Cybercrime: Illustrations,

Examples and Mini-Cases

Learning Objectives
After completing this chapter, you will able to: to commit cybercrimes and will be able to relate it to
• Relate the examples, illustrations and mini-cases concepts learned in Chapter 4.
provided here to the cyber- crime categories • Understand how real life instances of cyber- crimes can
mentioned in Chapter 1 and to the technical concepts impact individuals and organiza- tions if due care is not
explained in Chapters 2–5. taken.
• Appreciate the interplay of crime and legal perspectives • Get overview of threats in cybersecurity with the
provided in Chapter 6, and relate them to organizational crimes that are committed in the cyberspace.
implications dis- cussed in Chapter 9 and to psychological • Understand how “forensics” discussed in Chapters 7
and political dimensions of cybercrimes explained in and 8 is applied in real life.
Chapter 10. • Relate to organizational implications of cyber- security
• Learn the practical scenarios of how criminals/ fraudsters use discussed in Chapter 9.
methods, tools and techniques

11.1 Introduction
h rough Chapters 1–9, readers are exposed to various categories of cybercrimes, the tools and techniques used by cybercriminals as well as
the forensics and legal aspects involved. We learned about the psychological and ethical dimensions and organizational implications in terms
of cybersecurity (Chapter 10).
In Section 1.5 of Chapter 1, we presented classifications of cybercrime and explained the crimes under each category. Chapters 2–5
provide detailed discussion on cybercrimes – cyberstalking and harassment (Chapter 2); Vishing and Smishing (Chapter 3); and
Phishing and Spear Phishing (Chapter 5). For the illustrations/case studies on digital forensics investigations, the background and
reference chapters are Chapters 8 and 9. For the reasons of confidentiality and privacy, real names (individuals and/or organizations) are masked
in some of the illustrations. h ough the names are masked, the situations are real. If the hypothetical names match with actual names of any living or
dead person, it is purely a coincidence. A number of cases/illustrations are based on the information released in the public domain; those URLs are
mentioned. Neither authors nor the publisher is responsible for false/inaccurate information posted on those public weblinks.
Cybercrime knows no geographical boundaries! Figure 11.1 illustrates this point effectively. Criminals, the means for the crimes and
the impacted victims can be anywhere on the globe! In most cases, however,

Cyber security_Chapter 11.indd 603 2011-03-25 10:34:38 AM

 604 Cyber Security: Understanding Cyber Crimes, Computer Forensics and Legal P erspectives

Victim Tracing possible

Offender/
crim inal

Open w ireless
network E-Mail service (no formal
registration)

Tracing challenges
Anonymous communication
service

Figure 11.1 | Cybercrimes are boundary less!

they also get caught, as illustrations in this chapter show. Students of a legal course curriculum, from the standpoint of enhancing their
knowledge about applicability of prevailing laws in their regions, may like to use the mini-cases, examples and illustrations for discussing
which laws and which sections in those laws would be applicable.
Overall, the objective of this chapter is to help readers appreciate the seriousness and implications of computer crime scenarios
presented here. h e mini-cases, illustrations and examples presented here are cybercrime incidents that have taken place in India as well
as other countries.
h is chapter is divided into six sections:
1. Section 11.2: Real-Life Examples
2. Section 11.3: Mini-Cases
3. Section 11.4: Illustrations of Financial Crimes in Cyber Domain
4. Section 11.5: Digital Signature-Related Crime Scenarios
5. Section 11.6: Digital Forensics Case Illustrations
6. Section 11.7: Online Scams
At the beginning of each section, there is a table with list of examples/illustrations/case studies addressed in the section. h e chapters, in
which the underlying concepts are discussed, are mentioned in those tables. h is will help you refer back to those chapters. h ere are no
summary and reviewquestions for this chapter.

11.2 Real-Life Examples

h is section contains real-life examples of E-Mail Spoofing, release of viruses/worms, cyberstalking, hacking, computer intrusion and
computer frauds, website attacks, cybersquatting and IPR crimes. Table 11.1 lists the examples provided in this section.

