Cyber LawPPT on engineering and technology

Cyber Law
7th Semester, Computer Science & Engineering
(Elective:- Cyber Security)

Content
Cybercrime / Cyber
Classification of Cyber Crime
Prevention of Cyber Crime
Cyber Criminals and its types
Ranjit Patnaik GIET University, Gunupur 2

UNIT-III

Cybercrime / Cyber Fraud
Cybercrime or a computer-oriented crime is a crime that includes a
computer and a network. The computer may have been used in the
execution of a crime or it may be the target. Cybercrime is the use of a
computer as a weapon for committing crimes such as committing fraud,
identity theft, or breaching privacy. Cybercrime, especially through the
Internet, has grown in importance as the computer has become central to
every field like commerce, entertainment, and government. Cybercrime
may endanger a person or a nation’s security and financial
health. Cybercrime encloses a wide range of activities, but these can
generally be divided into two categories:
Crimes that aim at computer networks or devices. These types of crimes involve
different threats (like virus, bugs etc.) and denial-of-service (DoS) attacks.
Crimes that use computer networks to commit other criminal activities. These types
of crimes include cyber stalking, financial fraud or identity theft.

Classification of Cyber Crime
Cyber Terrorism – Cyber terrorism is the use of the computer and internet
to perform violent acts that result in loss of life. This may include different
type of activities either by software or hardware for threatening life of
citizens. In general, Cyber terrorism can be defined as an act of terrorism
committed through the use of cyberspace or computer resources.
Cyber Extortion – Cyber extortion occurs when a website, e-mail server or
computer system is subjected to or threatened with repeated denial of
service or other attacks by malicious hackers. These hackers demand huge
money in return for assurance to stop the attacks and to offer protection.
Cyber Warfare – Cyber warfare is the use or targeting in a battle space or
warfare context of computers, online control systems and networks. It
involves both offensive and defensive operations concerning to the threat of
cyber attacks, espionage and sabotage.

Internet Fraud – Internet fraud is a type of fraud or deceit which
makes use of the Internet and could include hiding of information or
providing incorrect information for the purpose of deceiving victims
for money or property. Internet fraud is not considered a single,
distinctive crime but covers a range of illegal and illicit actions that are
committed in cyberspace.
 Cyber Stalking – This is a kind of online harassment wherein the
victim is subjected to a barrage of online messages and emails. In this
case, these stalkers know their victims and instead of offline stalking,
they use the Internet to stalk. However, if they notice that cyber
stalking is not having the desired effect, they begin offline stalking
along with cyber stalking to make the victims’ lives more miserable.

Prevention of Cyber Crime
Use strong password – Maintain different password and username
combinations for each account and resist the temptation to write them down.
Weak passwords can be easily cracked using certain attacking methods like
Brute force attack, Rainbow table attack etc, So make them complex. That
means combination of letters, numbers and special characters.
Use trusted antivirus in devices –Always use trustworthy and highly
advanced antivirus software in mobile and personal computers. This leads
to the prevention of different virus attack on devices.
Keep social media private –Always keep your social media accounts data
privacy only to your friends. Also make sure only to make friend who are
known to you.
Keep your device software updated –Whenever your get the updates of the
system software update it at the same time because sometimes the previous
version can be easily attacked.

Use secure network – Public Wi-Fi are vulnerable. Avoid conducting
financial or corporate transactions on these networks.
Never open attachments in spam emails – A computer get infected by
malware attacks and other forms of cybercrime is via email
attachments in spam emails. Never open an attachment from a sender
you do not know.
Software should be updated – Operating system should be updated
regularly when it comes to internet security. This can become a
potential threat when cybercriminals exploit flaws in the system.

First Cyber Fraud in India
The first cybercrime occurred in 1992 when the first polymorphic
virus was released.
The case of Yahoo v. Akash Arora (1999) was one of the earliest
examples of cybercrime in India.
The defendant, Akash Arora, was accused of utilizing the trademark or
domain name ‘yahooindia.com,’ and a permanent injunction was
sought in this case.

Preventive Measure
 Backup all data, system, and considerations: This enables data stored earlier to assist businesses in recovering from an
unplanned event.
 Enforce concrete security and keep it up to date: Choose a firewall with features that protect against malicious hackers,
malware, and viruses. This enables businesses to identify and respond to threats more quickly.
 Never give out personal information to a stranger: They can use the information to commit fraud.
 Check security settings to prevent cybercrime: A cyber firewall checks your network settings to see if anyone has logged
into your computer.
 Using antivirus software: Using antivirus software helps to recognize any threat or malware before it infects the computer
system. Never use cracked software as it may impose the serious risk of data loss or malware attack.
 When visiting unauthorized websites, keep your information secure: Using phishing websites, information can easily
bypass the data.
 Use virtual private networks (VPNs): VPNs enable us to hide our IP addresses.
 Restriction on access to your most valuable data: Make a folder, if possible, so that no one can see confidential documents.

Who commits cyber-crimes?
Cyber criminals, also known as hackers, often use computer systems to gain
access to business trade secrets and personal information for malicious and
exploitive purposes.
Hackers are extremely difficult to identify on both an individual and group
level due to their various security measures, such as proxies and anonymity
networks, which distort and protect their identity.
Cybersecurity experts assert that cyber criminals are using more ruthless
methods to achieve their objectives and the proficiency of attacks is
expected to advance as they continue to develop new methods for cyber
attacks.
The growth of the global cyber criminal network, which is largely credited
to the increased opportunity for financial incentives, has created a number
of different types of cyber criminals, many of which pose a major threat to
governments and corporations.

