Cyber laws

(2015-16)
BCA 1ST SEM
ASHITA PHULWANI 5/4/2017

PRESENTED BY:
ASHITA PHULWANI
(BCA 1ST SEM STUDENT)

Security is necessary for prevention of
crime. And hence, we first need to know
what crime is! So first, we will learn about
the word crime and what does the term
cyber crime refer to in detail.
Crime is a social and economic phenomenon
and is as old as the human society. Crime is
a legal concept and has the sanction of the
law. Crime or an offence is “a legal wrong
that can be followed by criminal proceedings
which may result into punishment.”
The hallmark of criminality is that, it is
breach of the criminal law. Per Lord AtkinASHITA PHULWANI 5/4/2017

Exploring the
dark side of
technology

CATEGORIES OF CYBER CRIME
Cyber Crime refers to all activities done with criminal intent in
cyberspace. These fall into three slots.
• Those against persons.
• Against Business and Non-business organizations.
• Crime targeting the government.

The first recorded cyber crime took place in the
year 1820! In 1820, Joseph-Marie Jacquard, a
textile manufacturer in France, produced the
Loom. This device allowed the repetition of a
series of steps in the weaving of special fabrics.
This resulted in a fear amongst Jacquard's
employees that their traditional employment and
livelihood were being threatened. They
committed acts of sabotage to discourage
Jacquard from further use of the new technology.
This is the first recorded cyber crime!
The first spam email took place in 1978 when it
was sent out over the Arpanet (AdvancedASHITA PHULWANI 5/4/2017

The intention must be dishonest.
• Such property must be movable in nature.
• Such property must be taken out of the possession of its owner.
• Such property must be taken without the consent of the owner.
• Such property must be removed from its original place to another.
ASHITA PHULWANI
Because ,
 Everybody is using COMPUTERS. From white collar criminals to terrorist organizations And from Teenagers to Adults
 New generation is growing up withcomputers
 MOST IMPORTANT– Money transactions
are moving on to the INTERNET

 Computers
 Cell Phones
 PDA’s
 Game Consoles
Could be-
 Disgruntled employees
 Teenagers
 Professional hackers
 Business rival
 Divorced husband
 Ex-boyfriend

Gullible
Desperados andgreedy people
Unskilled & Inexperienced people
Unlucky people
 Gathering trophies(quest to become famous)
 General mischief
 Financial gain
 Revenge
 Protest
 Criminal activity
 Identity theft
 Forging documents and messages

Because of-
Anonymity.
Computer’s storage capacity.
Weakness in operating system.
Lack of user awareness.
 Loss of revenue
 Wasted time
 Damaged reputation
 Reduced productivity
 Identity theft
 Security costs
 Monetary loses
 Privacy

Smart criminals don’t use their own computers.
 Floppy disks
 Zip/jazz disks
 Tapes
 Digital cameras
 Memory sticks
 Printers
 CDs
 PDAs
 Games boxes
 Networks
 Hard drives

• There are five general stages to develop and deploy a
“cyber attack”
Research
reconnaissance
Development
Testing
Attack

One of the biggest mistake anybody could possibly make is
assume that things will not get worse.
 Wireless malware
 Deadly combination
 A deadly payload
 Intelligent malware

1. Hacking of computer systems and networks
2. Cyber pornography involving production and distribution of
pornographic material, including child pornography
3. Financial crimes such as siphoning of money from banks, credit card
frauds, money laundering
4. Online Gambling
5. Intellectual property crimes such as theft of computer source code,
software piracy, copyright infringement, trademark violations
6. Harassments such as cyber stalking, cyber defamation, indecent
and abusing mails
7. Cyber frauds such as forgery of documents including currency and
any other documents Launching of virus, worms and Trojans
9. Denial-of-service attacks
10. Cyber attacks and cyber terrorism
11. Economic espionage
12. Consumer harassment and consumer protection
13.Theft Privacy of citizens
14. Sale of illegal articles such as narcotics, weapons, wildlife, etcASHITA PHULWANI 5/4/2017

1. E-mail abuse
2. Spam mails
3. Cyber defamation
4. Theft of source code
5. Exchange of business secrets and documents
6. Insider attacks on personal database
7. Use of office computer for running other business
8. Transmission and viewing of pornographic materials
9. External cyber attacks on an organization resulting
in denial-of-service
10. Information espionageASHITA PHULWANI 5/4/2017

Indiastands 11th in therankingforCyberCrimein theWorld,
constituting3%of theGlobalCyberCrime.

Cyber bullying is a type of bullying that takes
place using electronic technology. Electronic
technologies include devices and equipments
like cell Phones, Computers and Tablets as well
as communication tools including Social
Media sites, Text Messages, Chat and Websites.
Cell phones and computers themselves are not to
blame for cyber bullying. Social media sites can be
used for positive activities like connecting kids
with their family and friends, helping students
with school and for entertainment. But these tools
can also be used to hurt some one. Whether done
in person or through technologies.

KIDS WHOARE CYBERBULLIEDARE MOSTLY LIKE:
 Use alcohols and drugs
 Skip schools
 Experience in- person bullying
 Be unwilling to attend schools
 Receive poor grades
 Have lower self-esteem
 Have more health problems

 Near 43% of kids have been bullied
online. 1 in 4 has had to happen more
than one time.
 70% of students report seeing frequent
bullying online.
 Over 80% of teens use a cell phones
making it a common mode of bullying.
 Girls are about twice as likely as boys to
be victims and perpetrators of cyber
bullying.
 Only 1 in 10 victims will inform a parent
or a trusted adult about their abuse.

