Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

E&cl

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 10

1

Cyber jurisprudence : The word jurisprudence derives from the Latin term juris prudentia,
which means "the study, knowledge, or science of law."Cyber jurisprudence is the legal study
that concentrates on the logical structure, the meanings and uses of its concepts, and the formal
terms and modes of operation of cyber law.
Digital Contract/E-Contract:contract formed in the course of e-commerce by the interaction of
two or more individuals using electronic means,such as e-mail, the interaction of an individual
with an electronic agent, such as a computer program, or the interactionof at least two
electronic agents that are programmed to recognize the existence of a contract.Traditional
contract Principles and remedies also apply to e-contracts. It is designed to assist people in
formulating and implementing commercial contracts policies within e-businesses.It contains
model contracts for the sale ofproducts and supply of digital products and services to both
consumers and businesses.Under the provisions of the Information Technology Act,2000
particularly Section 10- A,an electronic contract is valid and enforceable.The only essential
requirement to validate an electronic contract is compliance with the necessary pre-requisites
provided under the Indian Contract Act,1872.the courts in India give due regard to electronic
contracts under the provisions of the Indian Evidence Act,1872.1.Click-wrapor Web-wrap
Agreements:These are the agreements which we generally come across while surfing internet
such as“I AGREE”to the terms or“Idiagree”to the above conditions.These type of contracts are
extensively used on the Internet,if it be granting of permission to access a site or downloading
of a software or selling something by website. 2. The Shrink-wrap Agreements: These are the
agreements generally contains the CD Rom of software.The terms and conditions are printed
on the cover of CD Rom. Sometimes additional terms are imposed when in such licenses appear
on the screen when the CD is downloaded to the computer.The user has right to return if the
new terms and conditions are not to his liking. 3. Electronic Data Interchange or (EDI):used in
trade transactions which enables the transfer of data from one computer to another in such a
way that each transaction in the trading cycle ex.commencing from the receipt of an order
from an overseas buyer, through the preparation and lodgement of export and other official
documents,can be processed with virtually no paperwork. (EDI) is the computer-to-computer
exchangeofbusinessdocumentsbetweencompanies.EDIreplacesthefaxingandmailingofpaperdocu
ments.EDI documents use specific computer record formats that are based on widely accepted
standards.each company will use the flexibility allowed by the standards in a unique way that
fits their business needs.Electronic Data Interchange (EDI) is the electronic interchange of
business information using a standardized format;a process which allows one company to send
information to another company electronically rather than with paper. Business entities
conducting business electronically are called trading partners
Digital Signatures :A digital signature is a mathematical technique used to validate the
authenticity and integrity of a message, software or digital document. Digital Signature is a
process that guarantees that the contents of a message have not been altered in transit. The
digital signature is equivalent of a handwritten signature or stamped seal, a digital signature
offers far more inherent security.Digital signatures can provide the added assurances of
evidence of origin, identity and status of an electronic document, transaction or message and
can acknowledge informed consent by the signer.A digital signature guarantees the authenticity
of an electronic document or message in digital communication and uses encryption techniques
to provide proof of original and unmodified documentation. Digital signatures are used in e-

