CYBER CRIME
& CYBER TERRORISM: The need to know Cyber Laws
Mistakes like
straws float on the surface
One who wants
pearls must dive deep below
Cyber law has emerged as a field for a new crop
of professionals who may be called Techno-legal specialists. Since the emerging
Digital Era indicates that There is no business without e-business, there will
be no room for corporate professionals without a basic understanding of Cyber Laws
Hence cyber law literacy amongst professionals as Chartered Accountants, Company
Secretaries, Bankers, Insurance professionals, Law Enforcement Officers, and E-governance
officials is as essential as the study of Company law or corporate law .
Cyber laws are required to combat cyber crime
and cyber terrorism and this Article endeavours to delve deeper into the subject
to understand various other nuances of Information technology
Act,2000 which the Company Secretaries should be apprised of.
The Modern Thief can steal more with a computer
than with a gun
Cyber Crime
is a crime where cyberspace is used either as a tool ,target or both. This includes
anything from downloading illegal music files to stealing millions of dollars from
on-line bank accounts. Cyber crime also includes non-monetary
offences ,such a s creating and distributing viruses on other computers or posting
confidential business information on the Internet. However the most prominent form
of cyber crime is identity theft, in which criminals use the internet to steal personal
information from other users.
The first recorded Cyber crime
took place in the year 1820. In 1820, Joseph Marie Jacquard, a textile manufacturer
in
Reasons for Cyber Crime
1)
Data storage in small
space
Removal or deriving information through physical or virtual medium makes
it much easier.
Computer system is difficult to guard from unauthorized
access. A logic bomb could be secretly implanted and key loggers can steal access
codes. Advanced voice recorders, retina images etc. can fool biometric systems and
bypass firewalls to get past many a security system.
Who are the Usual Cyber Criminals
-
Children and adolescents between the age
group of 6-18 years : This delinquent
behavior pattern in children is mostly due to inquisitiveness to know and explore
things. Other reasons may be psychological or the thirst to prove themselves
outstanding amongst other children in their group.
-
Organized Hackers :
The hackers who organize themselves to fulfil certain objectives like political
bias, fundamentalism etc.
-
Professional Hackers:
They are motivated by the colour of money. These kind of hackers are mostly
employed to hack the site of rivals and get credible , reliable and valuable
information.
-
Discontented Employees:
This group includes people who either get sacked by their employer or are dissatisfied
by their employer.
Mode
and Manner of committing Cyber Crime
I.
Theft of Telecommunication
services: By gaining access to
an Organizations telephone switchboard (PBX) individual or criminal organizations
can obtain access to dial-in/dial out circuits and then make their own calls or
sell call time to third parties. Offenders may gain access to the switchboard by
impersonating a technician, by fraudulently obtaining an employees access code,
or by using software available on the internet. In one case, computer hackers in
the Unites States illegally obtained access to Scotland Yards telephone network
and made 620,000 worth of international calls for which Scotland Yard was responsible.
II.
Communications in
furtherance of criminal conspiracies:
Activities of criminal organizations are enhanced
by technology. There is evidence of telecommunications equipment being used to facilitate
organized drug trafficking, gambling, prostitution, money laundering, child pornography
and trade in weapons. The use of encryption technology may place criminal communications
beyond the reach of law enforcement.
III.
Telecommunications
Piracy: Digital Technology permits
reproduction & easy dissemination of print, graphics, sound and multimedia combinations.
The temptation to reproduce copyrighted material for personal use, for sale at a
lower price, or indeed for free distribution has proven irresistible to many. This
has caused considerable concern to owners of copyrighted material. Each year it
has been estimated that losses between US$ 15 and US$ 17 billion are sustained by
industry by reason of copyright infringement.
IV.
Dissmination of
offensive Materials: Objectionable
content exists in abundance in cyberspace. This includes among much else, sexually
explicit materials, racist propaganda and instructions for the fabrication of explosive
devices. Cyber stalking is indulged in which persistent messages are sent to an
unwilling recipient.
V.
