History of Cyber Crime
Introduction to Cyber Law
Categories of Cyber Crime
Types of Cyber Crime
Who are Cyber Criminals
Cyber Crime in India
Need of Cyber Laws
Cyber Laws in India
Arrest and Report Under IT Act
The internet in India is growing rapidly. It has given rise to new
opportunities in every field we can think of – be it entertainment,
business, sports or education.
There are two sides to a coin. Internet also has its own disadvantages.
One of the major disadvantages is Cyber crime – illegal activity
committed on the internet.
History of Cyber Crime
The first recorded cyber crime took place in the year 1820!
In 1820, Joseph-Marie Jacquard, a textile manufacturer in France, produced
the loom. This device allowed the repetition of a series of steps in the weaving
of special fabrics. This resulted in a fear amongst Jacquard's employees that
their traditional employment and livelihood were being threatened. They
committed acts of sabotage to discourage Jacquard from further use of the
new technology. This is the first recorded cyber crime!
John Draper discovers the give-away whistle in Cap'n Crunch cereal
boxes reproduces a 2600Hz tone. Draper builds a ‘blue box’ that, when
used with the whistle and sounded into a phone receiver, allows phreaks
to make free calls. Esquire publishes "Secrets of the Little Blue Box" with
instructions for making one. Wire fraud in the US escalates.
The InterNetworking Working Group is founded to govern the standards
of the Internet. Vinton Cerf is the chairman and is known as a "Father of
Teller at New York's Dime Savings Bank uses a computer to embezzle
over $2 million
First electronic bulletin board system (BBS) appears; becomes the
primary means of communication for the electronic underground..
Ian Murphy, aka. "Captain Zap“, becomes first felon convicted of a
computer crime. Murphy broke into AT&T’s computers and changed the
billing clock so that people receive discounted rates during normal
Elk Cloner, an AppleII boot virus, is written.
Movie WarGames introduces public to the phenomenon of hacking
US Secret Service gets jurisdiction over credit card and computer fraud.
Phiber Optik forms Masters of Deception hacking group.
US Comprehensive Crime Control Act gives Secret Service jurisdiction
over computer fraud.
Hacker magazine 2600 begins publication (still in print; see Captain
Crunch for the derivation of the name).
Online hacking magazine Phrack established.
Pakistani Brain, the oldest virus created under unauthorized
circumstances, infects IBM computers.
After many break-ins into govt. and corporate computers, Congress
passes the Computer Fraud and Abuse Act, making this a crime. The law
does not cover juveniles.
Computer Emergency Response Team (CERT) created.
Kevin Mitnick secretly monitors the e-mail of MCI and DEC security
officials. He is convicted and sentenced to a year in jail.
Kevin Poulsen is indicted on phone-tampering charges. He goes on the
run and avoids capture for 17 months.
First National Bank of Chicago is the victim of $70-million computer
Robert T. Morris, Jr., graduate student at Cornell University and son of a
chief scientist at the NSA, launches a self-replicating worm (the Morris
Worm) on the government's ARPAnet (precursor to the Internet). The
worm gets out of hand and spreads to over 6000 networked computers,
clogging government and university systems. Morris is dismissed from
Cornell, sentenced to three years' probation, and fined $10K.
First large-scale computer extortion case is investigated - under the
pretence of a quiz on the AIDS virus, users unwittingly download a
program which threatens to destroy all their computer data unless they
pay $500 into a foreign account.
Hackers in West Germany (loosely affiliated with the Chaos Computer
Club) are arrested for breaking into US government and corporate
computers and selling operating-system source code to the KGB.
The Electronic Frontier Foundation (EFF) is formed.
Legion of Doom and Masters of Deception engaged in online warfare jamming phone lines, monitoring calls, trespassing in each other's
After a prolonged sting investigation, Secret Service agents swoop down
on organizers and members of BBS’s in 14 US cities, including the Legion
of Doom. The arrests are aimed at cracking down on credit-card theft
and telephone and wire fraud.
