• Like
SITA LAB PPT (XYBER CRIME)
Upcoming SlideShare
Loading in...5
×

SITA LAB PPT (XYBER CRIME)

  • 908 views
Uploaded on

 

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
908
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
67
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Combating Cyber crimes-Combating Cyber crimes- Law &Law & Enforcement in IndiaEnforcement in India Seminar on Information Technology Acts Submitted to : Mr. Pranjal Bansal BY: Vishal Soni 4th year / 8th Sem Computer Engineering 08CE97
  • 2. Introduction to CyberIntroduction to Cyber crimecrime  Computer CrimeComputer Crime ,, E-E- CrimeCrime,, Hi-Tech CrimeHi-Tech Crime oror Electronic CrimeElectronic Crime isis where awhere a computercomputer is theis the target of atarget of a crimecrime or is theor is the means adopted to commit ameans adopted to commit a crime.crime.  Most of these crimes areMost of these crimes are not new. Criminals simplynot new. Criminals simply devise different ways todevise different ways to undertake standard criminalundertake standard criminal activities such asactivities such as fraudfraud,, theft, blackmail, forgery,theft, blackmail, forgery, and embezzlement usingand embezzlement using the new medium, oftenthe new medium, often involving the Internetinvolving the Internet
  • 3. Computer vulnerabilityComputer vulnerability  Computers store huge amounts of data in small spacesComputers store huge amounts of data in small spaces  Ease of accessEase of access  Complexity of technologyComplexity of technology  Human errorHuman error  One of the key elements that keeps most members of any societyOne of the key elements that keeps most members of any society honest is fear of being caught — the deterrence factor. Cyberspacehonest is fear of being caught — the deterrence factor. Cyberspace changes two of those rules. First, it offers the criminal an opportunitychanges two of those rules. First, it offers the criminal an opportunity of attacking his victims from the remoteness of a different continentof attacking his victims from the remoteness of a different continent and secondly, the results of the crime are not immediately apparent.and secondly, the results of the crime are not immediately apparent.  Need new laws and upgraded technology to combat cyber crimesNeed new laws and upgraded technology to combat cyber crimes
  • 4. Types of Cyber crimesTypes of Cyber crimes  Credit card fraudsCredit card frauds  Cyber pornographyCyber pornography  Sale of illegal articles-Sale of illegal articles- narcotics, weapons, wildlifenarcotics, weapons, wildlife  Online gamblingOnline gambling  Intellectual Property crimes-Intellectual Property crimes- software piracy, copyrightsoftware piracy, copyright infringement, trademarksinfringement, trademarks violations, theft of computerviolations, theft of computer source codesource code  Email spoofingEmail spoofing  ForgeryForgery  DefamationDefamation  Cyber stalking (section 509Cyber stalking (section 509 IPC)IPC)  PhisingPhising  Cyber terrorismCyber terrorism Crime against persons Crime against Government Crime against property
  • 5. Computer VirusesComputer Viruses  VirusesViruses  A computer virus is aA computer virus is a computer program thatcomputer program that can infect othercan infect other computer programs bycomputer programs by modifying them in suchmodifying them in such a way as to include aa way as to include a (possibly evolved) copy(possibly evolved) copy of it. Note that aof it. Note that a program does not haveprogram does not have to perform outrightto perform outright damage (such asdamage (such as deleting or corruptingdeleting or corrupting files) in order to befiles) in order to be called a "virus".called a "virus". Viruses File infectors Boot record infectors Boot and file viruses
  • 6. Cyber crimes Hacking Information Theft E-mail bombing Salami attacks Denial of Service attacks Trojan attacks Web jacking
