Preventive steps & Awareness

1. Cybercrime
Preventive steps & Awareness

2. Objectives
 To provide a general awareness of
Cybercrime
 To understand Cybercrime methods
 To identify Internet scams
 To learn how to keep from being a victim

3. What is Cybercrime?
 Cybercrime is any illegal act committed
by using a computer network.
 Cybercrime is a subset of computer crime.

4. Examples of Cybercrime
 Web defacement  Identity theft
 Unauthorized network  Child pornography
access  Interception and
 Cyber-Stalking fabrication of emails
 Internet fraud  Theft of passwords

5. Who are the perpetrators?
 Not just “hackers.”
 Companies seeking competitor’s trade secrets
 Con-artists
 Pedophiles
 Disgruntled employees
 “Accidental” criminals
 The Internet should be viewed as another
medium in which criminals can conduct
illegal acts.

6. Who are the cyber victims?
 Companies
 No security awareness
 Bottom liners
 Individuals
 The unaware individuals
 The “don’t care” individuals
 The “innocent by-stander” individuals
 Society

7. Desktop Security
 Many people become victims of a cyber
attack by what is referred to as “drive by
hacking.”
 Tools are freely available on the Internet
to allow for such behavior to occur.
 The latest Microsoft Security flaw is a
good example of how vulnerable each
users desktop is to such an attack.

8. Spyware
 Spyware is used by companies to gather
the surfing habits of individuals.
 Pop-up ads are usually a result of spyware
being present on a computer.
 Keyloggers are a form of spyware that
secretly record keystrokes and have the
ability to email them back to the intruder.

9. What can I do?
 Awareness is the first step in protecting
yourself and your family.
 Invest in Anti-virus, Firewall, and SPAM
blocking software for your PC.
 Detect secure websites when
conducting transactions online.
 Do NOT respond or act on emails sent
from unknown sources.

10. Detecting Secure Websites
HTTPS instead of HTTP
Yellow Lock at bottom right of website

11. Emails
 SPAM emails are becoming easier to
detect by the average user. Look for these
clues to identify SPAM:
 The receiver’s name is the same as the sender’s
 The subject is offering money making deals
 The user is unknown and there are links to what
appear to be legitimate websites.

12. Cyber crime: an important note
 The IT Act provides the backbone for e-
commerce and India’s approach has been
to look at e-governance and e-commerce
primarily from the promotional aspects
looking at the vast opportunities and the
need to sensitize the population to the
possibilities of the information age. There is
the need to take in to consideration the
security aspects.

13. Cyber crime: Indian law
 In Indian law, cyber crime has to be voluntary and
willful, an act or omission that adversely affects a
person or property. The IT Act provides the
backbone for e-commerce and India’s approach
has been to look at e-governance and e-
commerce primarily from the promotional aspects
looking at the vast opportunities and the need to
sensitize the population to the possibilities of the
information age. There is the need to take in to
consideration the security aspects.

14. United Nations’ Definition of
Cybercrime
 a. Cybercrime in a narrow sense (computer crime): Any
illegal behavior directed by means of electronic operations
that targets the security of computer systems and the data
processed by them.
 b. Cybercrime in a broader sense (computer-related crime):
Any illegal behavior committed by means of, or in relation to,
a computer system or network, including such crimes as
illegal possession [and] offering or distributing information by
means of a computer system or network.

15. Cyber crime: There are more
concrete examples, including
 Unauthorized access
 Damage to computer data or programs
 Computer sabotage
 Unauthorized interception of
communications
 Computer espionage

16. What are the basic steps in fortifying the legal
position of an organisation in cases of data theft?
 While passing the IT Act, the government
has also amended other related legislation,
such as the Copyright Act or the Law of
Evidence. Now, an organisation can keep a
log of how a particular piece of intellectual
property was built, by documenting the
steps that led to development of a solution
or product. This documentation will help
establish the ownership of the final product.

17. What about simple information or
databases?
 The same applies to these. Beginning with
the source of the database or information,
their build up, fine-tuning and periodical
revision will establish ownership.

18. How broad is the scope of protection
under the laws?
 Section 66 of the IT Act has defined hacking as
(among other things) intentionally destroying,
deleting or altering any information residing on a
computer. There is no mention of the word
copying here. However, the latter part of this
section refers to "diminishing the value or utility"
of this information. Copying is covered under this.
If someone steals information and pastes it on a
web site available to all, the value of this
information diminishes.

19. Are there methods to ensure adherence
to data access norms for employees?
 Each organisation must have a well-defined IT
use policy. It is important to offer written
description of the limits each employee needs to
follow. They should also be told the legal
consequences of any breach of the access
norms. There are provisions for imprisonment of
three to five years and a fine for different offences
under the IT Act. The law also provides judicial
custody of up to a week to allow investigation.
The idea of staying in a lock-up can be a
deterrent enough for the techie kind, provided
they are told about it.

20. Is the redressal process speedier for
those hit by cyber crimes?
 Any incident of data theft can be addressed on both criminal
and civil tracks of the law. While the criminal proceedings will
intend to regain the custody of data, the civil proceeding will
seek compensation for loss caused by such theft. Disposal of
cases will be handled at par with other cases of either nature.
However, under the IT Act, the secretary of the information
technology department of the Central or state government
has been empowered to adjudicate the civil cases. This
officer has the powers to order summary investigation and is
not compelled to follow any legal procedures and will simply
follow. If he follows the principles of natural justice (such as
giving the accused an opportunity to be heard) he can
examine the evidence, impose punishment and order
compensation.

21. Conclusion
 The key to protecting yourself is being
aware.
 Not all cybercriminals are “hackers.”
 There is a whole other world that exists in
cyberspace…make sure that your
information travels safely.

22. Questions
HR & Administrative Officer
hr.manager@infoway.us