The utterance of false
charges or
misrepresentations
which defame and
damage another's
reputation through
electronics ,media
,and social sites.ASHITA PHULWANI 5/4/2017

Cyber Stalking is use of the
Internet or other electronic
means to stalk someone. This
term is used interchangeably
with online harassment and
online abuse. Stalking generally
involves harassing or
threatening behavior that an
individual engages in repeatedly,
such as following a person,
appearing at a persons home or
place of business, making
harassing phone calls, leaving
written messages or objects, or

Image manipulating is a severe crime that is taking place these days. that
criminals are stealing and manipulating photos of women from Face book
,social sites, profiles etc. criminals would go to the considerable effort of
both stealing and digitally photo shopping photos to sell them to porn
sites. the danger is not only to females even the pics of males are illegally
used for many things. it seems that predators are using social media sites
to find content for shocking porn sites. The catch here is that the people
using private photos stolen from private Face book accounts aren’t
actually breaking the law. When we sign up for social media sites like
Twitter and Face book, we are kind of giving permission to the whole world
to look at our private photos and read our statuses, know our location and
even our places of employment. Though we can monitor our private
photos on Facebook and Twitter there are several ways that predators
have found to get your information.

A realistic manipulated pic of
barack obama and ACP
pradyuman
A manipulated picture
A manipulated realistic picture of
barack obama in traditional getup just
like rahul gandhi

Jeong Da-bin (March 4, 1980 – February 10, 2007) was a South Korean actress. Best known for the
popular television series Rooftop Room Cat, she committed suicide in 2007 at the age of 26.

Intellectual property theft case
Jun 23, 2009 at 0119 hrs IST
The economic offences wing (EOW) of the Pune police on Monday arrested a software
engineer Asma Sandip Thorve (37), a resident of Uday Society
in Sahkar Nagar, for allegedly cheating Brainvisa Technologies
to the tune of Rs 46.5 crores, by stealing their source code.
Earlier, the police had arrested software engineer Sameer
Ashok Inamdar (36) of Kondhwa in the same case.
According to the police, Inamdar resigned from Brainvisa
Technologies in August 2006. He allegedly stole the source
code and other secret information of Brainvisa Technologies
and started his own company. Owner of Brainvisa Technologies
Nitin Hemchandra Agarwal had lodged a police complaint
alleging that the company lost Rs 46.5 crores due to this.
A team, led by assistant commissioner Pushpa Deshmukh, arrested Thorve, who was
Inamdar’s business partner and allegedly provided him the confidential data of
Brainvisa.
Thorve worked as senior manager, business development, for Brainvisa from May 2004
to December 2005 and there on as vice president till December 2008, after which she
joined Inamdar as a partner. Thorve was produced before court on Monday and has
been remanded to police custody till June 26.ASHITA PHULWANI 5/4/2017

Some
major
Types Of
Cyber
Crimes
Phishing
Credit
Card
Fraud
Pornograp
hy
Software
Piracy
spoofing
Salami
attacks
virus
disseminat
ion
Net
exortion
Hacking
IRC Crimes

 Every act committed towards breaking into a computer and/or
network is hacking. Hackers write or use ready-made computer
programs to attack the target computer. They possess the desire to
destruct and they get the kick out of such destruction. Some hackers
hack for personal monetary gains, such as to stealing the credit card
information, transferring money from various bank accounts to their
own account followed by withdrawal of money.
 By hacking web server taking control on another persons website
called as web hijacking
It is technique of pulling out confidential
information from the bank/financial institutional
account holders by deceptive means

 The challenge... ‘because it’s there!’
 Money (extortion or theft)
 Ego
 Espionage
 Ideology
 Mischief
 Revenge

From: *****Bank [mailto:support@****Bank.com]
Sent: 08 June 2004 03:25
To: India
Subject: Official information from ***** Bank
Dear valued ***** Bank Customer!
For security purposes your account has been
randomly chosen for verification. To verify
your account information we are asking you to
provide us with all the data we are requesting.
Otherwise we will not be able to verify your identity
and access to your account will be denied. Please click
on the link below to get to the bank secure
page and verify your account details. Thank you.
https://infinity.*****bank.co.in/Verify.jsp
****** Bank Limited

ATM card fraud is a wide-ranging term for theft and recommitted
using a credit card or any similar payment mechanism as a
fraudulent source of funds in a transaction. The purpose may be to
obtain goods without paying, or to obtain unauthorized funds from
an account. Credit card fraud is also an adjunct to identity theft.
According to the Federal Trade Commission, while identity theft had
been holding steady for the last few years, it saw a 21 percent
increase in 2008. However, credit card fraud, that crime which most
people associate with ID theft, decreased as a percentage of all ID
theft complaints for the sixth year in a row.
This would include pornographic websites; pornographic
magazines produced using computers (to publish and print the
material) and the Internet (to download and transmit
pornographic pictures, photos, writings etc).ASHITA PHULWANI 5/4/2017

Theft of software through the illegal
copying of genuine programs or the
counterfeiting and distribution of
products intended to pass for the original.
The unauthorized copying of software.
A mail which
misrepresents its
origin. It shows it's
origin to be different
from which actually
it originates.

