1

UNIT-I:
INTRODUCTION TO CYBER CRIME:
1.1 Introduction
Almost everyone is aware of the phenomenal growth of the Internet. Given the unrestricted number of
free websites, the Internet has undeniably opened a new way of exploitation known as cybercrime.
These activities involve the use of computers, the Internet, cyber- space and the worldwide web
(WWW). Interestingly, cybercrime is not a new phenomena, the first recorded cybercrime took place in
the year 1820. It is one of the most talked about topics in the recent years. Indian corporate and
government sites have been attacked or defaced more than 780 times between February 2000 and
December 2002. There are also stories/news of other attacks, for example, according to a story posted
on 3 December 2009, a total of 3,286 Indian websites were hacked in 5 months-between January and
June 2009.

1.2 Cybercrime: Definition and Origins of the Word

Let us understand the origins of the term cybercrime. Reaching consensus on a definition of computer
crime is difficult. One definition that is advocated is, "a crime conducted in which a computer was
directly and significantly instrumental." "This definition is not universally accepted. It, however, initiates
further discussion to narrow the scope of the definition for "cybercrime": for example, we can propose
the following alternative definitions of computer crime:
1. Any illegal act where a special knowledge of computer technology is essential for its perpetration,
investigation or prosecution.
2. Any traditional crime that has acquired a new dimension or order of magnitude through the aid of a
computer, and abuses that have come into being because of computers.
3. Any financial dishonesty that takes place in a computer environment.
4. Any threats to the computer itself, such as theft of hardware or software, sabotage and demands for
ransom.
Here is yet another definition: "cybercrime (computer crime) is any illegal behavior, directed by means
of electronic operations, that targets the security of computer systems and the data processed by
them." Note that in a wider sense, "computer-related crime" can be any illegal behavior committed by
means of, or in relation to, a computer system or network; however, this is not cybercrime.
Statute and treaty law both refer to "cybercrime." The term "cybercrime" relates to a number of other
terms that may sometimes be used interchangeably to describe crimes committed using computers.
Computer-related crime, Computer crime, Internet crime, E-crime, High-tech crime, etc. are the other
synonymous terms. Cybercrime specifically can be defined in a number of ways; a few definitions are:
1. A crime committed using a computer and the Internet to steal a person's identity (identity theft) or
sell contraband or stalk victims or disrupt operations with malevolent programs.
2. Crimes completed either on or with a computer.
3. Any illegal activity done through the Internet or on the computer.
4. All criminal activities done using the medium of computers, the Internet, cyberspace and the WWW.
According to one information security glossary, cybercrime is any criminal activity which uses network
access to commit a criminal act. Opportunities for the exploitation due to weaknesses in information
security are multiplying because of the exponential growth of Internet. Cybercrime may be internal or
external, with the former easier to perpetrate. The term "cybercrime" has evolved over the past few
years since the adoption of Internet connection on a global scale with hundreds of millions of users.
Cybercrime refers to the act of performing criminal act using cyberspace as the communications
 2

vehicle. Some people argue that a cybercrime is not a crime as it is a crime against software and not
against a person or property. However, while the legal systems around the world scramble to introduce
laws to combat cyber- criminals, two types of attack are prevalent:
1. Techno-crime: A premeditated act against a system or systems, with the intent to copy, steal, pre
vent access, corrupt or otherwise deface or damage parts of or the complete computer system. The
24x7 connection to the Internet makes this type of cybercrime a real possibility to engineer from
anywhere in the world, leaving few, if any, "finger prints."
2. Techno-vandalism: 'These acts of "brainless" defacement of websites and/or other activities, such as
copying files and publicizing their contents publicly, are usually opportunistic in nature. Tight internal
security, allied to strong technical safeguards, should prevent the vast majority of such incidents.
There is a very thin line between the two terms "computer crime" and "computer fraud"; both are
punishable.
Cybercrimes (harmful acts committed from or against a computer or network) differ from most
terrestrial crimes in four ways:
(a) how to commit them is easier to learn,
(b) they require few resources relative to the potential damage caused.
(c) they can be committed in a jurisdiction without being physically present in it and
(d) they are often not clearly illegal.
The term cybercrime has some stigma attached and is notorious due to the word "terrorism" or
"terrorist" attached with it, that is, cyberterrorism. Cyberterrorism is defined as "any person, group or
organization who, with terrorist intent, utilizes accesses or aids in accessing a computer or computer
network or electronic system or electronic device by any available means, and thereby knowingly
engages in or attempts to engage in a terrorist act commits the offence of cyberterrorism." Cybercrime,
especially through the Internet, has grown in number as the use of computer has become central to
commerce, entertainment and government.
The term cyber has some interesting synonyms: fake, replicated, pretend, imitation, virtual, computer-
generated. Cyber means combining forms relating to Information Technology, the Internet and Virtual
Reality. This term owes its origin to the word "cybernetics" which deals with information and its use;
furthermore, cybernetics is the science that overlaps the fields of neurophysiology, information theory,
computing machinery and automation. However, beyond this, there does not seem to be any further
connection to the term "cybernetics" as per other sources searched, According to Wikipedia,
cybernetics is the interdisciplinary study of the structure of regulatory systems. It is closely related to
control theory and systems theory.
People are curious to know how cybercrimes are planned and how they actually take place. Worldwide,
including India, cyberterrorists usually use computer as a tool, target or both for their unlawful act to
gain information which can result in heavy loss/damage to the owner of that intangible sensitive
information. Internet is one of the means by which the offenders can gain priced sensitive information
of companies, firms, individuals, banks and can lead to intellectual property (IP) crimes (such as stealing
new product plans, its description, market program plans, list of customers, etc.), selling illegal articles,
pornography/child pornography, etc. This is done using methods such as Phishing, Spoofing, Pharming,
Internet Phishing, wire transfer, etc. and use it to their own advantage without the consent of the
individual. "Phishing" refers to an attack using mail programs to deceive or coax Internet users into
disclosing confidential information that can be then exploited for illegal purposes.