Common Types of Cyber Criminals
Identity Thieves
Internet Stalkers
Phishing Scammers
Cyber Terrorists

Cyber Crime Techniques
Botnet – a strategically developed network of bots which crawl the backend of the
web to spread malware with very little detection.
Zombie Computer – a computer which is deliberately hacked by cyber criminals
in order to gain access to and/or attack a private network.
Distributed Denial of Service (DDoS) – with a DDoS attack, cyber criminals are
not necessarily seeking to access data, but rather are hoping to shut down a
network via an overload of junk data. An example of a DDoS attack occurred on
Friday, October 21, 2016, when cyber criminals shut down a number of highly
utilized websites, including Twitter, Spotify, and Amazon.
Metamorphic Malware – one of the more advanced techniques, metamorphic
malware, repeatedly adjusts its code, making it extremely difficult to detect by
even the most advanced anti-virus software. Experts predict that by the end of
2017, there will be an emergence of malware that can infiltrate networks, steal
information and cover up their activities. These forms of malware will make it
difficult for government agencies and businesses to establish the extent to which
data has been tampered with, as well as prevent law enforcement from pursuing
and prosecuting the offenders.

Penalties and offences under the IT Act, 2000
Offences:
Cyber offences are the illegitimate actions, which are carried out in a classy manner
where either the computer is the tool or target or both.
Cyber-crime usually includes the following −
 Unauthorized access of the computers
 Data diddling
 Virus/worms attack
 Theft of computer system
 Hacking
 Denial of attacks
 Logic bombs
 Trojan attacks
 Internet time theft
 Web jacking
 Email bombing
 Salami attacks
 Physically damaging computer system.

Penalties and offences under the IT Act, 2000
The offences included in the I.T. Act 2000 are as follows −
Tampering with the computer source documents.
Hacking with computer system.
Publishing of information which is obscene in electronic form.
Power of Controller to give directions.
Directions of Controller to a subscriber to extend facilities to decrypt information.
Protected system.
Penalty for misrepresentation.
Penalty for breach of confidentiality and privacy.
Penalty for publishing Digital Signature Certificate false in certain particulars.
Publication for fraudulent purpose.
Act to apply for offence or contravention committed outside India Confiscation.
Penalties or confiscation not to interfere with other punishments.
Power to investigate offences.

Penalties under the IT Act, 2000
 Section 65: Any person tamper, conceal, destroy, or alter any computer source document intentionally, then he
shall be liable to pay penalty upto Rs.2,00,000/-, or Imprisonment upto 3 years, or both.
 Section 66: Any person dishonestly, or fraudulently does any act as referred in Section 43, then he shall be
liable to pay penalty upto Rs.5,00,000/-, or Imprisonment upto 3 years, or both.
 Section 66B: Any person dishonestly, or fraudulently receives or retains any stolen computer resource or
communication device, then he shall be liable to pay penalty upto Rs.1,00,000/-, or Imprisonment upto 3
years, or both.
 Section 66C: Any person dishonestly, or fraudulently make use of Electronic Signature, Password or any other
Unique Identification Feature of any other person, then he shall be liable to pay penalty upto Rs.1,00,000/-, or
Imprisonment upto 3 years, or both.
 Section 66D: Any person dishonestly, or fraudulently by means of any communication device or computer
resource cheats by personating, then he shall be liable to pay penalty upto Rs.1,00,000/-, or Imprisonment
upto 3 years, or both.
 Section 66E: Any person intentionally captures, publishes, or transmits image of private area of any person
without consent, then he shall be liable to pay penalty upto Rs.2,00,000/-, or Imprisonment upto 3 years, or
both.

Section 66F: Any person does any act electronically, or with use of computer with intent to threaten
unity, integrity, security, or sovereignty of India, then he shall punishable with Imprisonment for
Life.
Section 67: Any person publishes, or transmits in electronic form any material which appeals to
prurient interest, or if its effect is such as to tend to deprave and coorupt persons who are likely to
read, see, or hear matter contained in it, then he shall be liable to pay penalty upto Rs.5,00,000/-, or
Imprisonment upto 3 years, or both, And in the event of second or subsequent conviction, he shall
be liable to pay penalty upto Rs.10,00,000/-, or Imprisonment upto 5 years, or both.
Section 67A: Any person publishes, or transmits in electronic form any material which contains
sexually explicit act, or conduct, then he shall be liable to pay penalty upto Rs.10,00,000/-, or
Imprisonment upto 5 years, or both, And in the event of second or subsequent conviction, he shall
be liable to pay penalty upto Rs.10,00,000/-, or Imprisonment upto 7 years, or both.
Section 68: The Controller may, by order, direct a Certifying Authority or any employee of such
Authority to take such measures or cease carrying on such activities as specified in the order if
those are necessary to ensure compliance with the provisions of this Act, rules or any regulations
made thereunder and if any person who intentionally or knowingly fails to comply with the order,
then he shall be liable to pay penalty upto Rs.1,00,000/-, or Imprisonment upto 2 years, or both.

