Topic Overview Why we learn about cyber crimes. Security Policy Cyber Security Strategy – India Emergence of Information Technology Act,2000 Objectives of the Act,2000 Noteworthy Provisions under the Information Technology Act,2000 Types of Attacks by Hackers Cyber Threat Evolution Scope of the Act
Why learn about CYBER CRIME ? Everybody is using COMPUTERS.. From white collar criminals to terrorist organizations And From Teenagers to Adults Conventional crimes like Forgery,, extortion,, kidnapping etc. are being committed with the help off computers New generation is growing up with computers MOST IMPORTANT - Monetary transactions are moving on to the INTERNET
Cyber Security Strategy – India Cyber terrorists usually use the computer as a tool, target, or both for their unlawful act either to gain information which can result in heavy loss/damage to the owner of that intangible sensitive information.
Security Policy, Compliance and Assurance –Legal Framework IT Act, 2000 IT (Amendment) Bill, 2006 – Data Protection & Computer crimes Best Practice ISO 27001 Security Assurance Framework- IT/ITES/BPO Companies
Emergence of Information TechnologyAct,2000 In India, the Information Technology Act 2000 was enacted after the United Nation General Assembly Resolution A/RES/51/162,dated 30th January,1997 Adopting the Model Law on Electronic Commerce adopted by the United Nations Commission on International Trade Law. It was enacted taking into consideration UNICITRAL model of law on e-commerce 1996.
Objectives of the Act,2000 To grant legal recognition means ‘electronic commerce’ Digital Signature for Authentication. To facilitate electronic filing of document. To facilitate electronic storage of data. To set up licensing, monitoring, authentication etc. To facilitate and give legal sanction to electronic and transfers b/w banks and financial institutions. To give legal recognition for keeping books of account by bankers in electronic form.
Noteworthy Provisions under theInformation Technology Act,2000 Sec.431. Damage to Computer System etc.(compensation 1 crore) Sec.661. Hacking(Fine of 2 lakh rupees) Sec.671. Fine of 1 lakh, imprisonment of 5 years. Sec. 701. Securing access to computer (imprisonment upto 10 years) Sec.70, Sec72, Sec.73, Sec 74.
Types of Attacks by Hackers Hacking Computer Viruses Phishing Spoofing Phone Phishing Internet Pharming Investment Newsletter Credit Card Fraud
HACKING Hacking in simple terms means illegal Intrusion into a computer system without the permission of the computer owner/user. There are various methods used by hackers to gain unauthorized access to the computer apart from use of viruses like Trojans and worms etc.
PHISHING It is technique of pulling out confidential information from the bank/financial institutional account holders by deceptive means.
Cyber Threat Evolution Malicious Identity Theft Virus Code (Phishing) (Melissa) Breaking Advanced Worm / Organised Crime Web Sites Trojan (I LOVE Data Theft, DoS / YOU) DDoS 1977 1995 2000 2003-04 2005-06 2007-08
Measures To Curb The Crime1. Encryption2. Synchronized Passwords3. Firewalls4. Digital Signature
Investigations & Search Procedures Sec 75 of I.T Act,2000 takes care of jurisdictional aspect of cyber crimes. Power of investigation is been given to police officer or any officer of the Central Govt. He may search & arrest without warrant person who is responsible.
Problem Underlying Tracking ofoffence Identity is hard to be identified. Usually law enforcement agencies also don’t take crimes seriously. They have no importance of enforcement of cyber crimes. Most of Countries lack skilled law enforcement personnel to deal with computer.
Information Security Management INFORMATION SECURITY Confidentiality Integrity Availability Authenticity Security Policy People Regulatory Compliance User Awareness Program Access Control Process Security Audit Incident Response Encryption, PKI Technology Firewall, IPS/IDS Antivirus 17
How Efficient is InformationTechnology Act 2000? Copyright and trade mark violations do occur on the net but copyright Act 1976, or Trade Mark Act 1994 are silent. Therefore no enforcement machinery to ensure the protection of domain names on net. ISP is not made liable under the I.T Act,2000
Scope of the Act Negotiable instrument. A power of Attorney. A trust as defined in sec 3 of the Indian Trusts Act,1882. A Will. Any contract for the sale or conveyance of immovable property or any interest in such property, section 17 of the Registration Act, 1908.