 Used for the commissionof financial crimes.
 Keyhere is to make the alterationso insignificant that in a single case it would
go completely unnoticed.
 E.g. a bank employee inserts a program, into the bank's servers, that deducts a
small amountof money (say Rs. 5 a month) fromthe accountof everycustomer.
No account holder will probablynotice this unauthorized debit, but the bank
employee will make a sizable amount of moneyeverymonth.
Malicious software that attaches
itself to other software. (virus,
worms, Trojan Horse, Time bomb,
Logic Bomb, Rabbit and Bacterium
are the malicious. ASHITA PHULWANI 5/4/2017

Cyberexortion is a crime involving an attackor threat of attack against an enterprise, coupled with
a demand for moneyto avertor stop the attack.
In otherwords, demanding huge amount of moneythrough internet otherwise the companydataor
informationof an individual will be leaked.
Nowadays demandingof ransomafter kidnapping alsodone throughinternet via emailsis alsoa
type of net exortion.
Internet RelayChat (IRC) servers have chat roomsin whichpeople
fromanywhere the world can come together and chat witheach
other
• Criminalsuse it for meeting coconspirators.
• Hackers use it for discussingtheir exploits / sharingthe techniques
• Pedophilesuse chat rooms to allure small children
• Cyber Stalking - In orderto harass a woman her telephone number
is givento others as if she wants to befriend males

Why India??? ?
 121 Million Internet Users
 65 Million Active Internet Users, up by 28% from 51
million in 2010
 50 Million users shop online on Ecommerce and Online
Shopping Sites
 46+ Million Social Network Users
 346 million mobile users had subscribed to Data
Packages.
A rapidly growing online user
base

 Non Reporting-causes
 60% feared negative publicity
 23% did not know police
equipped to handle cyber crimes
 9% feared further cyber attacks
 8% had no awareness of cyber
laws
 False arrest concerns
UNAUTHORISED
ACCESS 19%
E-MAIL ABUSE 21%
DATA THEFT 33%
ASHITA PHULWANI5/4/2017

The police have recorded 3,038 cases but made only 2,700
arrests in 3 years (between 2007 and 2010).
India registered only 1,350 cases under the IT Act and IPC in 2010
50% of cybercrimes are not even reported.

We have covered about three instances where high-profile
government websites were hacked and defaced. However, the
actual number of Government Websites that were hacked are
quite huge.
A total number of 90, 119, 252 and 219 Government websites
tracked by the Indian Computer Emergency Response Team
(CERT-In) were hacked / defaced by various hacker groups inASHITA PHULWANI 5/4/2017

 Continued Website Hacks and
Defacements
 Data and Information theft
 Increasing phishing attacks on
Ecommerce and Financial Websites
 Cybercriminals targeting Social and
Professional Networks
 Threats directed at the Mobile
Platform: Smartphones and Tablets

Cyber security involves protection of sensitive personal and business
information through prevention, detection, and response to different
online attacks.
Internet security is a branch of computer security specifically related
to the Internet.
It's objective is to establish rules and measure to use against attacks
over the Internet.
“Technology is like a fish. The longer it
stays on the shelf, the less desirable it
becomes.” -ANDREW HELLER

Copying or Distribution
of Computer Programs
Cyberstalking
Identity Theft
Transmitting Child
Pornography
Credit Card Fraud
Theft of Intellectual
Property
Unauthorized Access to
Computer
Computer Sabotage
Computer Forgery
Bank Card Fraud
Any Computer Crime
0 5 10 15 20 25 30 35 40 45
Typesofcomputer-relatedcrimes.
Percentages of surveyed prosecutor offices with at least
one conviction.
0 20 40 60 80 100
1
Reported intrusions to law
enforcement
Internet connectioncited
as point of attack more
frequentlythaninternal
systems
Acknowledged financial
losses due to computer
breaches
Detected computer
securitybreaches within
the last 12 months
32%
80%
74%
90%
Percentage of users surveyed.

Privacy policy :
Before submitting your name, email address, or other personal
information on a web site, look for the site's privacy policy.
Evidence that your information is being encrypted :
To protect attackers from hijacking your information, any personal
information submitted online should be encrypted. Many sites use SSL
or secure sockets layer, to encrypt information.

Keep software up to date:
If the seller releases patches for the software operating your device,
install them as soon as possible. Installing them will prevent attackers
from being able to take advantage.
Use good passwords:
Select passwords that will be difficult for thieves to guess. Do not
choose options that allow your computer to remember your passwords.

Explosion of computer and broadband internet
availability .
 Low priority of security for software developers.
 Challenge of timely patching vulnerabilities on all
systems.

The cyber security will defend us fromcritical attacks.
 It helps us to browse the safe website.
Internet security process all the incomingand outgoingdata on our
computer.
Security will defend fromhacks andvirus.
 The application of cybersecurity used in our PC needs update every week.
The security developerswill updatetheirdatabase every week once. Hence
the new virus also deleted

 Use antivirus software’s
 insert firewalls
 uninstall unnecessary software
 maintain backup
 check security settings
 Stay anonymous - choose a genderless screen name
 Never give your full name or address to strangers
 Learn ‘Etiquette' - follow it and expect it from others
 Don't respond to harassing or negative messages (flames)
 Get out of uncomfortable or hostile situations quickly
 Save offending messages
 Learn more about Internet privacy

 Avoid disclosing any information pertaining
to oneself.
 Avoid sending any photograph online
particularly to strangers.
 Use latest and up date anti virus software.
 Keep back up volumes.
 Never send your credit card number to any
site that is not secured.
 Use of firewalls may be beneficial.

Decrease in broken software =
Increase in good software
CyberSecurity
CyberCrime
VS Graph - two sides of the same coin

Cyber law is the area of law that deals
with the Internet's relationship to
technological and electronic elements,
including computers, software,
hardware and information systems (IS).
Cyber law or Internet law is a term
that encapsulates the legal issues
related to use of the Internet.