Electronic Money
laundering & Tax Evasion: Electronic
funds transfer has assisted in concealing and in moving the proceeds of crime. Emerging
technologies will greatly assist in concealing the origin of ill-gotten gains. Legitimately
derived income may also be more easily concealed from taxation authorities. The
development of informal banking institutions and parallel banking systems may permit
central bank supervision to be bypassed, but can also facilitate the evasion of
cash transaction reporting requirements in those nations which have them. With the
emergence and proliferation of various technologies of electronic commerce, one
can easily envisage how traditional countermeasures against money laundering and
tax evasion may soon be of limited value.
VI.
Cyber Terrorism/
Electronic Vandalism: Cyber Terrorism
is the premeditated use of disruptive activities, or the threat thereof in cyberspace
with the intention to further social, ideological, religious, political or similar
objectives, or to intimidate any person in furtherance of such objectives.
Cyber Terrorism is a global concern. Defence
Planners around the world are investing substantially in information warfare means
of disrupting the information technology infrastructure of defence systems. Attempts
were made to disrupt the computer systems of the Sri Lankan Government and of the
World Atlantic Treaty Organization during the 1999 bombing of
CLASSIFICATION OF CYBER CRIME
Against Government Against individuals Against Property
I. AGAINST INDIVIDUALS: Cyber crime is effected
through
a)
Harassment via e-mails
b)
Cyber-stalking- Following a persons
movement across the internet by posting messages on the bulletin boards frequented
by the victim, entering chatroom frequented by the victim, constantly bombarding
the victim with e-mails
c)
Dissemination of obscene materials:
This may include the hosting of website containing these prohibitive materials.
d)
Unauthorized control over computer
system or Hacking
e)
E-mail spoofing : A spoofed e-mail
may be said to be one which misinterprets its origin. It shows its origin to be
different from which actually it originates.
III.
AGAINST PROPERTY: Cyber crime also
includes computer vandalism or destruction of others property, transmission of
harmful programmes. A Mumbai based upstart engineering company lost much money in
the business when the rival company, stole the technical database from their computers
with the help of a corporate cyber spy.
IV.
AGAINST GOVERNMENT: The medium
of cyberspace is being used by individuals and groups to threaten international
governments as also to terrorize the citizens of a country.
Cyber Wars are real and alarming
Hackers attack with bots, viruses and Trojans
instead of planes or armoured vehicles, and missiles and systematically create online
trapdoors to invade servers and computers and steal banking passwords
and money besides disabling communication links.
In March 2009, a cyber spy network
dubbed Ghost Net allegedly used servers mainly based in
In 2007 ,the US Government reportedly
suffered an espionage
In May 17, 2007 the Estonian parliament,
ministries, banks and media were targeted after which the North Atlantic Treaty
Organization ( NTO) established the cooperative Cyber Defence Centre of Excellence
( CCDCOE) in
In December 2009, a cyber attack
dubbed Operation Aurora by security firm McAfee was launched from
Around
6000 Indian Websites were defaced in 2009 according to Indian Computer Emergency
Response Team (CERT).
Online security expert Vijay Mukhi concurs that
PREVENTION
OF CYBER CRIME
1.
Passwords should be strictly guarded
2.
Use latest and update antivirus
software to guard against virus attacks
3.
Use of Cyber Caf should be avoided
4.
Use of firewalls may be beneficial
5.
Web servers running public sites
must be physically separate protected from internal corporate network
6.
It is better to use a security
programme that gives control over the cookies and send
information back to the site as leaving the cookies unguarded might prove fatal.
Regulating Indian Cyberspace
Statutory Provisions which a Company Secretary should know
Information Technology Bill passed by the Indian
Parliament in may 2000 notified as the IT Act 2000 has received the assent of the
president on 9th June,2000.This Act provides legal recognition for electronic
commerce and accords stringent punishments to cyber criminals.
Cyber contravention may result in civil prosecution
and the judicial proceedings are carried before the adjudicating officer. Offenders
are liable to pay damages depending on the nature of offence by way of compensation
to the victim upto an amount not exceeding Rupees 1 crore. Section 65 to 74 of the
IT Act deal with various offences. Cyber offences may result in criminal prosecution
,the offender liable to punishment with fine or imprisonment or both. The offences
are classified into cognizable or non-cognizable and bailable or non-bailable. Section
45 provides for residuary penalty for offences under section 43 & 44. Residuary
penalty is limited to Rs.25000/-.
