ASSIGNMENT OF CYBER LAW

In the partial fulfilment of marking scheme of BA.LL.B. (10TH semester)

TOPIC- TYPES OF CYBER CRIME

SUBMITTED TO: MS. MAHIMA DABAS
SUBMITTED BY: ASHISH RATHI
Roll No. 170118546
 CYBER CRIME
INTROUCTIONS:

Cybercrime is not an old sort of crime to the world. It is defined as any criminal activity which
takes place on or over the medium of computers or internet or other technology recognized by
the Information Technology Act. Cybercrime is the most prevalent crime playing a devastating
role in Modern India. Not only the criminals are causing enormous losses to the society and the
government but are also able to conceal their identity to a great extent. There are number of
illegal activities which are committed over the internet by technically skilled criminals. Taking a
wider interpretation, it can be said that, Cybercrime includes any illegal activity where computer
or internet is either a tool or target or both. The term cybercrime may be judicially interpreted in
some judgments passed by courts in India; however, it is not defined in any act or statute passed
by the Indian Legislature. Cybercrime is an uncontrollable evil having its base in the misuse of
growing dependence on computers in modern life. Usage of computer and other allied
technology in daily life is growing rapidly and has become an urge which facilitates user
convenience. It is a medium which is infinite and immeasurable. Whatsoever the good internet
does to us, it has its dark sides too.1 Some of the newly emerged cybercrimes are cyber-stalking,
cyber-terrorism, e-mail spoofing, e-mail bombing, cyber pornography, cyberdefamation etc.
Some conventional crimes may also come under the category of cybercrimes if they are
committed through the medium of computer or Internet.

1
Prof. R.K.Chaubey, “An Introduction to Cyber Crime and Cyber law”, Kamal Law House,
2012
Categories OF CYBERCRIME:

There are different types of cybercrime, but basically there are two types of cybercrime they fall
under two main categories:

1. Criminal activity that targets computers.

2. Criminal activity that uses computers.2

Cybercrime that targets computers often involves malware like viruses.

Cybercrime that uses computers to commit other crimes may involve using computers
to spread malware, illegal information or illegal images.

TYPES OF CYBERCRIME:

1. Hacking

Hacking is labelled as amongst the most serious of all cybercrimes. It is said that hacking erodes
the faith of people in information technology and the Internet. Hacking a computer system has
been projected as a menace requiring harsh laws to act as deterrents. Such a general projection is
somewhat misconceived. Hacking a computer simply implies getting into another’s computer
without permission. Gaining unlawful access to another’s computer is hacking. Unauthorized
entry into a computer belonging to another is hacking.3 It is equivalent to phone-tapping.
Hackers see the weakness in the target computer programmer and then find ways to enter and
access therein. Antihacking tools such as the ‘Firewall’ technology and intrusion detection
systems are preventive measures that can be taken to protect a computer from being hacked.
Firewall, like a wall of fire, prevents hacking. Intrusion detection systems will in addition also
try to detect the source of hacking. Hacking perse, in simple terms, is criminal trespass into a
computer that is a private property. Criminal trespass under the Indian Penal Code, 1860 is
simply defined as entering into property in the possession of another with intent to commit an
offence or to intimidate, insult or annoy any person in possession of such property, or having
lawfully entered into or upon such property, by unlawfully remaining there with intent thereby to
2
https://www.clearias.com/cybercrime/

3
https://www.malwarebytes.com/hacker
intimidate insult or annoy any such person or with intent to commit an offence. Criminal trespass
entails a punishment of imprisonment up to three months or fine up to rupees five hundred, or
with both Criminal trespass perse is thus a minor offence.

Hacking is nothing but identifying weakness systems or networks to exploit it to gain access to
its data and sources. Hacking is an attempt to invade a private/public/ corporation/organizations'
network via computer to gather information without permission. In simple words, it is the
unauthorized or unconsented access to or control over the computer network and security
systems for some wrong or illicit needs and purpose. It is the deliberate and intentional access or
infiltration of a computer program without valid consent from its owner. It affects all arms and
feet of information and communication technology of an entity. 4These include threats through
the web, communications, and email, social media scams, data breaches, cloud and data storage
compromises, and critical data breaches. The sole objective of hackers is to steal confidential
data or embezzlement of funds causing business disruptions, etc.

Methods of hacking

1.Phishing – This simply means duplicating the original website to gain access to the users’ information
like account password, credit card details etc. It is the most common hacking technique in which the
hackers will either send you a fake message with a fake invoice or ask to confirm some personal
information or entice the person with some free stuff. 5

2.Virus attack – By this method of hacking, the hackers release the virus into the files of the website
which can corrupt or destroy the important information stored in our computer if they are downloaded or
get inside our computer system.

3.UI redress – In this method, a fake user interface is created by which when the user clicks on it, it
redirects them to another vulnerable website. For instance, if we have to download a song, as soon as we
click on the “download” tab, a new page is redirected which is usually a fake website.