1.3 Cybercrime and Information Security

 3

Lack of information security gives rise to cybercrimes. Let us refer to the amended Indian Information
Technology Act (ITA) 2000 in the context of cybercrime. From an Indian perspective, the new version of
the Act (referred to as ITA 2008) provides a new focus on "Information Security in India."
"Cybersecurity" means protecting information, equipment, devices, computer, computer resource,
communication device and information stored therein from unauthorized access, use, disclosure,
disruption, modification or destruction. The term incorporates both the physical security of devices as
well as the information stored therein. It covers protection from unauthorized access, use, disclosure,
disruption, modification and destruction
Where financial losses to the organization due to insider crimes are concerned (e.g., leaking customer
data). often some difficulty is faced in estimating the losses because the financial impacts may not be
detected by the victimized organization and no direct costs may be associated with the data theft. The
2008 CS1 Survey on computer crime and security supports this. Cybercrimes occupy an important
space in information security domain because of their impact. For anyone trying to compile data on
business impact of cybercrime, there are number of challenges. One of them comes from the fact that
organizations do not explicitly incorporate the cost of the vast majority of computer security incidents
into their accounting as opposed to, say, accounting for the "shrinkage" of goods from retail stores.
Because of these reasons, reporting of financial losses often remains approximate. In an attempt to
avoid negative publicity, most organizations abstain from revealing facts and figures about "security
incidents" including cybercrime. In general, organizations perception about "insider attacks" seems to
be different than that made out by security solution vendor. However, this perception of an
organization does not seem to be true as revealed by the 2008 CSI Survey. Awareness about "data
privacy" too tends to be low in most organizations. When we speak of financial losses to the
organization and significant insider crimes, such as leaking customer data, such "crimes" may not be
detected by the victimized organization and no direct costs may be associated with the theft.
Typical network misuses are for Internet radio/streaming audio, streaming video, file sharing, instant
messaging and online gaming (such as online poker, online casinos, online betting, etc.; refer to
http://en.wikipedia.org/wiki/Online_gambling). Online gambling is illegal in some countries for
example, in India. However, India has yet to pass laws that specifically deal with the issue, leaving a sort
of legal loophole in the meantime.

1.4 Who are Cybercriminals?

Cybercrime involves such activities as child pornography; credit card fraud; cyberstalking, defaming
another online, gaining unauthorized access to computer systems; ignoring copyright, software
licensing and trade- mark protection; overriding encryption to make illegal copies, software piracy and
stealing another's identity (known as identity theft) to perform criminal acts. Cybercriminals are those
who conduct such acts. They can be categorized into three groups that reflect their motivation:
1. Type I: Cybercriminals - hungry for recognition

 Hobby hackers;
 IT professionals (social engineering is one of the biggest threat);
 politically motivated hackers;
 terrorist organizations.
2. Type II: Cybercriminals - not interested in recognition
 Psychological perverts;
 financially motivated hackers (corporate espionage);
 state-sponsored hacking (national espionage, sabotage);
 organized criminals.
3.Type III: Cybercriminals - the insiders
 4

 Disgruntled or former employees seeking revenge,

 competing companies using employees to gain economic advantage through damage and/or
theft.
Thus, the typical "motives" behind cybercrime seem to be greed, desire to gain power and/or publicity,
desire for revenge, a sense of adventure, looking for thrill to access forbidden information, destructive
mindset and desire to sell network security services. Cybercafes are known to play role in committing
cybercrimes.