1
2

commerce,software distribution, financial transactions and other situations that rely onforgery
or tampering detection techniques.
Digital Signature Work:Digital signatures are based on Public Key infrastructure. By this
mechanism, two keys are generated, a Public Key and Private Key. The private key is kept by
the signer and it should be kept securely. On the other hand, the receiver must have the public
key to decrypt the message.The public key decrypts the message and converts it into another
hash value. Then the program which is used to open the message The program will not allow
the document to open if both the hash values don’t match.
Uses of digital signatures:Digital signatures are used to meet three important goals of
information security: integrity,authentication,and non-repudiation.1. Data integrity:Message
or Data integrity is particularly crucial during data transfers. Data integrity ensures that the
message received by the recipient is exactly the same message sent by the sender. In wide area
networks like the Internet, where messages have to hop from one node or network device to
another before arriving at their intended final destination.Through a data integrity check,
you'll know if the message you received has been tampered.
2. Authentication:When you receive a sensitive file, it's sometimes not enough to know that the
information in that file has been unaltered. You would also want to be sure whether it really
came from the person who you think sent it. In other words, you would need a mechanism that
would enable you to authenticate the source.
3. Non-repudiation:there may be data exchanges where you wouldn't want senders to disown
transmissions they actually sent some time in the past. For example, if someone submits a
report and the report is later found to be fraudulent, you wouldn't want the sender to deny the
fact that he sent it.The Role and Function of Certifying Authorities Certificate Authority(CA)
is a trusted entity that issues Digital Certificates and public-private key pairs.The role of the
(CA)is to guarantee that the individual granted the unique certificate is, in fact, who he or she
claims to be.The(CA)verifies that the owner of the certificate is who he says he is. A(CA)can be
a trusted third party which is responsible for physically verifying the legitimacy of the identity
of an individual or organization before issuing a digital certificate.A (CA)can be an external
(public)(CA)likeVeriSign,thawte or comodo,or an internal (private) (CA)configured inside our
network. (CA)is a critical security service in a network. (CA)Verifies theidentity:TheCA must
validate the identity of the entity who requested a digital certificate before issuing it.
Certificate Authority (CA) issues digital certificates: Once the validation process is over, the
Certificate Authority (CA) issues the digital certificate to the entity who requested it. Digital
certificates can be used for encryption (Example: Encrypting web traffic), code signing,
authentication etc. Certificate Authority (CA) maintains Certificate Revocation List (CRL):
The Certificate Authority (CA) maintains Certificate Revocation List (CRL). A certificate
revocation list (CRL) is a list of digital certificates which are no longer valid and have been
revoked and therefore should not be relied by anyone.
The Role of the CA:Certificate Authorities play a crucial role in any cyber security plan. There
are SSL certificates offered on a free trial basis. These are not the same as the free certificates
or the self-signed certificates, and the difference is vital to understand. All Certificate
Authorities provide network security by issuing digital certificates, known as SSL/TLS
certificates, for specific websites. These digital certificates contain the credentials for the site
that are verified by the Certificate Authorities. The Certificate Authorities have to follow
specific validation protocols as set out by the AICPA/CICA
2
3

The Science of Cryptography : Cryptography is associated with the process of converting


