Cyber Crimes and Cyber Laws

Kevin P. Francis

Roll No : 10
S1, MBA(IB)
School of Management Studies
CUSAT, Kochi – 22
Email : kevinfranc@gmail.com

Abstract: The growing danger from crimes committed against computers, or

against information on computers, is beginning to claim attention in national
capitals. Here we are discussing about basic awareness and self-protection
mechanisms from such dangers. Self-protection, while essential, is not
sufficient to make cyberspace a safe place. So we also discuss about the
cyber laws and rules.

Key words: Cyber Crimes, Cyber Laws, Piracy

1.0 INTRODUCTION

1.1. General Information

A simple yet sturdy definition of cyber crime would be “unlawful acts wherein the computer is
either a tool or a target or both”. Defining cyber crimes, as “acts that are punishable by the
information Technology Act” would be unsuitable as the Indian Penal Code also covers many
cyber crimes, such as e-mail spoofing, cyber defamation etc., In most countries around the
world, however, existing laws are likely to be unenforceable against such crimes. This lack of
legal protection means that businesses and governments must rely solely on technical
measures to protect themselves from those who would steal, deny access to, or destroy
valuable information.
Self-protection, while essential, is not sufficient to make cyberspace a safe place to conduct
business. The rule of law must also be enforced. Countries where legal protections are
inadequate will become increasingly less able to compete in the new economy. As cyber crime
increasingly breaches national borders, nations perceived as havens run the risk of having
their electronic messages blocked by the network. National governments should examine their
current statutes to determine whether they are sufficient to combat the kinds of crimes
discussed in this report.
2.0 TYPES OF CYBER CRIME

Cyber Crime refers to all activities done with criminal intent in cyberspace. These fall into three
slots.

• Those against persons.

• Against Business and Non-business organizations.
• Crime targeting the government.

Let us examine the acts wherein the computer is a tool for an unlawful act. This kind of activity
usually involves a modification of a conventional crime by using computer.
Some examples are:

2..1 Those against persons

• Financial Claims: This would include cheating, credit card frauds, money laundering etc.
• Cyber Pornography: This would include pornographic websites; pornographic magazines
produced using computer and the Internet (to down load and transmit pornographic
pictures, photos, writings etc.)
• Sale of illegal articles: This would include sale of narcotics, weapons and wildlife etc., by
posting information on websites, bulletin boards or simply by using e-mail
communications.
• Online gambling: There are millions of websites, all hosted on servers abroad, that offer
online gambling. In fact, it is believed that many of these websites are actually fronts for
money laundering.
• Cyber Stalking: Cyber stalking involves following a person’s movements across the
Internet by posting messages on the bulletin boards frequented by the victim, entering the
chat-rooms frequented by the victim.
• Cyber Defamation: This occurs when defamation takes place with the help of computers
and or the Internet e.g. someone published defamatory matter about someone on a
websites or sends e-mail containing defamatory information to all of that person’s friends
• Internet Time Theft: This connotes the usage by unauthorized persons of the Internet
hours paid for by another person..

2..2 Against Business and Non-business organizations

• Intellectual Property Crimes: These include software piracy, copyright infringement,

trademarks violations etc.
• Unauthorized access to computer system or network: This activity is commonly
referred to as hacking. The Indian Law has however given a different connotation to the
term hacking.
• Theft of information contained in electronic from: This includes information stored in
computer hard disks, removable storage media etc.
• E-Mail bombing: Email bombing refers to sending a large amount of e-mails to the victim
resulting in the victims’ e-mail account or mail servers.
• Data diddling: This kind of an attack involves altering the raw data just before it is
processed by a computer and then changing it back after the processing is completed.
• Denial of Service: This involves flooding computer resources with more requests than it
can handle. This causes the resources to crash thereby denying authorized users the
service offered by the resources.
• Trojan horse: A Trojan as this program is aptly called, is an unauthorized program which
functions from inside what seems to be an authorized program, thereby concealing what it
is actually doing.
• Physically damaging a computer system: This crime is committed by physically
damaging a computer or its peripherals.

2..3 Crime targeting the government

• Forgery: Counterfeit currency notes, postage and revenue stamps, mark sheets etc., can
be forged using sophisticated computers, printers and scanners.
• Salami attacks: Those attacks are used for the commission of financial crimes. The key
here is to make the alteration so insignificant that in a single case it would go completely
unnoticed e.g. A bank employee inserts a program into bank’s servers that deducts a
small amount from the account of every customer.
• Virus/worm: Viruses are programs that attach themselves to a computer or a file and then
circulate themselves to other files and to other computers on a network. They usually
affect the data on a computer, either by altering or deleting it. Worms, unlike viruses don
not need the host to attach themselves to.
• Logic bombs: These are dependent programs. This implies that these programs are
created to do something only when a certain event occurs, e.g. some viruses may be
termed logic bombs because they lie dormant all through the year and become active only
on a particular date.
• E-Mail spoofing: A spoofed email is one that appears to originate from one source but
actually has been sent from another source. This can also be termed as E-Mail forging.