1.5 Classifications of Cybercrimes

Crime is defined as "an act or the commission of an act that is forbidden, or the omission of a duty that
is commanded by a public law and that makes the offender liable to punishment by that law" (Webster
Dictionary).
Cybercrimes are classified as follows:
1. Cybercrime against individual
 Electronic mail (E-Mail) Spoofing and other online frauds.
 Phishing, Spear Phishing and its various other forms such as Vishing and Smishing.
 Spamming.
 Cyberdefamation
 Cyberstalking and harassment.
 Computer sabotage.
 Pornographic offenses.
 Password sniffing.
2. Cybercrime against property
 Credit card frauds.
 Intellectual property (IP) crimes: Basically, IP crimes include software piracy, copyright
infringement , trademarks violations, theft of computer source code, etc.
 Internet time theft.
3. Cybercrime against organization
 Unauthorized accessing of computer: Hacking is one method of doing this and hacking is a
punishable offense.
 Password sniffing.
 Denial-of-service attacks (known as DoS attacks).
 Virus attack/dissemination of viruses.
 E-Mail bombing/mail bombs.
 Salami attack/Salami technique.
 Logic bomb.
 Trojan Horse.
 Data diddling .
 Crimes emanating from Usenet newsgroup.
 Industrial spying/industrial espionage.
 Computer network intrusions.
 Software piracy .
4. Cybercrime against Society
 Forgery.
 Cyberterrorism.
 Web jacking.
5. Crimes emanating from Usenet newsgroup:
 5

By its very nature, Usenet groups may carry very offensive, harmful, inaccurate or otherwise
inappropriate material, or in some cases, postings that have been mis- labeled or are deceptive in
another way. Therefore, it is expected that you will use caution and common sense and exercise proper
judgment when using Usenet, as well as use the service at your own risk.
Let us take a brief look at some of the cybercrime forms mentioned above.
1.5.1 E-Mail Spoofing
A spoofed E-Mail is one that appears to originate from one source but actually has been sent from
another source. For example, let us say, Roopa has an E-Mail address roopa@asianlaws.org. Let us say
her boyfriend Suresh and she happen to have a show down. Then Suresh, having become her enemy,
spoofs her E-Mail and sends obscene/vulgar messages to all her acquaintances. Since the E-Mails
appear to have originated from Roopa, her friends could take offense and relationships could be
spoiled for life.
1.5.2 Spamming
People who create electronic Spam are called spammers. Spam is the abuse of electronic messaging
systems (including most broadcast media, digital delivery systems) to send unsolicited bulk messages
indiscriminately. Although the most widely recognized form of Spam is E-Mail Spam, the term is applied
to similar abuses in other media: instant messaging Spam, Usenet newsgroup Spam, web search engine
Spam, Spans in blogs, wiki Spam, online classified ads Spam, mobile phone messaging Spam, Internet
forum Spam, junk fax transmissions, social networking Spam, file sharing network Spam, video sharing
sites, etc.
Spamming is difficult to control because it has economic viability - advertisers have no operating costs
beyond the management of their mailing lists, and it is difficult to hold senders accountable for their
mass mailings. Spammers are numerous, the volume of unsolicited mail has become very high because
the barrier to entry is low. The costs, such as lost productivity and fraud, are borne by the public and by
Internet Service providers (ISPs), who are forced to add extra capacity to cope with the deluge.
Spamming is widely detested. and has been the subject of legislation in many jurisdictions - for
example, the CAN-SPAM Adely de Another definition of spamming is in the context of "search engine
spamming In this contest. spamming is alteration or creation of a document with the intent to deceive
an electronic catalog or a filing system. Some web authors use "subversive techniques" to ensure that
their site appears more frequently of higher number in returned search results - this is strongly
discouraged by search engines and there are fines/ penalties associated with the use of such subversive
techniques. Those who continually attempt to subvert of Spam the search engines may be permanently
excluded from the search index. Therefore, the following web publishing techniques should be avoided:
1. Repeating keywords;
2. use of keywords that do not relate to the content on the site;
3. use of fast meta refresh;
4. redirection:
5. IP Cloaking:
6. use of colored text on the same color background;
7. tiny text usage:
8. duplication of pages with different URLs:
9. hidden links;
10. use of different pages that bridge to the same URL (gateway pages).

1.5.3 Cyberdefamation
 6

Cyberdefamation is a cognizable offense.