  • 7. Combating cyber crimesCombating cyber crimes  Technological measures-Technological measures- Public key cryptography,Public key cryptography, Digital signatures ,Firewalls,Digital signatures ,Firewalls, honey potshoney pots  Cyber investigation-Cyber investigation- Computer forensics is theComputer forensics is the process of identifying,process of identifying, preserving, analyzing andpreserving, analyzing and presenting digital evidence inpresenting digital evidence in a manner that is legallya manner that is legally acceptable in courts of law.acceptable in courts of law.  These rules of evidenceThese rules of evidence include admissibility (ininclude admissibility (in courts), authenticity (relationcourts), authenticity (relation to incident), completeness,to incident), completeness, reliability and believability.reliability and believability.  Legal framework-laws &Legal framework-laws & enforcementenforcement
  • 8. International initiativesInternational initiatives  Representatives from the 26Representatives from the 26 Council of Europe members, theCouncil of Europe members, the United States, Canada, Japan andUnited States, Canada, Japan and South Africa in 2001 signed aSouth Africa in 2001 signed a convention on cybercrime in effortsconvention on cybercrime in efforts to enhance internationalto enhance international cooperation in combatingcooperation in combating computer-based crimes.computer-based crimes. TheThe Convention on CybercrimeConvention on Cybercrime,, drawn up by experts of the Councildrawn up by experts of the Council of Europe, is designed toof Europe, is designed to coordinate these countries' policiescoordinate these countries' policies and laws on penalties on crimes inand laws on penalties on crimes in cyberspace, define the formulacyberspace, define the formula guaranteeing the efficientguaranteeing the efficient operation of the criminal andoperation of the criminal and judicial authorities, and establishjudicial authorities, and establish an efficient mechanism foran efficient mechanism for international cooperation.international cooperation.  In 1997, TheIn 1997, The G-8 MinistersG-8 Ministers agreedagreed to ten "Principles to Combat High-to ten "Principles to Combat High- Tech Crime" and an "Action PlanTech Crime" and an "Action Plan to Combat High-Tech Crimeto Combat High-Tech Crime."."  Main objectives-Main objectives-  Create effective cyber crimeCreate effective cyber crime lawslaws  Handle jurisdiction issuesHandle jurisdiction issues  Cooperate in internationalCooperate in international investigationsinvestigations  Develop acceptableDevelop acceptable practices for search andpractices for search and seizureseizure  Establish effectiveEstablish effective public/private sectorpublic/private sector interactioninteraction
  • 9. Frequency of incidents of Cyber crimes in India Source: Survey conducted by ASCL Denial of Service: Section 43 Virus: Section: 66, 43 Data Alteration: Sec. 66 U/A Access: Section 43 Email Abuse: Sec. 67, 500, Other IPC Sections Data Theft: Sec 66, 65 99
  • 10. 10 No. of Indian web-sites defaced 441 1002 2219 7039 0 1000 2000 3000 4000 5000 6000 7000 8000 1998 1999 2000 2001
  • 11. 11 Number of Indian sites hacked Site of BARC-panic all around 0 6 12 25 0 5 10 15 20 25 1998 1999 2000 2001
  • 12. 2001 CSI/FBI Computer Crime and Security Survey Of the organizations suffering security compromises in the last year– 95% had Firewalls and 61%had IDSs 981009896Anti-virus software 90929389Access Control %%%% SECURITY TECHNOLOGIES USED 64626150Encrypted Files 95789181Firewalls 61504235Intrusion Detection Systems 2001200019991998 •False sense of security – “We already have a Firewall” 12
  • 13. What is India inc’s biggestWhat is India inc’s biggest threat?threat?  Cyber crime is now a bigger threat to India Inc thanCyber crime is now a bigger threat to India Inc than physical crime. In a recent survey by IBM, a greaterphysical crime. In a recent survey by IBM, a greater number of companies (44%) listed cyber crime as anumber of companies (44%) listed cyber crime as a bigger threat to their profitability than physical crimebigger threat to their profitability than physical crime (31%).(31%). The cost of cyber crime stems primarily from loss ofThe cost of cyber crime stems primarily from loss of revenue, loss of market capitalisation, damage torevenue, loss of market capitalisation, damage to the brand, and loss of customers, in that order.the brand, and loss of customers, in that order. About 67% local Chief Information Officers (CIOs)About 67% local Chief Information Officers (CIOs) who took part in the survey perceived cyber crimewho took part in the survey perceived cyber crime as more costly, compared to the global benchmarkas more costly, compared to the global benchmark of 50%.of 50%.