3.0 PREVENTION

3..1 Preventive Steps For Individuals

3.1.1. Children
Children should not give out identifying information such as Name, Home address, School
Name or Telephone Number in a chat room. They should not give photographs to anyone on
the Net without first checking or informing parents guardians. They should not respond to
messages, which are suggestive, obscene, belligerent or threatening, and not to arrange a
face-to –face meeting without telling parents or guardians. They should remember that people
online might not be who they seem.

3.1.2. Parents
Parent should use content filtering software on PC to protect children from pornography,
gambling, hate speech, drugs and alcohol.
There is also software to establish time controls for use of limpets (for example blocking usage
after a particulars time) and allowing parents to see which site item children have visited. Use
this software to keep track of the type of activities of children.

3.1.3. General Information

Don’t delete harmful communications (emails, chats etc). They will provide vital information
about system and address of the person behind these.
• Try not to panic.
• If you feel any immediate physical danger, contact your local police.
• Avoid getting into huge arguments online during chat and discussions with other users.
• Remember that all other Internet users are strangers; you do not know who you are
chatting with. So be careful.
• Be extremely careful about how you share personal information about yourself online.
• Choose your chatting nickname carefully so as others.
• Do not share personal information in public space online; do not give it to strangers.
• Be extremely cautious about meeting online introduced person. If you choose to meet, do
so in a public place along with a friend.
• If a situation online becomes hostile, log off and if a situation places you in fear, contact
local police.
• Save all communications for evidence. Do not edit it in any way. Also, keep a record of
your contacts and inform Law Enforcement Officials.

3..2 Preventive Steps For Organizations and Governments

• Physical Security: Physical security is most sensitive component, as prevention from

cyber crime Computer network should be protected from the access of unauthorized
persons.
• Access Control: Access Control system is generally implemented using firewalls, which
provide a centralized point from which to permit or allow access. Firewalls allow only
authorized communications between the internal and external network.
• Password: Proof of identity is an essential component to identify intruder. The use of
passwords in the most common security for network system including servers, routers and
firewalls. Mostly all the systems are programmed to ask for username and password for
access to computer system. This provides the verification of user. Password should be
charged with regular interval of time and it should be alpha numeric and should be difficult
to judge.
• Finding the Holes in Network: System managers should track down the holes before the
intruders do. Many networking product manufactures are not particularly aware with the
information about security holes in their products. So organization should work hard to
discover security holes, bugs and weaknesses and report their findings as they are
confirmed.
• Using Network Scanning Program: There is a security administration’s tool called UNIX,
which is freely available on Internet. This utility scans and gathers information about any
host on a network, regardless of which operating system or services the hosts were
running. It checks the known vulnerabilities include bugs, security weakness, inadequate
password protection and so on. There is another product available called COPS
(Computer Oracle and Password System). It scans for poor passwords, dangerous file
permissions, and dates of key files compared to dates of CERT security advisories.
• Using Intrusion Alert Program: As it is important to identify and close existing security
holes, you also need to put some watchdogs into service. There are some intrusion
programs, which identify suspicious activity and report so that necessary action is taken.
They need to be operating constantly so that all unusual behavior on network is caught
immediately.
• Using Encryption: Encryption is able to transform data into a form that makes it almost
impossible to read it without the right key. This key is used to allow controlled access to
the information to selected people. The information can be passed on to any one but only
the people with the right key are able to see the information. Encryption allows sending
confidential documents by E-mail or save confidential information on laptop computers
without having to fear that if someone steals it the data will become public. With the right
encryption/decryption software installed, it will hook up to mail program and
encrypt/decrypt messages automatically without user interaction.

4.0 SOFTWARE PIRACY

The copyright infringement of software (often referred to as software piracy) refers to several
practices which involve the unauthorized copying of computer software. Copyright infringement
of this kind is extremely common. Most countries have copyright laws which apply to software,
but the degree of enforcement varies. After a dispute over WTO membership between Iran and
USA led to the legalization in Iran of the unconstrained distribution of software (see Iran and
copyright issues), there have been fears that world governments might use copyright politically.