Section 69: Where the Central Government or a State Government or any of its officers
specially authorized by the Central Government or the State Government, as the case may
be, in this behalf may, if satisfied that it is necessary or expedient so to do, in the interest
of the sovereignty or integrity of India, defense of India, security of the State, friendly
relations with foreign States or public order or for preventing incitement to the
commission of any cognizable offence relating to above or for investigation of any
offence, it may with reasons to be recorded in writing, by order, direct any agency of the
appropriate Government to intercept, monitor or decrypt or cause to be intercepted or
monitored or decrypted any information generated, transmitted, received or stored in any
computer resource, Any person who fails to comply with the order, then he shall be liable
to Imprisonment of 7 years, along with the fine (amount of fine is not specified in the act).
Section 70: The appropriate Government may, by notification in the Official Gazette,
declare any computer resource which directly or indirectly affects the facility of Critical
Information Infrastructure, to be a protected system, Any person who fails to comply with
the notification, then he shall be liable to Imprisonment of 10 years, along with the fine
(amount of fine is not specified in the act).
Section 71: Whoever makes any misrepresentation to, or suppresses any material fact
from the Controller or the Certifying Authority for obtaining any License or Electronic
Signature Certificate, as the case may be, then he shall be liable to pay penalty upto
Rs.1,00,000/-, or Imprisonment upto 2 years, or both.

Section 72: If any person who has secured access to any electronic record,
book, register, correspondence, information, document or other material
without the consent of the person concerned discloses such electronic
record, book, register, correspondence, information, document or other
material to any other person, then he shall be liable to pay penalty upto
Section 72A: If any person who has secured access to any material
containing personal information about another person, with the intent to
cause or knowing that he is likely to cause wrongful loss or wrongful gain
discloses, without the consent of the person concerned, or in breach of a
lawful contract, then he shall be liable to pay penalty upto Rs.5,00,000/-, or
Section 73: If any person publishes a Electronic Signature Certificate, or
make it available to any other person with the knowledge that Certifying
Authority has not issued it, or Subscriber has not accepted it, or Certificate
has been revoked or suspended then he shall be liable to pay penalty upto

Section 74: If any person knowingly creates, publishes, or otherwise makes
available Electronic Signature Certificate for any fraudulent or unlawful
purpose, then he shall be liable to pay penalty upto Rs.1,00,000/-, or
Section 75: If any person have committed an offence, or contravention
committed outside India, and if the act or conduct constituting the offence
or contravention involves a computer, computer system or computer
network located in India, then the provisions of this Act shall apply also to
any offence or contravention committed outside India by any person
irrespective of his nationality.
Section 76: Any computer, computer system, floppies, compact disks, tape
drives, or any other accessories related thereto, in respect of which any
provision of this Act, rules, orders, or regulations made thereunder has been,
or is being contravened, shall be liable to confiscation. However, if it is
proved that such resources were not used in committing fraud then only
person in default will be arrested.

Investigation of cyber-crimes in India
For conducting cyber-crime investigation, certain special skills and
scientific tools are required without which the investigation is not
possible.
Due to the Information Technology Act, 2000 (“IT Act”), certain
provisions of Criminal Procedure Code and the Evidence Act, have
been amended.
Along with this, certain new regulations had been enforced by the
Indian legal system to meet with the need of cyber-crime investigation.

Who can investigate?
The power to investigate the accused in regard to the cyber offences,
has been entailed in Section 78 of the IT Act, which says that “not
with standing anything contained in the Code of Criminal Procedure,
1973, a police officer not below the rank of Inspector shall investigate
any offence under this Act”.
Nevertheless, the IT Act is not sufficient to meet the necessity,
therefore the Criminal Procedure Code, 1978 and the Indian Penal
Code, 1860, were also amended accordingly to introduce cyber-crime
under their ambit.
This gives power to the Inspector to register and investigate the cyber-
crime as like another crime.

Process of search & arrest
The power of the police office and other officers to enter, search etc. is
entailed in Section 80 (1) of the IT Act, which says that,
notwithstanding anything contained in the Code of Criminal
Procedure, 1973, any police officer, not below the rank of the
Inspector or any other officer of the Central Government or State
Government authorized by the Central Government in this regard, may
enter any public place, search and arrest without warrant any person,
who is reasonably suspected of having committed or of committing or
about to commit an offence under the IT Act.
Pursuant to Section 80 (2) of the IT Act, any person who is arrested
under sub-section (1) by an officer other than a police officer then
such officer shall, without any unreasonable delay, take or send the
person arrested before a magistrate having jurisdiction in the case or
before the officer-in-charge of a police station.

The Government of India had launched the online cyber-crime
reporting portal, www.cybercrime.gov.in, which is a citizen-centric
initiative, to allow the complainants to lodge complaints relating to
child pornography/child sexual abuse material or any content which is
sexual in nature.
The Central Government has launched a scheme for formulating of
Indian Cyber Crime Coordination Centre (I4C) to handle the
cybercrime incidents in India, in an inclusive & coordinated manner.

The said scheme has following seven components:
National Cybercrime Threat Analytics Unit (TAU)
National Cybercrime Forensic Laboratory (NCFL)
National Cybercrime Training Centre (NCTC)
Cybercrime Ecosystem Management
Platform for Joint Cybercrime Investigation Team
National Cybercrime Reporting Portal
National Cyber Research and Innovation Centre (NCR&IC)

The government is also planning to set up Regional Cyber Crime Coordination Centres at
respective States/UTs.By following below-mentioned steps, one can report a cyber-crime
online:
 Step 1: Go to https://www.cybercrime.gov.in/Accept.aspx.
 Step 2: Click on ‘Report Other Cyber Crimes’ on the menu.
 Step 3: Create ‘Citizen login’.
 Step 4: Click on ‘File a Complaint’.
 Step 4: Read the conditions and accept them.
 Step 5: Register your mobile number and fill in your name and State.
 Step 6: Fill in the relevant details about the offence.

