The document discusses information technology (IT) law and various types of cybercrimes. It begins by defining what constitutes a computer and examines perspectives from different industries and jurisdictions. It then explores the relationship between law and computer technology, how IT law emerged from legal issues involving computers, and sources of IT law. The document distinguishes between computer crimes, where the computer is the target, and cyber crimes, which are enabled by computers but may have existed previously. It proceeds to examine examples of computer fraud, hacking, unauthorized data modification, and dissemination of malicious software.

1. IT LAWIT LAW
Introduction to Information Security, IT
Crimes and Cybercrimes
1

2. Basics of it law & jurisdictionBasics of it law & jurisdiction
• Meaning of the term computer
• No hard and fast rule of defining it
• That is, there is no universal acceptable definition of this
term
• What is regarded as a computer in one industry or
sector might not necessarily mean the same in another
• The Oxford Dictionary:
• “An electronic device which is capable of receiving
information (data) and performing a sequence of logical
operations in accordance with a predetermined but
variable set of procedural instructions (program) to
produce a result in the form of information or signals”
By I. MGETA 2

3. ContinueContinue
 S.3 of The Electronic and Postal Communications
Act, 2010 (Act no.3 of 2010);
“Computer “means an electronic device used to input,
process store and output data
 In short, there are disparities in defining the term
Computer.
 The common aspects/elements of definition are;
Electronic device, used for
Keeping data-input (data storage)
Processing data
Producing data-output
By I. MGETA 3

4. The link-Law & ComputerThe link-Law & Computer
Development of Computer technology
has not only affected the field of science
and technology rather affected also other
disciplines, e.g law
Areas of interest in law:
 Privacy and security
 Freedom of expression and information sharing
 Business operation and transactions interchange
 Terms and conditions of use of software programs,
etc
By I. MGETA 4

5. Meaning of Computer/Internet LawMeaning of Computer/Internet Law
They are not synonymous but inter-related
◦ IT Law deals with all issues related to the use of
IT including privacy.
◦ Computer Law:
 Law regulating the use and application of computer
related technology and the control of computer related
crimes and abuse of electronic services
◦ Internet Law:
 The law that regulates internet services, usage,
electronic communication, rights and obligations of ISPs
and Internet users, control of online abuse, etc

6. Jurisprudential foundationJurisprudential foundation
An area of the law which has developed
because of technical legal issues that
arose with the emergence of computer
technology
Legal Issues which gave rise to IT law
 Electronic commerce and contract formation
 Admissibility of electronic evidence and computer
print-outs
 Privacy online and data protection
 Computer and ICT crimes
 IPR and computer technology, etc

7. ContinueContinue
Sources of IT law
 International conventions-e.g UNCITRAL
Model Law on E-Commerce
 The Constitution-basic human rights, eg right
to privacy and freedom of expression
 Statutes
 Case laws
 Legal opinions from prominent lawyers and IT

8. IntroductionIntroduction
 Development in ICT has paved a new era in
communication technology
 With this development, new challenges have
emerged:
 How to deal with threats to electronic
communications
 How to harmonize traditional laws to cover new
sophisticated offences
 Redefinition of some of the offences, etc
 Electronic privacy is also another issue not only
on individual data but even on governmental
information
 All these are challenges to a new digital/cyber-era
8

9. Computer Crime/ICT CrimeComputer Crime/ICT Crime
Scholars have distinguished computer
crime/ICT crime from Cyber crime
Computer crime is defined as;
 Any criminal activities that are committed
against a computer or similar device, and data
or program therein.
 In computer crimes, the computer is the
target of criminal activities.
9

10. ContinueContinue
 The “computer” in this context refers to the
hardware, but the crimes, …, more often
than not relate to the software and the data
or program contained within it.
 The criminal activities often relate to the
functions of the computer; in particular, they
are often facilitated by communications
systems that are available and operated
through the computer, thereby contributing
to a less secure computing environment.
10

11. ContinueContinue
 It is also defined as;
 Computer crime encompasses the use of a
computer as a tool in the perpetration of a
crime, as well as situations in which there has
been unauthorised access to the victim’s
computer, or data.
 Computer crime also extends to physical attacks
on the computer and/or related equipment as
well as illegal use of credit cards and violations of
automated teller machines, including electronic
fund transfer thefts and the counterfeit of
hardware and software.
11