ordinary plain text into unintelligible text and vice-versa. It is a method of storing and
transmitting data in a particular form so that only those for whom it is intended can read and
process it. Cryptography not only protects data from theft or alteration, but can also be used
for user authentication. Modern cryptography concerns with: Confidentiality - Information
cannot be understood by anyone Integrity - Information cannot be altered. Non-repudiation -
Sender cannot deny his/her intentions in the transmission of the information at a later stage
Authentication - Sender and receiver can confirm each Cryptography is used in many
applications like banking transactions cards, computer passwords, anecommerce transactions.
types of cryptographic techniques :1.Symmetric-key Cryptography: Both the sender and
receiver share a single key. The sender uses this key to encrypt plaintext and send the cipher
text to the receiver. On the other side the receiver applies the same key to decrypt the message
and recover the plain text. 2.Hash Functions: No key is used in this algorithm. A fixed-length
hash value is computed as per the plain text that makes it impossible for the contents of the
plain text to be recovered. Hash functions are also used by many operating systems to encrypt
passwords. 3,Public-Key Cryptography: This is the most revolutionary concept in the last 300-
400 years. In PublicKey Cryptography two related keys (public and private key) are used.
Public key may be freely distributed, while its paired private key, remains a secret. The public
key is used for encryption and for decryption private key is used.
E-Governance :is the implementation of ICT. The ICT stands for Information and
Communication Technology in the government department.the central E-Governance is to
make government services efficient, accessible and convenient. The use of E-governance is to
overcome the boundaries. That is of a traditional paper-based system. It is the enhancement of
current government.E-governance delivers SMART government.S-Simple,M-Moral,A
Accessible,RT-ResponsiveGovernment
The E-Governance is not only a website on the internet. E-governance is providing
governmental services that are accessible through the internet. It refers to any government
process or function that is out online in digital form. Similarly, E-governance is the
involvement of digital democracy, online service delivery.it is also as online citizen
participation. An ordinary citizen gets the government facility through theinternet.
E-governance is the network that includes government, public, and business organizations.
E-Governance is of 4 types depending on the specific types of services.
1.Government to Citizen(G2C):The Government-to-citizen refers to the government services
that are accessed by the familiar people. And Most of the government services fall under G2C.
Likewise, the primary goal of Government-to-citizen is to provide facilities to the citizen. It
helps the ordinary people to reduce the time and cost to conduct a transaction.
A citizen can have access to the services anytime from anywhere.Furthermore, Many services
like license renewals, and paying tax are essential in G2C.Likewise, spending theadministrative
fee online is also possible due to G2C. The facility of Government-to-Citizen enables the
ordinary citizen to overcome time limitation. It also focuses on geographic land barriers.
2.Government-to-business(G2B):The Government to business is the exchange of services
between Government and Business organizations.
Itisefficientforbothgovernmentandbusinessorganizations.G2Bprovidesaccesstorelevant forms
needed to comply.The G2B also consists of many services exchanged between businesssectors
and government.of government projects.
3
4

3.Government-to-Government(G2G):refers to the interaction between different government


department,organizations,and agencies.In G2G,government agencies can share the same
database using online communication.The government departments can work together.This
service can increase international diplomacy and relations.In conclusion,G2G services can be at
the local level or the international level.It can communicate with global government and local
government as well.Likewise,it provides safe and secure inter-relationship between domestic or
foreign government.
4. Government-to-Employee (G2E):The Government-to-Employee is the internal part of G2G
sector. Furthermore, G2E aims to bring employees together and improvise knowledge sharing.
G2E provides online facilities to the employees. Likewise, applying for leave, reviewing salary.
Cyber Crimes and Cyber Laws
Cybercrime:is defined as a crime in which a computer is the object of the crime (hacking,
phishing, spamming) or is used as a tool to commit an offense (child pornography, hate crimes).
Cybercriminals may use computer technology to access personal information, business trade
secrets or use the internet for exploitative or malicious purposes. Criminals can also use
computers for communication and document or data storage. Criminals who perform these
illegal activities are often referred to as hackers.Cybercrime may also be referred to as
computer crime.We can categorize Cyber crimes in two ways:The Computer as a Target
:-using a computer to attack other computers. e.g. Hacking, Virus/Worm attacks etc. The
computer as a weapon :-using a computer to commit real world crimes. e.g. Cyber Terrorism,
IPR violations, Credit card frauds, EFT frauds, Pornography etc.Cyber Crime regulated by
Cyber Laws or Internet Laws. Technical Aspects:Technological advancements have created
new possibilities for criminal activity, in particular the criminal misuse of information
technologies such as a.Unauthorized access & Hacking:- Access means gaining entry into,
instructing or communicating with the logical, arithmetical, or memory function resources of a
computer, computer system or computer network. Unauthorized access would therefore mean
any kind of access without the permission of either the rightful owner or the person in charge
of a computer, computer system or computer network. Every act committed towards breaking
into a computer and/or network is hacking.By hacking web server taking control on another
persons website called as web hijacking b.Trojan Attack:The program that act like something
useful but do the things that are quiet damping.The programs of this kind are called as
Trojans.The name Trojan Horse is popular.Trojans come in two parts,a Client part and a
Server part.When the victimruns the server on its machine,the attacker will then use the Client
to connect to the Server and start using the trojan. TCP/IP protocol is the usual protocol type
used for communications,but some functions of the trojans use the UDP protocol as
well.c.Virus and Worm attack:A program that has capability to infect other programs and
make copies of itself and spread into other programs is called virus Programs that multiply like
viruses but spread from computer to computer are called as worms.d.E-mail&IRCrelated
crimes:1Email spoofing refers to email that appears to have been originated from one source
when it was actually sent from another source. Please Read  2. Email Spamming :Email
"spamming" refers to sending email to thousands and thousands of users - similar to a chain
letter. 3 Sending malicious codes through email:E-mails are used to send viruses, Trojans etc
through emails as an attachment or by sending a link of website which on visiting downloads
malicious code. 4. Email bombing: E-mail "bombing" is characterized by abusers repeatedly
sending an identical email message to a particular address.5.Sending threatening emails
4
5