OFFENCES COVERED UNDER IPC & SPECIAL LAWS
1.
Sec 503 IPC- Criminal
Intimidation : Sending
threatening messages by e-mail
Whoever threatens another with any injury to
his person, reputation or property, or to the person or reputation of anyone in
whom that person is interested, with intent to cause alarm to that person, commits
criminal intimidation.
2.
Sec 499 IPC :Sending
de-famatory messages by e-mail : Whoever
by words either spoken or intended to be read or by signs or by visible representations,makes
or publishes any imputation concerning any person intending to harm,or knowing or
having reason to believe that such imputation,will harm the reputation of such person,is
said to defame that person.
3.
Sec 463, 464, 468,469
IPC: Forgery of electronic
Records, E-mail spoofing
a.
Sec 463-Forgery:
Whoever makes any false documents
or electronic record with intent to cause damage or injury to the public or to any
person, or to enter into express or implied contract, or with intent to commit fraud
,commits forgery.
b.
Sec 464-
Making a false document : A person
is said to make a false document or a false electronic record when he dishonestly
or fraudulently makes, signs,seals or executes a document, makes or transmits any
electronic record, affixes any digital signature on any electronic record, with
the intention of causing it to be believed that such document, electronic record
or digital signature was made, signed, sealed, executed transmitted or affixed by
or by the authority of a person whom he knows that it was not made, signed, sealed,
executed or affixed
c.
Sec 468:
Forgery for the purpose of cheating:
Whoever commits forgery, intending that the document
or Electronic Record forged shall be used for the purpose of cheating, shall be
punished with imprisonment and liable to fine.
d.
Sec 469:
Whoever commits forgery intending that document or electronic record forged shall
harm the reputation of any party shall be subject to imprisonment or appropriate
fine.
4.
Bogus Websites, Cyber Frauds:
a.
Sec 420 IPC :
Cheating and dishonestly inducing delivery of property
Whoever cheats and thereby dishonestly induces
the person deceived, any property or makes, alters, or destroys whole or part of
a valuable security shall be punished with imprisonment and also liable to fine.
b.
Sec 383 IPC: Extortion:
c.
Sec 500: Punishment
for defamation: Whoever defames another
shall be punished with simple imprisonment or liable to fine.
d.
Sec 506,507 IPC:
Whoever commits the offence of criminal intimidation shall be punished with imprisonment.
Whoever commits the offence of criminal intimidation by an anonymous communication
shall be punished with imprisonment.
5.
Piracy-Sec
53, 63, 63B Copyright act
6.
Obscenity-
Sec 292,293,294 IPC, Indecent Representation
of Women Act
7.
Theft of computer hardware:
Sec 378,379 IPC
IT ACT,2000
Section 77A of the IT Act
provides that the offences under sections 66, 66A,
72 and 72A may be compounded by the aggrieved person.
Section 66
:
If a person dishonestly or fraudulently does any act which damages the computer
or the computer system, he is liable to a fine of up to five lakhs or be imprisoned
for a term of up to three years. A host of new sections have been added to
section 66 as sections 66A to 66F prescribing punishment for offenses such as obscene
electronic message transmissions, identity theft, cheating by impersonation using
computer resource, violation of privacy and cyber terrorism.
Section 66A:
If any person sends by means of a computer resource or a communication any content
which is grossly offensive or has a menacing character or which is not true but
is sent to create nuisance, annoyance, criminal intimidation, hatred or ill will
etc. shall be imprisoned for an imprisonment term which may be up to three years
combined with a fine.
Section 67
of the old Act is amended to reduce the term of imprisonment for publishing or transmitting
obscene material in electronic form to three years from five years for first conviction
and increase the fine thereof from Indian Rupees 100,000 (approximately USD 2000)
to Indian Rupees 500,000 (approximately USD 10,000).
