This presentation is delivered at Income tax department on Information & Technology Act 2000 in India + Online threats to India by various terrorist organisations + Bitcoins + Ransom-ware + How dangerous it could be if we use smart phone and provide our data to Google.

1. Information Technology
Act 2000
& illegal payment
Mechanism
Presented by :-
Hemraj Singh Chouhan
facebook.com/hschouhan
www.LinuxAcademy.org

2. “The Modern thief can steal more with a computer
than with a gun.
Tomorrow’s terrorist may be able to do more damage
with a keyboard than with a bomb”
- National Research Council, USA, “Computers at Risk” (1991)

3. We believe that they are Dangerous !!!
Ku Klux Klan
26/11 Attack Head
ISIS Head

4. Yes… Using Side effects of
Cashless India, they just need to Hack
only 1000 bank ACCOUNTS and let this
news spread via Indian Media and will create
Chaos...

5. I am here to explain
Information Technology
Act 2000
But being IT Security Specialist
I also want to discuss some
important security measures

6. Objectives of Information Technology
Act 2000
 Legal Recognition for E-Commerce
 Digital Signatures and Regulatory Regime
 Electronic Documents at par with paper
documents
 E-Governance
 Electronic Filing of Documents
 Amend certain Acts
 Define Civil wrongs, Offences,
punishments
 Investigation, Adjudication
 Appellate Regime

7. Definitions (Section 2)
 "computer" means electronic, magnetic, optical or
other high-speed date processing device or system
which performs logical, arithmetic and memory
functions by manipulations of electronic, magnetic
or optical impulses, and includes all input, output,
processing, storage, computer software or
communication facilities which are connected or
relates to the computer in a computer system or
computer network;
 "computer network" means the inter-connection of
one or more computers through-
 (i) the use of satellite, microwave, terrestrial lime or
other communication media; and
 (ii) terminals or a complex consisting of two or more
interconnected computers whether or not the
interconnection is continuously maintained;

8. REGULATION OF CERTIFYING AUTHORITIES
Govt. Of IndiaGovt. Of India
Controller of
Certifying
Authorities
Controller of
Certifying
Authorities
Deputy
Controllers
Deputy
Controllers
Assistant
Controllers
Assistant
Controllers
Supreme CourtSupreme Court
High CourtHigh Court
Cyber
Regulations
Appellate
Tribunal.
Cyber
Regulations
Appellate
Tribunal.
OfficerOfficer
Regulation StructureRegulation Structure
J
U
D
I
C
I
A
L
S
T
R
U
C
T
U
R
E
J
U
D
I
C
I
A
L
S
T
R
U
C
T
U
R
E

9. Civil offenses under the IT Act 2000
Sec Offence Punishment
43 Damage to Computer, Computer system etc. Compensation to the tune of Rs.1 crore to the affected person.
44(a) For failing to furnish any document, return on report
to the Controller or the Certifying Authority.
Penalty not exceeding one lakh and fifty thousand rupees for each
such failure.
44(b) For failing to file any return or furnish any information
or other document within the prescribed time.
Penalty not exceeding five thousand rupees for every day during
which such failure continues.
44(c) For not maintaining books of account or records. Penalty not exceeding ten thousand rupees for every day during which
the failure continues.
45 Offences for which no penalty is separately provided. Compensation not exceeding twenty five thousand rupees to the
affected person or a penalty not exceeding twenty five thousand
rupees.
65 Tampering with computer source documents. Imprisonment upto three years, or with fine which may extend upto
two lakh rupees, or with both.
66 Hacking with computer system with the intent or
knowledge to cause wrongful loss.
Imprisonment upto three years, or with fine which may extend upto
two lakh rupees, or with both.
66A For sending offensive messages through
communication service etc.
Imprisonment for a term which may extend to three years and with
fine.
66B For dishonestly receiving stolen computer resource or
communication device.
Imprisonment of either description for a term which may extend to
three years or with fine which may extend to rupees one lakh or with
both.

