The document outlines major types of cyber crimes such as data diddling, Trojan horse attacks, and computer viruses. It then discusses methods to minimize cyber crimes like using strong passwords and security software. The document mainly focuses on India's Information Technology Act of 2000 which aims to provide legal recognition for electronic transactions. The key aspects of the Act include digital signatures, duties of certifying authorities, penalties for cyber crimes, and establishment of organizations to regulate the cyber space.
1. MAJOR TYPES OF CYBER CRIME
1.Data Diddling –involves changing data prior or during input to a computer.
2.Trojan Horse Attacks –involves placement of unwanted computer instruction in a
programme so that the host computer will perform some undesired/unauthorized
function.
3.Logic Bomb –is a computer programme executed at a specific time to cause damage to
computer programmes or data.
4.Impersonation –involves impersonating an authorized user.
5.Internet and Bulletein Boards –can be used by hackers to exchange information
necessary to commit criminal acts on computer systems.
6.Computer Virus –is a programme code which can attach itself to other programmes and
corrupt data and damage hardware.
7.Spamming –mass mailing of unsolicitated e –mail messages
8.Piggibacking –is a practice of establishing a wireless internet connection by using
another subscribers wireless internet access service without the persons permission or
knowledge
9.Trap Doors –are bits of code embedded in programs by the programmer(s) to quickly
gain access at a later time,
10.IP Spoofing –Hacker sends message to the computer with an IP address of a trsuted
source.
11.Data Dawdling –False data entry
2. 12.Cyber Harassment –can be sexual, racial,religiousetc.
13.Email abuse – sending unwanted e mails
14.Salami Techniques –an unauthorized programme that causes the unnoticed
debiting of small amount of assests from large number of sources/accounts
15.Cyber Loafing – Spreading excessive time on the internet
gambling,pornography and so on
16.Password suiting –automated guessing of phone numbers,User id’s and
passwords
17.Worms –A standalone programme that replicates itself on one computer and
tries to infect other computers.
18.Masquerading -uses a fake identity, such as a network identity, to gain
unauthorized access to personal computer information through legitimate access
identification
19.Denial of Service (DOS Attack)-This type of attack intent is to make resources
or service unavailable to its intended users. Such DOS attacks are carried out on
websites to stop them from functioning
20.Email Bombing-Email bombing means sending thousands of email to a victim
causing the victim’s mail account or mail server to crash
21.Cyber Warfare/Information Warfare -Such criminal activities carried out online
involving nations and state missionary is known as “Cyber Warfare
3. METHODS TO MINIMIZE CYBER CRIME
Scanning of Viruses
Security passwords(a difficult one which is hard to trace)
Security methods to verify and identify inappropriate content
surveillance software
Proxy servers
Disciplinary actions
Confirm that the request to initiate the wire is from an authorized source
within the company
Double- and triple-check email addresses
multi-person approval process for transactions
Slow down
Be suspicious of confidentiality
And last but not the least the implementation of LEGAL RESTRICTIONS
4. IT ACT 2000
In May 2000, both the houses of the Indian Parliament passed the Information
Technology Bill. The Bill received the assent of the President in August 2000 and
came to be known as the Information Technology Act, 2000. Cyber laws are
contained in the IT Act, 2000
Major objective :
An Act to provide legal recognition for transactions carried out by means of
electronic data interchange and other means of electronic communication,
commonly referred to as "electronic commerce
Chap -II :
Sec3/sec 4/sec 5/: Authentication of electronic records by Digital signatures and
it’s legal recognition.
Chapter-III :
sec 6 /SEC 7/of the Act details about Electronic Governance and provides inter alia
amongst others that where any law provides that information or any other matter
shall be in writing or in the typewritten or printed form, then, notwithstanding
anything contained in such law, such requirement shall be deemed to have been
satisfied if such information or matter is -
rendered or made available in an electronic form; and accessible so as to be usable
for a subsequent reference.
5. Sec 6 –All information to be communicated in Electronic format
Sec 7 –Retention of information in electronic form
Sec 8 –Publication in electronic gazette
Sec 9 - Sections 6,7 and 8 not to confer right to insist document should be accepted
in electronic form
Sec 10 - Power to make rules by Central Government in respect of digital signature
11. Attribution of electronic records.
Sec 12 -Acknowledgment of receipt in any particular form or method
13.Acknowledgement of Time and place of despatch and receipt of electronic record
14. Secure electronic record.
15. Secure digital signature.
16. Security procedure
Chapter-IV of the said Act gives a scheme for Regulation of Certifying Authorities -
17.Appointment of Controller and other officers. with a seal of the Office of the
Controller.