Process of Investigation

UNIT-IV

India Legal Framework Analysis
 The Government of India needs to have a separate Ministry for Co-operation instead of acting as an adjunct of
the Department of Agriculture and Farmers welfare and nomenclature of the Registrar i.e. Department(s) of
co-operation should be changed to Co-operative Promotio The model bylaw has become mandatory bylaw in
practice. Hence while approving the
 The Model bylaws, the Registrar of Co-operative Societies needs to look into the provisions of the Co-
operative Societies Act only.
 The organizational structure and staff remuneration are according to the directive of the Registrar of Co-
operative Societies in most of the states. Co-operative being an autonomous and independent organization the
structure and staff remuneration needs to be decided by the concerned co-operative. The Government may
give certain guidelines so as to ensure that the financial stability of the society is not affected.
 The co-operatives should have discretion over their expenditure and investments. Law should not mandate
expenditures on specific functions or require Government approval of basic business decisions. This is subject
to general auditing requirements.
 The distribution of surplus of the co-operative should be according to the patronage of the co-operative rather
than capital subscribed.
 There are a lot of variations in the co-operative societies Act of various states. There is a need to adopt the
features that provide enabling provisions in the State Co-operative Societies Act. However, this does not mean
that a uniform law across the country should be framed since Co-operation is a state subject and there are a lot
of regional variations.

Cyber security framework under the IT Act in
India
Key developments in the cyber security framework in India
The Indian Computer Emergency Response Team
Constitution of committee of experts to review the IT Act
Recommendations of the standing committee on IT on the IT (Amendment)
Bill 2006
The Information Technology (Amendment) Act, 2008
Bill on Intelligence agency reforms
National Cyber Security Policy, 2013
 Standing committee on IT report on ‘Cyber Crime, Cyber Security and Right
to Privacy’
 Surveillance order issued by MHA
 National Cyber Security Strategy 2020

India
To manage cyber-related risks responsibly, the NIST Cybersecurity
Framework includes guidelines, standards, and best practices. According to
this framework, flexibility and affordability are of prime importance.
Moreover, it aims at fostering resilience and protecting critical infrastructure
by implementing the following measures:
A better understanding, management, and reduction of the risks associated with
cybersecurity.
Prevent data loss, misuse, and restoration costs.
Determine the most critical activities and operations that must be secured.
Provides evidence of the trustworthiness of organizations that protect critical assets.
Optimize the cybersecurity return on investment (ROI) by prioritizing investments.
Responds to regulatory and contractual requirements
Assists in the wider information security program.

India

Cyber Crimes against Individuals and State
Cybercrime ranges variety of activities. Cyber crime can be basically
divided into three major categories:
Cyber crimes against persons like harassment occur in cyberspace or through
the use of cyber space.
Harassment can be sexual, racial, religious, or other.
Cyber crimes against property like computer wreckage (destruction of others'
property), transmission of harmful programs, unauthorized trespassing,
unauthorized possession of computer information.
Cyber crimes against government like Cyber terrorism

Crimes against persons are:
Cyber-Stalking: It means to create physical threat that creates fear to use the computer
technology such as internet, e-mail, phones, text messages, webcam, websites or
videos.
Dissemination of Obscene Material: It includes Indecent exposure/ Pornography
(basically child pornography), hosting of web site containing these prohibited
materials. These obscene matters may cause harm to the mind of the adolescent and
tend to deprave or corrupt their mind.
Defamation: It is an act of imputing any person to lower down the dignity of the
person by hacking his mail account and sending some mails with using vulgar
language to unknown persons mail account.
Hacking: It means unauthorized control/access over computer system and act of
hacking completely destroys the whole data as well as computer programmers.
Hackers usually hacks telecommunication and mobile network.
Cracking: It is one of the serious cyber crimes known till date .Cracking means that a
stranger has broken into your computer systems without your knowledge and consent
and has tampered with precious confidential data and information.
E-Mail Spoofing: A spoofed e-mail may be said to be one, which misrepresents its
origin. It shows its origin to be different from which actually it originates.

Crimes against persons are:
SMS Spoofing: Spoofing is a blocking through spam which means the unwanted
uninvited messages. Wrong doer steals mobile phone number of any person and
sending SMS via internet and receiver gets the SMS from the mobile phone number
of the victim. It is very serious cyber crime against any individual.
Carding: It means false ATM cards i.e. Debit and Credit cards used by criminals for
their monetary benefits through withdrawing money from the victim's bank account
mala-fidely. There is always unauthorized use of ATM cards in this type of cyber
crimes.
Cheating & Fraud: It means the person who is doing the act of cyber crime i.e.
stealing password and data storage has done it with having guilty mind which leads to
fraud and cheating.
Child Pornography: It involves the use of computer networks to create, distribute, or
access materials that sexually exploit underage children.
Assault by Threat: refers to threatening a person with fear for their lives or lives of
their families through the use of a computer network i.e. E-mail, videos or phones.