10. Sec Offence Punishment
66D For cheating by personation by using computer
resource.
Imprisonment of either description for a term which may extend to
three years and shall also be liable to fine which may extend to one
lakh rupees.
66D For cheating by personation by using computer
resource.
Imprisonment of either description for a term which may extend to
three years and shall also be liable to fine which may extend to one
lakh rupees.
66E. For violation of privacy Imprisonment which may extend to three years or with fine not
exceeding two lakh rupees, or with both.
66F For cyber terrorism Imprisonment which may extend to imprisonment for life.
67 Publication of obscene material in an electronic form. Imprisonment upto 5 years and with fine which may extend to one lakh
rupees on first conviction and its double punishment for second and
subsequent convictions.
67A For publishing or transmitting of material containing
sexually explicit act etc. in electronic form.
Imprisonment upto 5 years and with fine which may extend to ten lakh
rupees and in the event of second or subsequent conviction with
imprisonment of either description for a term which may extend to
seven years and also with fine which may extend to ten lakh rupees.
67B For publishing or transmitting of material depicting
children in sexually explicit act etc. in electronic form.
Imprisonment upto five years and with fine which may extend to ten
lakh rupees and in the event of second or subsequent conviction with
imprisonment of seven years and also with fine which may extend to
ten lakh rupees.
67C For preserving and retention of information by
Intermediaries.
Imprisonment upto three years and also liable to fine.
68 For failing to comply with the directions of the
Controller.
Imprisonment upto 3 years and fine upto two lakhs, or both.

11. Sec Offence Punishment
69 For failing to extend facilities to decrypt
information which is against the interest of
sovereignty or integrity of India.
Imprisonment which may extend to seven years.
70 Securing or attempting to secure access to a
protected system.
Imprisonment which may extend to 10 years and fine.
71 For misrepresentation or suppression of any
material fact from the Controller or the
Certifying Authority.
Imprisonment upto 2 years, or fine upto rupees one lakh or with both.
72 For break of confidentiality and privacy Imprisonment upto two years or fine upto rupees one lakh, or with
both.
72A For disclosure of information in breach of
lawful contract.
Imprisonment upto three years or with fine upto five lakh rupees or
with both.
73 For publishing digital signature certificate false
in certain particulars.
Imprisonment upto two years or with fine which may extend to one
lakh rupees or with both.
74. Publication of Digital Signature Certificate for
any fraudulent or unlawful purpose.
Imprisonment upto two years or fine upto rupees one lakh.
76 Any computer, computer system, floppies,
compact disks, tape drives or any other
accessories related thereto used for
contravention of this Act, rules, orders or
regulations made thereunder.
Liable to confiscation.

12. Criminal offenses
• Tampering with computer source documents
• Hacking with computer system
• Electronic forgery I.e. affixing of false digital
signature, making false electronic record
• Electronic forgery for the purpose of harming
reputation & Cheating
• Using a forged electronic record
• Publication of digital signature certificate for
fraudulent purpose
• Unauthorised access to protected system
• Confiscation of computer, network, etc.
• Misrepresentation or suppressing of material
facts for obtaining Digital Signature
Certificates
• Breach of confidentiality and Privacy
• Publishing false Digital Signature Certificate

13. Check-list Information security
manager
 Establish information security forum
 Define scope of Management
Information System
 Risk assessment
 Division of threats of Information
within centralized and distributed
systems

14. Even after so many level of
checking & Monitoring
It is easy to do
Share Trading with 100’s of pan
card in the name of servant's

15. IT is very easy to get the Aadhar card
without unique finger prints and
We believe that connecting
PAN with Aadhar will solve
problems

16. Money Laundering
Being Information Security Analyst I guess
it is easy to convert
Black money into white via Movie Release outside
the country and
Showing disproportionate sale of Movie Tickets

17. If I am buying fashion from flipkart in different names
from different different email accounts no
Body in able to trace me
My friends are buying Petrol / Diesel more than Rs. 2 LAC
no body is monitoring them

18. If I am buying fashion from flipkart in different names
from different different email accounts no
Body in able to trace me
My friends are buying Petrol / Diesel more than Rs. 2 LAC
no body is monitoring them

19. Adding Unique Identity like Aadhar is only
solution but with some precautions
Passport deptt. saves the fingerprint prints of applicant
And process them in batch in night. This means we can
save the finger prints also.
Now in obtaining JIO sim even panwala’s are using their
mobile along with hand held finger print scanner to verify
your details. It is very simple to store finger print in their
custom phones.
We need authorized encrypted Aadhar enabled
POS machines at limited authorized centers.