Let us first understand what the term entails. Regarding "defamation" there is a mention that
"Whoever, by words either spoken or intended to be read, or by signs or by visible representations,
makes or publishes any imputation concerning any person intending to harm, or knowing or having
reason to believe that such imputation will harm, the reputation of such person, is said, except in the
cases hereinafter expected, to defame that person."
Cyberdefamation happens when the above takes place in an electronic form. In other words,
"cyberdefamation occurs when defamation takes place with the help of computers and/or the Internet,
for example. someone publishes defamatory matter about someone on a website or sends an E-Mail
containing defamatory information to all friends of that person. According to the IPC Section 499:
1. It may amount to defamation to impute anything to a deceased person, if the imputation would
harm the reputation of that person if living, and is intended to be hurtful to the feelings of his family or
other near relatives.
2. It may amount to defamation to make an imputation concerning a company or an association or
collection of persons as such.
3. An imputation in the form of an alternative or expressed ironically, may amount to defamation.
4. No imputation is said to harm a person's reputation unless that imputation directly or indirectly, in
the estimation of others, lowers the moral or intellectual character of that person, or lowers the
character of that person in respect of his caste or of his calling, ne lowers the credit of that person. or
causes it to be believed that the body of that person is in a loathsome state or in a state generally
considered as disgraceful.
Libel is written defamation and slander is oral defamation. When determining whether or not
defamation has taken place, the only issue to consider is whether a person of ordinary intelligence in
society would believe that the words would indeed injure the person's reputation. Even if there is no
(apparent) damage to a person's reputation, the person who made the allegations may still be held
responsible for defamation The law on defamation attempts to create a workable balance between two
equally important human rights: The right to an unimpaired reputation and the right to freedom of
expression. In a cybersecurity, both these interests are increasingly important. Protection of reputation
is arguably even more important in a highly technological society, because one may not even encounter
an individual or organization other than through the medium of the Internet. Some courts have held
that the plaintiff must also have to show that the defamatory statements were unlawful and that it
must not be for the defendant to justify his conduct by showing that the statements were in
accordance with law.
1.5.4 Internet Time Theft
Such a theft occurs when an unauthorized person uses the Internet hours paid for by another person.
Basically. Internet time theft comes under hacking because the person who gets access to someone
else's ISP user ID and password, either by hacking or by gaining access to it by illegal means, uses it to
access the Internet without the other person's knowledge. However, one can identify time theft if the
Internet time has to be recharged often, even when one's own use of the Internet is not frequent. The
issue of Internet time theft is related to the crimes conducted through "identity theft
1.5.5 Salami Attack/Salami Technique
These attacks are used for committing financial crimes. The idea here is to make the alteration so
insignificant that in a single case it would go completely unnoticed; for example a bank employee
inserts a program, into the bank's servers, that deducts a small amount of money (say2/- or a few cents
in a month) from the account of every customer. No account holder will probably notice this
unauthorized debit, but the bank employee will make a sizable amount every month.

1.5.6 Data Diddling

 7

A data diddling attack involves altering raw data just before it is processed by a computer and then
changing it back after the processing is completed. Electricity Boards in India have been victims to data
diddling programs inserted when private parties computerize their systems.
1.5.7 Forgery
Counterfeit currency notes, postage and revenue stamps, marksheets, etc. can be forged using
sophisticated computers, printers and scanners. Outside many colleges there are miscreants soliciting
the sale of fake marksheets or even degree certificates. These are made using computers and high
quality scanners and printers. In fact, this is becoming a booming business involving large monetary
amount given to student gangs in exchange for these bogus but authentic looking certificates.
1.5.8 Web Jacking
Web jacking occurs when someone forcefully takes control of a website (by cracking the password and
later changing it). Thus, the first stage of this crime involves "password sniffing." The actual owner of
the website does not have any more control over what appears on that website.
1.5.9 Newsgroup Spam/Crimes Emanating from Usenet Newsgroup
As explained earlier, this is one form of spamming. The word "Spam" was usually taken to mean
excessive multiple posting (EMP). The advent of Google Groups, and its large Usenet archive, has made
Usenet more attractive to spammers than ever. Spamming of Usenet newsgroups actually predates E-
Mail Spam. The first widely recognized Usenet Spam titled Global Alert for All: Jesus is Coming Soon
(though not the most famous) was posted on 18 January 1994 by Clarence L. Thomas IV, a sysadmin at
Andrews University. It was a fun- damentalist religious tract claiming that "this world's history is coming
to a climax." The newsgroup posting Bot Serdar Argic also appeared in early 1994, posting tens of
thousands of messages to various newsgroups. consisting of identical copies of a political screed
relating to the Armenian Genocide.
1.5.10 Industrial Spying/Industrial Espionage
Spying is not limited to governments. Corporations, like governments, often spy on the enemy. The
Internet and privately networked systems provide new and better opportunities for espionage. "Spies"
can get information about product finances, research and development and marketing strategies, an
activity known as "industrial spying." However, cyberspies rarely leave behind a trail. Industrial spying is
not new; in fact it is as old as industries themselves. The use of the Internet to achieve this is probably
as old as the Internet itself. Traditionally, this has been the reserved hunting field of a few hundreds of
highly skilled hackers, contracted by high-profile companies or certain governments via the means of
escrow organizations (it is said that they get several hundreds of thousands of dollars, depending on
the "assignment").
With the growing public availability of Trojans and Spyware material, even low-skilled individuals are
now inclined to generate high volume profit out of industrial spying. This is referred to as "Targeted
Attacks" (which includes "Spear Phishing"). This aspect of Industrial Spying is the one to be addressed
in the fight against cybercrime.
Organizations subject to online extortion tend to keep quiet about it to avoid negative publicity about
them. Not surprisingly, this also applies very well to organizations that are victim of focused attacks
aiming at stealing corporate data, Intellectual Property or whatever else that may yield a competitive
advantage for a rival company.
One interesting case is the famous Israeli Trojan story, where a software engineer in London created a
Trojan Horse program specifically designed to extract critical data gathered from machines infected by
his program. He had made a business out of selling his Trojan Horse program to companies in Israel,
which would use it for industrial spying by planting it into competitors networks. The methods used to
inoculate the Trojan Horse were varied and sometimes quite inventive, ranging from simple E-Mail
traps to the mailing of promotional CDs infected with the evil program!
1.5.11 Hacking
 8