Cyber security_Chapter 11.indd 604 2011-03-25 10:34:39 AM

 Cybercrime: Illustrations, Examples and Mini-Cases 605

Table 11.1 | List of examples in Section 11.2

Example Title No. Topic Chapter Cross-

Reference
1 Official Website of Maharashtra Government Hacked Website hacking Chapters 1 and 10

2 E-Mail Spoofing Instances E-Mail Spoofing Chapters 1, 3

and 4
3 E-Mail Bombing involving a Foreigner E-Mail malpractices Chapter 1
4 I Love You Melissa – Come Meet Me on the Internet Virus and worms Chapters 1–4

5 he “Piranhas” Tragedy with Children Misleading informa- tion on —

websites

6 Doodle me Diddle! Data diddling Chapter 1

7 Ring-Ring Telephone Ring: Chatting Sessions Turn Dangerous Cyberstalking Chapters 1 and 2

8 Young Lady’s Privacy Impacted Trojan Chapters 2–4

9 Job Racket Exposed by Mumbai City Cybercrime Cell Smishing Chapter 3

10 Indian Banks Lose Millions of Rupees Internet fraud Chapter 1

11 Infinity E-Search BPO Case Sale of personal Chapter 6
information

12 Charged with Computer Intrusion Computer network intrusion Chapter 1

13 Small Shavings for Big Gains! Computer fraud Chapters 1–5

14 Man Goes Behind Bars for Computer Fraud Offense Computer fraud Chapters 1 and 9

15 “Justice” vs. “Justice”: Software Developer Arrested for Launching Website DoS (Denial-of- service Chapters 1 and 4
Attacks attack)

16 CAN-SPAM Act Violation through E-Mail Stock Fraud SPAM, Wire fraud Chapters 1, 5 and 6

17 Business Liability through Misuse of Organization’s Information Processing IPF misuse —

Assets

18 Parliament Attack Computer forensics Chapter 7

19 Game Source Code Stolen! IPR theft (source code theft), Chapters 1 and 9
insider attacks

20 he Petrol Pump Fraud Computer hardware fraud Chapter 1

21 Xiao Chung’s Story – Life of a Hacker Hacking and psychology of Chapters 1, 9

hackers, zero-day attacks and 10

22 Killers take Tips from “26/11 Attack” to Use VOIP Cyberterrorism using VOIP, E- Chapters 1 and 7
Mail forensics

23 Robertson Brothers Caught for Selling Pirated Software IPR theft, software piracy Chapters 1 and 9

24 BSA Uncovers Software IPR Breaches IPR theft Chapters 1 and 9

25 Pune City Police Bust Nigerian Racket Scam Chapters 1 and 9

Cyber security_Chapter 11.indd 605 2011-03-25 10:34:39 AM

 606 Cyber Security: Understanding Cyber Crimes, Computer Forensics and Legal P erspectives

11.2.1 Example 1: Official Website of Maharashtra Government Hacked

Website hacking was addressed in Chapter 1 (Box 1.4, Figs. 1.6, 1.9 and 1.10). h is is an incidence reported in September 2007.
h e impacted website was http://www.maharashtragovernment.in. A few days after the Chief Minister of the state inaugurated the new,
citizen-friendly service-based web portal of the Brihanmumbai Municipal Corporation, the Maharashtra government’s official website
was hacked which lead to the shutting down of www.maharashtra.gov. h e state officials, however, said that there was no data lost and that
there was no serious damage to the website. State Officials further stated that the website gets updated daily with information on various
government regulations and decisions, and supports links to all government departments. However, IT experts had to restore the official
website of the government of Maharashtra, having succumbed to the attack by the hacker.
As per reports, the site was attacked early in the morning by a person or a group proclaimed as “cool- hacker.” h e hacker left an
imprint of a hand on the hacked website (see Fig. 11.2). h e state’s information and technology department came to know about the
incident next day morning. h ey immediately blocked all access to the website. h e IT department has lodged an FIR (First Information
Report) with the police in an attempt to trace the culprit.
Joint commissioner of police, in his official remark, stated that the state’s IT officials lodged a formal complaint with the cybercrime
branch police following this incidence. He expressed confidence that the hackers would be tracked down. h e Commissioner also
mentioned that the hacker had posted some Arabic content on the site. According to sources, hackers were suspected to be from
Washington. IT experts gave to understand that the hackers had identified themselves as “Hackers Cool Al-Jazeera” and claimed they
were based in Saudi Arabia. Officials further added that this might be a red herring to throw