6.Defamatory emails 7.Email frauds 8.IRC related Three main ways to attack IRC are:
"verbalâ⦣8218;?Ŧ#8220;attacks,cloneattacks,and flood attacks.e.Denial of Service attacks:
Flooding a computer resource with more requests than it can handle. This causes the resource
to crash thereby denying access of service to authorized users.Examples include:attempts to
"flood" a network,thereby preventing legitimate network traffic.attempts to disrupt
connections between two machines, thereby preventing access to a service .attempts to prevent
a particular individual from accessing a service attempts to disrupt service to a specific system
or person.e.Pornography:-The literal mining of the term 'Pornography' is “describing or
showing sexual acts in order to cause sexual excitement through books, films, etc.”g. Forgery:-
Counterfeit currency notes, postage and revenue stamps, mark sheets etc can be forged using
sophisticated computers, printers and scanners. h. IPR Violations:These include software
piracy,copyright infringement,trademarks violations, theft of computer source code, patent
violations. etc. Cyber Squatting-Domain names are also trademarks and protected by ICANN’s
domain dispute resolution policy and also under trademark laws.Cyber Squatters registers
domain name identical to popular service provider’s domain so as to attract their users and get
benefit from it. i. Cyber Terrorism:Targeted attacks on military installations, power plants, air
traffic control, banks, trail traffic control, telecommunication networks are the most likely
targets. 1.It is cheaper than traditional terrorist methods. 2.Cyberterrorism is more
anonymous than traditional terrorist methods. 3.The variety and number of targets are
enormous. 4.Cyberterrorism can be conducted remotely, a feature that isespecially appealing to
terrorists. 5.Cyberterrorism has the potential to affect directly a larger number of people. j.
Banking/Credit card Related crimes:-In the corporate world, Internet hackers are continually
looking for opportunities to compromise a company’s security in order to gain access to
confidential banking and financial information. Bank employee can grab money using
programs to deduce small amount of money from all customer accounts and adding it to own
account also called as salami.k.E-commerce/ Investment Frauds:-Sales and Investment
frauds.An offering that uses false or fraudulent claims to solicit investments or loans,or that
provides for the purchase, use, or trade of forged or counterfeit securities. Merchandise or
services that were purchased or contracted by individuals online are never delivered.The fraud
attributable to the misrepresentation of a product advertised for sale through an Internet
auction site or the non-delivery of products purchased through an Internet auction site.l. Sale of
illegal articles:This would include trade of narcotics, weapons and wildlife etc.,by posting
information on websites,auction websites,and bulletin boards or simply by using email
communication. Research shows that number of people employed in this criminal area. Online
gambling:-There are millions of websites hosted on servers abroad, that offer online gambling.
n.Defamation:Defamation can be understood as the intentional infringement of another
person's right to his good name.Cyber Defamation occurs when defamation takes place with
the help of computers and/or the Internet.Cyber defamation is also called as Cyber smearing.
Intellectual property: includes any idea, design, product, or manuscript produced by a creative
process. The protection of this property occurs through the use of trademarks, copyrights, and
patents. Although these three terms can be confusing, it’s important to understand each fully to
ensure that you can properly protect your ideas. Anyone who creates content, such as writers,
musicians, and artists, will have to protect their creative efforts. Inventors and business owners
also must use these legal safeguards to protect their work and symbols associated with