Although the purposes of hacking are many, the main ones are as follows:
1. Greed;
2. power;
3. publicity:
4. revenge;
5. adventure;
6. desire to access forbidden information;
7. destructive mindset.
Every act committed toward breaking into a computer and/or network is hacking and it is an offense.
Hackers write or use ready-made computer programs to attack the target computer. They possess the
desire to destruct and they get enjoyment out of such destruction. Some hackers hack for personal
monetary gains, such as stealing credit card information, transferring money from various bank
accounts to their own account followed by withdrawal of money. They extort money from some
corporate giant threatening him to publish the stolen information that is critical in nature. Government
websites are hot on hackers' target lists and attacks on Government websites receive wide press
coverage. For example, according to the story posted on December 2009, the NASA site was hacked via
SQL Injection.
1.5.12 Online Frauds
There are a few major types of crimes under the category of hacking: Spoofing website and E-Mail
security alerts, hoax mails about virus threats, lottery frauds and Spoofing. In Spoofing websites and
E-Mail security threats, fraudsters create authentic looking websites that are actually nothing but a
spoof. The purpose of these websites is to make the user enter personal information which is then used
to access business and bank accounts. Fraudsters are increasingly turning to E-Mail to generate traffic
to these websites. This kind of online fraud is common in banking and financial sector. There is a rise in
the number of financial institutions' customers who receive such E-Mails which usually contain a link to
a spoof website and mislead users to enter user ids and passwords that security details can be updated
or passwords changed. It is wise to be alert and careful about E-Mails containing an embedded link.
with a request for you to enter secret details. It is strongly recommended not to input any sensitive
information that might help criminals to gain access to sensitive information, such as bank account
details, even if the page appears legitimate.
In virus hoax E-Mails, the warnings may be genuine, so there is always a dilemma whether to take them
lightly or seriously. A wise action is to first confirm by visiting an antivirus site such as McAfee, Sophos
or Symantec before taking any action, such as forwarding them to friends and colleagues.
Lottery frauds are typically letters or E-Mails that inform the recipient that he/she has won a prize in a
lottery. To get the money, the recipient has to reply, after which another mail is received asking for bank
details so that the money can be directly transferred. The E-Mail also asks for a processing fee/handling
fee. Of course, the money is never transferred in this case, the processing fee is swindled and the
banking details are used for other frauds and scams.
"Spoofing" means illegal intrusion, posing as a genuine user. A hacker logs-in to a computer illegally,
using a different identity than his own. He is able to do this by having previously obtained the actual
pass word. He creates a new identity by fooling the computer into thinking that the hacker is the
genuine system operator and then hacker then takes control of the system. He can commit
innumerable number of frauds using this false identity.

