THE internet is ever growing and you and I are truly pebbles in a vast ocean of information. They say what you don’t know can’t hurt you. When it comes to the Internet believe quite the opposite. On the Internet there a millions and millions of computer users logging on and off on a daily basis. Information is transferred from one point to another in a heartbeat. Amongst those millions upon millions of users, there are you.
As humble a user you may be of the Internet, you are pitted against the sharks of the information super highway daily. Problem with that is the stealth by which it happens. Currently about 30-40% of all users are aware of the happenings on their computer. The others simply either don’t care or don’t have the proper “know how” to recognize if their system is under attack and or being used.
You are reading this article because you are concerned about your privacy, security in the Internet world. As well you should be. On the Internet nothing is quite what it appears to be. The uninformed will get hurt in many ways. By taking interest in your privacy, security and safety you have proven yourself to be above the rest.
I wrote this article to get you introduced to the real internet world and basic knowledge of information Technology Act. To show you how cyber criminals gain access to your system using security flaws and programs. The theory goes that if you are aware of what they are doing and how they are doing it you’ll be in a much better position to protect yourself from these attacks.
What is a cyber crime?
Cyber Crime is the latest and perhaps the most complicated problem in the cyber world. “Cyber crime may be said to be those species, of which, genus is the conventional crime, and where either the computer is an object or subject of the conduct constituting crime."
"Any criminal activity that uses a computer either as an instrumentality, target or a means for perpetuating further crimes comes within the ambit of cyber crime."
A generalized definition of cyber crime may be "unlawful acts wherein the computer is either a tool or target or both." The computer may be used as a tool in the following kinds of activity like - Financial crimes, Sale of illegal article, Pornography, Online gambling, Intellectual Property crime, E-mail spoofing, Forgery, Cyber defamation, Cyber stalking.
Distinction Between Conventional and Cyber Crime-
There is apparently no distinction between cyber and conventional crime. However, on a deep introspection we may say that there exists a fine line of demarcation between the conventional and cyber crime, which is appreciable. The demarcation lies in the involvement of the medium in cases of cyber crime. The 'sine qua non for cyber crime is that there should be an involvement, at any stage, of the virtual cyber medium.
Reasons for Cyber Crime
"The Concept of Law" has said 'human beings are vulnerable so rule of law is required to protect them.' Applying this to the cyberspace we may say that computers are vulnerable so rule of law is required to protect and safeguard them against cyber crime. The reasons for the vulnerability of computers may be said to be:
1. Capacity to store data in comparatively small space: The computer has unique characteristic of storing data in a very small space. This affords to remove or derive information either through physical or virtual medium makes it much easier.
2. Easy to access- The problem encountered guarding a computer system from unauthorized access is that there is every possibility of breach not due to human error but due to the complex technology. By secretly implanted logic bomb, key loggers that can steel access codes, advanced voice recorders. Retina imagers etc. that can fool biometric systems and bypass firewalls can be utilized to get past many a security system.
3. Complex: The computers work on operating-systems and these systems in turn are composed of millions codes. Human mind is fallible and it is not possible that there might not be lapse at any stage. The cyber criminals take advantage of these lacunas and penetrate into the computer system.
4. Negligence: Negligence is very closely connected with human conduct. It is therefore very probable that while protecting the computer system there might be any negligence, which in turn provides a cyber criminal to gain access and control over the computer system.
5. Loss of evidence: Loss of evidence is a very common and obvious problem as all the data are routinely destroyed. Further, collection of data outside the territorial extent also paralyses this system of crime investigation.
Cyber Criminals
The cyber criminals constitute of various groups/category. This division may be justified on the basis of the object that they have in their mind. The following are the category of cyber criminals-
1. Children and adolescents between the age group of 6 to 18 years- The simple reason for this type of delinquent behavior pattern in children is seen mostly due to the inquisitiveness to know and explore the things. Other cognate reason may be to prove them to be outstanding amongst other children in their group. Further, the reasons may be psychological even. For example, the Bal Bharati (Delhi) case was the outcome of harassment of the delinquent by his friends.
2. Organized hackers- These kinds of hackers are mostly-organized together to fulfill certain objective. The reason may be to fulfill their political bias, fundamentalism etc. The Pakistanis are said to be one of the best quality hackers in the world. They mainly target the Indian government sites with the purpose to fulfill their political objectives. Further, the NASA as well as the Microsoft sites is always under attack by the hackers.
3. Professional hackers/crackers- Their work is motivated by the colour of money. These kinds of hackers are mostly employed to hack the site of the rivals and get credible, reliable and valuable information. Further, they are employed to crack the system of the employer basically as a measure to make it safer by detecting the loopholes.
4. Discontented employees- This group includes those people who have been either sacked by their employer or are dissatisfied with their employer. To avenge they normally hack the system of their employee.