4..1 Effects of Software Piracy

When software is pirated, consumers, software developers, and resellers are harmed.
Software piracy increases the risk consumer's computers will be corrupted by defective
software and infected with viruses. Those who provide defective and illegal software do not
tend to provide sales and technical support. Pirated software usually has inadequate
documentation, which prevents consumers from enjoying the full benefits of the software
package. In addition, consumers are unable to take advantage of technical support and
product upgrades, which are typically available to legitimate registered users of the software.
Pirated software can cost consumers lost time and more money.
Developers lose revenue from pirated software, from current products as well as from future
programs. When software is sold most developers invest a portion of the revenue into future
development and better software packages. When software is pirated, software developers
lose revenue from the sale of their products, which hinders development of new software and
stifles the growth of the software company

4..2 Kinds of Piracy

4.2..1 End User Piracy

Using multiple copies of a single software package on several different systems or distributing
registered or licensed copies of software to others. Another common form of end user piracy is
when a cracked version of the software is used. Hacking into the software and disabling the
copy protection or illegally generating key codes that unlocks the trial version making the
software a registered version creates a cracked version.

4.2..2 Reseller Piracy

Reseller piracy occurs when an unscrupulous reseller distributes multiple copies of a single
software package to different customers; this includes preloading systems with software
without providing original manuals & diskettes. Reseller piracy also occurs when resellers
knowingly sell counterfeit versions of software to unsuspecting customers.
Indications of reseller piracy are multiple users with the same serial number, lack of original
documentation or an incomplete set, and non-matching documentation.

4.2..3 Trademark/Trade Name Infringement

Infringement occurs when an individual or dealer claims to be authorized either as a technician,
support provider or reseller, or is improperly using a trademark or trade name.

4.2..4 BBS/Internet Piracy

BBS/ Internet Piracy occur when there is an electronic transfer of copyrighted software. If
system operators and/or users upload or download copyrighted software and materials onto or
from bulletin boards or the Internet for others to copy and use without the proper license. Often
hackers will distribute or sell the hacked software or cracked keys. The developer does not
receive any money for the software the hacker distributed. This is an infringement on the
developer's copyright.
Another technique used by software pirates is to illegally obtain a registered copy of software.
Pirates purchase the software once and use it on multiple computers. Purchasing software with
a stolen credit card is another form of software piracy. Unfortunately there are many kinds of
software piracy that has hampered the software industry.
These types of software piracy have hampered the software industry. For the software industry
to prosper and further develop useful software for consumers please support and pay for
software. This results in better software for all.

5.0 CYBER LAWS

5..1 General Information

Legislation were evaluated to determine whether their criminal statutes had been extended into
cyberspace to cover ten different types of cyber crime in four categories: data-related crimes,
including interception, modification, and theft; network-related crimes, including interference
and sabotage; crimes of access, including hacking and virus distribution; and associated
computer-related crimes, including aiding and abetting cyber criminals, computer fraud, and
computer forgery.
Thirty-three of the countries surveyed have not yet updated their laws to address any type of
cyber crime. Of the remaining countries, nine have enacted legislation to address five or fewer
types of cyber crime, and ten have updated their laws to prosecute against six or more of the
ten types of cyber crime

Substantially or Fully Updated (10): Partially Updated (9):

Australia, Canada, Estonia, India, Brazil, Chile, China, Czech
Japan, Mauritius, Peru, Philippines, Republic, Denmark,
Turkey, United States Malaysia, Poland, Spain,
United Kingdom

Sudan, Vietnam, Yugoslavia, Zambia, Zimbabwe

Nicaragua, Nigeria, Norway, Romania, South Africa,
Lesotho, Malta, Moldova, Morocco, New Zealand,
Iran, Italy, Jordan, Kazakhstan, Latvia, Lebanon,
Egypt, Ethiopia, Fiji, France, Gambia, Hungary, Iceland,
Albania, Bulgaria, Burundi, Cuba, Dominican Republic,
No Updated Laws (33):

Fig 1 Extent of Progress on Updating Cyber Crime Laws

Even among these countries, crimes are not treated uniformly. In some, unauthorized access
is a crime only if harmful intent is present; in others, data theft is a crime only if the data relates
specifically to an individual’s religion or health, or if the intent is to defraud. Laws tend to be
biased in favor of protecting public sector computers. Many of the laws reviewed in preparing
outlaw crimes committed with or against government computers, but do not provide reciprocal
protection to private sector computers. Discrepancies exist even within countries. For example,
in September 2000, the Australian Democratic Party criticized the South Australian (state)
government for creating a haven for cyber criminals by not having updated its laws to combat
computer-based crime in accordance with the laws of Australia’s other states. Moreover, as
Figure 2 shows, there is little uniformity across nations in terms of which types of crimes have
been addressed through updated statutes. The penalties provided in updated criminal statutes
vary widely. Mauritius, the Philippines, and the United States have stronger penalties than
many other countries for convictions of covered cyber crimes.