18. Functions of Controller.
The Controller may perform all or any of the following functions, namely:—
(a) exercising supervision over the activities of the Certifying Authorities;
(b) certifying public keys of the Certifying Authorities;
(c) laying down the standards to be maintained by the Certifying Authorities;(d)
specifying the qualifications and experience which employees of the
Certifying Authorities should possess;
(e) specifying the conditions subject to which the Certifying Authorities shall
6. (f) specifying the contents of written, printed or visual materials and
advertisements that may be distributed or used in respect of a Digital Signature
Certificate and the public key;
(g) specifying the form and content of a Digital Signature Certificate and the
key,
(h) specifying the form and manner in which accounts shall be maintained by
the Certifying Authorities;
(i) specifying the terms and conditions subject to which auditors may be
appointed and the remuneration to be paid to them;
(j) facilitating the establishment of any electronic system by a Certifying
Authority either solely or jointly with other Certifying Authorities and regulation of
such systems;
(k) specifying the manner in which the Certifying Authorities shall conduct their
dealings with the subscribers;
(l) resolving any conflict of interests between the Certifying Authorities and the
subscribers;
(m) laying down the duties of the Certifying Authorities;
(n) maintaining a data base containing the disclosure record of every Certifying
Authority containing such particulars as may be specified by regulations, which shall
be accessible to public.
19. Recognition of foreign Certifying Authorities.
7. .
19. Recognition of foreign Certifying Authorities
20. Controller to act as repository of all Digital Signature Certificates issued under
this Act.
21. Licence to issue Digital Signature Certificates
22. Application for licence.
23. Renewal of licence.
. Procedure for grant or rejection of licence.
25. Suspension of licence.
27. Power to delegate
28. Power to investigate contraventions.
29. Access to computers and data.
30. Certifying Authority to follow certain procedures. And 31. Certifying Authority to
ensure compliance of the Act, etc
32. Display of licence.
33. Surrender of licence and
34. 34. Disclosure.
Chapter-VII of the Act details about the scheme of things relating to Digital Signature
Certificates. The duties of subscribers are also enshrined in the said Act.
8. 35. Certifying Authority to issue Digital Signature Certificate.
36. Representations upon issuance of Digital Signature Certificate.
38. Revocation of Digital Signature Certificate.
43. Penalty for damage to computer, computer system, etc,Penalty for failure to furnish
information return, etc. he shall be liable to pay damages by way of compensation 44.
48. Establishment of Cyber Appellate Tribunal.
49. Composition of Cyber Appellate Tribunal.
A Cyber Appellate Tribunal shall consist of one person only (hereinafter referred to as
the Residing Officer of the Cyber Appellate Tribunal) appointed for 5 yrs,
Staff of the Cyber Appellate Tribunal.
(1) The Central Government shall provide the Cyber Appellate Tribunal with such officers
and employees as that Government may think fit
Chapter-IX of the said Act talks about penalties and adjudication for various offences. The
penalties for damage to computer, computer systems etc. has been fixed as damages by
way of compensation not exceeding Rs. 1,00,00,000 to affected persons. The Act talks of
appointment of any officers not below the rank of a Director to the Government of India
or an equivalent officer of state government as an Adjudicating Officer who shall
adjudicate whether any person has made a contravention of any of the provisions of the
said Act or rules framed there under. The said Adjudicating Officer has been given the
powers of a Civil Court.
9. Chapter-X of the Act talks of the establishment of the Cyber Regulations Appellate Tribunal,
which shall be an appellate body where appeals against the orders passed by the Adjudicating
Officers, shall be preferred.
Chapter-XI of the Act talks about various offences and the said offences shall be investigated
only by a Police Officer not below the rank of the Deputy Superintendent of Police. These
offences include tampering with computer source documents, publishing of information, which
is obscene in electronic form, and hacking.
The Act also provides for the constitution of the Cyber Regulations Advisory Committee, which
shall advice the government as regards any rules, or for any other purpose connected with the
said act. The said Act also proposes to amend the Indian Penal Code, 1860, the Indian Evidence
Act, 1872, The Bankers' Books Evidence Act, 1891, The Reserve Bank of India Act, 1934 to make
them in tune with the provisions of the IT Act.