INTRODUCTION:
The internet in India is growing rapidly. It has given rise to new opportunities in every field we can think of – be it entertainment, business, sports or education. There are two sides to a coin. Internet also has its own disadvantages. One of the major disadvantages is Cybercrime – illegal activity committed on the internet. The internet, along with its advantages, has also exposed us to security risks that come with connecting to a large network. Computers today are being misused for illegal activities like e-mail espionage, credit card fraud, spasm, software piracy and so on, which invade our privacy and offend our senses. Criminal activities in the cyberspace are on the rise.
AIM:
In the following pages you shall come across the following points.
1) Definition
2) Categories of Crime
a. Cyber crimes Against Persons
b. Cyber crimes against Property
c. Cyber crimes against Government
3) Modes of Cyber crimes
4) Cyber Laws (Information Technologies Act 2000)
5) Prevention of Cyber crimes
a. Prevention steps for Individuals
b. Prevention steps for Property and Government
c. General Information
6) Conclusion
1) DEFINITION:
What is this Cyber crime? We read about it in newspapers very often. Literarily: "It is a criminal activity committed on the internet. This is a broad term that describes everything from electronic cracking to denial of service attacks that cause electronic commerce sites to lose money".
It can also be defined as “Crime committed using a computer and the internet to steal a person’s identity or sell contraband or stalk victims or disrupt operations with malevolent programs”
Cybercrimes can be basically divided into 3 major categories:
a. Cybercrimes against persons.
b. Cybercrimes against property.
c. Cybercrimes against government.
Cybercrimes committed against persons include various crimes like- transmission of child-pornography, harassment of any one with the use of a computer such as e-mail. The trafficking, distribution, posting, and dissemination of obscene material including pornography and indecent exposure, constitutes one of the most important Cybercrimes known today. The potential harm of such a crime to humanity can hardly be amplified. This is one Cybercrime which threatens to undermine the growth of the younger generation as also leave irreparable scars and injury on the younger generation, if not controlled.
These crimes also bring us to another related area of violation of privacy of citizens. Violation of privacy of online citizens is a Cybercrime of a grave nature. No one likes any other person invading the invaluable and extremely touchy area of his or her own privacy which the medium of internet grants to the citizen.
b. Cybercrimes against property.
The second category of Cyber-crimes is that of Cybercrimes against all forms of property. These crimes include computer vandalism (destruction of others' property), transmission of harmful programmes.
A Mumbai-based upstart engineering company lost a say and much money in the business when the rival company, an industry major, stole the technical database from their computers with the help of a corporate cyber spy.
c. Cybercrimes against government.
The third category of Cyber-crimes relate to Cybercrimes against Government. Cyber terrorism is one distinct kind of crime in this category. The growth of internet has shown that the medium of Cyberspace is being used by individuals and groups to threaten the international governments as also to terrorise the citizens of a country. This crime manifests itself into terrorism when an individual "cracks" into a government or military maintained website.
3) MODES OF CYBER CRIMES:
Cyber harassment is a distinct Cybercrime. Various kinds of harassment can and do occur in cyberspace, or through the use of cyberspace. Harassment can be sexual, racial, religious, or other. Cyber harassment mainly depicts the violation of the privacy of online citizens. Persons perpetuating such harassment are also guilty of cybercrimes.
Unauthorised access: This activity is commonly referred to as hacking. Using one's own programming abilities as also various programmes with malicious intent to gain unauthorised access to a computer or network are very serious crimes. Similarly, the creation and dissemination of harmful computer programmes which do irreparable damage to computer systems is another kind of Cybercrime.
Software piracy is also another distinct kind of Cybercrime which is perpetuated by many people online who distribute illegal and unauthorised pirated copies of software. Professionals who involve in these cybercrimes are called crackers and it is found that many of such professionals are still in their teens.
"Script-kiddies": Crackers do more than just spoiling websites. Novices, who are called "script-kiddies" in their circles, gain "root" access to a computer system, giving them the same power over a system as an administrator – such as the power to modify features. They cause damage by planting viruses.
Cracking is amongst the gravest Cyber-crimes known till date. It is a dreadful feeling to know that a stranger has broken into your computer systems without your knowledge and consent and has tampered with precious confidential data and information.
Coupled with this the actuality is that no computer system in the world is cracking proof. It is unanimously agreed that any and every system in the world can be cracked. The recent denial of service attacks seen over the popular commercial sites like E-bay, Yahoo, Amazon and others are a new category of Cyber-crimes which are slowly emerging as being extremely dangerous.
Theft of information contained in electronic from: This includes information stored in computer hard disks, removable storage media etc.
E-Mail bombing: Email bombing refers to sending a large amount of e-mails to the victim resulting in the victims’ e-mail account or mail servers to get junked by mails.