Figure 11.2
| (source: http://sunnytalkstech.blogspot.com/2007/09/mpsc-website-defaced.html 22 July 2010).
Maharashtra state website hacked.

Cyber security_Chapter 11.indd 606 2011-03-25 10:34:39 AM

 Cybercrime: Illustrations, Examples and Mini-Cases 607

investigators off their trail. For those who are not familiar with the term “red herring,” it refers to the tactic of diverting attention away from an item of
significance.
h e State Government website contained detailed information about government departments, circulars, reports and several other topics. IT experts, who were
assigned to work on restoration of the website, told Arab News that they feared that the hackers may have destroyed all of the website’s contents. h e worrisome
part was that according to a senior official from the State Government’s IT department, the official website has been affected by viruses on several occasions in the
past, but was never hacked. h e official added that the website had no firewall. However, state officials denied there being any data loss or any serious damage to the
website. h e officials saidthat the hacker could only manage to damage the homepage.
Point to note here is that the website was hacked for the second time in the past two weeks, the fourth time since July 2007. h e previous attack took place
on 5 September 2007. h is incidence of repeated attack on the website underscores the need for security measures being in place (intrusion detection system –
IDS, intrusion prevention system – IPS and firewalls).

11.2.2 Example 2: E-Mail Spoofing Instances

E-Mail bombing was mentioned in Chapter 1 (Section 1.5.16) and explained further in Chapter 4 (Table 4.11). h is is an example of that. An
American teenager made millions of dollars by spreading false information about certain companies whose shares he had short sold. h is misleading
information was spread by sending spoofed E- Mails purportedly from news agencies like Reuters, to share brokers and inves- tors who were informed that the
companies were doing very badly. Even after the truth emerged, the values of the shares could not be restored to the earlier levels. h is resulted in thousands of
investors losing a lot of money. h is can be considered as a cybercrime against an organization because the impacted organization was the one about whom false
information was spread.
h ere is another example of E-Mail Spoofing incident in India. A branch of the Global Trust Bank expe- rienced a customer run-down on the bank owing to a
certain rumour spread about the bank not doing well financially. Under panic, many customers decided to withdraw all their money and close their accounts.
It was revealed later that someone had sent out spoofed E-Mails to many of the bank’s customers announc- ing that the bank was in a very bad shape financially
and could close operations any time. In the next few days, unfortunately, this information turned out to be true. So, can we say that this instance of E-Mail
Spoofing saved many customers?
Another shocking example of the E-Mail Spoofing involves a former executive from a well-known com- pany in the state of Gujarat. h e executive faked
himself to be a lady by adopting a false name. He then created a fake E-Mail ID. Using that ID, the executive contacted a businessman based in the Middle
East. h e executive posing as a woman then went into a long cybercourting relationship with the Middle East businessman. During this “cyberdating,” the
executive used to send many “emotional blackmailing” mes- sages to the businessman. One such message threatened the businessman that if he ended this
relationship, “she” (i.e., the executive posing as a woman) would end her life! What is worse, the executive gave another woman’s E-Mail ID to the
businessman. h is too was a non-existent address. When the Middle East busi- nessman sent a mail at that ID, he was shocked to learn that the executive
(who presented himself as a woman) had died and that now the police was searching him as the suspect in that death case! Using this trap and trick the
executive exhorted from the businessman several hundred thousands of Indian Rupees threatening that the businessman would get exposed if he did not part
with that money. h e executive also sent E-Mails to him from different E-Mail IDs making the poor businessman believe that they were mails from high court
and police officials. All this was done to extract more money from the gullible businessman. Finally, businessman flew to India to lodge a case with the Police.
Internet users indeed enjoy “anonymity” and can get away with many things – recall Fig. 1.5 in Chapter 1.