Cyber means the use of Internet technologies and
computers it includes computers, networks,
software, data storage devices, Internet,
websites, emails, ATM machines etc.
To protect the cyber crime over Internet , this
law is Passed to protect the Internet cyber
crime. This law is approved by the government.
Cyber law Includes:
~~ Cyber crimes
~~ Electronic and Digital Signatures
~~ Intellectual Property
~~ Data protection and privacy

Integrity and Security of Information
 Security of Government Data
Intellectual Property Rights
 Privacy and Confidentially of Information
Legal Status of Online Transactions
Copyright law
Trademark law
 Patent law
 Data Protection and Privacy Laws

Helpful to promote e-commerce
Enhance the Corporate Business
Filling Online Forms
High penalty for Cyber Crime
E – governance

Cyber Cafe Monitoring System (CCMS) –
This Technology Comprises Of A
Biometric System For Recording Fingerprints Of Persons
Who Use A Workstation. This Potent System Has Some
Other Features Like Facility To Take Live Snapshots,
Public IP Address And MAC Address.

Cyber Law is the law governing computers and
the Internet.
 companies now be able to carry
Out e-commerce.
Act allows govt. to issue
notification on web.
Consumers are now increasingly using credit cards
for shopping.
Most people are using emails for communication.

Tampering with computer source documents
Hacking with computer system
Publishing of information which is obscene in
electronic form
Misrepresentation
Breach of confidentiality and privacy
Publishing digital signature false in certain
particulars
Publication of unlawful document for fraudulent
purpose
Can be charged up to rupees 1 to 3 Lakhs
OR
Can get imprisonment for 2 to 10 Years
OR
Both can be implemented according to the law
Person found doing activities such as

 Hackers, virus and worm writers could get 20
years to life in federal prison.
 Anyone who uses computers to cause death or
bodily harm, such as bringing down power grids
or airport control centers, can get the maximum
sentence.
 The sentence is increased by 25% if they steal
personal information.
 The sentence is increased by 50% if they share
the stolen information.
 If posted on the Internet, sentence is doubled!

CyberLawsinIndia
UnderTheInformation
TechnologyAct,2000
CHAPTER XI – OFFENCES – 66. Hacking with
computer system.
(1) Whoever with the Intent to cause or knowing
that he is likely to cause Wrongful Loss or
Damage to the public or any person Destroys or
Deletes or Alters any Information Residing in a
Computer Resource or diminishes its value or
utility or affects it injuriously by any means,
commits hack.
(2) Whoever commits hacking shall be punished with imprisonment up to three
years, or with fine which may extend up to two lakh rupees, or with both.

Whoever without permission of
the owner of the computer :
 Secures Access;
 Downloads, Copies or extracts
any data, computer database or
any information;
 Introduce or causes to be introduce
any Virus or Contaminant;
 Disrupts or causes disruption;
 Denies or causes denial of access to any person;
 Provides any assistance to any person to
facilitate access
 Charges the services availed of by a person to
the account of another person by Tampering with
or Manipulating any Computer, Computer
System, or Computer Network;
Shall be liable to pay damages by way of
compensation not exceeding one crore rupees toASHITA PHULWANI 5/4/2017

Legal recognition of the E-commerce
 Digital Signatures and Regulatory Regime
 Electronic Documents at par with paper documents
E-Governance
 ElectronicFiling of Documents
Amend certain Acts
Define Civil wrongs, Offences, punishments
 Investigation, Adjudication
 Appellate Regime

Conflict of Jurisdiction
Domain names
Intellectual Property Rights
Various kinds of cyber crimes are not defined
Privacy and content regulation
Parameters for its implementation

 email would now be a valid and legal form of communication
 in our country that can be duly produced and approved in a court
 of law.
 Companies shall now be able to carry out electronic commerce
 using the legal infrastructure provided by the Act.
 Digital signatures have been given legal validity and sanction in the
 Act.
 The Act now allows Government to issue notification on the web
 thus heralding e-governance
 statutory remedy in case if anyone breaks into companies
 computer systems or network and causes damages or copies data


Information Technology
Amendment Act, 2008
Section – 43,
Destroys, Deletes or Alters any Information residing in a computer
resource or diminishes its value or utility or affects it injuriously by
any means;
Steals, conceals, destroys or alters or causes any person to steal,
conceal, destroy or alter any computer source code used for a
computer resource with an intention to cause damage;
“If any person, dishonestly, or fraudulently, does any act referred to
in section 43, he shall be punishable with imprisonment for a term
which may extend to two three years or with fine which may extend to
five lakh rupees or with both.” [S.66]ASHITA PHULWANI 5/4/2017

S.66A - Punishment for sending offensive messages through
communication service, etc
 Any person who sends, by means of a computer resource or a
communication device;
 Any information that is grossly offensive or has menacing
character; or
 Any information which he knows to be false, but for the purpose
of causing annoyance, inconvenience, danger, obstruction, insult,
injury, criminal intimidation, enmity, hatred, or ill will,
persistently makes by making use of such computer resource or a
communication device;
 Any electronic mail or electronic mail message for the purpose of
causing annoyance or inconvenience or to deceive or to mislead the
addressee or recipient about the origin of such messages;
Shall be punishable with imprisonment for a term which may extend
to three years and with fine.

S. 66E - Punishment for violation of privacy.
“Whoever, intentionally or knowingly captures, publishes or transmits
the image of a private area of any person without his or her
consent, under circumstances violating the privacy of that person,
shall be punished with imprisonment which may extend to three
years or with fine not exceeding two lakh rupees, or with both”
S. 67 A - Punishment for publishing or transmitting of
material containing sexually explicit act, etc. in electronic
form
“Whoever publishes or transmits or causes to be published or
transmitted in the electronic form any material which contains
sexually explicit act or conduct shall be punished on first conviction
with imprisonment of either description for a term which may
extend to five years and with fine which may extend to ten lakh
rupees”

