in human beings rather

than on software. "Dumpster diving" is the practice of sifting refuse

from an office or technical

installation to extract confidential data, especially security

compromising information. Who do you think pays for this? How

much stealing of computer time do you think there is? For example,

there is $2 billion annually in telephone toll fraud alone. Would you

want someone going through your garbage? Have you ever thrown

away private papers or personal notes?

3. Hackers crash systems that cause them to malfunction and not

work. How do we use computer information systems in our daily

lives? What could happen if computers suddenly stopped working?

For example, would public health and safety be disrupted and lives be

endangered if computers went down?

e. Computer "Pirates" Steal Intellectual Property


38/61

1. Intellectual property is the physical expression of ideas contained

in books, music, plays, movies, and computer software. Computer

pirates steal valuable property when they copy software, music,

graphics/pictures, movies, books (all available on the Internet).

How is the person who produced or developed these forms of

entertainment harmed? Is this different from stealing a product

(computer hardware) which someone has invented and

manufactured? Who pays for this theft?

2. It may seem simple and safe to copy recordings, movies and

computer programs by installing a peer-to-peer (P2P) file sharing

software program. However, most material that you may want to copy

is protected by copyright which means that you are restricted from

making copies unless you have permission to do so. Making copies of

intellectual propertyincluding music, movies and software--without

the right to do so is illegal. P2P software and the files traded on the

P2P networks may

also harm your computer by installing viruses or spy ware, or allow

others to access the files contained on your hard drive beyond those

you intend to share.

3. Copyright violations have civil and criminal remedies.

a.) Civil remedy: copyright holder can sue infringer for money to

cover loss of sales or other loss caused by infringement.


39/61

b.) Criminal remedy: jail or fine paid to the government (not copyright

holder) where person infringes a copyright for commercial advantage

or private gain. For example, a person who makes multipl e copies of a

video, and sell the copies.

Defining Cyber Crime

Defining cyber crimes, as "acts that are punishable by the Information

Technology Act" would be unsuitable as the Indian Penal Code also

covers many cyber crimes, such as email spoofing and cyberdefamation, sending threatening emails etc. A simple yet sturdy

definition of cyber crime would be "unlawful acts wherein the

computer is either a tool or a target or both".

Financial crimes

This would include cheating, credit card frauds, money laund eringetc. To cite a recent case, a website offered to sell Alphonso mangoes

at a throwaway price. Distrusting such a transaction, very few people

responded to or supplied the website with their credit card numbers.

These people were actually sent the Alphonso mangoes. The word

about this website now spread like wildfire. Thousands of people

from all over the country responded and ordered mangoes by

providing their credit card numbers. The owners of what was later

proven to be a bogus website then fled taking the numerous credit

card numbers and proceeded to spend huge amounts of money much

to the chagrin of the card owners.


40/61


This would include sale of narcotics, weapons and wildlife etc., by

posting information on websites, auction websites, and bulletin

boards or 167 simply by using email communication. E.g. many of the

auction sites even in India are believed to be selling cocaine in the

name of 'honey'.

Online gambling

There are millions of websites; all hosted on servers abroad, that offer

online gambling. In fact, it is believed that many of these websites are

actually fronts for money laundering.

Intellectual Property crimes

These include software piracy, copyright infringement, trademarksviolations, theft of computer source code etc.

Email spoofing


41/61

A spoofed email is one that appears to originate from one source but

actually has been sent from another source. E.g. Pooja has an e-mail

address [email protected]. Her enemy, Sameer spoofs her e -mail

and sends obscene messages to all her acquaintances. Since the e-

mails appear to have originated from Pooja, her friends could take

offence and relationships could be spoiled for life. Email spoofing can

also cause monetary damage. In an American case, a teenager made

millions of dollars by spreading false information about certain

companies whose shares he had short sold. This misinformation

was spread by sending spoofed emails, purportedly from news

agencies like Reuters, to share brokers and investors who were

informed that the companies were doing very badly. Even after the

truth came out the values of the shares did not go back to the earlier

levels and thousandsof investors lost a lot of money.