Introduction to Cyber Law :
Cyber Law is the law governing cyber space. Cyber space is a very wide
term and includes computers, networks, software, data storage
devices (such as hard disks, USB disks etc), the Internet, websites,
emails and even electronic devices such as cell phones, ATM machines
Cyber crimes can involve criminal activities that are traditional in nature,
such as theft, fraud, forgery, defamation and mischief, all of which are
subject to the Indian Penal Code. The abuse of computers has also given
birth to a gamut of new age crimes that are addressed by the
Information Technology Act, 2000.
The expression ‘Crime’ is defined as an act, which subjects the doer to
legal punishment or any offence against morality, social order or any
unjust or shameful act. The “Offence" is defined in the Code of Criminal
Procedure to mean as an act or omission made punishable by any law for
the time being in force.
It’s an unlawful act wherein the computer is either a tool or a target or
Acts that are punishable by the Information Technology Act.
Cyber space is a virtual space that has become as important as real
space for business, politics, and communities .
Cyber Crime is emerging as a serious threat. World wide governments,
police departments and intelligence units have started to react.
Cyber Crime is a term used to broadly describe criminal activity in which
computers or computer networks are a tool, a target, or a place of
criminal activity and include everything from electronic cracking to
denial of service attacks. It is also used to include traditional crimes in
which computers or networks are used to enable the illicit activity.
Computer crime mainly consists of unauthorized access to computer
systems data alteration, data destruction, theft of intellectual property.
Cyber crime in the context of national security may involve hacking,
traditional espionage, or information warfare and related activities.
Pornography, Threatening Email, Assuming someone's Identity, Sexual
Harassment, Defamation, Spam and Phishing are some examples where
computers are used to commit crime, whereas Viruses, Worms and
Industrial Espionage, Software Piracy and Hacking are examples where
computers become target of crime.
A computer crime is any illegal act, the commission of which (in whole or
– targets computer hardware or software as its focal point, or
– utilizes computer hardware or software to accomplish or assist in
accomplishing the act, or
– involves or uses computer hardware or software to store,
preserve, assimilate, or secrete any evidence or any fruits of the
– unlawfully accesses, invades or violates computer hardware or
software integrity in accomplishing or in attempting to perform
• notice by this definition, that a murder committed by
bashing someone’s head with a computer monitor would be
considered a computer crime!
CATEGORIES OF CYBER CRIME:
Cyber crimes can be basically divided into 3 major categories:
1. Cyber crimes against persons :
Cyber harassment is a distinct Cyber crime. Various kinds of harassment can and
do occur in cyberspace, or through the use of cyberspace. Harassment can be
sexual, racial, religious, or other.
2. Cyber crimes against property :
These crimes include computer vandalism (destruction of others' property),
transmission of harmful programs, unauthorized trespassing through cyber space,
unauthorized possession of computer information.
3. Cyber crimes against government :
Cyber terrorism is one distinct kind of crime in this category.
The growth of internet has shown that the medium of Cyberspace is being used
by individuals and groups to threaten the international governments as also to
terrorize the citizens of a country.
Types Of Cyber Crime
Technological advancements have created new possibilities for criminal
activity, in particular the criminal misuse of information technologies such as
a) Unauthorized access & Hacking:o Access means gaining entry into, instructing or communicating with the
logical, arithmetical, or memory function resources of a computer,
computer system or computer network.
o Unauthorized access would therefore mean any kind of access without
the permission of either the rightful owner or the person in charge of a
computer, computer system or computer network.
o By hacking web server taking control on another persons website called
as web hijacking
b) Trojan Attack:o The program that act like something useful but do the things that are
quiet damping. The programs of this kind are called as Trojans.
o Trojans come in two parts, a Client part and a Server part. When the
victim (unknowingly) runs the server on its machine, the attacker will
then use the Client to connect to the Server and start using the trojan.
c) Virus and Worm attack:o A program that has capability to infect other programs and make copies
of itself and spread into other programs is called virus.
o Programs that multiply like viruses but spread from computer to
computer are called as worms.
d) E-mail related crimes:-
Email spoofing refers to email that appears to have been originated from one
source when it was actually sent from another source. Please Read
Email "spamming" refers to sending email to thousands and thousands of users
- similar to a chain letter.