1.5.13 Pornographic Offenses

 9

"Child pornography" means any visual depiction, including but not limited to the following:
1. Any photograph that can be considered obscene and/or unsuitable for the age of child viewer;
2. film, video, picture;
3. computer-generated image or picture of sexually explicit conduct where the production of such
visual depiction involves the use of a minor engaging in sexually explicit conduct.
Child pornography is considered an offense. Unfortunately, child pornography is a reality of the
Internet. The Internet is being highly used by its abusers to reach and abuse children sexually,
worldwide. In India too,the Internet has become a household commodity in the urban areas of the
nation. Its explosion has made the children a viable victim to the cybercrime. As the broad-band
connections get into the reach of more and more homes, larger child population will be using the
Internet and therefore greater would be the chances of falling victim to the aggression of pedophiles.
"Pedophiles" are people who physically or psychologically coerce minors to engage in sexual activities,
which the minors would not consciously consent to.
Here is how pedophiles operate:
Step 1: Pedophiles use a false identity to trap the children/teenagers (using "false identity" which in
itself is another crime called "identity theft").
Step 2: They seek children/teens in the kids' areas on the services, such as the Teens BB, Games BB or
chat areas where the children gather.
Step 3: They befriend children/teens.
Step 4: They extract personal information from the child/teen by winning his/her confidence.
Step 5: Pedophiles get E-Mail address of the child/teen and start making contacts on the victim's E-Mail
address as well. Sometimes, these E-Mails contain sexually explicit language.
Step 6: They start sending pornographic images/text to the victim including child pornographic images
in order to help child/teen shed his/her inhibitions so that a feeling is created in the mind of the victim
that what is being fed to him is normal and that everybody does it.
Step 7: At the end of it, the pedophiles set up a meeting with the child/teen out of the house and then
drag him/her into the net to further sexually assault him/her or to use him/her as a sex object.
This is the irony of the "digital world"; in physical world, parents know the face of dangers and they
know how to avoid and face the problems by following simple rules and accordingly they advice their
children to keep away from dangerous things and ways. However, it is possible, even in the modern
times most parents may not know the basics of the Internet and the associated (hidden) dangers from
the services offered over the Internet. Hence most children may remain unprotected in the cyberworld.
Pedophiles take advantage of this situation and lure the children, who are not advised by their parents
or by their teachers about what is right/wrong for them while browsing the Internet. Legal remedies
exist only to some extent, for example, Children's Online Privacy Protection Act of COPPA is a way of
preventing online pornography. Interested readers are referred to COPPA sites. Readers would like to
note that Net Nanny and Cybersitter are software, originally designed for parents concerned about
their children's unrestricted access to the seamier side of the Internet, which can be used to block a
user's access to websites containing "dangerous" or "offensive" material.
1.5.14 Software Piracy
This is a big challenge area indeed. Cybercrime investigation cell of India defines "software piracy" as
theft of software through the illegal copying of genuine programs or the counterfeiting and distribution
of products intended to pau fer the original. There are many examples of software piracy: end-user
copying-friends loaning disks to each other, or organizations under-reporting the number of software
installations they have made, or organizations not tracking their software licenses; hard disk loading
 10

with illicit means - hard disk vendors load pirated software, counterfeiting-large-scale duplication and
distribution of illegally copied software, illegal downloads from the Internet-by intrusion, by cracking
serial numbers, etc.
Beware that those who buy pirared software have a lot to lose:
(a) getting untested software that may have been copied thousands of times over,
(b) the software, if pirated, may potentially contain hard-drive-infecting viruses,
(c) there is no technical support in the case of software failure, that is, lack of technical product support
available to properly licensed users,
(d) there is no warranty protection,
(e) there is no legal right to use the product, etc.
1.5.15 Computer Sabotage
The term "sabotage" has been mentioned many times in this chapter. The use of the Internet to hinder
the normal functioning of a computer system through the introduction of worms, viruses or logic
bombs, is referred to as computer sabotage. It can be used to gain economic advantage over a
competitor, to pro mote the illegal activities of terrorists or to steal data or programs for extortion
purposes. Logic bombs are event-dependent programs created to do something only when a certain
event (known as a trigger event) occurs. Some viruses may be termed as logic bombs because they lie
dormant all through the year and become active only on a particular date (e.g.. the Chernobyl virus and
Y2K viruses).
1.5.16 E-Mail Bombing/Mail Bombs
E-Mail bombing refers to sending a large number of E-Mails to the victim to crash victim's E-Mail
account (in the case of an individual) or to make victim's mail servers crash (in the case of a company or
an E-Mail service provider). Computer program can be written to instruct a computer to do such tasks
on a repeated basis. In recent times, terrorism has hit the Internet in the form of mail bombings. By
instructing a computer to repeatedly send E-Mail to a specified person's E-Mail address, the
cybercriminal can overwhelm the recipient's personal account and potentially shut down entire
systems. This may or may not be illegal, but it is certainly disruptive.
1.5.17 Usenet Newsgroup as the Source of Cybercrimes
Usenet is a popular means of sharing and distributing information on the Web with respect to specific
topic or subjects. Usenet is a mechanism that allows sharing information in a many-to-many manner.
The news- groups are spread across 30,000 different topics. In principle, it is possible to prevent the
distribution of specific newsgroup. In reality, however, there is no technical method available for
controlling the contents of any newsgroup. It is merely subject to self-regulation and net etiquette. It is
feasible to block specific news- groups, however, this cannot be considered as a definitive solution to
illegal or harmful content.
It is possible to put Usenet to following criminal use:
1. Distribution/sale of pornographic material;
2. distribution/sale of pirated software packages;
3. distribution of hacking software;
4. sale of stolen credit card numbers;
5. sale of stolen data/stolen property.
 11