Cyber security_Chapter 11.indd 607 2011-03-25 10:34:39 AM

 608 Cyber Security: Understanding Cyber Crimes, Computer Forensics and Legal P erspectives

11.2.3 Example 3: E-Mail Bombing Involving a Foreigner

E-Mail bombing is explained in Chapter 1; this example brings out an instance based on that. A foreigner had been residing in Shimla, India for almost 30 years. He
wanted to avail a scheme that was introduced by the Shimla Housing Board to buy land at lower rates. His application, however, was rejected on the grounds that the
scheme was available only to Indian citizens. Feeling furious, the foreigner decided to take revenge. He transmitted thousands of mails to the Simla Housing Board. He
did not stop there. He kept on sending E-Mails till their servers crashed. An interesting question is which law of the land would have been used for filing a case against
this non-Indian person.

4. Example 4: I Love You Melissa – Come Meet Me on the Internet

h is example involved the VBS_LOVELETTER virus - also known as the Love Bug or the ILOVEYOU virus. It is said to be written by a Filipino
undergraduate. In May 2000, it was proven that this virus is deadlier than the Melissa virus and it became the world’s most prevalent virus. It impacted one in every
five personal computers in the world. When the virus was brought under control, the true magnitude of the losses was unbelievable. h e attack from this virus
caused losses to the tune of almost US$ 10 billion.
It is interesting to see how the virus works. h e original VBS_LOVELETTER thrived on the addresses in Microsoft Outlook. It utilized that address book and E-
Mailed itself to those addresses. h e E-Mail, which was sent out, had “ILOVEYOU” in its subject line. h e attachment file was named “LOVE-LETTER-
FORYOU. TXT.vbs.” Even with such dubious sounding subject line, even those who had some knowledge of viruses did not notice the tiny .vbs extension. People
believed the file to be a text file and this mail also fooled people who are wary of opening E-Mail attachments. h e message in the E-Mail read as follows: “Kindly
check the attached LOVELETTER coming from me.”
Since the initial outbreak, over 30 variants of the virus have been developed, many of them following the original by just a few weeks. h e Love Bug propagates itself
using the Internet Relay Chat (IRC). It E-Mails itself to users in the same channel as the infected user. However, unlike the Melissa virus this virus does have a destructive
effect. h e Melissa virus, once installed, merely inserts some text into the affected documents at a particular instant during the day. On the other hand,
VBS_LOVELETTER first selects certain files and then inserts its own code in lieu of the original data contained in the file. h us, it succeeds in creating ever-
increasing versions of itself, that is, self-propagation mode. h e world’s most famous worm probably was the Internet worm let loose on the Internet sometime in 1988
by Robert Morris. At that time, the Internet was in its early formative and developing years. h e Internet worm affected thousands of computers and almost brought
Internet development to a complete halt. It took a team of experts several days to get rid of the Internet worm and in the meantime many of the computers had to
be disconnected from the network.

5. Example 5: The “Piranhas” Tragedy with Children

Web Jacking is explained in Section 1.5.8 of Chapter 1. h is incident was reported in the US. h ere was a hobby website for children. h e owner of the site received
an E-Mail informing her that a group of hackers had gained control over her website. h ey demanded a ransom of one million dollars from her. h e owner was a
school teacher. She did not pay due attention to that (threatening) mail because she did not think it was serious. She thought it was just a scare tactic and so she
simply ignored the E-Mail. After about three days, she started getting several telephone calls from almost all over the country and then she came toknow that
the hackers had really web jacked her website. h e hackers had altered a portion of the website which was entitled “How to have fun with goldfish.” h ey had
replaced the word “goldfish” with the word “piranhas.” Piranhas are tiny but extremely dangerous flesh-eating fish! It was sad because, the fatal result of

Cyber security_Chapter 11.indd 608 2011-03-25 10:34:39 AM

 Cybercrime: Illustrations, Examples and Mini-Cases 609

this apparently minor sounding “find-and-replace” cyberprank was terrible. Many children who visited the popular website believed what the contents of the website
suggested. h ese unfortunate children did not realize what would be in their fate. h ey followed the instructions to try playing with piranhas, which they bought from
pet shops and were very seriously injured!