4.Cookie theft – Sometimes, the website containing information about the users in the form of cookies is
hacked using special tools. These cookies can be decrypted and read to reveal one’s identity which can be
4
https://blog.ipleaders.in/all-you-need-to-know-about-hacking/
5
ibid.
further used to impersonate the person online. Cookies are generally stored as plain text or in some form
of encryption.

4.DNS spoofing – The cache data of a website which the user might have forgotten is used by hackers to
gather information about users. Here, a user is forced to navigate to a fake website disguised to look like a
real one, with the intention of diverting traffic or stealing the credentials of the users. 6

Denial of Service

A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network,

making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target
with traffic, or sending it information that triggers a crash. In both instances, the DoS attack
deprives legitimate users (i.e., employees, members, or account holders) of the service or
resource they expected.

Victims of DoS attacks often target web servers of high-profile organizations such as banking,
commerce, and media companies, or government and trade organizations. Though DoS attacks
do not typically result in the theft or loss of significant information or other assets, they can cost
the victim a great deal of time and money to handle.7

There are two general methods of DoS attacks: flooding services or crashing services. Flood
attacks occur when the system receives too much traffic for the server to buffer, causing them to
slow down and eventually stop. Popular flood attacks include:

 Buffer overflow attacks – the most common DoS attack. The concept is to send more
traffic to a network address than the programmers have built the system to handle. It
includes the attacks listed below, in addition to others that are designed to exploit bugs
specific to certain applications or networks
 ICMP flood – leverages misconfigured network devices by sending spoofed packets that
ping every computer on the targeted network, instead of just one specific machine. The
network is then triggered to amplify the traffic. This attack is also known as the smurf
attack or ping of death.

6
https://economictimes.indiatimes.com/definition/hacking
7
https://www.bbau.ac.in/dept/Law/TM/1.pdf
  SYN flood – sends a request to connect to a server, but never completes the handshake.
Continues until all open ports are saturated with requests and none are available for
legitimate users to connect to.

Other DoS attacks simply exploit vulnerabilities that cause the target system or service to crash.
In these attacks, input is sent that takes advantage of bugs in the target that subsequently crash or
severely destabilize the system, so that it can’t be accessed or used.

An additional type of DoS attack is the Distributed Denial of Service (DDoS) attack. A DDoS
attack occurs when multiple systems orchestrate a synchronized DoS attack to a single target.
The essential difference is that instead of being attacked from one location, the target is attacked
from many locations at once. The distribution of hosts that defines a DDoS provide the attacker
multiple advantages:8

 He can leverage the greater volume of machine to execute a seriously disruptive attack
 The location of the attack is difficult to detect due to the random distribution of attacking
systems (often worldwide)
 It is more difficult to shut down multiple machines than one
 The true attacking party is very difficult to identify, as they are disguised behind many
(mostly compromised) systems

Modern security technologies have developed mechanisms to defend against most forms of DoS
attacks, but due to the unique characteristics of DDoS, it is still regarded as an elevated threat
and is of higher concern to organizations that fear being targeted by such an attack.9

Virus Dissemination
It involves direct or search unauthorized access to system by introducing malicious programs
known as viruses, worms etc. Virus needs host while worms are standalone.
Provisions are provided under the IT Act, 2000 under sections 43-C, 66 and section 268 of the
Indian Penal Code.10

8
https://www.paloaltonetworks.com
9
ibid.
10
IT ACT 2000
Virus dissemination is a process of a Malicious software that attaches to other software that
destroys the system of the victim. They disrupt the computer operation and affect the data store
by modifying or deleting it. Virus dissemination consists of three types of hackers which are
White hat hackers, Geray hat hackers and Black hat hackers. Black hat hackers are the persons
who hacks information. A virus and a worm are similar as a both are the forms of malicious
software. A virus infects a program which is carried down to the other programme automatically.
A virus and worm both execute without the knowledge of the user. There are many types of
viruses such as Polymorphic viruses, stealth viruses, fast and slow infectors, sparse infectors,
armored viruses, Multipartite viruses, cavity viruses, tunnelling viruses, camouflage viruses,
NTFS and Active Directory viruses.

Polymorphic viruses encrypt the code in a different way with each infection and try to evade the
detection by changing itself in a different form. Stealth viruses are the virus which modify the
original time and date stamps to prevent itself from being noticed. Fast and slow infectors can
evade detection by infecting very quickly or very slowly. Sparse infectors will infect only a few
systems. Armored viruses are encrypted to prevent detection. Cavity viruses attach to the empty
files. Tunneling viruses are sent via a different procedure to prevent detection through a firewall.
Camouflage viruses appear to be another programme. NTFS and active Directory viruses
specially attack the NT file system or active directory on windows systems. 11
Trojan horses are
different from virus which can cause damage similar to the viruses. Virus can infect the
following components of a system such as system sectors, files, macros, companion files,
disclosers, batch files, source code.

Credit Card Fraud

Card fraud begins either with the theft of the physical card or with the comprise of data
associated with the account. Provisions of such fraud are given under Section 66 C and 66 D of
IT ACT, 2000 and section 468 & 471 of Indian Penal Code, 1860.