5
6

companies. Patent:A patent is an exclusive right granted for an invention – a product or


process that provides a new way of doing something, or that offers a new technical solution to a
problem. A patent provides patent owners with protection for their inventions. Protection is
granted for a limited period, generally 20 years.trademark:A trademark is a distinctive sign
that identifies certain goods or services produced or provided by an individual or a company.
Its origin dates back to ancient times when craftsmen reproduced their signatures, or “marks”,
on their artistic works or products of a functional or practical nature. The system helps
consumers to identify and purchase a product or service based on whether its specific
characteristics and quality – as indicated by its unique trademark.Copyright:Copyright laws
grant authors, artists and other creators protection for their literary and artistic creations,
generally referred to as“works”.Works covered by copyright include, but are not limited to:
advertisements, computer programs, databases, films, musical compositions, choreography,
paintings, drawings, photographs, sculpture, architecture, maps and technical drawings.
IT Act of India 2000:In May 2000,both the houses of the Indian Parliament passed the Information
Technology Bill.The Bill received the assent of the President in August 2000 and came to be
known as the Information Technology Act, 2000. Cyber laws are contained in the IT Act,2000.This
Act aims to provide the legal infrastructure for e-commerce in India. And the cyber laws have a
major impact for e-businesses and the new economy in India. The Information Technology
Act,2000 also aims to provide for the legal framework so that legal sanctity is according to all
electronic records and other activities carried out by electronic means.The Act states that unless
otherwise agreed, an acceptance of contract may be expressed by electronic means of
communication and the same shall have legal validity and enforceability. the Act specifically
stipulates that any subscriber may authenticate an electronic record by affixing his digital
signature.the Act details about Electronic Governance and provides inter alia amongst others that
where any law provides that information or any other matter shall be in writing or in the
typewritten or printed form,then,notwithstanding anything contained in such law, such
requirement shall be deemed to have been satisfied if such information or matter is rendered or
made available in an electronic form; and accessible so as to be usable for a subsequent
reference.Act gives a scheme for Regulation of Certifying Authorities.The Act envisages a
Controller of Certifying Authorities who shall perform the function of exercising supervision over
the activities of the Certifying Authorities as also laying down standards and conditions governing
the Certifying Authorities as also specifying the various forms and content of Digital Signature
Certificates. The Act recognizes the need for recognizing foreign Certifying Authorities and it
further details the various provisions for the issue of license to issue Digital Signature
Certificates.the Act details about the scheme of things relating to Digital Signature Certificates.
Issues in E-Business Management:With the advanced and increased use of online media, online
business is becoming a fast emerging trend. There are various legal issues associated with
eCommerce businesses as well. And if these issues are not taken care of in time, they can lead to
serious problems for your business.Incorporation Problem:If you are a company operated merely
via a website, not being incorporated is a crucial problem. Any purchase and selling activity
related to your products will be considered illegal and you can’t claim your right in case of any
fraud and corruption.Without incorporation, your business has no shelter.Trademark Security
Problem:Not getting your trademark protected is one of the main legal issues in the field of e-

6
7

commerce. Since trademark is your company’s logo and symbol, the representation of your
business all over the web, it must be protected. If you don’t secure it, it won’t take long before
you’ll realize your trademark is being infringed upon. This is very common legal issue and can
become a deadly threat to your e-business.With the hackers on loose and cybercrime so
common, trademark infringement of your business or by your business can be a serious legal
matter and may hinder your business’s progress.