1.5.18 Computer Network Intrusions

Computer Networks pose a problem by way of security threat because people can get into them from
anywhere. The popular movie "War Games" illustrated an extreme but useful example of this.
"Crackers" who are often misnamed "Hackers can break into computer systems from anywhere in the
world and steal data, plant viruses, create backdoors, insert Trojan Horses or change user names and
passwords. Network intrusions are illegal, bur detection and enforcement are difficult. Current laws are
limited and many intrusions go undetected. The cracker can bypass existing password protection by
creating a program to capture logon IDs and passwords. The practice of "strong password" is therefore
important (password strength is explained in Chapter 4).
1.5.19 Password Sniffing
Password Sniffers are programs that monitor and record the name and password of network users as
they login, jeopardizing security at a site. Whoever installs the Sniffer can then impersonate an
authorized user and login to access restricted documents. Laws are not yet set up to adequately
prosecute a person for impersonating another person online. Laws designed to prevent unauthorized
access to information may be effective in apprehending crackers using Sniffer programs.
1.5.20 Credit Card Frauds
Information security requirements for anyone handling credit cards have been increased dramatically
recently. Millions of dollars may be lost annually by consumers who have credit card and calling card
numbers stolen from online databases. Security measures are improving, and traditional methods of
law enforcement seem to be sufficient for prosecuting the thieves of such information. Bulletin boards
and other online services are frequent targets for hackers who want to access large databases of credit
card information. Such attacks usually result in the implementation of stronger security systems.
Security of cardholder data has become one of the biggest issues facing the payment card industry.
Payment Card Industry Data Security Standard (PCI-DSS) is a set of regulations developed jointly by the
leading card schemes to prevent cardholder data theft and to help combat credit card fraud.
1.5.21 Identity Theft
Identity theft is a fraud involving another person's identity for an illicit purpose. This occurs when a
criminal uses someone else's identity for his/her own illegal purposes. Phishing and identity theft are
related offenses (the topic is addressed in Chapter 5). Examples include fraudulently obtaining credit,
stealing money from the victim's bank accounts, using the victim's credit card number, establishing
accounts with utility companies, renting an apartment or even filing bankruptcy using the victim's
name. The cyber impersonator can steal unlimited funds in the victim's name without the victim even
knowing about it for months, sometimes even for years!
Thus far, we have provided an overview of various types of well-known cybercrimes. In most
cybercrime forms, computers and/or other digital devices end up getting used as one or a combination
of the following:
1. As the tool for committing cybercrime,
2. crime involving attack against the computer,
3. use for storing information related to cybercrime/information useful for committing cybercrime.

1.6 Cybercrime: The Legal Perspectives

Cybercrime poses a mammoth challenge. In the first comprehensive presentation of computer crime.
Computer Crime Criminal Justice Resource Manual (1979). computer-related crime was defined in the
broader meaning as any illegal act for which knowledge of computer technology is essential for a
successful prosecution. International legal aspects of computer crimes were studied in 1983. In that
study, computer crime was consequently defined as encompasses any illegal act for which knowledge
of computer technology is essential for its perpetration.
 12

Cybercrime, in a way, is the outcome of "globalization" However, globalization does not mean
globalized welfare at all. Globalized information systems accommodate an increasing number of trans
national offenses. The network context of cybercrime makes it one of the most globalized offenses of
the present and the most modernized threats of the future. This problem can be resolved in two ways.
One is to divide information systems into segments bordered by state boundaries (cross-border flow of
information). The other is to incorporate the legal system into an integrated entity obliterating these
state boundaries. Apparently the first way is unrealistic. Although all ancient empires including Rome
Greece and Mongolia became historical remnants, and giant empires are not prevalent in current
world, the partition of information systems cannot be an imagined practice. In a globally connected
world. information systems become the unique empire without tangible territory

1.7 Cybercrimes: An Indian Perspective

India has the fourth highest number of Internet users in the world. According to the statistics posted on
the site (http://www.tamat.in/), there are 45 million Internet users in India. 37% of all Internet accesses
happen from cybercafes and 57% of Indian Internet users are between 18 and 35 years The population
of educated youth is high in India. It is reported that compared to the year 2006 cybercrime under the
Information Technology (IT) Act recorded a whopping 50% increase in the year 2007 A point to note is
that the majority of offenders were under 30 years. The maximum cybercrime cases about 46% were
related to incidents of cyberpornography followed by hacking in over 60% of these cases, offenders
were between 18 and 30 years, according to the "Crime in 2007" report of the National Crime Record
Bureau (NCRB). For example. Delhi Police have now trained 100 of its officers in handling cybercrime
and placed them in its Economic Offences Wing. As at the time of writing this, the officers were trained
for 6 weeks in computer hardware and software computer networks comprising data communication
networks, network protocols, wireless networks and network security

1.8 Cybercrime and the Indian ITA 2000

In India, the ITA 2000 was enacted after the United Nation General Assembly Resolution A/RES/51/162
in January 30. 1997 by adopting the Model Law on Electronic Commerce adopted by the United
Nations Commission on International Trade Law This was the first step toward the Law relating to E-
Commerce at international level to regulate an alternative form of commerce and to give legal status in
the area of E-Commerce It was enacted taking into consideration UNICITRAL model of Law on
Electronic Commerce (1996).
1.8.1 Hacking and the Indian Law(s)
Cybercrimes are punishable under two categories: the ITA 2000 and the IPC. A total of 207 cases of
cybercrime were registered under the IT Act in 2007 compared to 142 cases registered in 2006 Under
the IPC too. 339 cases were recorded in 2007 compared to 311 cases in 2006 There are some
noteworthy provisions under the ITA 2000, which is said to be undergoing key changes very soon.