12. ContinueContinue
Further that;
 “Computer crime covers all sets of
circumstances where electronic data
processing forms the means for the
commission and/or the object of an offence
and represents the basis for the suspicion that
an offence has been committed.”
12

13. ContinueContinue
A distinction between Computer crime
and cyber crime is explained as:
“Computer Crime” encompasses crimes
committed against the computer, the materials
contained therein such as software and data, and its
uses as a processing tool. These include hacking,
denial of service attacks, unauthorized use of
services and cyber vandalism.
13

14. ContinueContinue
 “Cyber Crime” describes criminal activities
committed through the use of electronic
communications media.
 One of the greatest concerns is with regard to cyber-
fraud and identity theft through such methods as
phishing, pharming, spoofing and through the abuse of
online surveillance technology.
 There are also many other forms of criminal
behaviour perpetrated through the use of information
technology such as harassment, defamation,
pornography, cyber terrorism, industrial espionage
and some regulatory offences”.
14

15. ContinueContinue
 So one may gather from all those definitions that:
 Cyber crime is a computer enabled crime
 Computer crime is a crime where by the computer is a
target
 Cyber crime is a criminal activity that involves a
computer and network that links computers.
 These crimes can be categorized into two:
 Crimes that can only be committed which were previously
not possible before the advent of the computer such as
hacking, cracking, sniffing and the production and
decimation of malicious code.
 The other category of crimes are much wider and have
been in existence for centuries but are now committed in
the cyber environment such as internet fraud, possession
and distribution of child pornography etc
15

16. ContinueContinue
 UK author Ian Walden, distinguishes these crimes
in the following categories;
 “computer-related crimes” (such as fraudulent
activity involving the use of computers)
 “content-related offences” (such as the distribution
of pornographic material involving children by means
of computers and cellphones),
 “computer integrity offences” (in which the
computer itself is the object of an attack).
 Suffices to say that, there is no universal accepted
classification of computer crimes/cyber crimes
 Much will depend on what a particular scholar has
intended to say or local legislations.
16

17. Types of Cyber crimesTypes of Cyber crimes
According to Mumbai Police department;
Hacking
Phishing
Denial of service attack
Spoofing
Cyber-stalking
Virus dissemination
17

18. ContinueContinue
Software piracy
Cyber-defamation
Pornography
Internet Relay Chat (IRC) Crime
credit card fraud
Net extortion,
Threatening and salami attack
18

19. ContinueContinue
 According to the Australian Institute of
Criminology;
 Theft of telecommunication services
 Communications in furtherance of criminal
conspiracies
 Telecommunication piracy
 Dissemination of offensive materials
 Electronic money laundering and tax evasion
 Electronic vandalism
 Terrorism and extortion
 Sales and investment fraud
 Illegal interception of telecommunications and
Electronic funds transfer fraud.
19

20. ContinueContinue
Therefore, even in classification of cyber
crimes scholars do differ in their
classification and even authorities
responsible in controlling such kinds of
crimes differ in the way they classify them
For the purpose of this lecture, the two
terms computer crime and cyber crime
will be used interchangeably
20

21. ContinueContinue
 The discussion will cover the following types of
cyber crimes:
 Computer fraud
Simply means any dishonest misrepresentation of fact by
using any electronic device intending to induce another
to do or refrain from doing something which causes loss
or any psychological suffering.
Computer fraud include some forms like;
Concealing unathorised transactions
Electronic funds transfer fraud
Identity theft
Entering unauthorised instructions or processes in a
computer, etc
21

22. ContinueContinue
 Hacking
This simply means unathorised access to a computer
system. In telecommunication services, this practice is
called ‘phone phreaking’.
It is an illegal intrusion into a computer system without
the permission of the computer owner/user
 Unathorised modification of data
Data need to be set in a systemic form so that the
system can function effectively.
Any unauthorized alteration or modification of such
information or data may render the entire system to be
ineffective or produce undesired outcomes.
22

23. ContinueContinue
A person may gain access to the computer
system and without permission may modify
the data kept in a computer and rendering
the whole or part of the system to stop
functioning
This can also be done through sending of
malicious code which may render the
computer system ineffective.
23

24. ContinueContinue
Dissemination of malicious code-use of viruses and
other nasty computer programs
Computer virus simply means a malicious software
which is capable of replicating itself
Not all computer viruses are harmful-some are
essential in the programming processes, e.g
Computer bugs
This crime can be committed through dissemination
of malicious code or virus dissemination which
attaches itself to other software and renders
alteration in its functioning system.
24