6. Example 6: Doodle me Diddle!

“Data Diddling” technique was addressed in Chapter 1; this is a real-life example of that. Indian Electricity Boards suffered as victims of data diddling. Such programs got
inserted when private parties were computer- izing their systems. h e NDMC Electricity Billing Fraud Case in 1996 is a typical example. h e computer network was
used for preparing receipts and for keeping the accounts of electricity bills by the NDMC, Delhi. Money collection, computerized accounting, record maintenance
and remittance in the bank were outsourced to a private contractor who was a computer professional. He misappropriated vast amount of money by manipulating
data files to show less receipt and bank remittance. As we know, this kind of attack involves altering raw data just before it is processed by a computer and then
changing it back after the processing is completed.

7. Example 7: Ring-Ring Telephone Ring – Chatting Sessions Turn Dangerous

Cyberstalking was mentioned in Chapter 1 and explained in Chapter 2 (Section 2.4). Here is a real-life example of that crime which was registered with Delhi police.
“Stalking” is defined as “pursuing stealthily.” As we learned, “cyberstalking” means following a person’s activities, that is, a person’s navigation across the Internet by
posting messages (sometimes even threatening messages) on the bulletin boards that are visited by the victims, entering the chat rooms frequented by the victim,
constantly bombarding the victim with E-Mails, etc. Richa Sharma was the first lady to register a cyberstalking case. Her husband’s friend pro- vided her a telephone
number in the general chat room. Some websites do provide general chatting facility (e.g., websites like MIRC and ICQ) where a person can easily chat without
revealing his/her true identity. h e friend of Ms. Sharma’s husband also encouraged chatters to speak in profane language to Ms. Sharma. As a result, Ms. Sharma
received more than 30 calls in 3 days and many chatters contacted her. Almost all of the calls were made to her at odd hours from all over India and a few of the calls came
in from outside India too. h is created havoc in the personal life of Ms. Sharma and caused her much mental stress. She got fed-up with these calls and chat drama and
complained to the police against a person who she felt was using her identity to chat over the Internet at the website www.mirc.com. In her complaint, Ms. Sharma
mentioned that the person was chatting on the Net using her ID and also complained about the obscene language used by that person while chatting with her. Ms.
Sharma, further complained that the same person was deliber- ately giving her telephone number to other chatters, asking them to call her at odd hours.

8. Example 8: Young Lady’s Privacy Impacted

We have explained about Trojan, viruses and other malware in Chapters 2–4. We should be careful, else untow- ard things can happen as illustrated by this example. Ayoung
magazine journalist in Mumbai was working on an article about online relationships. h e article was about how people can easily find friendship and even love companions
on the Internet. During the tenure of her research work, she happened to make a lot of online friends. One of these “friends” (ill-minded, unfortunately for the young
lady) managed to infect her computer with a Trojan. h e young journalist lady lived in a small, one-bedroom apartment andher computer

Cyber security_Chapter 11.indd 609 2011-03-28 3:58:59 PM

 610 Cyber Security: Understanding Cyber Crimes, Computer Forensics and Legal P erspectives

was located in a corner of her bedroom. She had the habit of never powering off her computer. Unknown to her, the Trojan would activate her web camera and
microphone even when the Internet was switched off. A year later she realized that hundreds of her “private” pictures were posted on pornographic sites around the world!
Her fiancé broke the engagement and the young lady was thrown into suicidal depression.