A host of new
sections have been inserted as Sections 67 A to 67C. While Sections
67 A and 67 B insert penal provisions in respect of offences of publishing or
transmitting material containing sexually explicit act and child pornography in
electronic form, section 67C deals with the obligation of an intermediary to preserve
and retain such information as may be specified for such duration and in such manner
and format as the Central Government may prescribe.
In view of the
increasing threat of terrorism in the country, the new amendments include an amended
section 69 giving power to the State to issue directions for interception or monitoring
of decryption of any information through any computer resource. Further,
sections 69 A and 69 B, two new sections, grant power to the state
to issue directions for blocking for public access of any information through any
computer resource and to authorize to monitor and collect traffic data or information
through any computer resource for cyber security.
Section 72:
If a person is found in possession of some information like electronic record, book,
register, correspondence and he is found disclosing it to any third party without
the consent of the person concerned, then he shall be punished with imprisonment
for a term which may be up to two years, or a fine which may extend to One Lakh
rupees, or with both.
Section 72A:
If any person while providing services under the terms of the contract, has secured
access to any material containing personal information about another person, with
the intent to cause wrongful loss or wrongful gain discloses the information, without
the persons consent or in breach of a lawful contract, shall be punished with
imprisonment for a term which may extend to three years or with fine which
may extend to five lakh rupees or with both.
Gradation of
severity of computer related offences under Section 66 has been amended, now if
an offence is committed dishonestly or fraudulently then punishment is for a term
which may extend to three years or a fine which may extend to Rs 5 lakhs or with
both;
Section
43(A) is related to handling of sensitive
personal data or information with reasonable security practices and procedures.
This section has been inserted to protect sensitive personal data or information
possessed, dealt or handled by a body corporate in a computer resource which such
body corporate owns, controls or operates. If such body corporate is negligent in
implementing and maintaining reasonable security practices and procedures and thereby
causes wrongful loss or wrongful gain to any person, it shall be liable to pay damages
by way of compensation to the person so affected.
Snapshot of Important Cyber
law Provisions in India
Offence |
Section under IT Act |
Tampering with Computer
source documents |
Sec.65 |
Hacking with Computer
systems, Data alteration |
Sec.66 |
Publishing obscene information |
Sec.67 |
Un-authorized access
to protected system |
Sec.70 |
Breach of Confidentiality
and Privacy |
Sec.72 |
Publishing false digital
signature certificates |
Sec.73 |
NOTE:
Sec.78 of I.T. Act empowers Deputy Superintendent Of Police to investigate cases
falling under this Act.
Computer Related Crimes Covered
under Indian Penal Code and Special Laws
Offence |
Section
|
Sending threatening
messages by email |
Sec 503 IPC |
Sending defamatory messages
by email |
Sec 499 IPC |
Forgery of electronic
records |
Sec 463 IPC |
Bogus websites, cyber
frauds |
Sec 420 IPC |
Email spoofing |
Sec 463 IPC |
Web-Jacking |
Sec 383 IPC |
E-Mail Abuse |
Sec 500 IPC |
Online sale of Drugs |
NDPS Act |
Online sale of Arms |
Arms Act |
Role of Company Secretary
in Information Technology
1.
Compliance with Cyber laws and
other laws
2.
Conducting Board Meetings through
Video Conferencing and
tele-conferencing
3.
Advising on IT related IPR
4.
Developing Management Reports &
controls
5.
Maintaining statutory records in
electronic form
6.
E-filing of forms/documents under
MCA-21 and other statutory authorities
Conclusion
Today, increasing
number of Corporations are embracing a new paradigm in the way they approach enterprise
security. They have engaged not only IT Experts but also professionals like lawyers
and Company Secretaries to combat with the Cyber crime menace.
The world has finally woken up and understood
that cyber security needs a global approach and is a very serious matter," The Internet
places a profound and staggering degree of information and knowledge at our fingertips.
The Internet is the ultimate library and encyclopedia. It enables an army of telecommuting
working men and women to work at home. It facilitates instant back and forth communication
by e-mail. Online, we read newspapers and listen to music. The Internet is where
we can advertise goods for sale on e-bay and purchase all sorts of items at retail
stores. However, this boon of knowledge is not without ill effects and unless arrested
will prove to be a bane to the world.