Sending malicious codes through email
E-mails are used to send viruses, Trojans etc through emails as an attachment
or by sending a link of website which on visiting downloads malicious code.
E-mail "bombing" is characterized by abusers repeatedly sending an identical
email message to a particular address.
Sending threatening emails
Sending any threatening Email to any Person regarding his live or property is
also a Crime.
Making of false, derogatory statement(s) in private or public about a person's
business practices, character, financial status, morals, or reputation. Oral
defamation is a slander whereas printed or published defamation is a libel.
Email fraud is the intentional deception made for personal gain or to damage
another individual through email.
e) Internet Relay Chat (IRC) related crimes:Three main ways to attack IRC are: Denial of service attacks, clone attacks, and
Denial of Service attacks:Flooding a computer resource with more requests than it can handle. This
causes the resource to crash thereby denying access of service to authorized
Attempts to "flood" a network, thereby preventing legitimate network traffic
Attempts to disrupt connections between two machines, thereby preventing
access to a service
Attempts to prevent a particular individual from accessing a service
Attempts to disrupt service to a specific system or person.
f) Sale of illegal articles
This would include sale of narcotics, weapons and wildlife etc., by posting
information on websites, auction websites, and bulletin boards or simply by
using email communication.
g) Online gambling
There are millions of websites; all hosted on servers abroad, that offer online
gambling. In fact, it is believed that many of these websites are actually fronts
for money laundering.
Who are Cyber Criminals ?:
Kids (age group 9-16 etc.)
Organized hack activists
Professional hackers (corporate espionage)
India stands 11th in the ranking for Cyber Crime in the World, constituting 3%
of the Global Cyber Crime.
A rapidly growing online user base
121 Million Internet Users
65 Million Active Internet Users, up by 28% from 51 million in 2010
50 Million users shop online on Ecommerce and Online Shopping Sites
46+ Million Social Network Users
346 million mobile users had subscribed to Data Packages.
Cyber Crime In India
The majority of cybercrimes are centered on forgery, fraud and
India is the third-most targeted country for Phishing attacks after the
US and the UK,
Social networks as well as ecommerce sites are major targets,
6.9 million bot-infected systems in 2010,
14,348 website defacements in 2010,
6,850 .in and 4,150 .com domains were defaced during 2011,
15,000 sites hacked in 2011,
India is the number 1 country in the world for generating spam.
Cost Of Cyber Crime In India (2010)
29.9 million people fell victim to cybercrime,
$4 billion in direct financial losses,
$3.6 billion in time spent resolving the crime,
4 in 5 online adults (80%) have been a victim of Cybercrime,
17% of adults online have experienced cybercrime on their mobiles.
A total number of 90, 119, 252 and 219 Government websites tracked by the
Indian Computer Emergency Response Team (CERT-In) were hacked / defaced
by various hacker groups in the year 2008, 2009, 2010 and Jan–Oct 2011
The police have recorded 3,038 cases but made only 2,700 arrests in 3
years (between 2007 and 2010)
India registered only 1,350 cases under the IT Act and IPC in 2010
50% of cybercrimes are not even reported.
NEED FOR CYBER LAWS
Laws are necessary in all segments of society, and e-commerce is no
Those in the online world should recognize that copyright, patent, and
trademark laws protect much of the material found on the Internet.
All Internet users, including minors, need to be assured of their privacy
and the safety of their personal information online.
In today's highly digitalized world, almost everyone is affected by cyber
Almost all companies extensively depend upon their computer networks
and keep their valuable data in electronic form.
Government forms including income tax returns, company law forms etc
are now filled in electronic form.
Consumers are increasingly using credit cards for shopping.