Crimes against Property:
As there is rapid growth in the international trade where businesses and consumers
are increasingly using computers to create, transmit and to store information in the
electronic form instead of traditional paper documents.
 Intellectual Property Crimes: Intellectual property consists of a bundle of rights. Any unlawful
act by which the owner is deprived completely or partially of his rights is an offence. The
common form of IPR violation may be said to be software piracy, infringement of copyright,
trademark, patents, designs and service mark violation, theft of computer source code, etc.
 Cyber Squatting: It means where two persons claim for the same Domain Name either by
claiming that they had registered the name first on by right of using it before the other or using
something similar to that previously. For example two similar names i.e. www.yahoo.com and
www.yaahoo.com.
 Cyber Vandalism: Vandalism means deliberately destroying or damaging property of another.
Thus cyber vandalism means destroying or damaging the data when a network service is
stopped or disrupted. It may include within its purview any kind of physical harm done to the
computer of any person. These acts may take the form of the theft of a computer, some part of
a computer or a peripheral attached to the computer.
 Hacking Computer System: Hacktivism attacks those included Famous Twitter, blogging
platform by unauthorized access/control over the computer. Due to the hacking activity there
will be loss of data as well as computer. Also research especially indicates that those attacks
were not mainly intended for financial gain too and to diminish the reputation of particular
person or company.

Crimes against Property:
Transmitting Virus: Viruses are programs that attach themselves to a computer or a file
and then circulate themselves to other files and to other computers on a network. They
usually affect the data on a computer, either by altering or deleting it. Worm attacks plays
major role in affecting the computerize system of the individuals.
Cyber Trespass: It means to access someone's computer without the right authorization of
the owner and does not disturb, alter, misuse, or damage data or system by using wireless
internet connection.
Internet Time Thefts: Basically, Internet time theft comes under hacking. It is the use by
an unauthorized person, of the Internet hours paid for by another person. The person who
gets access to someone else's ISP user ID and password, either by hacking or by gaining
access to it by illegal means, uses it to access the Internet without the other person's
knowledge. You can identify time theft if your Internet time has to be recharged often,
despite infrequent usage.

Cybercrimes against Government/ State
There are certain offences done by group of persons intending to threaten the
international governments by using internet facilities. It includes: Transmitting
Virus: Viruses are programs that attach themselves to a computer or a file and
then circulate themselves to other files and to other computers on a network.
They usually affect the data on a computer, either by altering or deleting it.
Worm attacks plays major role in affecting the computerize system of the
individuals.
Cyber Terrorism: Cyber terrorism is a major burning issue in the domestic as well as
global concern. The common form of these terrorist attacks on the Internet is by
distributed denial of service attacks, hate websites and hate e-mails, attacks on sensitive
computer networks etc. Cyber terrorism activities endanger the sovereignty and integrity
of the nation.
Cyber Warfare: It refers to politically motivated hacking to damage and spying. It is a
form of information warfare sometimes seen as analogous to conventional warfare
although this analogy is controversial for both its accuracy and its political motivation.

Cybercrimes against Government/ State
Distribution of pirated software: It means distributing pirated software from one computer
to another intending to destroy the data and official records of the government.
Possession of Unauthorized Information: It is very easy to access any information by the
terrorists with the aid of internet and to possess that information for political, religious,
social, ideological objectives.

Hacking
A commonly used hacking definition is the act of compromising
digital devices and networks through unauthorized access to an
account or computer system. Hacking is not always a malicious act,
but it is most commonly associated with illegal activity and data theft
by cyber criminals.
Hacking refers to the misuse of devices like computers, smartphones,
tablets, and networks to cause damage to or corrupt systems, gather
information on users, steal data and documents, or disrupt data-related
activity.

History of Hacking/Hackers
Hacking first appeared as a term in the 1970s but became more popular through
the next decade. An article in a 1980 edition of Psychology Today ran the headline
“The Hacker Papers” in an exploration of computer usage's addictive nature. Two
years later, two movies, Tron and WarGames, were released, in which the lead
characters set about hacking into computer systems, which introduced the concept
of hacking to a wide audience and as a potential national security risk.
Sure enough, later that year, a group of teenagers cracked the computer systems of
major organizations like Los Alamos National Laboratory, Security Pacific Bank,
and Sloan-Kettering Cancer Center. A Newsweek article covering the event
became the first to use the word “hacker” in the negative light it now holds.
This event also led Congress to pass several bills around computer crimes, but that
did not stop the number of high-profile attacks on corporate and government
systems. Of course, the concept of hacking has spiraled with the release of the
public internet, which has led to far more opportunities and more lucrative rewards
for hacking activity. This saw techniques evolve and increase in sophistication and
gave birth to a wide range of types of hacking and hackers.

Types of Hacking/Hackers
Black Hat Hackers
 Black hat hackers are the "bad guys" of the hacking scene. They go out of their way to discover vulnerabilities
in computer systems and software to exploit them for financial gain or for more malicious purposes, such as to
gain reputation, carry out corporate espionage, or as part of a nation-state hacking campaign.
 These individuals’ actions can inflict serious damage on both computer users and the organizations they work
for. They can steal sensitive personal information, compromise computer and financial systems, and alter or
take down the functionality of websites and critical networks.
White Hat Hackers
 White hat hackers can be seen as the “good guys” who attempt to prevent the success of black hat hackers
through proactive hacking. They use their technical skills to break into systems to assess and test the level of
network security, also known as ethical hacking. This helps expose vulnerabilities in systems before black hat
hackers can detect and exploit them.
 The techniques white hat hackers use are similar to or even identical to those of black hat hackers, but these
individuals are hired by organizations to test and discover potential holes in their security defenses.
Grey Hat Hackers
 Grey hat hackers sit somewhere between the good and the bad guys. Unlike black hat hackers, they attempt to
violate standards and principles but without intending to do harm or gain financially. Their actions are typically
carried out for the common good. For example, they may exploit a vulnerability to raise awareness that it
exists, but unlike white hat hackers, they do so publicly. This alerts malicious actors to the existence of the
vulnerability.