25. ContinueContinue
This kind of dissemination may include;
Virus-These infect computers or other
electronic devices and are passed on by user
activity, for example by opening an email
attachment or opening any document or
device that contains them
Worms-These are self-propagate malware
using an internet connection to access
vulnerabilities on other computers and to
install copies of them. They are often used as
a conduit to grant attackers to the computer.
Masquerade
25

26. ContinueContinue
Trojan horse-These are malware
masquerading (impersonating) as something
the user may want to download or install,
that may then perform hidden or unexpected
actions, such as allowing external access to
the computer.
Other forms of malicious software like time
bomb, logic bomb, etc
Malicious software can be transmitted from
one computer to another through network
sharing, sharing of hard drives, flash disks, etc.
26

27. ContinueContinue
◦ Denial of service attack
 This is an act by the criminal who floods the
bandwidth of the victim’s network or fills his e-
mail box with spam mail depriving him of the
services he is entitled to access or provide.
 The main purpose is to create such a surge in
the volume of email traffic in order to degrade
network performance
27

28. ContinueContinue
 It is often aimed at businesses engaging in e-
commerce the aim being to generate such a
volume of spurious messages that the victim
site becomes clogged up and is unable to
accept messages from genuine users wishing to
place orders for goods or services.
 Denial of service attack may cause both
financial loss and loss in goodwill
 Customers who are unable to access services
may lose confidence in a certain service
provider or businessman
28

29. ContinueContinue
 For example, on February 2000 denial of
service attacks was initiated by a single man
(teenager!) in Canada, who slowed down
dramatically the most famous e-commerce
servers like amazon.com, ebay, yahoo.
 These servers could not sell their products any
more for some few days. They claimed to have
globally endured more than $1 billion in
damages
29

30. ContinueContinue
◦ Unauthorised interception
 Development in telecommunications provides new
opportunities for electronic eavesdropping.
 Interception of communications has not been used
only for surveillance of an unfaithful spouse, but it
has developed to be used against politicians and for
industrial espionage.
 The electromagnetic signals emitted by a computer
may be intercepted.
 Cyber criminals often obtain valuable information
by intercepting and monitoring communications
sent via the internet or other information
networks.
30

31. ContinueContinue
 Electronic mail messages can easily be
intercepted by third parties, thereby enabling
them to obtain bank account numbers,
password, access codes and various other forms
of data.
 While interception of communication may be
legal if permitted by the law, unlawful
interception is illegal and is one of the cyber
crimes.
 The challenges that exist in regulating
interception of electronic communication is the
need to balance unathorised interception and
the question of freedom of expression.
31

32. ContinueContinue
◦ Extortion
 Extortion is a process from which criminal
intruders disrupt the information system in order
to execute any bad motive behind such disruption.
 Such intrusion in a computer system may cause
damage in storage system and loss of some
important data.
 The act also can be used to disrupt the security
system so as to facilitate the commission of other
crimes.
32

33. ContinueContinue
◦ Pornography, cyber-obscenity and cyber-
stalking
 Pornography is the first consistently successful
e-commerce product
 By using deceptive marketing tactics and mouse
trapping technologies pornography has been a
tool for encouraging customers to access
certain websites.
 The access of this kind of materials is open to
both children and adults who uses the Internet
33

34. ContinueContinue
 One of the impacts of pornography is a
crime known as paedophilia.
 Paedophilia is criminal activity involving
sexual offences against children by adults,
including the production and distribution of
child pornography.
 A paedophile is a person who is sexually
attracted to children
 Most of the countries now have criminalized
child pornography
34

35. ContinueContinue
◦ Cyber stalking is a technologically-based
“attack” on one person who has been
targeted specifically for that attack for
reasons of anger, revenge or control.
 Using this technique a criminal follows a
victim by harassing or persecuting him/her
with unwanted and obsessive attention
through sending emails, forum chat, etc
35

36. ContinueContinue
 Cyber stalking may take forms of;
harassment, embarrassment and
humiliation of the victim,
emptying bank accounts or other
economic control such as ruining the
victim's credit score, harassing family,
friends and employers to isolate the
victim,
scare tactics to instill fear, etc.
36