S.66C- Punishmentforidentitytheft
“Whoever,fraudulentlyor dishonestlymakeuseof theelectronicsignature,passwordor
anyotheruniqueidentificationfeatureof anyotherperson,shallbepunishedwithimprisonment
of eitherdescriptionfora termwhichmayextendto threeyearsandshallalsobeliableto fine
whichmayextendto rupeesonelakh”
S.66D- Punishmentforcheatingbypersonationbyusingcomputerresource
“Whoever,bymeansof anycommunicationdeviceor computerresourcecheatsby
personation,shallbepunishedwithimprisonmentof eitherdescriptionfora termwhichmay
extendto threeyearsandshallalsobeliableto finewhichmayextendto onelakhrupees.“

S. 67 C - Preservation and Retention of information
by intermediaries.
“(1) Intermediary shall preserve and retain such
information as may be specified for such duration and
in such manner and format as the Central Government
may prescribe.
(2) Any intermediary who intentionally or knowingly
contravenes the provisions of sub section (1) shall be
punished with an imprisonment for a term which may
extend to three years and shall also be liable to fine.”

 a negotiable instrument as defined in section 13 of the
Negotiable Instruments Act, 1881;
 a power-of-attorney as defined in section 1A of the Power-of-
attorney Act, 1882;
 a trust as defined in section 3 of the Indian Trusts Act, 1882;
 a will as defined in section 2 (h) of the Indian Succession Act,
1925 (39 of 1925) including any other testamentary
disposition by whatever name called;
 any contract for the sale or conveyance of immovable
property or any interest in such property;
 any such class of documents or transactions as may be
notified by the Central Government in the Official Gazette.

Arrests& ReportsUnderITAct
 Under the IT Act, 966 cybercrime
cases were filed in 2010
420 in 2009)
 Geographic breakdown of cases
reported:
o 153 from Karnataka,
o 148 from Kerala
o 142 from Maharashtra
o 105 Andhra Pradesh
o 52 Rajasthan
o 52 Punjab
 233 persons were arrested in 2010
 33% of the cases registered were
related to hacking
Source: National Crime Records Bureau

 Under the IPC, 356 cybercrime cases were
registered in 2010 (276 cases in 2009)
 Geographic breakdown of cases reported --
o 104 from Maharashtra
o 66 Andhra Pradesh
o 46 Chhattisgarh
 The majority of these
crimes were either
forgery or fraud cases.

Arms ActOnline sale of Arms
Sec. 383 IPCWeb - Jacking
NDPS ActOnline sale of Drugs
Sec 416, 417, 463 IPCEmail spoofing
Sec 420 IPCBogus websites, cyber frauds
Sec 470, 471 IPCForgery of electronic records
Sec 499, 500 IPCSending defamatory messages by email
Sec 503 IPCSending threatening messages by email

Tampering with
the computer
source documents
• imprisonment up to three years
• fine up to Rs. 2 lakhs
hacking
• imprisonment up to three years
• fine up to Rs. 2 lakhs
published any
matter which is
obscene
• imprisonment up to five years
• RS. 1,00,000
unauthorized
access
• imprisonment up to ten years
• Some fine
breach of
confidentiality and
privacy
• imprisonment up to two years
• RS. 1,00,000

 IT professionals
 Corporate security personnel
 Private investigators
 Law enforcement

Ability to control what information one reveal about oneself over the
Internet, and to control who can access that information
 Data is a corporate asset, like any other
 Corporate data is at a higher risk of theft or misuse than ever before
 Companies have obligations to protect data
 Laws, regulations, guidelines
 Contracts with third parties
 Privacy policies for users of websites, other online features
 Breaches of data privacy, data security can result in
 Damage to reputation
 Disruption of operations
 Legal liability under new and amended laws, regulations, and guidelines, as well as under
contracts
 Financial costs

right to share one’s thoughts and experiences with a community of fellow Internet users
BUT
contributors should avoid infringing on other people’s individual rights, including their right to
privacy and the protection of personal data

• “Personally identifiable information” (PII) can be linked to a specific individual
 Name, e-mail, full postal address, birth date, Social Security number, driver’s license
number, account numbers
• “Non-personally identifiable information” (non-PII) cannot, by itself, be used to
identify a specific individual
 Aggregate data, zip code, area code, city, state, gender, age

 Do you need one?
• No, if your website:
 Is merely static
 Is business-to-business (B2B) only, and collects no
PII from consumers
• Yes, otherwise
 What must it cover?
• Actual practices for PII and information that
reasonably could be associated with a person or
device, regarding
 Collection
 Storage
 Use
 Sharing
 Special concerns if information involves
 Financial information
 Medical information
 Children’s information
 Special concerns for specific jurisdictions
 European Union
 California
 Opt outs from information collection available?
 Caution regarding links to third party sites
 Notice whenever privacy practices change
 Best practices:
• Clear and concise
• Comprehensive
• Comprehensible
• Current
• Consistent with your actual practices
 Do not overpromise: “We will never share your
information . . .”
ASHITA PHULWANI5/4/2017

 Do not panic or overreact
 Get facts: nature, scope of breach
 Determine whether, when to notify affected
individuals
 Prevent further unauthorized access
 Preserve evidence, deal with law enforcement
(your “frien-emy”?)
 Notify vendors (such as payment processors)
 Notify insurers
 Offer contact person
 Do not forget to alert those “on the front lines”

 Web pixel spyware – single-pixel clear GIF
 Image reference buried in HTML
 Browser requests image
 Server returns bug plus cookie
 Request provides click stream data
 Difficult to spot a Web pixel spyware
 Web pixel spyware in HTML formatted e-mail
 Secret return receipt
 This Web
bug is
designed to
be seen

Again, this one is designed to be seen

 Surveillance
 Continual observation
 Tampa – facial scanning at Super Bowl
 Packet sniffing
 Monitoring
 The act of watching someone or something
 E-mail Web bugs
 Workplace monitoring is legal
 Spyware
 Sends collected data over back channel
 Snoop ware
 Records target’s online activities
 Retrieved later
 Screen shots, logs, keystrokes
 Other surveillance/monitoring sources
 On Star and GPS tracking
 E-ZPass systems
 Phone calls and credit card purchases