Forgery

Counterfeit currency notes, postage and revenue stamps, mark sheets

etc can be forged using sophisticated computers, printers andscanners. Outside many colleges across India, one finds touts

soliciting the sale of fake mark sheets or even certificates. These are

made using computers, and high quality scanners and printers. In fact,

this has becoming a

booming business involving thousands of Rupees being given to

student gangs in exchange for these bogus but authentic looking

certificates.

Cyber Defamation


42/61

This occurs when defamation takes place with the help of computers

and / or the Internet. E.g. someone publishes defamatory matter

about someone on a website or sends e-mails containing defamatory

information to all

Cyber stalking

. Cyber stalking involves following a person's movements across the

Internet by posting messages (sometimes threatening) on the bulletin

boards frequented by the victim, entering the chat-rooms frequented

by the victim, constantly bombarding the victim with emails e

Unauthorized access to computer systems or networks

This activity is commonly referred to as hacking. The Indian law has

however given a different connotation to the term hacking, so we will

not use the term "unauthorized access" interchangeably with the term

"hacking". Theft of information contained in electronic form

This includes information stored in computer hard disks, removable

storage media etc

Email bombing

Email bombing refers to sending a large number of emails to the

victim resulting in the victim's email account (in case of an individual)

or mail servers (in case of a company or an email service provider)

crashing.


43/61

Some of the major email related crimes are:

1. Email spoofing

2. Sending malicious codes through email

3. Email bombing

4. Sending threatening emails

5. Defamatory emails

6. Email frauds

Data diddling

This kind of an attack involves altering raw data just before it is

processed by a computer and then changing it back after the

processing is completed. Electricity Boards in India have been victims

to data diddling programs inserted when private parties were

computerizing their systems.

Viruses are programs that attach themselves to a computer or a file

and then circulate themselves to other files and to other computers on

a network. They usually affect the data on a computer, either by

altering or deleting it. Worms, unlike viruses do not need the host toattach themselves to. They merely make functional copies of

themselves and do this repeatedly till they eat up all the available

space on a computer's memory


44/61

Logic bombs

These are event dependent programs. This implies that these

programs are created to do something only when a certain event

(known as a trigger event) occurs. E.g. even some viruses may be

termed logic bombs because they lie dormant all through the year and

become active only on a particular date

Trojan attacks

A Trojan as this program is aptly called, is an unauthorized program

which functions from inside what seems to be an authorized program,

thereby concealing what it is actually doing.

Internet time thefts


45/61

This connotes the usage by an unauthorized person of the Internet

hours paid for by another person. In a case reported before the

enactment of the Information Technology Act, 2000 Colonel Bajwa, a

resident of New Delhi, asked a nearby net caf owner to come and set

up his Internet connection. For this purpose, the net caf owner needed

to know his username and password. After having set up the

connection he went away with knowing the present username and

password. He then sold this information to another net cafe. One week

later Colonel Bajwa found that his Internet hours were almost over.

Out of the 100 hours that he had bought, 94 hours had been used up

within the span of that week. Surprised, he reported the incident to

the Delhi police. The police could not believe that time could be

stolen. They were not aware of the concept of time-theft at all. Colonel

Bajwa's report was rejected. He decided to approach The Times of

India, New Delhi. They, in turn carried a report about the inadequacy

of the New Delhi Police in handling cyber crimes. The Commissioner

of Police, Delhi then took the case into his own hands and the police

under his directions raided and arrested the net cafe owner under the

charge of theft as defined by the Indian Penal Code. The net caf owner

spent several weeks locked up in Tihar jail before being granted bail.

Web jacking

This occurs when someone forcefully takes control of a website (by

cracking the password and later changing it). The actual owner of the

website does not have any more control over what appears on that

website In a recent incident reported in the USA the owner of a hobby

website for children received an e-mail informing her that a group of

hackers had gained control over her website.

Theft of computer system


46/61

This type of offence involves the theft of a computer, some part's of a

computer or a peripheral attached to the computer.

Physically damaging a computer system. This crime is committed by

physically damaging a computer or its peripherals.

Cyber Criminals

Kids (age group 9-16 etc.)

It seems really difficult to believe but it is true. Most amateur hackers

and cyber criminals are teenagers. To them, who have just begun to

understand what appears to be a lot about computers, it is a matter of

pride to have hacked into a computer system or a website. There is

also that little issue of appearing really smart among friends. These

young rebels may also commit cyber crimes without really knowing

that they are doing anything wrong.

