Cf&di Notes
Cf&di Notes
Cf&di Notes
Types of Attacks:
1)Technocrime 1) A premeditated act against a system or
systems, with the internet to copy, steal,
prevent access, corrupt or otherwise damage
parts of or the complete computer system.
2)Techno Vandalism 2) Techno-vandalism occurs when
unauthorized access to a computer results in
damage to files or programs, not so much for
profit but for the challenge. In such cases, the
damage or loss may be intentional or
accidental.
Cybercriminals:
Individuals or groups who engage in illegal activities using computer systems, networks, or the
internet.
Classification of Cybercrimes:
Terrestrial Crime:
Examples: Theft, assault, robbery, burglary, murder, fraud, and other offenses that occur within
the physical boundaries of a jurisdiction.
Investigation: Handled by law enforcement agencies operating on the ground, such as police
departments and other local, state, or national authorities.
Legal Consequences: Perpetrators of terrestrial crime are subject to legal prosecution and may
face penalties such as fines, imprisonment, or other forms of punishment as determined by the
legal system.
Prevention: Community policing, surveillance, public awareness, and various law enforcement
strategies are employed to prevent and address terrestrial crime.
ITA 2000:
The Information Technology Act, 2000 (ITA 2000) is a comprehensive legislation in India that
addresses various legal aspects related to electronic commerce, digital signatures, cybercrime,
and the use of electronic records and digital signatures. Here are key points related to the ITA
2000:
Enactment: The Information Technology Act, 2000, was enacted on June 9, 2000, and came
into force on October 17, 2000.
Objective: The primary objective of the ITA 2000 is to provide legal recognition to electronic
transactions and facilitate e-governance by recognizing digital signatures and regulating cyber
activities.
Digital Signatures: The ITA 2000 recognizes digital signatures as legally valid and equivalent to
handwritten signatures. It establishes the Controller of Certifying Authorities (CCA) to regulate
and license Certifying Authorities (CAs) that issue digital signatures.
Offenses and Penalties: The Act defines various offenses related to computer systems, data, and
networks. It prescribes penalties for unauthorized access, data theft, cyber fraud, and other
cybercrimes.
Security Practices and Procedures: The ITA 2000 mandates the implementation of reasonable
security practices and procedures by entities handling sensitive personal data. Non-compliance
may result in legal consequences.
Cyber Appellate Tribunal: The Act establishes the Cyber Appellate Tribunal (now known as
the Cyber Appellate Tribunal or CAT) to hear appeals against orders issued by the Adjudicating
Officers under the Act.
Adjudicating Officers: The Act empowers Adjudicating Officers to inquire into contraventions
of the Act and impose penalties. These officers are appointed by the Central Government.
Data Protection: While the ITA 2000 addresses
Financial Loss: Companies may suffer significant financial losses due to stolen sensitive data,
including intellectual property, customer information, and financial records.
Reputation Damage: Data theft can lead to a loss of trust among customers and partners,
damaging a company's reputation and brand image.
Legal Consequences: Organizations may face legal action and regulatory penalties for failing to
protect sensitive information, especially if data protection laws are violated.
Operational Disruption: The loss of critical data can disrupt normal business operations,
leading to downtime and productivity issues.
Intellectual Property Risks: For businesses relying on proprietary information and intellectual
property, data theft can undermine competitive advantages.
Complications of Business Impact of Cybercrime:
Supply Chain Disruptions: Cyberattacks on one business can have a cascading effect,
disrupting supply chains and affecting interconnected businesses.
Challenges:
Human Factor: Employee negligence or lack of awareness can contribute to security breaches,
emphasizing the need for ongoing cybersecurity education and training.
Global Nature of Cyber Threats: Cyber threats are not constrained by geographic borders, and
businesses must contend with threats from various locations, requiring international cooperation.
Network Misuse:
Unauthorized Access: Users or external actors gaining unauthorized access to a network can
misuse resources, compromise data integrity, and cause disruptions.
Insider Threats: Employees or trusted individuals within an organization may misuse network
privileges for malicious purposes, leading to data breaches or other security incidents.
Denial of Service (DoS) Attacks: Deliberate attempts to overload a network's resources, causing
service disruptions and impacting normal business operations.
Data Interception: Unauthorized interception of data during transmission can lead to the theft of
sensitive information, including financial data and customer details.
Resource Drain: Network misuse can lead to excessive use of bandwidth and computing
resources, affecting the performance of critical business systems.certain aspects of data
protection, subsequent developments in this area, including the Personal Data Protection Bill,
2019, aim to provide a more comprehensive framework for data protection in India.
Classification of Cybercrime: -
● Against Individual-
● Against Properties- This includes stealing mobile devices such as cell phones, laptops,
personal digital assistant and removable medias; transmitting harmful programs that can
disrupt functions of the systems and/or can wipe out data from hard disk and create the
malfunctioning of the attached devices in the system such as modem, CD drive etc.
● Against Organizations-Cyberterrorism is one of the distinct crimes against
organizations/government. Attackers(Individuals or groups of individuals) use computer
tools and the internet to usually terrorize the citizens of a particular country by stealing
the private information and also to damage the programs and files or plant programs to
get control of the network and system.
● Single event of cybercrime- It is a single event from the perspective of the victim. For
example, unknowingly open an attachment that may contain a virus that will infect the
system(PC/Laptop).This is known as hacking or fraud.
● Series of events- This involves the attacker interacting with the victims repetitively. For
example, attacker interacts with the victim on the phone and/or via chat rooms to
establish relationship first and then they exploit that relationship to commit the sexual
assault.
IPC 499: - In the context of Indian law, IPC 499 refers to Section 499 of the Indian Penal Code
(IPC). IPC 499 deals with the offense of defamation. Defamation is the act of making false
statements about someone with the intention of harming their reputation. Section 499 provides
the definition of defamation and lays out the elements that constitute the offense.
● Cybercrime Act 2001 (Australia)The Cybercrime Act 2001 is part of the broader legal
framework in Australia addressing cyber-related offenses. It has been amended over the
years to keep pace with technological advancements and emerging cyber threats.
● National Cybersecurity Strategy-A National Cybersecurity Strategy is a comprehensive
plan developed by a country to safeguard its cyberspace and protect critical infrastructure
from cyber threats. It outlines the government's goals, priorities, and measures to enhance
cybersecurity.
● Treaty Law in Cybersecurity-Treaty law refers to international agreements or treaties
that countries enter into to establish rules and norms governing their behavior in
cyberspace. These treaties aim to foster cooperation, address cyber threats, and promote
stability in the digital domain.