Most people are using email, cell phones and SMS messages for
Even in "non-cyber crime" cases, important evidence is found in
computers / cell phones e.g. in cases of divorce, murder, kidnapping, tax
evasion, organized crime, terrorist operations, counterfeit currency etc.
Cyber crime cases such as online banking frauds, online share trading
fraud, source code theft, credit card fraud, tax evasion, virus attacks,
cyber sabotage, phishing attacks, email hijacking, denial of service,
hacking, pornography etc are becoming common.
Cyberspace is an intangible dimension that is impossible to govern and
regulate using conventional law.
Cyberspace has complete disrespect for jurisdictional boundaries.
Cyberspace handles gigantic traffic volumes every second.
Cyberspace is absolutely open to participation by all.
Cyberspace offers enormous potential for anonymity to its members.
Cyberspace offers never-seen-before economic efficiency.
Electronic information has become the main object of cyber crime. It is
characterized by extreme mobility, which exceeds by far the mobility of
persons, goods or other services.
A software source code worth cores of rupees or a movie can be pirated
across the globe within hours of their release.
Theft of corporeal information (e.g. Books, papers, CD, ROMs, floppy
disks) is easily covered by traditional penal provisions.
Cyber Laws in India :
Under The Information Technology Act, 2000
The primary source of cyber law in India is the Information Technology Act,
2000 (IT Act) which came into force on 17 October 2000.
The primary purpose of the Act is to provide lega lrecognition to electronic
commerce andt of acilitate filing of electronic records with the Government.
The IT Act also penalizes various cyber crimes and provides strict
punishments (imprisonment terms upto 10 years and compensation up to Rs 1
CHAPTER XI – OFFENCES – 66. Hacking with computer system.
(1) Whoever with the Intent to cause or knowing that he is likely to cause
Wrongful Loss or Damage to the public or any person Destroys or
Deletes or Alters any Information Residing in a Computer Resource or
diminishes its value or utility or affects it injuriously by any means,
(2) Whoever commits hacking shall be punished with imprisonment up to
three years, or with fine which may extend up to two lakh rupees, or
(3) CYBER OFFENCES UNDER THE IT ACT
Tampering with computer source documents – Section 65
Hacking - Section 66
Publishing of information which is obscene in electronic form - Section 67
Information Technology (Certifying Authority) Regulations,2001
came into force on 9 July 2001. They provide further technical standards and
procedures to be used by a CA.
Two important guidelines relating to CAs were issued. The first are
the Guidelines for submission of application for license to operate
as a Certifying Authority under the IT Act. These guidelines were
issued on 9th July 2001.
Next were the Guidelines for submission of certificates and
certification revocation lists to the Controller of Certifying
Authorities for publishing National Repository of Digital
Certificates. These were issue on 16th December 2002.
Cyber Regulations Appellate Tribunal (Procedure) Rules, 2000
also came into force on 17th October 2000.
These rules prescribe the appointment and working of the Cyber Regulations
Appellate Tribunal (CRAT) whose primary role is to hear appeals against
orders of the Adjudicating Officers.
The Cyber Regulations Appellate Tribunal (Salary, Allowances and other
terms and conditions of service of Presiding Officer) Rules, 2003 prescribe
the salary, allowances and other terms for the Presiding Officer of the
Information Technology (Other powers of Civil Court vested in Cyber
Appellate Tribunal) Rules 2003 provided some additional powers to the
The Information Technology (Security Procedure) Rules, 2004
came into force on 29th October 2004. They prescribe provisions relating to
secure digital signatures and secure electronic records.
Also relevant are the Information Technology (Other Standards) Rules, 2003.
An important order relating to blocking of websites was passed on 27th
February, 2003.Computer Emergency Response Team (CERT-IND) can
instruct Department of Telecommunications (DOT) to block a
The Indian Penal Code (as amended by the IT Act) penalizes several
cyber crimes. These include forgery of electronic records, cyber frauds,
destroying electronic evidence etc.
Digital Evidence is to be collected and proven in court as per the
provisions of the Indian Evidence Act (as amended by the IT Act).