The following are the crimes, which can be committed against the following group:
1. Against Individuals: - Harassment via e-mails, Cyber stalking, Dissemination of obscene, Defamation, Unauthorized control/access over computer system, Indecent exposure, E-mail spoofing, Cheating & Fraud,
2. Against Individual Property: - Computer Vandalism, Transmitting virus, Net Trespass, Unauthorized control/access over computer system, Intellectual Property Crimes, Internet time thefts.
3. Against Organization: - Unauthorized control/access over Computer system, Possession of unauthorized information, Cyber terrorism against the government organization, Distribution of pirated software
4. Against the Society at large: - Pornography (basically child pornography), Polluting the youth through, Trafficking, Financial crimes, Sale of illegal articles, Online gambling, Forgery,
STATUTORY PROVISION UNDER INFORMATION TECHNOLOGY ACT:
1. Data Theft: Sensitive information belonging to business organizations is targeted by rivals, criminals and sometimes even by employees. Such data (e.g. business plans, tender quotations, etc) may be obtained using hacking or social engineering techniques. Data theft is penalized by sections 43,66 & 66B of Information Technology Act.
2. Mobile Device Attacks: Threats to the security of mobile devices includes unauthorised access, stolen handsets, data theft, malware, phishing attack etc. Amend IT Act covers mobile phone are covered u/s 2 (ha) of Information Technology Act. Mobile devices attacks are penalized by sections 66 of Information Technology Act.
3. Financial Crimes: This is a wide term that includes credit card fraud, online share trading scams and e-banking crimes. In today’s highly digitalized world almost everyone is affected by financial crimes. Financial crimes are punishable u/s 66 and 66D of Information Technology Act.
4. Phishing Attack: Phishing usually involves spoofed emails that contain links to fake websites. Never respond to unsolicited emails asking for financial information. Sections 66, 66A & 66D of the Information Technology Act and Sections 419, 420 & 468 of IPC apply to phishing cases.
5. Denial of service Attack: This involves flooding a computer with more requests than it can handle, causing it to crash. In a Distributed Denial of Service (DDoS) attack, the attackers are many and are geographically widespread. DOS attacks are punishable u/s 66 of Information Technology Act.
6. Malware: Malware is software designed to infiltrate or damage a computer system without the owner’s informed consent. Malware is a wide term that includes viruses, worms, Trojans, rootkits, backdoors, spyware, botnets, keystroke loggers. Spreading malware is punishable u/s 66 of the Information Technology Act.
7. Spam: Spam is the abuse of electronic message system to send unsolicited bulk messages indiscriminately. E-mail spam, known as junk mail, is a practice of sending unwanted e-mail messages for commercial gain. Sending spam is punishable u/s 66 A of Information Technology Act.
8. Identity Theft: Identity theft involves the fraudulent or dishonest use of someone’s electronic signature, password or other unique identification feature. It is the first step towards credit card fraud, online share trading scams and e-banking crimes. Identity theft is punishable u/s 66C of the Information Technology Act.
9. Cyber Espionage: Cyber espionage is the act of obtaining personal, sensitive, proprietary or classified information without permission. Also know as cyber spying, it involves the use of cracking techniques and malicious software including Trojans and spyware. Cyber espionage is punishable u/s 66 of the Information Technology Act.
10. Cyber Frauds: Greed of the victim is the main reason why cyber frauds are successful. Do not believe emails or sms that say that you have won a million dollar lottery. Be wary of strangers who promise to transfer crores of rupees to your bank account. Cyber frauds are punishable u/s 66 & 66D of Information Technology Act.
11. Cyber Terrorism: Cyber terrorism involves the use or threat of disruptive cyber activities for ideological, religious or political objectives. Cyber terrorism can weaken a country’s economy and even make it more vulnerable to military attack. Cyber terrorism is punishable with life imprisonment u/s 66 F of the Information Technology Act.
12. Social Engineering: A social engineering attack tricks people into revealing passwords or other confidential information. This attack requires minimum technological expertise and can cause the maximum damage. Such attacks targets “bugs” in the human hardware. Comprehensive security policies and increased user awareness are preventive measures.
“Greed”
“We are all born brave, trusting and greedy, and most of us remain greedy.”
Greed of the victim is at the root of most of the cyber crimes. If someone gets an email telling him that he has won a huge lottery, what is the first thing that he should do? Ask himself – did I even buy a ticket for this lottery? If you have not bought the ticket, how can you win the lottery? If you still want to believe it and then even pay a “small” processing fee, who can you blame if you get defrauded? Every time that you download “free” software, that promises to change your very way of life, from a popup advertisement, you risk compromising your entire digital identity.
Today your computer holds the key to your digital life – your health records, bank accounts, online share trading accounts, email accounts, utility bills, credit card information, tax filings.... the list is endless.
BE CAREFUL & SAFE BROWSING
