Cyber Crimes and Cyber Security

Cyber Crimes and Cyber Security Satinder Pal Singh Lecturer SVIET Banur Er.Amardeep Singh H.O.D(CSE) & Assistant Professor SVIET Banur Satinder Kaur Research Scholar Rajasthan University,Jaipur Abstract: With the invention of computers, its increasing use and human dependency over Internet, while we have gained manifolds in terms of efficiency and management, it has also brought to the front many negative effects and disadvantages. The computer crime or an e-crime can be simply defined as a crime where a computer is the target of a crime or it is the means adopted to commit a crime. While some of the crimes may be new, the others are simply different ways to commit conventional crimes such as frauds, theft, blackmailing, forgery, and fraud using the online medium often involving the use of internet. What accelerate the growth of such crimes are typical characteristics of cyber space anonymity, speed, access, dependency, borderless space and lack of awareness of laws. Key words: Cyber Securities, Cyber Laws, Cyber crimes 1 Introduction: With the invention of computers, its increasing use and human dependency over Internet, while we have gained manifolds in terms of efficiency and management, it has also brought to the front many negative effects and disadvantages. The computer crime or an e-crime can be simply defined as a crime where a computer is the target of a crime or it is the means adopted to commit a crime. While some of the crimes may be new, the others are simply different ways to commit conventional crimes such as frauds, theft, blackmailing, forgery, and fraud using the online medium often involving the use of internet. What accelerate the growth of such crimes are typical characteristics of cyber space anonymity, speed, access, dependency, borderless space and lack of awareness of laws. Cyber crimes can be broadly categorized into three categories namely1. Crime against government (Cyber terrorism) 2. Crime against persons (Cyber pornography, Cyber Stalking, Cyber defamation) 3. Crime against property (Online gambling, Intellectual property infringement, phising, credit card frauds) 2 Cyber Crimes: Some of the cyber crimes are discussed below 2.1 Cyber terrorism: Cyber-terrorism is the convergence of terrorism and cyberspace. It is generally understood to mean unlawful attacks and threats of attack against Computers, networks, and the information stored therein when done to intimidate or coerce a government or its people in the furtherance of political or social objectives. Further, to qualify as cyber terrorism, an attack should result in violence against persons or property, or at least cause enough harm to generate fear. Serious attacks against critical infrastructure could be acts of cyber terrorism, depending on their impact. Attacks that disrupt non-essential services or that are mainly a costly nuisance would not. Eg.:Al-Qaida terrorists were found to be resorting to using the "dead letter box" system: someone creates an email account, gives the password to several members of a group and communicates by saving messages in a draft messages folder without sending them. 2.2 Cyber-squatting: Cyber-squatting is registering, trafficking in, or using a domain name with bad-faith intent to profit from the goodwill of a trademark belonging to someone else. The Cyber squatter then offers the domain to the person or company who owns a trademark contained within the name at an inflated price, an act which some deem to be extortion. 2.3 Phising: In the cyber-world phising (also known as carding and spoofing) is a form of illegal act whereby fraudulently sensitive information is acquired, such as passwords and credit card details, by a person/entity masquerading as a trustworthy person or business in an apparently official electronic communication, such as an email or instantaneous communication. Ee. " The appearance of links in the message- e.g the link http://www.google.com@members.thinkbank.com / may deceive a casual observer into believing that the link will open a page on www.google.com, whereas the link actually directs the browser to a page on members.thinkbank.com. “Misspelled URLs or the use of sub domains are other common tricks used by phishers ,e.g URL, http://www.namebank.com.example.com " Cross site scripting- In this attack method users may receive a message saying that they have to "verify" their account, by following a link to what appears to be an authentic website; in reality, the link is forged, although it is very difficult to spot that the link is manipulated to perpetrate this attack 2.4 Hacking: The term "Hacker" may mean simply a person with mastery of computers; however the mass media most often uses "Hacker" as synonymous with a (usually criminal) computer intruder Eg: Ankit Srivastava, who was a alleged Hacker, who through his expertise exploited loop-holes in the well-known communication service provider Airtel Web Site and got the details of Key PMO officials and Senior Police Officers. He demanded Rs. 1 Crore from Airtel for not compromising the crucial data which he has hacked from Airtel official Website. 2.5 Salami attacks Salami attacks most often associated with electronic banking and electronic data interchange fraud, the concept can be applied to other scenarios with little relation to computing. In general, salami attacks take place when small, almost immaterial, amounts of assets are systematically acquired from a large number of sources. In such miniscule denominations, they frequently exist just below the threshold of perception (and detection, for that matter). The result is an ongoing accumulation of assets in such a manner that the victims, whose assets are vanishing, fail to even notice. 2.6 e-MailBombing: Email bombing is characterized by abusers repeatedly sending an email message to a particular address at a specific victim site. In many instances, the messages will be large and constructed from meaningless data in an effort to consume additional system and network resources. Multiple accounts at the target site may be abused, increasing the denial of service impact. 