Types of Hacking/Hackers

Digital Forgery
 Forgery is defined as the production of a document that is known to be fake but appears to be
genuine. It is usually seen in documents such as cheques, passports, visas, certificates, other
identification documents etc. and people are easily hoodwinked, especially when the forgery is
done digitally. It is impossible to tell the difference between genuine and falsified documents
unless you’ve been trained to do so. Forgeries are dangerous because they are frequently difficult
to spot as fakes. As a result of digital forgeries, the victims of these activities may suffer financial
loss as well as a loss of reputation. The number of crimes pertaining to forgery is increasing day
by day.
 It is not very hard for forgers to falsify documents and signatures especially if it is a digital one
but it can be extremely difficult for a layman to figure out the minute indications and details in a
document that distinguish a fake one from an original. Digital forgery is at an all-time high in
today’s contemporary world and as a matter of fact, the majority of people do not realise when
their documents are forged.

Digital Forgery- Solution
 There are several approaches and tools available today for detecting forgeries.
Apart from standard procedures like ocular analysis of a picture and parameter
adjustment (such as brightness, contrast, and so on), the forensic experts employ
the following:
 reflections and shadows,
 lighting,
 analysis of thumbnails,
 error level analysis (ELA),
 examination of brightness gradients,
 principal component analysis (PCA),
 clone detection,
 stamp investigation of chromatic aberrations,
 noise analysis.

Cyber Stalking/Harassment
 Cyberstalking refers to the use of the internet and other technologies to harass or stalk another
person online, and is potentially a crime in the United States. This online harassment, which is
an extension of cyberbullying and in-person stalking, can take the form of e-mails, text
messages, social media posts, and more and is often methodical, deliberate, and persistent.
 Most of the time, the interactions do not end even if the recipient expresses their displeasure or
asks the person to stop. The content directed at the target is often inappropriate and sometimes
even disturbing, which can leave the person feeling fearful, distressed, anxious, and worried.
 Examples of Cyberstalking
 Post rude, offensive, or suggestive comments online
 Follow the target online by joining the same groups and forums
 Send threatening, controlling, or lewd messages or emails to the target
 Use technology to threaten or blackmail the target
 Tag the target in posts excessively, even if they have nothing to do with them
 Comment on or like everything the target posts online

Cyber Stalking/Harassment
 Examples of Cyberstalking
 Create fake accounts to follow the target on social media
 Message the target repeatedly
 Hack into or hijack the target's online accounts
 Attempt to extort sex or explicit photos
 Send unwanted gifts or items to the target
 Release confidential information online
 Post or distribute real or fake photos of the target
 Bombard the target with sexually explicit photos of themselves
 Create fake posts designed to shame the victim
 Track the target's online movements by installing tracking devices
 Hack into the target's camera on their laptop or smartphone as a way to secretly record
them
 Continue the harassing behavior even after being asked to stop

How to Prevent Cyber stalking/Harassment
 Create strong passwords. Make sure you have strong passwords for all your online accounts as
well as strong passwords for your devices. Then, set a reminder on your phone to regularly
change your passwords. Choose passwords that would be difficult to guess but are easy for you
to remember.
 Be sure to log out every time. It may seem like a pain, but make sure you log out of email,
social media accounts, and other online accounts after using them. This way, if someone were
able to get into your device they would not have easy access to your accounts.
 Keep track of your devices. Don't leave your phone sitting on your desk at work or walk away
from an open laptop. It only takes a minute or two for someone to install a tracking device or
hack your device. So, make sure you keep these things in your possession or that you secure
them in some way.

Right to Privacy and Data Protection on
Internet

Self-regulation approach to privacy
Defining Self-Regulation
self-regulation is almost always a misnomer. It hardly ever exists without
some relationship to the state; a relationship that itself varies greatly. The
meaning of self-regulation shifts depending upon the extent of government
coercion or involvement and upon accurate public perceptions of the
relationship of private sector and state.
A study on self-regulation in the Media Sector and European Community Law
noted that "The term "self-regulation" is often used as a matter of course, as if
it were (1) a specific and defined term, and (2) an equally specific and defined
regulatory practice. Yet in general, this is not the case" (Ukrow 1999: 11).
From the outset, then, there needs to be an exploration of the variety of
meanings of "self-regulation" and the implications of each grouping of them
for the better management of social concerns with the new technology.

Self -Regulatory Tools
A wide array of self-regulatory tools have proven track records as
substitutes for government regulation.
They assume many forms, ranging from social control to formal
contracts.
Codes of conduct, voluntary standards, contractual provisions,
accreditation, third-party certification, audits, best practices and
performance goals and objectives have all withstood scrutiny in lieu of
prescriptive regulation in a variety of industry settings, including the
media.
Dispute resolution is also an important element within a self
regulatory regime for the Internet.

Intellectual Property in Cyberspace
Intellectual Property (IP) simply refers to the creation of the mind. It refers
to the possession of thought or design by the one who came up with it. It
offers the owner of any inventive design or any form of distinct work some
exclusive rights, that make it unlawful to copy or reuse that work without
the owner’s permission. It is a part of property law. People associated with
literature, music, invention, etc. can use it in business practices.
There are numerous types of tools of protection that come under the term
“intellectual property”. Notable among these are the following:
Patent
Trademark
Geographical indications
Layout Designs of Integrated Circuits
Trade secrets
Copyrights
Industrial Designs

Intellectual Property in Cyberspace
Online content needs to be protected and hence Intellectual Property
Rights and Cyber laws cannot be separated.
In cyberspace, sometimes one person makes a profit by using another
person’s creation without the owner’s consent. This is a violation of
privacy, and it is protected by IPR. We have certain laws to avoid
violation of Intellectual Property Rights in cyberspace and when it is
violated, then additionally we have several remedies in law.