  • 14. Combating Cyber crime-Combating Cyber crime- Indian legal frameworkIndian legal framework  Information Technology Act, 2000-came into force on 17Information Technology Act, 2000-came into force on 17 October 2000October 2000  Extends to whole of India and also applies to any offence orExtends to whole of India and also applies to any offence or contravention there under committed outside India by anycontravention there under committed outside India by any person {section 1 (2)}person {section 1 (2)}  read with Section 75- Act applies to offence or contraventionread with Section 75- Act applies to offence or contravention committed outside Indiacommitted outside India by any personby any person irrespective of hisirrespective of his nationality,nationality, if such act involves a computer, computer systemif such act involves a computer, computer system oror network located in Indianetwork located in India  Section 2 (1) (a) –”Access” means gaining entry intoSection 2 (1) (a) –”Access” means gaining entry into ,instructing or communicating with the logical, arithmetic or,instructing or communicating with the logical, arithmetic or memory function resources of a computer, computermemory function resources of a computer, computer resource or networkresource or network  IT Act confers legal recognition to electronic records andIT Act confers legal recognition to electronic records and digital signatures (section 4,5 of the IT Act,2000)digital signatures (section 4,5 of the IT Act,2000)
  • 15. Civil Wrongs under ITCivil Wrongs under IT ActAct  Chapter IX of IT Act, Section 43Chapter IX of IT Act, Section 43  WhoeverWhoever without permissionwithout permission of owner of theof owner of the computercomputer – Secures access (mere U/A access)Secures access (mere U/A access)  Not necessarily through a networkNot necessarily through a network – Downloads, copies, extracts any dataDownloads, copies, extracts any data – Introduces or causes to be introduced any viruses orIntroduces or causes to be introduced any viruses or contaminantcontaminant – Damages or causes to be damaged any computerDamages or causes to be damaged any computer resourceresource  Destroy, alter, delete, add, modify or rearrangeDestroy, alter, delete, add, modify or rearrange  Change the format of a fileChange the format of a file – Disrupts or causes disruption of any computer resourceDisrupts or causes disruption of any computer resource  Preventing normal continuance ofPreventing normal continuance of
  • 16. – Denies or causes denial of access by any meansDenies or causes denial of access by any means  Denial of service attacksDenial of service attacks – Assists any person to do any thing aboveAssists any person to do any thing above  Rogue Websites, Search Engines, Insiders providingRogue Websites, Search Engines, Insiders providing vulnerabilitiesvulnerabilities – Charges the services availed by a person to theCharges the services availed by a person to the account of another person by tampering oraccount of another person by tampering or manipulating any computer resourcemanipulating any computer resource  Credit card frauds, Internet time theftsCredit card frauds, Internet time thefts – Liable to pay damages not exceeding Rs. OneLiable to pay damages not exceeding Rs. One crore to the affected partycrore to the affected party – Investigation byInvestigation by – ADJUDICATING OFFICERADJUDICATING OFFICER – Powers of a civil courtPowers of a civil court
  • 17. Section 65: Source CodeSection 65: Source Code  Most important asset of software companiesMost important asset of software companies  ““Computer Source Code" means the listingComputer Source Code" means the listing of programmes, computer commands,of programmes, computer commands, design and layoutdesign and layout  IngredientsIngredients – Knowledge or intentionKnowledge or intention – Concealment, destruction, alterationConcealment, destruction, alteration – computer source code required to be kept orcomputer source code required to be kept or maintained by lawmaintained by law  PunishmentPunishment – imprisonment up to three years and / orimprisonment up to three years and / or – fine up to Rs. 2 lakhfine up to Rs. 2 lakh
  • 18. Section 66: Hacking • Ingredients – Intention or Knowledge to cause wrongful loss or damage to the public or any person – Destruction, deletion, alteration, diminishing value or utility or injuriously affecting information residing in a computer resource • Punishment – imprisonment up to three years, and / or – fine up to Rs. 2 lakh • Cognizable, Non Bailable, 18 Section 66 covers data theft aswell as data alterationSection 66 covers data theft aswell as data alteration
  • 19. Sec. 67. PornographySec. 67. Pornography  IngredientsIngredients – Publishing or transmitting or causing to be publishedPublishing or transmitting or causing to be published – in the electronic form,in the electronic form, – Obscene materialObscene material  PunishmentPunishment – On first convictionOn first conviction  imprisonment of either description up to five years andimprisonment of either description up to five years and  fine up to Rs. 1 lakhfine up to Rs. 1 lakh – On subsequent convictionOn subsequent conviction  imprisonment of either description up to ten years andimprisonment of either description up to ten years and  fine up to Rs. 2 lakhfine up to Rs. 2 lakh  Section coversSection covers – Internet Service Providers,Internet Service Providers, – Search engines,Search engines, – Pornographic websitesPornographic websites  Cognizable, Non-Bailable, JMIC/ Court of SessionsCognizable, Non-Bailable, JMIC/ Court of Sessions
  • 20. Sec 69: Decryption ofSec 69: Decryption of informationinformation  IngredientsIngredients – Controller issues order to Government agency toController issues order to Government agency to intercept any information transmitted through anyintercept any information transmitted through any computer resource.computer resource. – Order is issued in the interest of theOrder is issued in the interest of the  sovereignty or integrity of India,sovereignty or integrity of India,  the security of the State,the security of the State,  friendly relations with foreign States,friendly relations with foreign States,  public order orpublic order or  preventing incitement for commission of a cognizablepreventing incitement for commission of a cognizable offenceoffence – Person in charge of the computer resource fails toPerson in charge of the computer resource fails to extend all facilities and technical assistance toextend all facilities and technical assistance to decrypt the information-punishment upto 7 years.decrypt the information-punishment upto 7 years.