 Fake banner ads like this one are very annoying
 Spawner – spawns its own pop-up ads
 Mouse-trapper
 Turns off browser’s Back button
 Disable pop-ups ad’s close button
 No way to close ad – must reboot
 Spam is a source of spawners and mouse-trappers

 The crime of obtaining money or some other benefit by deliberate deceptio
 Most common forms of IT fraud
 Identity theft
 Credit card fraud
 Scammers and con artists
 Financial swindles
 Implement appropriate security measures
 Get a copy of your credit report
 Use:
 Junk e-mail account
 Anonymous remailer
 Stealth surfing service
 Common sense
 Deal with recognized, trusted e-retailers
 Keep important numbers and passwords secret
 Use good passwords
 If your computer acts strangely, find out why

User-tracking:
 Internet Service Providers (capable to observe any Internet-related activity of the user)
 Cookies (parcels of text sent by a server) tracking and maintaining specific information of the
user
 Data logging (may include recording times when the computer is in use, or which web sites
are visited)
 Spyware programs
 Web bug
 Social engineering
 Phishing
 Malicious proxy server
 Search engines
Illegal and harmful content:
 A. Need to fight against the illegal content of the Internet with legal tools (top-down
control):
Council of Europe`s 2001 Convention on Cybercrime (child-pornography) – Additional
Protocol, 2006 (racist and xenophobic materials), but only 11 countries ratified it…)
 OECD Recommendation on Cross-border Co-operation in the Enforcement of Laws Protecting
Privacy
 European Commission: Safer Internet and Safer Internet Plus programs
 B. Need to fight against the harmful content of the Internet (bottom-up control):
from self-regulation to co-regulation
On-line social networks:
 Concept dates back to the 1960s, but participation increased in recent years (Hungary: 1.5 million
registered iWiW users)
 Participants are offering self-profile in order to contact or being contacted.
 Risks range from identity theft to online and phisical stalking, embarrasment, discrimination and
blackmailing. ASHITA PHULWANI 5/4/2017

 Anonymising and pseudonym use e.g. nicknames
 Moderation principles
Problems:
 which identifier used on the Iinternet qualify as personal data?
 uncontrollable manners of personal data disclosure
 lack of international cooperation
 Children spend annual 300 billion $ of their pocket money on a global
market!
 More vulnerability:
- underestimation of risks,
- ignorance of privacy information
→ need of additional protection!

99% of the attacks are thwarted by basic hygiene and some luck
DO
 Think before you click etcetera
 Up-to-date anti-virus, firewall and site advisor
BUT
 Some new attacks may get through. However, attacker may only use your
machine to attack others and not attack you per se.
 Will not prevent data loss by merchants and other servers. However, still have
safety in numbers. Attackers can steal a lot of account numbers but can exploit
much fewer.
1% of the attacks are difficult and expensive to defend or detect
For most individuals
 We are simply not an attractive enough target.
For the US Department of Defense and its contractors
 A huge target. Current score: 50-1 in favor of attackers (roughly)
For companies in less sensitive businesses
 A serious threat to be taken seriously

Typically done via secret questions and email to preferred email account
 Mother’s maiden name?
 Father’s middle name?
 Favorite pet’s name?
 etcetera
 “As detailed in the postings, the Palin hack didn’t require any real skill.
Instead, the hacker simply reset Palin’s password using her birth date,
ZIP code and information about where she met her spouse — the
security question on her Yahoo account, which was answered (Wasilla
High) by a simple Google search.”
Password reset on preferred email account itself done via secret
questions
Conundrum
 Real answers easy to remember but discoverable via Google
 False answers hard to remember but safe from Google© Ravi Sandhu World-Leading Research with Real-World Impact!

PAST, PRESENT
 Cyber security is a young and immature field
 The attackers are more innovative than defenders
 Defenders are mired in FUD (fear, uncertainty and doubt) and fairy tales
 Attack back is illegal or classified
FUTURE
 Cyber security will become a scientific discipline
 Cyber security will be application and technology centric
 Cyber security will never be “solved” but will be “managed”
 Attack back will be a integral part of cyber security
Security Objectives:
 Black-and-white to shades of grey
Attackers:
 Innovative beyond belief
Defenders:
 Need new doctrine

Major Innovations
 Bonnets
 Robust underground economy and supply chain
 Targeted attacks
 Stealthy attacks
Some Examples
 Drive by downloads
 Scare ware
 Doctored online statements
 Long-lived stealth attacks
Status
 Attackers have sizable inventory of known but unused or rarely used
tricks
 Innovation will continue

 OLD: Cyberspace is a supporting infrastructure
 NEW: Cyberspace is a war-fighting domain on par with land,
sea, air and space
 OLD: It’s all defense, no attack back or preemptive attack
 NEW: All’s fair in war
 OLD: Defend the entire network to the same degree
 NEW: Defend selectively and dynamically
 OLD: Blame and harass the end user
 NEW: The user is part of the solution
 OLD: Defend against yesterday’s attacks
 NEW: Be proactive, get ahead of the curve, future-proof

Availability
Integrity
Availability
Confidentiality
Security
Elements to Protect
 Every Year Dollars are Lost due to Cyber
Criminal Activity
 Greatest Loss = Proprietary Information
 Second Greatest Loss = Denial of Service