11
https://www.cybercrimechambers.com
Credit card fraud is the unauthorized use of a credit or debit card, or similar payment tool (ACH,
EFT, recurring charge, etc.), to fraudulently obtain money or property. Credit and debit card
numbers can be stolen from unsecured websites or can be obtained in an identity theft scheme.12

types of credit card fraud

You can break down the various types of credit card fraud into four main areas

1. Lost or stolen cards are used without their owner’s permission.

2.Credit cards are ‘skimmed’. This is when the card is cloned or copied with a special swipe
machine to make a duplicate of the card.

3.Card details – card number, card holder name, date of birth and address - are stolen, often from
online databases or through email scams, then sold and used on the internet, or over the phone.
This is often called ‘card-not-present’ fraud.

4.Committing fraudulent applications in someone else’s name for a new credit card, without that
person knowing.

Cyber Stalking

It can be defined as the use of electronic communications to harass or frighten someone, for
example by sending threatening emails. The provisions are given under IT Act, 2008 under
section 72 and section 354 C (voyeurism) of the Indian Penal Code. Also, section 67 provides
imprisonment up to 3 years with fine.

Cyberstalking is a crime in which someone harasses or stalks a victim using electronic or digital
means, such as social media, email, instant messaging (IM), or messages posted to a discussion
group or forum. Cyberstalks take advantage of the anonymity afforded by the internet to stalk or
harass their victims, sometimes without being caught, punished or even detected.

12
3 Economic Crime in India: an ever increasing phenomenon, Global Economic Crime Survey 2011, India, Price
Waterhouse Coopers, 2011. also available at https://www.pwc.in/assets/pdfs/publications-2011/economic-crime-
survey-2011-indiareport.pdf (Retrieved on 17th February, 2016 )
The terms cybercrime and cyber bullying are often used interchangeably. Cyberstalking,
however, is actually a form of cyber bullying which along with cybersquatting and
cyberterrorism is among the growing number of computer- and internet-related crimes,
collectively referred to as cybercrime.13

Although cyberstalking is a general term for online harassment, it can take many forms,
including slander, defamation, false accusations, trolling and even outright threats. In many
cases, especially when both the harasser and victim are individuals, the motive may be the
following:

 monitor the victim's online and, in some cases, offline activities;

 track the victim's locations and follow them online or offline;
 annoy the victim;
 intimidate, frighten, control or blackmail the victim;
 reveal private information about the victim, a practice known as doxing; or
 gather more information about the victim to steal their identity or perpetrate other real-
world crimes, like theft or harassment.14

Cyberstalks often start small. In the beginning, they may send a few strange or somewhat
unpleasant messages to their intended victim. Then, later, they may brush off these messages as
funny, annoying or mildly weird and ignore them without taking any action.15

Over time, the messages may become systematic, sustained and repetitive and take on an
increasingly intimidating or frightening tone.

Cyber Pornography
The word ‘Pornography’ derived from Greek words ‘Prone’ and ‘Graphene’ means writing about
prostitutes, or referred to any work of art or literature dealing with sex and sexual themes. 16
Defining the term pornography is very difficult and it does not have any specific definition in the
eyes of law as every country has their own customs and tradition. The act of pornography in

13
https://www.techtarget.com/searchsecurity/definition/cyberstalking
14
1 http://www.sociosite.org/cyberstalking_en.php
15
3 https://www.astrealegal.com/internet-harassment-cyber-stalking-cyber-harassment-andcyber/
16
5 http://blog.ipleaders.in/cyber-pornography-law-in-india-the-grey-law-decoded/
some countries is legal but in some it is illegal and punishable. 17 Cyber pornography is in simple
words defined as the act of using cyberspace to create, display, distribute, import, or publish
pornography or obscene materials. With the advent of cyberspace, traditional pornographic
content has now been largely replaced by online/digital pornographic. Pornography has no legal
or consistent definition. The definition of pornography depends how the society, norms and their
values are reacting to the pornographic content. The reason why we do not have a clear
definition as far as pornography is concerned is that we do not have uniform standard culture and
ethics in the world nor do we have uniform laws which defines the pornography. The concept of
obscenity and pornography varies from country to country and time to time. The terms obscenity
and pornography are different but related to each other. The same material which was banned in
some countries may be allowed in some. The Indian law doesn’t define the term pornography
and not deal with this term.

Conclusion
Across the globe and specifically in India, these frauds are growing rapidly since 2010. This is
mainly due to lack of awareness in some states and also, among some banks and other
organizations. However, if we adopt few anti-fraud strategies like biometrics or keeping an
expert in this field could prevent us from getting into such frauds. In conclusion it can be said
that just like cybercrimes are very diverse, cyber criminals also belong to a broad spectrum with
different motivations fueling them. Further, cybercrimes and traditional crimes may seem similar
on the outside yet there are certain differences between the two, which separate one from
another. To tackle these issues, cyber forensics is being actively used these days to deal with
cybercrimes, investigate and collect digital evidence and catch cyber criminals.

17
8 http://www.thefreedictionary.com/