Organized hacktivists

Hacktivists are hackers with a particular (mostly political) motive. In

other cases this reason can be social activism, religious activism,

etc.The attacks on approximately 200 prominent Indian websites by a

group of hackers known as Pakistani Cyber Warriors are a good

example of political hacktivists at work.

Disgruntled employees


47/61

One can hardly believe how spiteful displeased employees can

become. Till now they had the option of going on strike against their

bosses. Now, with the increase independence on computers and the

automation of processes, it is easier for disgruntled employees to do

more harm to their employers by committing computer related

crimes, which can bring entire systems down.

Professional hackers (corporate espionage)

Extensive computerization has resulted in business organizationsstoring all their information in electronic form. Rival organizations

employ hackers to steal industrial secrets and other information that

could be beneficial to them. The temptation to use professional

hackers for industrial espionage also stems from the fact that physical

presence required to gain access to important documents is rendered

needless if hacking can retrieve those.

The World's Most Famous Hackers

Vladimir Levin


48/61

His claim to fame is that this mathematician who graduated from St.

Petersburg Tekhnologichesky University was the brain behind the

Russian hacker gang that cheated Citibank's computers into giving out

$10 million. Although his first use of a computer is unknown Vladimir

was allegedly using his office computer at AO Saturn, a computer firm

in St.Petersburg, Russia, to break into Citibank computers. Vladimir

Levin was arrested at the Heathrow airport in 1995. Tools used by

him included computer, computer games and disks, a camcorder,

music speakers and a TV set all of which were found by the Russian

police at his apartment. During his trial, Levin alleged that one of his

defence lawyers was actually an FBI agent.

Johan Helsingius

He was known to run the world's most popular re-mailer programme

called penet.fi. Surprisingly, this re-mailer, the busiest in the world,

was run on an ordinary 486 with a 200-megabyte hard drive. His

other idiosyncrasy was that he never tried to remain anonymous.The

Finnish police raided Johan in 1995 due to a complaint by the Church

of Scientology that a penet.fi customer was posting the "church's"secrets on the Net. At that time Johan had to abandon the re-mailer.

Kevin Mitnick

Kevin Mitnick alias on the Net was Condor. As a teenager Kevin

Mitnick could not afford his own computer. He would therefore go to a

Radio Shack store and use the models kept there for demonstration to

dial into other computers.One of the unusual things about Mitnick was

that he used the Internet Relay Chat (IRC) to send messages to his

friends. A judge sentenced him


49/61

to one year in a residential treatment center. There, Kevin enrolled in

a 12-step program to rid him of what the judge also termed his

"computer addiction". Mitnick was immortalized when he became the

first hacker to have his face put on an FBI "most wanted" poster. His

repeated offences - and an image of a teenage hacker who refused to

grow up - made him The Lost Boy of Cyberspace.

Robert Morris

He was known to the Internet community as "rtm". But he wasdistinguished by much more than his fame as a hacker. He was the son

of the chief scientist at the National Computer Security Center -- part

of the National Security Agency (NSA), USA. In addition, this graduate

from Cornell University rocketed to fame because of the Internet

worm, which he unleashed in 1988, practically maiming the fledgling

Internet. Thousands of computers were infected and subsequently

crashed. Suddenly,

the term "hacker" became common in every household in America.

Surprisingly, Robert's father is to be held responsible for introducinghim to the world of computers. He brought the original Enigma

cryptographic machines home from the NSA. Later, as a teenager,

Morris was recognized as a star user at the Bell Labs network where

he had an account. This recognition was due to his earlier forays into

hacking.

Dennis Ritchie and Ken Thompson


50/61

He was also known as dmr and Ken were the legendary coders who

designed the UNIX system for mini-computers in 1969. They were the

creative geniuses behind Bell Labs' computer science operating

group. UNIX really helped users and soon became a standard

language. One of the tools used by them included Plan 9, the next-

generation operating system, created

after UNIX by Rob Pike, their colleague at bell Labs. Dennis also has

the distinction of being the author of the C programming language.

Denial of Service Tools

Denial-of-service (or DoS) attacks are usually launched to make a

particular service unavailable to someone who is authorized to use it.