PublicPrivate
Internal Network
Server
Application
Vulnerability Assessments
Firewalls & Proxies
Intrusion Detection
VPN Remote Access
Intrusion Detection
Wireless Design Consulting
Intrusion Prevention
Authentication & Authorization
Perimeter
Intrusion Prevention
Patch Management
Anti-Virus & Anti-SPAM
Mobile Client Security
Server Hardening
Authentication & Authorization
Data
Authentication Management
Identity Management
Data Privacy
Code Reviews
Application Hardening
Polices, Procedures & Awareness
Policy Assessments
Operational Framework Consulting
Training & Consulting
Security Management
Centralized Tool Integration
Centralized Monitoring

 Financial Rewards
 Politics
 Show Off
 Personal Gratification
 They know they can
 Web Site Research
 User Groups
 Email Staff
 Call Modems
 Read Trash
 Impersonated Someone You Trust
 Scan Your Systems
 War Drive Your Wireless
 Use Known and Unknown Exploits
 Viruses, Trojans & Worms
 Phishing
 Attack Partner Networks to Gain Access to Yours
 Sniff Your Traffic
 Brute Force Passwords
 Spam You
 Denial of Service ASHITA PHULWANI 5/4/2017

 Intellectual Property
 Customer’s And Staff’s Privacy
 Confidential Data
 System Availability
 Reputation
 Regulatory Challenges
 Roadmap
 Establishes Baseline
 Strengthens Security
 Provides Due Diligence
 Efficient Formal Audits
 Finds the Weak Areas

 Holistic Approach
Comprehensive reviews (infrastructure, server, application, etc.)
Based on Organizational Security Policy, and taking full life cycle into
account
Consider people and processes, as well as technology
 Sensible, accessible documentation
Helpful to executive decision-makers: explanation of risk in business
terms
Helpful to managers: project plans, prioritization of tasks
Helpful to technical staff: clear standards, specific recommendations
 Threat Modeling
 Identifying assets
 Identifying threats
 Making qualitative (or quantitative) assessments of risk

1. Policies & Procedures
2. Security Awareness
3. Access and Authorization
4. Patch Management
5. Mis-Configured Systems & Applications
6. Encryption & Digital Signatures
7. Incident Handling Processes
8. Disaster Recovery & Business Continuity
9. Physical Safeguards
10. Intentional Bypassing of Security Controls

 Communicate Your Organizations Commitment to Security
 Provide a Baseline and Roadmap for Security Controls
 Demonstrate Due Diligence
 All Pertinent Security Control Information Communicated
 Realistic – Manageable
 Enforceable
 A well trained user will assist your security efforts
 Time needs to be invested in user training
 A well trained user usually requires less help desk support

 Weak Passwords
 Sharing Accounts
 Not Enforced
 Easy to Exploit
 Prevention
 Strong Security Policies
 Utilize OS Complex Password Configuration
 Implement Technical Authorization, Authentication and Accounting Mechanisms (AAA)
 Implement Two-Factor Authentication
 Hard to Manage
 Less Window of Opportunity
 Exploits are coming too fast
 Can Break System
 Require Resources
 Prevention
 Strong Patch Management Mechanisms – Automate
 Add Intrusion Prevention Mechanisms
 Assure only needed or updated Services
 Strengthen SNMP Strings
 Secure Wireless Networks
 Remove Default Settings
 Filter Outgoing Access at FirewallASHITA PHULWANI 5/4/2017

 Intrusion Prevention/Detection
 Anti-virus Mechanisms
 Logging/Auditing
 Strong Policies and Documentation
 Formal Plan
 Prioritized Systems
 Standard Backup Process
 Tested Backups
 Redundant Systems
 Visitor Badges
 Building & Data Center Access/Monitoring
 Fire Prevention/Suppression & Detection
 UPS Testing and LoadASHITA PHULWANI 5/4/2017

 Installing
 Modems
 Wireless Networks
 Gotomypc or other remote access items
 Unauthorized Software – Games, Screensavers, etc
 Prevention
 Strong Security Policies
 Centralized and Managed Intrusion Prevention Mechanisms
 Implement Network Admission Control
 National Institute of Standards & Technology Referenced Throughout Most Regulations
 Policies and Procedures Are Critical to NIST Best Practices
 ISO-17799 is Industry Recognized Standard for Security
 ISO-17799 Covers 10 Areas of Security
 Each ISO-17799 Area Has Individual Security Items
 If You Follow NIST and ISO-17799 You Would Have a Strong Security Posture and Should Pass
Almost Every Audit
 Combine NIST 800-26 Levels and ISO-17799ASHITA PHULWANI 5/4/2017

 Security Policies
 Organizational Security
 Asset Classification & Control
 Personnel Security
 Physical and Environmental Security
 Communications & Operations Management
 Access Control
 System Development & Maintenance
 Business Continuity Management
 Compliance
 Level 1 –
control objective documented in a security policy
 Level 2 –
security controls documented as procedures
 Level 3 –
procedures have been implemented
 Level 4 –
procedures and security controls are tested and reviewed
 Level 5 –
procedures and security controls are fully integrated into a comprehensive program.

 It is important to budget for remediation
 A security assessment without remediation efforts is a waste of
time and money
 Remediation usually involves resource time and product cost
 It is important to budget for one time and reoccurring costs
 Prioritize Risks and Remediation Steps
 Align Business and IT Strategies
 Establish Resources – Internal, External, Products
 Establish Internal SLAs between IT and Business Units

Year Title Intent
1970 Fair Credit Reporting Act Limits the distribution of credit reports to those who need to know.
1974 Privacy Act Establishes the right to be informed about personal information on government
databases.
1978 Right to Financial Privacy Act Prohibits the federal government from examining personal financial accounts
without due cause.
1986 Electronic Communications Privacy
Act
Prohibits the federal government from monitoring personal e-mail without a
subpoena.
1988 Video Privacy Protection Act Prohibits disclosing video rental records without customer consent or a court
order.
2001 Patriot Act Streamlines federal surveillance guidelines to simplify tracking possible
terrorists.