Copyright Infringement
Copyright protection is given to the owner of any published artistic,
literary, or scientific work over his work to prohibit everyone else
from exploiting that work in his name and thereby gain profit from it.
When these proprietary creations are utilized by anyone without the
permission of the owner, it leads to copyright infringement. If copies
of any software are made and sold on the internet without the
permission of the owner or even copying the content from any online
source, these all are examples of copyright infringement.

Copyright Issues in Cyberspace
Linking –
It permits a Website user to visit another location on the Internet. By simply clicking on a
word or image on one Web page, the user can view another Web page elsewhere in the
world, or simply elsewhere on the same server as the original page.
Linking damages the rights or interests of the owner of the Linked webpage. It may create
the supposition that the two linked sites are the same and promote the same idea. In this
way, the linked sites can lose their income as it is often equal to the number of persons
who visit their page.
Software Piracy –
Software piracy refers to the act of stealing software that is lawfully shielded. This
stealing comprises various actions like copying, spreading, altering, or trading the
software. It also comes under the Indian copyright act.
An example of software piracy is downloading a replica of Microsoft Word from any
website other than Microsoft to avoid paying for it as it is a paid software. Piracy can be
of 3 types:
 Soft lifting
 Software Counterfeiting
 Uploading-Downloading.

Interface with Copyright Law
Copyright is a bundle of exclusive rights given by the law to the
creators of original works. It is a form of intellectual property
protection granted by law. The rights provided under Copyright law
include the rights of reproduction of the work, communication of the
work to the public, adaptation of the work and translation of the work.
Copyright laws serve to create property rights for certain kinds of
intellectual property, generally called works of authorship. Copyright
laws protect the legal rights of the creator of an ‘original work’ by
preventing others from reproducing the work in any other way.

The main goals of copyright are: -
To encourage the development of culture, science and innovation
To provide a financial benefit to copyright holders for their works
To facilitate access to knowledge and entertainment for the public.

SUBJECT MATTER OF COPYRIGHT, ECONOMICS AND MORAL RIGHTS
Modern copyright laws serve to protect a variety of intellectual property ranging
from songs and jingles to computer software and proprietary databases. All subject
matters protected by copyright are called ‘works’. Thus according to Section 13 of
The Copyright Act 1957, it may be subjected for the following works:
Clause (a) of this Section 13 provides the definition of original work whereas
clause (b) and (c) provides secondary works.
Primary Works
Original Literary Work,
Original Dramatic work,
Original Musical work,
Original Artistic Work,
Secondary Works
Cinematography films, and
Sound recordings.

Interface with Patent Law
Patent law is the branch of intellectual property law that deals with
new inventions. Traditional patents protect tangible scientific
inventions, such as circuit boards, car engines, heating coils, or
zippers. However, over time patents have been used to protect a
broader variety of inventions, such as coding algorithms, business
practices, or genetically modified organisms.
In general, a patent can be granted if an invention is:
not a natural object or process;
new;
useful; and
not obvious.

Interface with Patent Law
Terms to Know
Application: The collection of documents that must be filed with the U.S. Patent and
Trademark Office (USPTO) in order to obtain a patent.
Agent: Someone who is not an attorney, but who is authorized to file patent
applications on behalf of inventors.
Claims: The section of the patent application that defines the new and nonobvious
part of the invention and the part of the invention that can later be protected.
Counterpart: A patent application before the USPTO concerning an invention that is
already patented in another country. Typically, the same person files both patent
applications.
Infringement: Making or selling a patented device without a license from the patent
owner.
Prior Art: The state of the industry before the patent was filed. Things that are
considered prior art are not eligible for patent protection because they are not new.
Patent Prosecution: The process of applying for and receiving a patent.
Patent Litigation: The process of defending a patent against infringement.

Trademarks & Domain Names Related issues
Trademark Registration
After successful trademark registration, there can be nothing worse for a
businessman than finding out that the corresponding domain name isn’t
available. Such trademark issues related to domain names are fairly common
and can be resolved based on the context. Let’s understand trademark and
domain name issues in detail.
Once the trademark registration is complete, hosting a website is the next step,
for which a domain name is to be registered. The regulating body responsible
for maintaining IP address records is called the Internet Corporation for
Assigned Names and Numbers (ICANN).

A domain name can be divided into Top Level Domain (TLD) and
Second Level Domain (SLD).
TLD is further divided into generic (gTLD) or geographic (CcTLD),
wherein generic domain names are international in nature (Ex - .edu,
.com) and geographic domain names are for particular nations (Ex -
.in).
Thus, the first step in domain registration is deciding the TLD and
SLD.
Once that has been settled, the registrar will collect the necessary
information and send it to the registry that maintains the directory.