37. Cyber-StalkingCyber-Stalking
37

38. ContinueContinue
◦ Cyber obscenity is closely associated with
cyber stalking.
 In this techniques, a criminal causes a
transmission of distasteful, obscene or
offensive materials through the Internet to
another person
 Distribution of indecent/obscene materials
is largely criminalized by most of the
countries-such prohibition extends on the
Internet
38

39. ContinueContinue
 Publication of offensive materials is an
offence and may also be defamatory
 However what is offensive in one country
may not be the same in another country.
 This causes a great disparity in laws
regulating offensive materials on the
Internet
39

40. ContinueContinue
◦ Software piracy
 This encompasses a range of forms of conduct like;
 Unlawful Multiple installation
 End-User Piracy
 Client/Server Piracy
 Online Piracy
 Software piracy infringes IPR and mostly raises civil
liability other than criminal liability
 However, IPR has also criminal sanctions which
may also relate to software piracy
40

41. ContinueContinue
◦ Use of unlawful devices and unlawful
programs
 Because of various threats posed by electronic
technology, companies and governments have
developed some security measures to help in
preventing unauthorised access or use of
certain information
 Criminals frequently use sophisticated
technology to intrude in these protected
systems so as to commit crimes
41

42. ContinueContinue
 More often, criminals use some devices or
programs which can disrupt the security
system or any protected material
 E.g, Criminals may use skimming devices to
capture all the data contained on the
magnetic strip and thereafter, with
assistance of a computer terminal,
download such data and use them for any
unlawful activity including credit card fraud
acts
42

43. 43

44. ContinueContinue
◦ Spoofing and phishing
 Phishing is a pulling out of confidential information
from the bank/financial institutional account holders
by deceptive means.
 Phishing is a general term for e-mails, text
messages and websites fabricated and sent by
criminals and designed to look like they come
from well-known and trusted businesses,
financial institutions and government agencies
in an attempt to collect personal, financial and
sensitive information. It’s also known as brand
spoofing.
44

45. ContinueContinue
E.g, A Criminal may send scams, which may be in
form of an email, to a victim informing him that
his email has won a certain sum of money and
that the email has been randomly selected from
several emails following the draw conducted on a
certain date.
Characteristics
◦ The content of a phishing e-mail or text message
is intended to trigger a quick reaction from you.
It can use upsetting or exciting information,
demand an urgent response or employ a false
pretense or statement.
45

46. ContinueContinue
◦ Typically, phishing messages will ask you to
"update," "validate," or "confirm" your
account information or face dire
consequences. They might even ask you to
make a phone call.
◦ Often, the message or website includes
official-looking logos and other identifying
information taken directly from legitimate
websites.
46

47. ContinueContinue
 The criminal may ask the victim to verify his
email details (pretending that it is for security
purposes) and send back all his full details
including bank account details and that the
money will be deposited to that account as
soon as all correct details are received.
 Sometimes the criminal may link a victim to a
certain website pretending that it is for security
reasons
47

48. ContinueContinue
Brand Spoofing is a technique of getting one
computer on a network to pretend to have
the identity of another computer, usually one
which has special access privileges, so as to
obtain access to other computers on the
network
Government, financial institutions and online
payment services are common targets of
brand spoofing.
48

49. 49

50. Legislative MeasuresLegislative Measures
Before 2010 there was no specific law
that was enacted to regulate cyber crimes
◦ The Law Reform Commission-prepared a Bill
 Computer and Computer-related Crimes Bill:
 That was aimed at regulating;
 Illegal access and interfering with computer
systems
Use of illegal devices
Interfering with data and computer system
50

51. ContinueContinue
Publication of immoral materials (eg.
obscenity, inciting hatred, harmful to
children, etc.)
Production of computer viruses, worms,
logic bombs, etc.
Powers of authorised officers to search &
seize computer systems/e-devices and
access data
Powers of authorised officers to prosecute
cyber-crimes
51

52. ContinueContinue
The response of the Government was the enactment
and passing by the parliament of the Electronic and
Postal Communications Act, 2010 (Act no.3 of 2010)
Part VI of the Act establishes offences and penalties
in relation to;
◦ Electronic communications-ss 116-124
◦ SIM Cards-ss125-137
◦ Postal Communications-ss 138-150
◦ Additional offences and penalties-ss 151-160
The new law has made a number of amendments to
the TCRA Act and the Fair Competition Act
52