9. Example 9: Job Racket Exposed by Mumbai City Cybercrime Cell

Smishing is explained in Section 3.8.5 in Chapter 3. h is example illustrates how cybercriminals use Smishing to cheat people. h is case happened in the year 2009.
Himesh Kapadia, aged 26 years, received an SMS offering him a job in Marriot Hotel. Himesh, in response, eagerly mailed his resume. He also deposited over
` 1.7 lakhs (` 1,70,000) as per the instruction of a person who claimed to be a London diplomat. Himesh grew suspicious when he was asked for additional money and
finally approached the cybercrime cells of the Mumbai Police. h e investigations resulted in the arrest of a couple and five Nigerians allegedly involved in cheating
people by promising them housekeeping jobs in Marriot Hotel, London. While the Nigerians, posing as London diplomats, would send SMSs and E-Mails offering
jobs in the hotel, the couple operated the bank accounts.
As Himesh recalls, in September 2009, he began exchanging mails with James Richard who claimed to be a London diplomat. He had asked Himesh to pay
differing sums of money. Even after paying over
` 1.7 lakhs (` 1,70,000) he continued to exhort more money from Himesh. h e police directed the bank authorities to block the account holder’s ATM facilities. In last
week of November 2009, the bank informed the police that a couple approached the bank to withdraw money from the account. Mumbai Police arrested the couple and
later the Nigerians who came looking for them to collect the money.

10. Example 10: Indian Banks Lose Millions of Rupees

Numerous types of cybercrimes were mentioned in Chapter 1; frauds using the Internet are some of them. h is is a real-life example showing the techniques used by
cybercriminals. Banks across the country lost
` 6.57 crore (` 6,57,00,000) to Internet frauds in 233 incidents of cybercrime, with Tamil Nadu topping the list in last fiscal year. ` 2.09 crore (` 2,09,00,000) has
been lost by various banks in the Indian state of Tamil Nadu in seven cases reported between April and December 2008. h e lending institu- tions in
Maharashtra had reported the highest number of incidents, 23 in all. h ey lost ` 55.54 lakhs (` 55,54,000) to online fraudulent practices. h is was revealedbythe
erstwhile Minister of State for Home told the Lok Sabha in February 2009.
h e banks in other Indian states – Andhra Pradesh, Rajasthan and West Bengal – lost ` 89.93 lakhs (` 89,93,000), ` 64.29 lakhs (` 64,29,000) and ` 35.72
lakhs (` 35,72,000), respectively, while Kerala and Delhi lost ` 17.60 (` 17,60,000) and ` 10.90 lakhs (` 10,90,000), respectively, owing to cyberfrauds. A total of 11
cases of Internet frauds were reported from Andhra Pradesh, 8 from Delhi, 7 from Tamil Nadu, 6 from Karnataka and 5 from West Bengal during the said period.
Surprisingly, banks in Bihar, Goa and Jharkhand did not lose a single penny to such activities and no case was reported from any of these states.
h e Minister presented a state-wise list of number of incidents of Internet frauds that includes cases of fraudulent withdrawal of money from banks through
Internet/online banking, as reported by the banks to the Reserve Bank of India. According to a data updated till 2007, out of the total 355 people arrested across the
country, a maximum 156 people were arrested in Madhya Pradesh in connection with cheating- related cases under IT Act – Fraud digital signature (Section 64)
and Breach of Confidentiality/Privacy (Section 72) – and IPC Crime (Forgery and Criminal Breach of Trust/Fraud). h e highest numbers of cases, 153, were also
registered in Madhya Pradesh for forgery and Criminal Breach of Trust/Fraud out

Cyber security_Chapter 11.indd 610 2011-03-25 10:34:40 AM

 Cybercrime: Illustrations, Examples and Mini-Cases 611

of the total of 302 cases in the said period. Similarly, a total of 41 incidents – 38 under IPC crime and 3 under IT Act – were reported in Chhattisgarh for
cyberfrauds and 75 persons – 72 under IPC crime and 3 under IT Act – were arrested. A total of 59 people were also arrested in Andhra Pradesh, 36 in
Punjab, 16 in Andaman and Nicobar Island and 4 in Delhi in connection with cheating-related incidents in 2007. h e amount lost to cyberfrauds during April
2007 and March 2008 were ` 5.58 crore (` 5,58,00,000) and 374 people were arrested in this connection.