5..2 Cyber Law in India

India has enacted the first I.T.Act, 2000 based on the UNCIRAL model recommended by the
general assembly of the United Nations. Chapter XI of this Act deals with offences/crimes
along with certain other provisions scattered in this Acts .The various offences which are
provided under this chapter are shown in the following table

Table 1 : Various Offences under IT Act

Offence Section under IT Act
Tampering with computer source document Sec.65
Hacking with Computer systems, Data alteration Sec.66
Publishing obscene information Sec.67
Un-authorized access to protected system Sec.70
Breach of Confidentiality and Privacy Sec.72
Publishing false digital signature certificates Sec.73

Table 2 : Computer Related Crimes Covered under IPC and Special Laws
 Offence Section
Forgery of electronic records Sec 463 IPC
Bogus websites, cyber frauds Sec 420 IPC
Email spoofing Sec 463 IPC
Web-Jacking Sec. 383 IPC
E-Mail Abuse Sec.500 IPC
Online sale of Drugs NDPS Act
Online sale of Arms Arms Act
Sending threatening messages by email Sec 503 IPC
Sending defamatory messages by email Sec 499 IPC

6.0 CONCLUSION

• Reliance on terrestrial laws is an untested approach. Despite the progress being made in
many countries, most countries still rely on standard terrestrial law to prosecute cyber
crimes. The majority of countries are relying on archaic statutes that predate the birth of
cyberspace and have not yet been tested in court.
• Weak penalties limit deterrence. The weak penalties in most updated criminal statutes
provide limited deterrence for crimes that can have large-scale economic and social
effects.
• Self-protection remains the first line of defense. The general weakness of statutes
increases the importance of private sector efforts to develop and adopt strong and efficient
technical solutions and management practices for information security.
• A global patchwork of laws creates little certainty. Little consensus exists among countries
regarding exactly which crimes need to be legislated against. The kinds of gaps that
remain, even in the 19 countries that have already taken steps to address cyber crimes. In
the networked world, no island is an island. Unless crimes are defined in a similar manner
across jurisdictions, coordinated efforts by law enforcement officials to combat cyber crime
will be complicated.
• A model approach is needed. Most countries, particularly those in the developing world,
are seeking a model to follow. These countries recognize the importance of outlawing
malicious computer-related acts in a timely manner in order to promote a secure
environment for ecommerce. But few have the legal and technical resources necessary to
address the complexities of adapting terrestrial criminal statutes to cyberspace. A
coordinated, public-private partnership to produce a model approach can help eliminate
the potential danger from the inadvertent creation of cyber crime havens.

7.0 REFERENCE

1. McConnell International LLC 2000, CYBER CRIME . . . AND

PUNISHMENT?, www.witsa.org/papers/McConnell-cybercrime.pdf ,
downloaded on 28/09/2009
2. V.Shiva Kumar,Asst.Director A.P.Police Academy, CYBER CRIME –
PREVENTION & DETECTION, www.cidap.gov.in/documents/Cyber
%20Crime.pdf, downloaded on 28/09/2009
3. Michael E. Callahan, Understanding Software Piracy,
http://www.tucows.com/article/531?q=software%20piracy, downloaded
on 28/09/2009
4. Copyright infringement of software,
http://en.wikipedia.org/wiki/Software_piracy, downloaded on
28/09/2009
5. Koziol, Jack (2003). Intrusion Detection with Snort. Sams Publishing.
pp. 72. ISBN 157870281X. (View cited page using Google Books)
6. Software Piracy Exposed: How Software is Stolen and Traded Over
the Internet - By Paul Craig, Ron Honick, Mark Burnett, Published by
Syngress, 2005, ISBN 1932266984, Chapter 7 - The Distribution Chain,
Pages 145-148 (View cited pages using Google Books)
7. Indiana University Knowledge
Base,http://www.kb.iu.edu/data/afvn.html
8. Johanna Granville “Dot.Con: The Dangers of Cyber Crime and a Call
for Proactive Solutions,” Australian Journal of Politics and History, vol.
49, no. 1. (Winter 2003), pp. 102–109
9. Trout, B. (2007). "Cyber Law: A Legal Arsenal For Online Business",
New York: World Audience, Inc.
10. Emerging Technologies and the Law: Forms and Analysis,
by Richard Raysman, Peter Brown, Jeffrey D. Neuburger and William E.
Bandon, III. Law Journal Press, 2002-2008. ISBN 1-58852-107-9
11. Barlow. "A Declaration of the Independence of Cyberspace".
12. Gibson, Owen (March 23, 2006). "Warning to chatroom users after
libel award for man labelled a Nazi". The Guardian.
13. William Gibson. Neuromancer:20th Anniversary Edition. New
York:Ace Books, 2004.
14. Ippolito, Jon (December 1998 – January 1999). "Cross Talk: Is
Cyberspace Really a Space?". Artbyte: 12 – 24.
15. Irvine, Martin. "Postmodern Science Fiction and Cyberpunk",
retrieved 2006-07-19.