53. ContinueContinue
It is significant to note that, some of
commonly known cyber-crimes have been
criminalized under the new law;
These include;
◦ Offences relating to interception of electronic
communication-s.120
◦ Offences relating to interference of electronic
communication-s.123
◦ Fraudulent use of electronic services-s.122
◦ Unauthorised access or use of computer system-
s.124
◦ Transmission of obscene materials-s.118
53

54. ContinueContinue
S.124(1) of the Act establishes a National
Computer Emergency Response Team (CERT)
whose role is;
◦ To coordinate response to cyber security incidents at
the national level
◦ Cooperate with regional and international entities
involved with the management of cyber security
incidents.
The enactment of this Law has not effectively
succeeded to address challenges related to
ICT/Cyber Crimes.
There is initiative of coming with the Cyber-crimes
Act.
54

55. ContinueContinue
Other Jurisdiction
The Council of Europe’s Convention on
Cybercrime
◦ In the absence of a more International instrument to
regulate and criminalize cyber crimes, this Regional
instrument has proved to be a leading international
instrument in this field
55

56. ContinueContinue
◦ The Convention criminalizes cyber crimes in four
categories
 Offences against the confidentiality, integrity
and availability of computer data and systems;
 Illegal access
 Illegal interception
 Data and system interference
 Computer-related offences
 Computer-related forgery
 Computer-related fraud
56

57. ContinueContinue
 Content-related offences
 Computer pornography and other obscene
materials
 Offences related to infringements of copyright
and related rights
 Software piracy, etc
Other countries have molded their laws
largely from this Convention, e.g;
◦ The Computer Misuse Act (UK)
◦ The Electronic Communications and
Transactions Act (SA)
57

58. Case law analysisCase law analysis
Unauthorised access to computer
systems (hacking)
 McKinnon v Government of the USA and another
[2008] UKHL 59
 Accessed 97 US Navy, Army, Nasa and
Pentagon computers
 Read para 11-16 of the case to see the facts
of this case.
 The order for his extradition from UK to US
was granted and the appellant was challenging
that order
 The House of Lord dismissed his appeal
against extradition.
58

59. ContinueContinue
Unauthorised access/use by authorized user
 S v Douvenga (2003)
 A Secretary tried to e-mail certain information
obtained from a database and give it to a
competitor
 The Secretary had authorisation to access data
(password)
 The issue was whether a person who is
authorized to access certain information can be
liable for unauthorised access if he accesses
information for unlawful purpose.
 The Court found that to be unauthorised
access.
59

60. ContinueContinue
 DPP v Bignall (1998) 1 Cr App R 1
 Police officers obtained access to data held on
the police national computer for private
purposes
 No crime – was entitled to authorised use to
gain access to data
 R v Bow Street Magistrates’ Court, ex p Allison
[1999] 4 All ER 1
 Authorised access to certain data but this
enabled access to other data
 The Court held that Authorisation does not
only relate to type of data but also to type of
access (i.e. purpose of access)-hence a crime 60

61. ContinueContinue
◦ Denial of service (DoS) attacks
 Flood servers with multiple requests or
congest communication links
 DPP v Lennon [2006] EWHC 1201 (Admin)
 The accused downloaded mail-bombing
program and used it to bombard his former
employer with e-mails
 The Court held-A person does not consent
to receive e-mails which are sent to disrupt
the proper operation and use of the system
61

62. ContinueContinue
◦ Extortion and Malicious damage to property
◦ In S v Howard (Unreported case no.
41/258/02), Johannesburg regional
magistrates’ court
 One of the issues in this case was whether
the erasure of digital data in a computer
system amounts to malicious damage to
property.
62

63. ContinueContinue
 The court answered this issue in affirmative
because of the fact that the hard drive of a
network server was damaged after it had
attempted to reboot 256 times and the file
loadtrm.exe had been altered, both as a
result of interference with the system by
the hacker.
 The court found that because the point of
sale systems were rendered unusable for a
sometime, temporary damage had been
done to corporeal property
63

64. ConclusionConclusion
The main challenge facing states in
regulating ICT related crimes is lack of
universal guidelines on legislative
measures which can be used to combat
such crimes.
It remains to be within domestic and
regional initiatives to deal with these
modern threats.
Thus, until when there will be uniform
standards, these threats will live with us.
64