Disputes
Cybersquatting
Suppose a highly prestigious company, say Tanishq, does not have a website yet.
Someone buys the domain name ‘tanishq.com’ either intending to sell it later to
Tanishq at a profit or to attract traffic and generate money through advertising. You
just got yourself a case of cybersquatting: the act of registering and using a domain
name in bad faith, a common trademark and domain name dispute.
Cyber Twins
Cyber twins or concurrent disputes arise when both parties have a legitimate claim to
a domain name. This is the most complicated of all trademark issues related to a
domain name. For example, the case of Indian Farmers Fertilizer Cooperation Ltd vs.
International Foodstuffs Co. for the domain name iffco.com.
Reverse Domain Name Hijacking
As the name suggests, RDNH is the inverse of Domain Hijacking, when a trademark
holder falsely accuses a legitimate domain name holder with cybersquatting and
wrongly pressurizes him to give it up to another party. For instance, the infamous case
of Indian Hotels Company Ltd. and the domain name IndianHotels.com.

Settlement
There are several ways in which trademark issues related to domain
names can be settled
Non - Intervention
If the domain name is not vital, contesting for it will only cost time and money. Therefore,
it is not worth fighting over.
Mutual Agreement
Another way of dealing with such issues is to arrive at a pact of understanding between
the two parties. This could either take place in the form of a disclaimer on the domain
owner’s website stating that it is not related to the trademark holder’s business or a link
displayed which redirects traffic that has erroneously arrived at their site, back to the
trademark bearer’s website.

Dispute Resolution in Cyberspace
The Information Technology Act, 2000 establishes quasi-judicial
bodies, such as adjudicating officials, to resolve disputes (offences of a
civil nature as well as criminal offences).
The adjudicating officer has the jurisdiction to award compensation as
a civil remedy as well as impose fines for violating the Act, giving
them civil and criminal court-like powers.
The Cyber Appellate Tribunal is the first level of appeal, with a
Chairperson and any additional members appointed by the Central
Government.
A second appeal may be lodged with a High Court having jurisdiction
within 60 days after the Cyber Appellate Tribunal’s ruling has been
communicated.

The adjudicating officer
The Central Government appoints an “Adjudicating Officer” (AO)
with the authority to make decisions.
The secretary of each state’s department of information technology is
designated as the AO for that state by default, according to the
Ministry of Electronics and Information Technology (“MeitY”).
The AO is a quasi-judicial entity since it has the ability to:
Order investigation, i.e. hold an inquiry into a breach of the IT Act, 2000
based on the evidence presented to it; and
Adjudicate, i.e. determine the amount of compensation or punishment to be
awarded in the event of a violation.

The adjudication process as provided by the IT Act, 2000
The adjudication process as provided by the Information Technology
Act, 2000 has been discussed in pointers hereunder:
Filing of the complaint to the AO.
Notice to the necessary parties containing the date and time of the first hearing
is issued by the AO.
On the date provided in the notice, the AO explains alleged contraventions to
the party against whom allegations are made. The three possible instances that
can take place subsequent to this are provided below:
The person against whom the allegation is made pleads guilty, or
The person against whom the allegation is made shows cause why an inquiry
should not be held against him/her, or
The person against whom the allegation is made fails to appear. In that case,
the AO proceeds with the inquiry in absence of such a person.

The adjudication process as provided by the IT Act, 2000
If the situation in point (a) happens, then the consequence will be the
imposition of penalty or awarding of compensation as per the provisions of
the IT Act, 2000, by the AO.
If the circumstance provided in point (b) unfolds itself, the outcomes are:
The AO decides on the basis of submission of parties and/or preliminary investigation
in order to determine whether there is sufficient cause to order an inquiry or not. The
AO will fix another date for production of documents or evidence and then finally
pass an order on the basis of the evidence presented.
The AO dismisses the complaint on finding no sufficient cause to proceed with it.
The AO has jurisdiction over cases in which the claim for compensation or
harm is less than INR 5 crore. The AO has the authority to order an
investigation into a complaint at any time after receiving it. An officer from
the Office of the Controller of Certifying Authorities, or (CERT-In), or a
Deputy Superintendent of Police conducts the inquiry.

Cyber Appellate Tribunal
Sub-clause (1) Section 58 of the IT Act, 2000 states that the Cyber
Appellate Tribunal is not bound by the Code of Civil Procedure, 1908, but
rather by the principles of natural justice, and the Cyber Appellate Tribunal
has the authority to regulate its own procedure, including the location of its
hearings, subject to the other provisions of this Act and any rules.
Clause (2) Section 58 provides that the Cyber Appellate Tribunal shall have
the same powers as a civil court under the Code of Civil Procedure, 1908,
when trying a case, for the purposes of carrying out its tasks under this Act:
Having any person summoned and compelled to appear, as well as questioning him
under oath;
Requiring documents or other electronic records to be discovered and produced;
Receiving evidence on affidavit;
Appointing commissions to examine witnesses or documents;
Reconsidering its decisions;
Dismissing an application due to default or making an ex parte decision;
Any additional matter that the court may deem necessary.

Cyber Appellate Tribunal
Clause (3) Section 58 provides that any proceeding before the Cyber
Appellate Tribunal is to be treated as a judicial proceeding for the
purposes of Sections 193 and 228 of the Indian Penal Code, 1860, and
the Cyber Appellate Tribunal is treated as a civil court for the purposes
of Section 195 and Chapter XXVI of the Code of Criminal Procedure,
1973.
The High Court.

Cyber LawPPT on engineering and technology

Recommended

Recommended

More Related Content

Similar to Cyber LawPPT on engineering and technology

Similar to Cyber LawPPT on engineering and technology (20)

Recently uploaded

Recently uploaded (20)

Cyber LawPPT on engineering and technology