Copyright Protection Issue:While publishing content for your e-commerce website, using
content of any other company can be a severe legal problem. This might mark an end to your e-
business.There are many sites online which are royalty free and allow you to access their
content and images. Even if you unintentionally used copyrighted content,the other party can
easily sue your business.Transaction Issues:An online transaction requires a consumer to disclose
sensitive information to the vendor in order to make a purchase, placing him-self at significant risk. 
Transaction Security is concerned with providing privacy in transactions to the buyers and sellers and
protecting the client-server network from breakdowns and third party attacks.Privacy Issues:When it
comes to online businesses, privacy is the major issue that can create problems both for the business
and customers. Consumers share information with businesses online and they expect the sellers to
keep their information confidential. issues in Cyber Evidence Management:In most of the incident of
cybercrime investigation by the police or suspected fraud by corporate network, it become necessary
to seize the suspect computer or hard disk for a detailed examination. If the police make it as a
common practice, then no company would be comfortable in preferring in complaint in case of
computer crime.A similar problem also arises in case of an auditor who suspects some fraud In hard
disk but needs access to the same for a prolonged time for further analysis.It therefore become
necessary for a investigator or a auditor to make a Copy of the original Evidence and carry on his
investigation on the Copy.The question then arises that if he stumbles upon some evidence during
his examination and then comes back to seize the original hard disk, the data on the original hard disk
may no longer contains the evidence he has unearthed during the investigation.Even assuming that
the“Original Hard Disk”itself has been seized and the investigations have unearthed some evidence,
there would a charge from the accused that the evidence was in the custody of the police/auditor and
could have been tempered with.It became absolutely essential therefore for the investigator to
preserved the original evidence and at the same time subject it to any type of analysis he may like
besides not disrupting the regular user of the system and the hard disk.A device required for this
purpose is on which make a“Bit Image Copy”of the suspect hard disk, creates a hash code for the
original being copied so the original can be preserved, the Clone can be subjected to analysis and in
case of necessity prove with the hash code that the data as captured from the original has not been
tempered with during the process of analysis.In cases, where the CD/DVD are being forwarded
without a certificate U/s 65B Evidence Act, such CD/DVD are not admissible in evidence and further
expert opinion as to their genuineness cannot be looked into by the Court as evident from the
Supreme Court Judgment. It was further observed that all these safeguards are taken to ensure the
source and authenticity, which are the two hallmarks pertaining to electronic records sought to be
used as evidence. Electronic records being more susceptible to tampering, alteration, transposition,
excision, etc. without such safeguards, the whole trial based on proof of electronic records can lead to
travesty of justice. In the anticorruption cases launched by the CBI and anticorruption/Vigilance
agencies of the State, even the original recording which are recorded either in Digital Voice
Recorders/Mobile Phones are not been preserved and thus, once the original recording is destroyed,

7
8

there cannot be any question of issuing the certificate under Section 65B(4) of the Evidence Act.
Therefore in such cases, neither CD/DVD containing such recordings are admissible and cannot be
exhibited into evidence nor the oral testimony or expert opinion is admissible and as such, the
recording/data in the CD/DVD’s cannot become a sole basis for the conviction. The Section 63 and
Section 65 of the Evidence Act have no application to the secondary evidence of the electronic
evidence and same shall be wholly governed by the Section 65A and 65B of the Evidence Act. The
only options to prove the electronic record/evidence is by producing the original electronic media as
Primary Evidence court or it’s copy by way secondary evidence U/s 65A/65B of Evidence Act. Thus,
in the case of CD, DVD, Memory Card etc. containing secondary evidence, the same shall be
accompanied by the certificate in terms of Section 65B obtained at the time of taking the document,
without which, the secondary evidence pertaining to that electronic record, is inadmissible.