1.9 A Global Perspective on Cybercrimes

Cybercrime definitions, statute and treaty law both refer to cybercrime. In Australia cybercrime has a
narrow statutory meaning as used in the Cyber Crime Act 2001 which details offenses against computer
data and systems. However, a broad meaning is given to cybercrime at an international level. In the
Council of Europe's (CoE's) Cyber Crime Treaty, cybercrime is used as an umbrella term to refer to an
array of criminal activity including offenses against computer data and systems, computer-related
offenses, content offenses and copyright offenses. This wide definition of cybercrime over laps in part
with general offense categories that need not be Information & Communication Technology (ICT)-
dependent, such as white-collar crime and economic crime. The Spam legislation scenario mentions
"none" about India as far as E-Mail legislation in India is concerned. On mobile networks, a peculiar
problem is that of sending of bulk unsolicited text messages aimed at generating traffic to premium-
rate numbers. As there are no national "boundaries" to such crimes under cybercrime realm, it requires
international cooperation between those who seek to enforce anti-Spam laws.
 13

Thus, one can see that there is a lot to do toward building confidence and security in the use of ICT and
moving toward international cooperation agenda. This is because in the 21" century, there is a growing
dependency on ICTs that span the globe There was a rapid growth in ICTs and dependencies that led to
shift in perception of cybersecurity threats in mid-1990s. The linkage of cybersecurity and critical
infrastructure protection has become a big issue as a number of countries have began assessment of
threats, vulnerabilities and started exploring mechanisms to redress them Recently, there have been a
number of significant developments such as
1. August 4, 2006 Announcement: The US Senate ratifies CoE Convention on Cyber Crime The
convention targets hackers, those spreading destructive computer viruses those using the Internet for
the sexual exploitation of children or the distribution of racist material, and terrorists attempting to
attack infrastructure facilities or financial institutions. The Convention is in full accord with all the US
constitutional protections, such as free speech and other civil liberties, and will require no change to
the US laws.
2. In August 18, 2006, there was a news article published "ISPs Wary About 'Drastic Obligations on Web
Site Blocking." European Union (EU) officials want to debar suspicious websites as part of a 6-point plan
to boost joint antiterrorism activities. They want to block websites that incite terrorist action. Once
again it is underlined that monitoring calls. Internet and E-Mail traffic for law enforcement purposes is a
task vested in the government, which must reimburse carriers and providers for retaining the data.
3. CoE Cyber Crime Convention (1997-2001) was the first international treaty seeking to address
Internet crimes by harmonizing national laws. improving investigative techniques and increasing
cooperation among nations. 19% More than 40 countries have ratified the Convention to date.
One wonders as to what is the role of business/private sector in taking up measures to prevent
cybercrime and toward responsibilities and role related to the ownership of information and
communication infrastructures. Effective security requires an in-depth understanding of the various
aspects of information and communication networks. Therefore private sectors expertise should be
increasingly involved in the development and implementation of a country's cybersecurity strategy.

1.9.1 Cybercrime and the Extended Enterprise

It is a continuing problem that the average user is not adequately educated to understand the threats
and how to protect oneself Actually, it is the responsibility of each user to become aware of the threats
as well as the opportunities that "connectivity" and "mobility" presents them with. This aspect is
emphasized in Chapter 3 In this context. u is important to understand the concept of "extended
enterprise This termrepresents the concept that a company is made up not just of its employees, us
board members and executives but also its business partners its suppliers and even its customers. The
extended enterprise can only be successful if all of the component groups and individuals have the
information they need in order to do business effectively. An extended enterprise is a "loosely coupled
self-organizing network" of firms that combine their economic output to provide "products and
services offerings to the market Firms in the extended enterprise may operate independently for
example through market mechanisms or cooperatively through agreements and contracts.
Seamless flow of "information" to support instantaneous "decision-making ability is crucial for the
"external enterprise This becomes possible through the "interconnectedness" Due to the
interconnected features of information and communication technologies, security overall can only be
fully promoted when the users have full awareness of the existing threats and dangers Governments,
businesses and the international community must, therefore proactively help users access information
on how to protect themselves. Given the promises and challenges in the extended enterprise scenario,
organizations in the international community have a special role in sharing information on good
practices, and creating open and accessible enterprise information flow channels for exchanging of
ideas in a collaborative manner. International cooperation at the levels of government industry,
consumer business and technical groups to allow a global and coordinated approach to achieving global
cybersecurity is the key.