These attacks may be launched using one single computer or many

computers across the world. In the latter scenario, the attack is

known as a distributed denial of service attack. Usually these attacks

do not necessitate the need to get access into anyone's system.

These attacks have been getting decidedly more popular as more and

more people realize the amount and magnitude of loss, which can be

caused through them.

What are the reasons that a hacker may want to resort to a DoS

attack? He may have installed a Trojan in the victim's computer butneeded to have the computer restarted to activate the Trojan. The

other good reason also may be that a business may want to harm a

competitor by crashing his systems.


51/61

Denial-of-service attacks have had an impressive history having, in

the past, blocked out websites like Amazon, CNN, Yahoo and eBay. The

attack is initiated by sending excessive demands to the victim's

computer's, exceeding the limit that the victim's servers can support

and making the servers crash. Sometimes, many computers are

entrenched in this process

by installing a Trojan on them; taking control of them and then

making them send numerous demands to the targeted computer. On

the other side, the victim of such an attack may see many suchdemands (sometimes even numbering tens of thousands) coming

from computers from around the world. Unfortunately, to be able to

gain control over a malicious denial-of-service attack would require

tracing all the computers involved in the attack and then informing

the owners of those systems about the attack. The compromised

system would need to be shut down or then cleaned. This process,

which sounds fairly simple, may prove very difficult to achieve across

national and later organizational borders.

Even when the source(s) of the attack are traced there are many

problems, which the victim may be faced with. He will need to inform

all the involved organizations in control of the attacking computers

and ask them to either clean the systems or shut them down. Across

international boundaries this may prove to be a titanic task. The staff

of the organization may not understand the language. They may not

be present if the attack were to be launched during the night or

during weekends.


52/61

The computers that may have to be shut down may be vital for their

processes and the staff may not have the authority to shut them down.

The staff may not understand the attack, system administration,

network topology, or any number of things that may delay or halt

shutting down the attacking computer's. Or, more simply, the

organization may not have the desire to help.

If there are hundreds or even thousands of computers on the attack,

with problems like the ones mentioned above, the victim may not be

able to stop the attack for days by which time the damage would havebeen done. His servers would be completely incapacitated to

administer to so many demands and consequently would crash.

It is very simple for anyone to launch an attack because denial-of-

service tools can easily be procured from the Net. The major versions

of distributed denial of service attack tools are Trinoo (or trin00),

TFN, TFN2K and Stacheldraht. Denial-of-Service tools allow the

attackers to automate and preset the times and frequencies of suchattacks so that the attack is launched and then stopped to be launched

once again later. This makes it very difficult, in fact almost impossible,

to trace the

source of the attack.


53/61

These tools also provide another service by which the attacking

computer can change its source address randomly thereby making it

seem as if the attack is originating from many thousands of computers

while in reality there may be only a few. Distributed denial-of-service

attacks are a very perturbing problem for law enforcement agencies

mainly because they

are very difficult to trace. In addition, usually these attacks are

directed towards very sensitive systems or networks sometimes even

those that are vital to national security. Sometimes, even when the

perpetrators can be traced, international extradition laws may prove

to be a hitch in bringing them under the authority of the law.

How Can We Prevent Computer Crime?

a. By Educating Everyone.

For example, users and systems operators; people who hold personal

data and the people about whom it is held; people who create

intellectual property and those who buy it; and the criminals. We

must educate people to:

1. Understand how technology can be used to help or hurt others.

2. Think about what it would be like to be the victim of a computer

hacker or computer pirate.

b. By Practicing Safe Computing.

1. Always ask: Who has or may have access to my log-in address?


54/61

2. Remember: People such as computer hackers and pirates who hurt

others through computer technology are not "cool." They are

breaking the law.

Trafficking may assume different forms. It may be trafficking in

drugs, human beings, arms weapons etc. These forms of trafficking

are going unchecked because they are carried on under pseudonyms.

A racket was busted in Chennai where drugs were being sold under

the pseudonym of honey.

Fraud & Cheating

Online fraud and cheating is one of the most lucrative businesses that

are growing today in the cyber space. It may assume different forms.

Some of the cases of online fraud and cheating that have come to light

are those pertaining to credit card crimes, contractual crimes,

offering jobs, etc.