Data diddling: This kind of an attack involves altering the raw data just before it is processed by a computer and then changing it back after the processing is completed.
Salami attacks: Those attacks are used for the commission of financial crimes. The key here is to make the alteration so insignificant that in a single case it would go completely unnoticed e.g. a bank employee inserts a program into bank’s servers that deducts a small amount from the account of every customer.
Denial of Service: This involves flooding computer resources with more requests than it can handle. This causes the resources to crash thereby denying authorized users the service offered by the resources.
Virus/worm: Viruses are programs that attach themselves to a computer or a file and then circulate themselves to other files and to other computers on a network. They usually affect the data on a computer, either by altering or deleting it. Worms, unlike viruses don not need the host to attach themselves to.
Logic bombs: These are dependent programs. This implies that these programs are created to do something only when a certain event occurs, e.g. some viruses may be termed logic bombs because they lie dormant all through the year and become active only on a particular date.
Trojan Horse: A Trojan as this program is aptly called is an unauthorized program which functions from inside what seems to be an authorized program, thereby concealing what it is actually doing.
Internet Time Theft: This connotes the usage by unauthorized persons of the Internet hours paid for by another person.
Physically damaging a computer system: Physically damaging a computer or its peripherals.
4) CYBER LAWS
Information Technology Act 2000
Information technology bill passed by Indian Parliament in May 2000 notified as the IT Act 2000 has received the assent of the President on the 9th June, 2000.
This Act provides legal recognition for electronic commerce and accords stringent punishments to cyber criminals.
The Act simply says "Notwithstanding anything contained in any other law for the time being in force, any Police Officer not below the rank of Dy. Superintendent of Police (Dy.SP) may enter, search and arrest any person without search warrant in any public place who he thinks is committing or about to commit a cybercrime".
The Act defines cyber offence like –
Offence
Tampering with Computer source documents: Sec.65
Hacking with Computer systems, Data alteration: Sec.66
Publishing obscene information: Sec.67
Un-authorised access to protected system: Sec.70
Breach of Confidentiality and Privacy: Sec.72
Publishing false digital signature certificates: Sec.73
65. Tampering with computer source documents
"Computer source code" means the listing of programmes, computer commands, design and layout and Programme analysis of computer resource in any form...Whoever knowingly or intentionally conceals, destroys or alters or intentionally or knowingly causes another to conceal, destroy or alter any computer source code used for a computer, computer Programme, computer system or computer network, when the computer source code is required to be kept or maintained by law for the being time in force, shall be punishable with imprisonment up to three year, or with fine which may extend up to two lakh rupees, or with both.
66. Hacking with computer system
(1) Whoever with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person destroys or deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means, commits hacking.
(2) Whoever commits hacking shall be punished with imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both.
67. Publishing of information which is obscene in electronic form
Whoever publishes or transmits or causes to be published in the electronic form, any material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstance, to read see or hear the matter contained or embodied in it, shall be punished on first conviction with imprisonment of either description for a term which may extend to five years and with fine which may extend to one lakh rupees and in the event of a second or subsequent conviction with imprisonment of either description for a term which may extend to ten years and also with fine which may extend to two lakh rupees.
70. Un-authorised access to protected system
(1) The appropriate Government may, by notification in the Official Gazette, declare that any computer, computer system or computer network to be a protected system.
(2) The appropriate Government may, by order in writing, authorise the persons who are authorised to an access protected systems notified under sub-section (1).
(3) Any person who secures access or attempts to secure access to a protected system in contravention of the provision of this section shall be punished with imprisonment of either description for a term which may extend to ten years and shall also be liable to fine.
72. Penalty for breach of confidentiality and privacy
Save as otherwise provide in this Act or any other law for the time being in force, any person who, in pursuance of any of the powers conferred under this Act, rules or regulation made there under, has secured assess to any electronic record, book, register, correspondence, information, document or other material without the consent of the person concerned discloses such material to any other person shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both.
73. Penalty for publishing Digital Signature Certificate false in certain
Particulars
(1) No person shall publish a Digital Signature Certificate or otherwise make it available to any other person with the knowledge that-
(a) The Certifying Authority listed in the certificate has not issued it; or
(b) The subscriber listed in the certificate has not accepted it; or
(c) The certificate has been revoked or suspended, unless such publication is for the purpose of verifying a digital signature created prior to such suspension or revocation.
(2) Any person who contravenes the provisions of sub-section (1) shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both.
80. Power of Police Officer and other Officers to enter, search etc.
(1) Notwithstanding anything contained in the Code of Criminal Procedure, 1973, any police officer, not below the rank of a Deputy Superintendent of Police, or any other officer of the Central Government or a State Government authorised by the Central Government in this behalf may enter any public place and search and arrest without warrant any person found therein who is reasonably suspected or having committed or of committing or of being about to commit any offence under this Act Explanation.—For the purposes of this sub-section, the expression "public place" includes any public conveyance, any hotel, any shop or any other place intended for use by, or accessible to the public.