2.7 Privacy and information theft: eg. HSBC Call-Center employee in Bangalore had passed on Bank details of 20 U.K. based Customers to accomplices whose siphon off almost Rs. 2 Crores. S.S. Paul, Assistant Analyst of National Security Counsel, Secretariat passed on sensitive information to an American Woman, whom he met at Indo US Cyber Secretariat Meet, last year. 3 Cyber Laws: In the present day world, India has witnessed an unprecedented index of Cyber crimes whether they pertain to Trojan attacks, salami attacks, e-mail bombing, DOS attacks, information theft, or the most common offence of hacking. Despite technological measures being adopted by corporate organizations and individuals, we have witnessed the frequency of cyber crimes has increased over the last decade. These issues raised concern in the authorities about the cyber extortion, privacy, confidentiality, data protection and national security. With the increasing penetration in the online usage of more and more people towards internet, e-banking, e-shopping etc. the concerns of data protection and related issues are growing day by day. The above concerns need to have some legal provisions, legislative frame work and enforcement machinery to deal with cyber crime and cyber criminal’s. The Information Technology Act: India is taking positive initiative to overcome the lacunas with a view to strengthening its modus operandi to curb Cyber crimes. The Information Technology Act, 2000 came into force in India on 17th of October 2000. It extends to whole of India and also applies to any offence or contraventions committed outside India by any person (Section 1 (2), IT Act,2000). According to Section 75 of the Act, the Act applies to any offence or contravention committed outside India by any person irrespective of his nationality, if such act involves a computer, computer system or network located in India. The IT Act prescribes provisions for contraventions in Chapter IX of the Act, particularly Section 43 of the Act, which covers unauthorized access, downloading, introduction of virus, denial of access and internet time theft committed by any person. It prescribes punishment by way of damages not exceeding Rs. 1 crore to the affected party. Chapter XI of the IT Act discusses the cyber crimes and offences interalia, tampering with computer source documents (Sec. 65), Hacking (Sec.66), Publishing of obscene information (Sec.67), Unauthorized access to protected system (Sec.70), Breach of confidentiality (Sec.72), Publishing false digital signature certificate (Sec.73). While IT Act is a special law, most IT experts are of common consensus that it does not cover or deal specifically with every kind of cyber crime. The IT Act, 2000 does not have any specific provision to deal with Identity theft. The expert committee on amendments to IT Act, 2000 has recommended certain amendments in this context. This report does discuss and recommend insertion of amendment to tackle child pornography, theft of confidential information (insertion of sec. 43(2)), gradation of severity of computer related offences under Section 66 committed dishonestly & fraudulently and Section 72(3) to deal with the problem video-voyeurism. However, this report does not deal with some other rampant problems, for instance, Spamming. In my opinion, the special law of IT Act should embody more specific provisions to deal with the diverse types of cyber crimes since both the nature and impact of such crimes is many times greater than what is suffered by the victim in offline mode. Hence, the punishment that may be provided by IPC may not do justice to victim of an online cyber crime. The dimensions of such cyber crimes are of increased degrees especially in the cases of online defamation, particularly arising due to the easy access and circulation of online published information. Most cyber case remains unreported due to the fear of negative publicity or under a belief that India does not have adequate legal & enforcement mechanism to deal with such crimes. Therefore, it is imperative that effective measures be adopted to increase awareness of the laws applicable to e-crimes and positive initiatives be taken by the government to train its police officers, personnel in the judiciary and other law enforcement agencies to effectively combat cyber crimes. There is an imperative need to incorporate specific provisions to deal with certain problems such as Spamming which requires appropriate amendments in the IT Act, 2000. In order to set a deterrent example for cyber criminals, all Cyber cafés should be continually monitored to ensure they maintain regular and proper records of its users with adequate Identity checking procedures being duly adopted as per law. More technological tools need to be developed to circumvent the software’s which aid in concealing identity of criminals such as Hide IP software’s which abet spoofing. The cyber laws are not keeping pace with the current developments in the field of IT ,almost every weak a new software or the tool or virus is being created to destroy the personal/Corporate information, privacy, confidentiality, data protection and national security. In the race there are n numbers of rabbits (e-Criminals) all over the world and there are only few laws (Tortoises) in the race. 4. Conclusion: We do need a stronger legal & enforcement regime in India to fight the increasing cyber crimes or in other words, efficiency in dispensation of justice will be instrumental in curtailing such activities. With increasing awareness and provision of training on the subject of cyber crime, enhanced technological and legislative steps being taken to further strengthen our IT laws and enforcement framework, India will effectively succeed in fighting the problem of cyber crimes. With a positive note we would like to conclude that though the pace of the tortoise (Cyber Laws) is slow still the the tortoise will win the final race. References: [1] http://www.irchelp.org/irchelp/security/ [2] www.all.net/CID/Attack/papers/Salami.html [3]www.nwfusion.com/newsletters/sec/2002/0146 7137.html [4] Network Security Essentials by William Stallings 2 edition. [5] www.cert.org [6] www.wikipedia.com nd