Cyber Law Compliance Audit:assure the government that a business is following the rules and
regulations of a specific agreement.In earlier days, audits are associated with verification of
any financial transaction and to ensure that it is carried out in accordance with the
organisations or company policies. But, now the meaning of audit has been expanded to include
corporate law, cyber law, and other legal compliances of the company.Cybercrimes are on the
increase in today’s digitized and interconnected corporate world. Several instances show
business losses due to lack of cyber security process and practice in an organization. There is
government’s mandatory cyber security compliance, especially, related to data privacy and
protection that companies need to comply.The company needs to ensure that any breach of
contract by any employee or company will lead to strict actions against such employee or
company. To avoid such situations companies need to figure out which information is sensitive.
Once it is done companies need to take actions like make techno-legal contract, cyber
compliance audits to protect such information.The cyber compliance audit is the first step in
protecting sensitive and confidential information as it includes a thorough analysis of e-
contracts document and other company data.Web Application Security Audit:helps the
enterprises to improve their security at every level of the life cycle i.e. in the design phase,
implementation phase or even when the software is running in the production environment.
Network Security Audit:is categorized into two vital areas of information.1.area is the static
data which would cover the system definitions, protocols used to communicate, password rules,
firewall definitions etc.2category looks into the activities, events that have taken place which
would cover areas such as database access,file transfers,sharing,system log on etc. Computer
Security Ethics and Privacy:peoples rely on computers to do homework,work,and create or
store useful information.Therefore,it's important for the information to be stored and kept
properly. It's also extremely important to protect computers from data loss, misuse and abuse.
For example, businesses need to keep their information secure and shielded from hackers. An
intentional breach in computer security is known as a computer crime,which is slightly
different from a cybercrime. A cybercrime is known as illegal acts based on the Internet and is
one of the FBI's top priorities.There are several distinct categories for people that perpetrate
cybercrimes, and they are:hacker,cracker,cyber terrorist,cyber extortionist, unethical
employee,script kiddie and corporate spy.

A hacker is defined as someone who accesses a computer or computer network unlawfully.


They often claim that they do this to find leaks in the security of a network.

8
9

The term cracker refers to someone intentionally accessing a PCor computer network with
malice in mind.A cyber terrorist is someone who uses a computer network or the Internet to
destroy computer systems for political reasons.It’s similar to a terrorist attack because it
requires highly skilled individuals, millions of dollars to implement and years of planning. The
term cyber extortionist is someone who uses email as an offensive force. They usually send a
company a threatening email stating that they will release some confidential information,
exploit a security leak,or launch an attack that will harm a company’s network.They use
blackmail to demand a certain amount of money in exchange for not launching an attack.
An unethical employee is one who illegally accesses their company’s network for numerous
reasons.One could be the money they can get from selling top secret information,or some may
be bitter and want revenge.A script kiddie is similar to a cracker because they might want to do
harm,but often lack the technical skills.Script kiddies tend to use prewritten hacking and
cracking programs.A corporate spy has extensive computer and networking skills and is hired
to break into a specific computer or computer network to steal, delete data and/or information.
Shady companies hire these types people in a practice known as corporate espionage. They do
this to gain an advantage over their competition. Business and home users must do their best to
protect or safeguard their computers from security risks. When you transfer information over
a network it has a high security risk compared to information transmitted in a businessnetwork
because the administrators usually take stringent measures to protect against security risks.
Over the Internet the risk is much higher.The Computer Emergency Response Team
Coordination Centre is a good resource.The typical network attacks that puts computers at
risk are:viruses,worms,spoofing,Trojan horses and denial of service attacks.Every unprotected
computer is vulnerable to a computer virus. A computer worm doesn’t need to do that. It
copies itself,travels to other networks and eats up a lot of bandwidth.A Trojan horse is a
program that hides and seems to be a legitimate program but in reality is a fake.A certain
action usually triggers the Trojan horse,and unlike viruses and worms they don’t replicate.
Computer viruses,worms&Trojan horses are all classified as malicious-logic programs.You
know when a computer is infected by a virus, worm, or Trojan horse if one or more of the
following events take place: Screen shots of strange messages or pictures appear.You
experience a sudden drop in memory.Music or sound plays randomly.Files become corrupted.
Programs or files don’t work properly.Unknown files or programs randomly appear.
The Information Technology Amendment Act, 2008 (IT Act 2008) is a substantial addition to
India's Information Technology Act (ITA-2000).The IT Amendment Act was passed by the
Indian Parliament in October 2008 and came into force a year later.The Act is administered by
the Indian Computer Emergency Response Team (CERT-In).The Amendment was created to
address issues that the original bill failed to cover and to accommodate further development of
IT and related security concerns since the original law was passed.features of the Information
Technology(Amendment)Act,2008:1.The term'digital signature' has been replaced with
'electronic signature' to make the Act more technology neutral.
2. A new section has been inserted to define 'communication device' to mean cell phones,
personal digital assistance or combination of both or any other device used to communicate,
send or transmit any text video, audio or image.3. A new section has been added to define cyber
cafe as any facility from where the access to the internet is offered by any person in the
ordinary course of business to the members of the public.4. A new definition has been inserted
for intermediary.5. A new section 10A has been inserted to the effect that contracts concluded
9
10