In case of bank records, the provisions of the Bankers’ Book Evidence
Act (as amended by the IT Act) are relevant.
Investigation and adjudication of cyber crimes is done in accordance with
the provisions of the Code of Criminal Procedure and the IT Act.
The Reserve Bank of India Act was also amended by the IT Act.
Information Technology Amendment Act, 2008
Section – 43,
Destroys, Deletes or Alters any Information residing in a
computer resource or diminishes its value or utility or
affects it injuriously by any means;
Steals, conceals, destroys or alters or causes any person
to steal, conceal, destroy or alter any computer source
code used for a computer resource with an intention to
“If any person, dishonestly, or fraudulently, does any act
referred to in section 43, he shall be punishable with
imprisonment for a term which may extend to two three
years or with fine which may extend to five lakh rupees or
with both.” [S.66]
S.66A - Punishment for sending offensive messages through
communication service, etc
Shall be punishable with imprisonment for a term which
may extend to three years and with fine.
S. 66C - Punishment for identity theft
“Whoever, fraudulently or dishonestly make use of the
electronic signature, password or any other unique
identification feature of any other person, shall be
punished with imprisonment of either description for a
term which may extend to three years and shall also be
liable to fine which may extend to rupees one lakh”
S. 66D - Punishment for cheating by personation by using computer
“Whoever, by means of any communication device or
computer resource cheats by personation, shall be
punished with imprisonment of either description for a
term which may extend to three years and shall also be
liable to fine which may extend to one lakh rupees. “
S. 66E - Punishment for violation of privacy.
“Whoever, intentionally or knowingly captures, publishes
or transmits the image of a private area of any person
without his or her consent, under circumstances violating
the privacy of that person, shall be punished with
imprisonment which may extend to three years or with fine
not exceeding two lakh rupees, or with both”
S. 67 A - Punishment for publishing or transmitting of material containing
sexually explicit act, etc. in electronic form
“Whoever publishes or transmits or causes to be published
or transmitted in the electronic form any material which
contains sexually explicit act or conduct shall be punished
on first conviction with imprisonment of either description
for a term which may extend to five years and with fine
which may extend to ten lakh rupees”
S. 67 C - Preservation and Retention of information by intermediaries.
“Intermediary shall preserve and retain such information
as may be specified for such duration and in such manner
and format as the Central Government may prescribe.
Any intermediary who intentionally or knowingly
contravenes the provisions of sub section (1) shall be
punished with an imprisonment for a term which may
extend to three years and shall also be liable to fine.”
CYBER LAWS AMENDMENTS INDIAN PENAL
• INDIAN EVIDENCE ACT,1872
• BANKER’S BOOK EVIDENCE ACT,1891
• GENERAL CLAUSES ACT,1897
Arrests & Reports Under IT Act
Under the IT Act, 966 cybercrime cases were filed in 2010
420 in 2009)
Geographic breakdown of cases reported:
o 153 from Karnataka,
o 148 from Kerala
o 142 from Maharashtra
o 105 Andhra Pradesh
o 52 Rajasthan
o 52 Punjab
233 persons were arrested in 2010
33% of the cases registered were related to hacking
Under the IPC, 356 cybercrime cases were registered in 2010
(276 cases in 2009)
Geographic breakdown of cases reported -o 104 from Maharashtra
o 66 Andhra Pradesh
o 46 Chhattisgarh
The majority of these crimes were either forgery or fraud cases.
• CYBER LAWS_ ESSENTIAL FEATURE IN TODAYS WORLD OF INTERNET
• ACHIEVING GLOBAL PEACE AND HARMONY
• “Indian Laws are well drafted and are capable of handling all kinds of
challenges as posed by cyber criminals. However, the enforcement
agencies are required to be well versed with the changing technologies
• "As internet technology advances so does the threat of cyber crime. In
times like these we must protect ourselves from cyber crime. Anti-virus
software, firewalls and security patches are just the beginning. Never
open suspicious e-mails and only navigate to trusted sites.”