20. Information & Technology Act 2000 is
enforced
With the amendments in 2008
But how to handle
NSA

21. Surface Web
V/s
DeepWeb

24. Most of the times we only
open the websites listed in
popular search
engine’s

25. Deep Web Contents are
not listed in search
engines so we can not find
those in Google

26. Search engines only
stores data of static url like :-
LinuxAcademy.org
LinuxAcademy.org/contactus.html
LinuxAcademy.org/about.html
Static URL

28. How Antisocial elements gets access to
Deep web
Tor
Browser
As I am a cyber law student, I just want to alert you once again using this browser
may put you bhind the bars

30. Your IP Address is bouncing..

31. You are not able to open this website on any other browser..

34. Don’t try to install TOR, Checkout the warning on the
top…..

35. Payment Mechanism

36. Online Virtual Currency
(All Sort of Extortion Money – Ransom, is paid in Bitcoin online)

37. Conversion Rate
July 2010 -> 1 BTC = $0.08
15 Dec 2016 -> 1 BTC = $779

38. Bitcoin is a Cryptocurrency, a form of money that uses
cryptography to control its creation and management, rather than
relying on central authorities. Satoshi Nakamoto (the
creator of bitcoin) integrated many existing ideas from the
cypherpunk community when creating bitcoin.
Creation
In November 2008, a paper was posted on the internet
under the name Satoshi Nakamoto titled bitcoin : A “Peer-to-
Peer Electronic Cash System”.

40. How do Cyber terrorist’s identify & targets you….
What do you think who is
Biggest Hacker
in this world ??

41. Google, Google is the biggest Hacker as you saw
in previous slides that all data related with Surface web
is available with search engines.
So if you want to stay safe like China or Russia then you need to stop googling.
NSA is watching you so closely that you can’t imagine.
Best example of Google Data Mining is Google Traffic

42. Gabriel Weinberg launched DuckDuckGo as a
search engine that puts privacy first, rather than
collecting data for advertisers and security
agencies…
The search engine that doesn't track you.

43. Free - Wifi

44. Move on to...
Ransomware

45. The first ever computer virus was developed in
1986 by two Pakistani brothers in Lahore. The first
computer virus named "Brain" was designed by Amjad
Farooq Alvi and Basit Farooq Alvi

46. Variety of Virus available with us :
Virus
Worms
Trojans
Spyware
Malware
now Ransomware
Deep Web Users are not generating much money
so they created Ransomware (Ransom + Ware)

47. RANSOMWARE
Ransomware is a new type of virus that attempts to
extort money from a computer user by infecting and
tacking control of the victim’s machine, or the files or
documents stored on it.
Typically, the Ransomware will either
‘Lock’ the computer to prevent normal usage, or
encrypt the documents and files on it to prevent
access to the saved data.

49. RANSOMWARE
Only 15%chance is there to get data back
once it is encrypted using 128 Bit encyrption.
They demand Ransom in Bitcoins
using Dark Web, so their detection in
next to impossible.

50. RANSOMWARE
It will not attack on each every system,
Ransomware only encrypts the
system containing Data files.

51. TYPES OF RANSOMWARE

The most common type displays messages
intended to coax the user into paying (Eg. Your
machine is infected)

More destructive types encrypt files in the
system’s hardware (Encryption Ransomware)

A new released version actually locks the
operating system (Lock Screen RansomWare)

Master Boot Record (MBR) Ransomware

52. Screenshot of Ransomware
Attack in office of
CA Anshul Agrawal

55. HOW RANSOMWARE IS
DEPLOYED

ATTACHMENTS- Most come through as ZIP
files or “invoices”

ADVERTISEMENTS - Ad Network are often
targeted and exploited for these types of attack

SECURITY HOLES - Java,Flash,Macros
(Word,Excel)

56. HOW RANSOMWARE IS
DEPLOYED

Using Pen Drive on public computers in
Windows Environment.

Using Pirated Windows & Pirated Antivirus

Using Public Wifi / Open Public Network

Using Internet Explorer

57. STRATEGIES
TO COMBAT RANSOMWARE
USE LINUX-
There have been no reported cases of
Ransomware taking over anyone's Linux based
operating system so why not join the millions of
people who have left Windows behind for a more
secure way of working.
Income Tax Officer’s can use Linux Machine as
their DATA Server

58. STRATEGIES
TO COMBAT RANSOMWARE
BACKUP YOUR FILES USING DROPBOX
or any other cloud Software
Backing up your files is still a good idea however for reasons
mentioned earlier such as protecting against disk failures, fires
and burglary.

59. Solution

Right now we Don’t have any solution of high
end Ransomware like Cerber

Quick Heal and other antivirus company are
providing solutions for lower end Ransomwares
which is approx 10%

60. Thankyou
For any Query or Suggestions : -
www.facebook.com/hschouhan
Call us at – 4700646, 9981511646
info@linuxacademy.org