electronically shall not be deemed to be unenforceable solely on the ground that electronic form
or means was used.6. The damages of Rs.One Crore prescribed under section 43 of the earlier
Act of 2000 for damage to computer,computer system etc.has been deleted and the relevant
parts of the section have been substituted by the words,'he shall be liable to pay damages by
way of compensation to the person so affected'.7.A new section 43A has been inserted to protect
sensitive personal data or information possessed, dealt or handled by a body corporate in a
computer resource which such body corporate owns, controls or operates. If such body
corporate is negligent in implementing and maintaining reasonable security practices and
procedures and thereby causes wrongful loss or wrongful gain to any person,it shall be liable to
pay damages by way of compensation to the person so affected.8. Sections 66A to 66F has been
added to Section 66 prescribing punishment for offences such as obscene electronic message
transmissions, identity theft, cheating by impersonation using computer resource, violation of
privacy and cyber terrorism.9. Section 67 of the IT Act, 2000 has been amended to reduce the
term of imprisonment for publishing or transmitting obscene material in electronic form to
three years from five years and increase the fine thereof from Rs.100,000 to Rs. 500,000.
Sections 67A to 67C have also been inserted. While Sections 67A and B deals with penal
provisions in respect of offences of publishing or transmitting of material containing sexually
explicit act and child pornography in electronic form, Section 67C deals with the obligation of
an intermediary to preserve and retain such information as may be specified for such duration
and in such manner and format as the central government may prescribe.10. In view of the
increasing threat of terrorism in the country, the new amendments include an amended section
69 giving power to the state to issue directions for interception or monitoring of decryption of
any information through any computer resource. Further, sections 69A and B, two new
sections, grant power to the state to issue directions for blocking for public access of any
information through any computer resource and to authorize to monitor and collect traffic
data or information through any computer resource for cyber security.11. Section 79 of the Act
which exempted intermediaries has been modified to the effect that an intermediary shall not
be liable for any third party information data or communication link made available or hosted
by him if; (a) The function of the intermediary is limited to providing access to a
communication system over which information made available by third parties is transmitted
or temporarily stored or hosted; (b) The intermediary does not initiate the transmission or
select the receiver of the transmission and select or modify the information contained in the
transmission; (c) The intermediary observes due diligence while discharging his duties.section
79 will not apply to an intermediary if the intermediary has conspired or abetted or aided or
induced whether by threats or promise or otherwise in the commission of the unlawful act or
upon receiving actual knowledge or on being notified that any information,data or
communication link residing in or connected to a computer resource controlled by it is
beingused to commit an unlawful act, the intermediary fails to expeditiously remove or disable
access to that material on that resource without vitiating the evidence in any manner.12.A
proviso has been added to Section 81 which states that the provisions of the Act shall have
overriding effect.The proviso states that nothing contained in the Act shall restrict any person
from exercising any right conferred under the Copyright Act,1957.

10

You might also like