Financial Crimes

Cyber pornography


Online gambling

Intellectual Property crimes

Email spoofing


55/61

Forgery

Cyber Defamation

Cyber stalking

12. Dynamic form of cyber crime-

Speaking on the dynamic nature of cyber crime FBI Director Louis

Freeh has said, "In short, even though we have markedly improved

our capabilities to fight cyber intrusions the problem is growing even

faster and we are falling further behind. The (de)creativity of human

mind cannot be checked by any law. Thus the only way out is the

liberal construction while applying the statutor

1.to prevent cyber stalking avoid disclosing any information

pertaining to oneself. This is as good as disclosing your identity to

strangers in public place.

2.always avoid sending any photograph online particularly to

strangers and chat friends as there have been incidents of misuse of

the photographs.


56/61

3.always use latest and up date anti virus software to guard against

virus attacks.

4.always keep back up volumes so that one may not suffer data loss in

case of virus contamination

5.never send your credit card number to any site that is not secured,

to guard against frauds.

6.always keep a watch on the sites that your children are accessing to

prevent any kind of harassment or depravation in children.

7.it is better to use a security programme that gives control over thecookies and send information back to the site as leaving the cookies

unguarded might prove fatal.

8.web site owners should watch traffic and check any irregularity on

the site. Putting host-based intrusion detection devices on servers

may do this.

9.use of firewalls may be beneficial.


57/61

10. web servers running public sites must be physically separate

protected from internal corporate network.

Adjudication of a Cyber Crime - On the directions of the Bombay High

Court the Central Government has by a notification dated 25.03.03 has

decided that the Secretary to the Information Technology Department

in each state by designation would be appointed as the AO for each

state.

CONCLUSION:

Capacity of human mind is unfathomable. It is not possible to

eliminate cyber crime from the cyber space. It is quite possible to

check them. History is the witness that no legislation has succeeded in

totally eliminating crime from the globe. The only possible step is tomake people aware of their rights and duties (to report crime as a

collective duty towards the society) and further making the

application of the laws more stringent to check crime. Undoubtedly

the Act is a historical step in the cyber world. Further I all together do

not deny that there is a need to bring changes in the Information

Technology Act to make it more effective to combat cyber crime. I

would conclude with a word of caution for the pro-legislation school

that it should be kept in mind that the provisions of the cyber law are

not made so stringent that it may retard the growth of the industry

and prove to be counter-productive.

Hacking


58/61

Hacking in simple terms means an illegal intrusion into a computer

system and/or network. There is an equivalent term to hacking i.e.

cracking, but from Indian Laws perspective there is no difference

between the term hacking and cracking. Every act committed towards

breaking into a computer and/or network is hacking. Hackers write

or use ready-made computer programs to attack the target computer.

They possess the desire to destruct and they get the kick out of such

destruction. Some hackers hack for personal monetary gains, such as

to stealing the credit card information, transferring money from

various bank accounts to their own account followed by withdrawal of

money. They extort money from some corporate giant threatening

him to publish the stolen information which is critical in nature.

REFERENCES:

GOOGLEENCYCLOPEDIA

AUSTRALIAN CYBER POLICE DEPARTMENT

For the sake of convenience the readers are requested to read sections 43, 65, 66,67 of the

Information Technology Act.

15. Sify News 14.03.03

ACKNOWLEDGES:

I THANK THE ALMIGHTY GOD AND MY PARENTS FOR

SUPPORTING ME.

I WOULD LIKE TO SINCERELY THANK MY COLLEGE FOR

GIVING ME AN OPPUNITY.


59/61

I ALSO THANK MY LECTURER MR.RAJENDER(EDC) FOR

CHOOSING US AN GIVING US GUIDENCE WITHOUT WHOMTHIS WOULD NEWER HAPPEN AT ALL.

LAST BUT NOT THE LEAST MY FRIEND NISHANTH FOR HIS

STRIVING EFFORTS AND ALL MY FRIENDS WHO ARE PAYING

VALUABLE ATTENTION LISTENING TO US.

THANK YOU


60/61


61/61

Formatted: Font: Verdana, 9 pt

Documents

TRACKING CYBER CRIMES