(2) Where any person is arrested under sub-section (1) by an officer other than a police officer, such officer shall, without unnecessary delay, take or send the person arrested before a magistrate having jurisdiction in the case or before the officer-in-charge of a police station.
(3) The provisions of the Code of Criminal Procedure, 1973 shall, subject to the provisions of this section, apply, so far as may be, in relation to any entry, search or arrest, made under this section.
5) PREVENTION OF CYBER CRIMES
Prevention is better than cure. Let’s see the different techniques and steps to be followed to get protection from cyber crimes.
a) PREVENTIVE STEPS FOR INDIVIDUALS
CHILDREN:
Children should not give out identifying information such as Name, Home address, School Name or Telephone Number in a chat room. They should not give photographs to anyone on the Net without first checking or informing parents or guardians. They should not respond to messages, which are suggestive, obscene, belligerent or threatening, and not to arrange a face-to –face meeting without telling parents or guardians. They should remember that people online might not be who they seem.
PARENTS:
Parent should use content filtering software on PC to protect children from pornography, gambling, hate speech, drugs and alcohol. There is also software to establish time controls for use of limpets (for example blocking usage after a particulars time) and allowing parents to see which site item children have visited. Use this software to keep track of the type of activities of children.
b) PREVENTIVE STEPS FOR PROPERTY AND GOVERNMENT
PHYSICAL SECURITY: Physical security is most sensitive component, as prevention from cyber crime Computer network should be protected from the access of unauthorized persons.
ACCESS CONTROL: Access Control system is generally implemented using firewalls, which provide a centralized point from which to permit or allow access. Firewalls allow only authorized communications between the internal and external network.
PASSWORD: Proof of identity is an essential component to identify intruder. The use of passwords in the most common security for network system including servers, routers and firewalls. Mostly all the systems are programmed to ask for username and password for access to computer system. This provides the verification of user. Password should be changed with regular interval of time and it should be alpha numeric and should be difficult to judge.
FINDING THE HOLES IN NETWORK: System managers should track down the holes before the intruders do. Many networking product manufactures are not particularly aware with the information about security holes in their products. So organization should work hard to discover security holes, bugs and weaknesses and report their findings as they are confirmed.
USING NETWORK SCANNING PROGRAMS: There is a security administration’s tool called UNIX, which is freely available on Internet. This utility scans and gathers information about any host on a network, regardless of which operating system or services the hosts were running. It checks the known vulnerabilities include bugs, security weakness, inadequate password protection and so on. There is another product available called COPS (Computer Oracle and Password System). It scans for poor passwords, dangerous file permissions, and dates of key files compared to dates of CERT security advisories.
USING INTRUSION ALERT PROGRAMS: - As it is important to identify and close existing security holes, you also need to put some watchdogs into service. There are some intrusion programs, which identify suspicious activity and report so that necessary action is taken. They need to be operating constantly so that all unusual behaviour on network is caught immediately.
USING ENCRYPTION: - Encryption is able to transform data into a form that makes it almost impossible to read it without the right key. This key is used to allow controlled access to the information to selected people. The information can be passed on to any one but only the people with the right key are able to see the information. Encryption allows sending confidential documents by E-mail or save confidential information on laptop computers without having to fear that if someone steals it the data will become public. With the right encryption/decryption software installed, it will hook up to mail program and encrypt/decrypt messages automatically without user interaction.
c) GENERAL INFORMATION:
Ø Don’t delete harmful communications (emails, chats etc). They will provide vital information about system and address of the person behind these.
Ø Try not to panic.
Ø If you feel any immediate physical danger contacts your local police.
Ø Avoid getting into huge arguments online during chat and discussions with other users.
Ø Remember that all other Internet users are strangers; you do not know who you are chatting with. So be careful.
Ø Be extremely careful about how you share personal information about yourself online.
Ø Choose your chatting nickname carefully so as others. Do not share personal information in public space online; do not give it to strangers.
Ø Be extremely cautious about meeting online introduced person. If you choose to meet, do so in a public place along with a friend.
Ø If a situation online becomes hostile, log off and if a situation places you in fear, contact local police.
Ø Save all communications for evidence. Do not edit it in any way. Also, keep a record of your contacts and inform Law Enforcement Officials.
6) CONCLUSION
As the research shows, computer crime poses a real threat. Computer crime is a multi-billion dollar problem. Law enforcement must seek ways to keep the drawbacks from overshadowing the great promise of the computer age. Cybercrime is a menace that has to be tackled effectively not only by the official but also by the users by co-operating with the law. The founding fathers of internet wanted it to be a boon to the whole world and it is upon us to keep this tool of modernisation as a boon and not make it a bane to the society.
No comments:
Post a Comment