  • 21. Sec 70 Protected SystemSec 70 Protected System  IngredientsIngredients – Securing unauthorised access or attempting toSecuring unauthorised access or attempting to secure unauthorised accesssecure unauthorised access – to ‘protected system’to ‘protected system’  Acts covered by this section:Acts covered by this section: – Switching computer on / offSwitching computer on / off – Using installed software / hardwareUsing installed software / hardware – Installing software / hardwareInstalling software / hardware – Port scanningPort scanning  PunishmentPunishment – Imprisonment up to 10 years and fineImprisonment up to 10 years and fine  Cognizable, Non-Bailable, Court of SessionsCognizable, Non-Bailable, Court of Sessions
  • 22. Cyber crimes punishableCyber crimes punishable under various Indianunder various Indian lawslaws Sending pornographic or obscene emails are punishable under Section 67 of the IT Act.  An offence under this section is punishable on first conviction with imprisonment for a term, which may extend to five years and with fine, which may extend to One lakh rupees.  In the event of a second or subsequent conviction the recommended punishment is imprisonment for a term, which may extend to ten years and also with fine which may extend to Two lakh rupees.  Emails that are defamatory in nature are punishable under Section 500 of the Indian Penal Code (IPC), which recommends an imprisonment of upto two years or a fine or both.  Threatening emails are punishable under the provisions of the IPC pertaining to criminal intimidation, insult and annoyance (Chapter XXII), extortion (Chapter XVII)  Email spoofing Email spoofing is covered under provisions of the IPC relating to fraud, cheating by personation (Chapter XVII), forgery (Chapter XVIII)
  • 23. Arms ActOnline sale of Arms Sec. 383 IPCWeb-Jacking NDPS ActOnline sale of Drugs Sec 416, 417, 463 IPCEmail spoofing Sec 420 IPCBogus websites, cyber frauds Sec 463, 470, 471 IPCForgery of electronic records Sec 499, 500 IPCSending defamatory messages by email Sec 503 IPCSending threatening messages by email Computer Related Crimes under IPC and Special Laws 23
  • 24. Better EnforcementBetter Enforcement initiativesinitiatives  Mumbai Cyber lab is a joint initiative of Mumbai police andMumbai Cyber lab is a joint initiative of Mumbai police and NASSCOM –more exchange and coordination of this kindNASSCOM –more exchange and coordination of this kind  Suggested amendments to the IT Act,2000-new provisions forSuggested amendments to the IT Act,2000-new provisions for child pornography, etcchild pornography, etc  More Public awareness campaignsMore Public awareness campaigns  Training of police officers to effectively combat cyber crimesTraining of police officers to effectively combat cyber crimes  More Cyber crime police cells set up across the countryMore Cyber crime police cells set up across the country  Effective E-surveillanceEffective E-surveillance  Websites aid in creating awareness and encouragingWebsites aid in creating awareness and encouraging reporting of cyber crime cases.reporting of cyber crime cases.  Specialised Training of forensic investigators and expertsSpecialised Training of forensic investigators and experts  Active coordination between police and other law enforcementActive coordination between police and other law enforcement agencies and authorities is required.agencies and authorities is required.