 Prohibits“unfair or deceptive practices in or affectingcommerce.” No need to prove intent.
• A practice is “unfair” if:
 It causes or is likelyto cause substantial injuryto consumers
 It cannot reasonablybe avoidedby consumers
 It is not outweighed by countervailing benefits to consumers or to competition
• A representation, omission, or practice is “deceptive”if:
 It misleads, or is likelyto mislead, consumers
 Consumers’ interpretation of it is reasonableunder circumstances
 It is material
 Practices attacked by FTCas “deceptive”:
• Violatingpublishedprivacypolicies
• Downloadingspyware, adware ontounsuspecting users’computers
• Failingto verifyidentityof persons to whomconfidential consumerinformation was
disclosed
 Practices attacked by FTCas “unfair”:
• Failingto implement reasonable safeguards to protect privacy of consumer information

 Applies to operators of commercial websites and online services that collect
information from children under age 13
 “No one knows you’re a dog on the internet.”
 Requires reasonable efforts to get verifiable consent of parent or guardian or to notify
parent or guardian
 Requires notice of
 What information is collected from children
 How information is used
 How information is shared
 Prohibits conditioning child’s participation in an activity on disclosure of more PI than is
necessary
 Amendments effective July 1, 2013
 Include geo-location information, photos, and videos in types of PI that cannot be
collected without parental notice and consent
 Provide streamlined approval process for new ways to get parental consent
 Require website operators to take reasonable steps to release children’s PI only to
companies capable of keeping it secureASHITA PHULWANI 5/4/2017

 Controlling the Assault of Non-SolicitedPornography and Marketing
 Prohibits fraudulent, abusive, deceptive commercial email
 “One-bite” rule:
 Businessmay sendunsolicitedcommercial email message, properly labeled, to consumer, with
easymeansfor consumerto opt out. If the consumer opts out, businessmay no longer send
emails
 Commercial email broadly definedas having primarypurposeto advertise or promote
commercial product or service
 Does not apply to transactional emails, which facilitateor giveupdate on agreed-
upontransaction
 Businessmust monitor thirdparty handling email marketing to ensure
compliance
 Pre-empts state statutes, but states may enforce sections of Act addressing
fraudulent or deceptive acts, computer crimes, other advertising restrictions

 Invisible crimes are dangerous than visible crimes.
 To 5 countries affected by cyber crimes are 1.USA 2.CHINA
3.RUSSIA 4.BRAZIL 5.INDIA.
 The world loses 557 million’$’ annually to cyber crime.
 Computer crime rises 57% year by year.
 Treat your password like you treat your toothbrush. Never
give it to anyone else to use, and change it every few months
 A MODERN PROVERB: " The modern thief can steal more with a
computer than with a gun. Tomorrow's terrorist may be able to do
more damage with a keyboard than with a bomb".
 –National Research Council, U S A
"Computers at Risk”.1991ASHITA PHULWANI 5/4/2017

Cybercrime is indeed getting the recognition it deserves.
However, it is not going to restricted that easily.
In fact, it is highly likely that cybercrime and its hackers will continue developing
and upgrading to stay ahead of the law.
So, to make us a safer we must need cyber security.
The only possible step is to make people aware of
their rights and duties (to report crime as a
collective duty towards the society) and further
making the application of the laws more stringent to
check crime.

 Established national “Do Not Call” registry
 Regulates use of “automated telephone equipment” such as auto-
dialers, artificial or pre-recorded voice messages, fax machines
 Prohibits transmission of a “call” using an “automatic telephone
dialing system” without prior consent of called party
 Per FCC, “call” covers both voice calls and text messages (even texts
for which called party is not charged)
 Enforcement by federal or state authorities
 Individuals may bring civil actions
 Papa John’s class action over text messages claimed violations of
TCPA, Washington Consumer Protection Act
 Relief can include injunction, actual damages, statutory damages of
$500 per violation, treble damages

 User awareness is key to a secure computer/network
 Do not open suspicious files/emails
 Verify ActiveX/Java prompts
 Avoid using P2P programs
 Avoid downloading freeware
 If attacked, disconnect the network. Do not turn off the computer
 Without Careful Attention To These Issues, The Uncontrolled Interconnection Of
Existing Systems, On Which People And Organizations Are Critically Dependent, Will
Continue To Create Huge, Ill-defined And Defenseless Super - Systems.
 So We Must Pay Attention To All Those Issues And Protect The World From Cyber
Crime.
 Indian Laws are well drafted and are capable of handling all kinds of challenges as
posed by cyber criminals. However, the enforcement agencies are required to be well
versed with the changing technologies and Laws.”
 "As internet technology advances so does the threat of cyber crime. In times like these
we must protect ourselves from cyber crime. Anti-virus software, firewalls and security
patches are just the beginning. Never open suspicious e-mails and only navigate to
trusted sites.”

 We gather from all the above information
that cyber laws are very necessary in any
country for the proper regulation of
Internet activities.
 The Information Technology Act, 2000 is a
historical step taken by the country to
solve the problem of increasing number of
cyber crimes.
 Although this act covers a lot of areas, it
also has its shortcomings and thus, a few
amendments are needed for correct
regulation of cyber crimes.

Crimes are not to be measured by the issue of
events, but by the bad intensions of men.
The greatest crimes do not arise from a want of
feeling for others but from an over sensibility for
ourselves and an over indulgence in our own
desires.

QUESTIONS
Query
????

THANK YOU

Cyber laws

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Cyber laws

Similar to Cyber laws (20)

More from dhawal mehta

More from dhawal mehta (7)

Recently uploaded

Recently uploaded (20)

Cyber laws

Editor's Notes