11.2.11 Example 11: Infinity E-Search BPO Case

h is case brings to the fore the emerging threat arising from “sale of personal information.” We learn here that the definition of “sensitive personal information”
is very important for organizations to be clear on what they wish to protect from theft. h is is especially important for the BPO (business process
outsourcing) organizations to whom the clients entrust their confidential data.
A fraud discovered at a Gurgaon-based BPO created an embarrassing situation for Infinity E-Search, the company in which Mr. Kapoor was employed. A
British newspaper reported that one of its reporters had covertly purchased personal information of 1,000 British customers from an Indian call-center
employee. However, Mr. Kapoor, the employee of Infinity E-Search (a New Delhi-based web designing company) was reportedly involved in the case, denied any
wrong-doing. h e company also said that it had nothing to do with the incident.
It so happened in this case that the journalist used an agent, offered a job, requested for a presentation on a CD and later claimed that the CD contained
some confidential data. h e fact that the CD contained such data was itself not substantiated by the journalist. In this kind of a situation we can only say that
the journalist used “bribery” to induce an “out of normal behavior” of an employee. h is is not observation of a fact but creating a factual incident by
intervention.

This example breaks the misconception that BPOs in India are not covered under the Information Technology Act and Amendments thereof.

BPOs in India, irrespective whether captive/independent/subsidiary, irrespective whether inbound/ outbound, are covered under the Indian IT Act.
Indian BPO organizations must understand this: As per Indian IT Act, every business process outsourcing (BPO) organization is an “INTERMEDIARY” –
Section 1 (2w) of the Act defines “Intermediary.” Indian BPOs must take cognizance of Sections 43A (Compensation for failure to protect data), 67C (Preservation
and retention of information by intermediaries), 69B (Power to authorize to monitor and collect traffic data or information through any computer resource for cyber
security), 70B (Indian Computer Emergency Response Team to serve as national agency for incident response), 72A (Punishment for disclosure of information in breach of
lawful contract), 79 (Exemption from liability of intermediary in certain cases) and 85 (Offences by companies) of the Indian IT Act.

Cyber security_Chapter 11.indd 611 2011-03-25 10:34:40 AM

 612 Cyber Security: Understanding Cyber Crimes, Computer Forensics and Legal P erspectives

12. Example 12: Charged for Computer Intrusion

Computer network intrusion was explained in Chapter 1 (Section 1.5.18); this example is related to that. h e story of this incident was released in 4 November
2009. Scott R. Burgess, aged 45, Jasper, Indiana, and Walter D. Puckett, aged 39, Williamstown, Kentucky, were indicted for computer intrusion. h is was
announced by Timothy M. Morrison, US Attorney, Southern District of Indiana, after an inquiry by the Federal Bureau of Investigation (FBI) and the Indiana
State Police.
It is alleged that Burgess and Puckett accessed the Stens Corporation computer systems, based in Jasper, Indiana, from various places on approximately
12 different occasions without authorization. It was further alleged that the computer intrusions were performed for the purpose of gaining commercial and
personal financial benefits. Furthermore, it was alleged that Burgess and Puckett were working for a business competitor of Stens at the time of the intrusions.
A maximum of 5 years imprisonment with $250,000 fine is what Burgess and Puckett had to face. An initial hearing was scheduled before a US
Magistrate Judge. However, an indictment was only a charge and is not an evidence of guilt. A defendant was presumed innocent and was entitled to a fair trial at
which the government must prove guilt beyond a reasonable doubt.

13. Example 13: Small “Shavings” for Big Gains!

h is incident, involving a Salami attack-like technique, was published on 17 September 2009. Michael Largent, aged 22, resident of Plumas Lake area, was
sentenced to 15 months in prison and compensation of over $200,000. h is was the punishment given by the US District Judge Morrison C. England Jr. for
fraud and related activity in connection with computers. After release from prison, Largent also had to face 3 years of strict restrictions due to illegal use of
computers and the Internet. h is case was jointly investigated by US Secret Service and the FBI. h e US Attorney’s Office for the Northern District of
California, San Jose Division, also assisted with this case.
h e case was prosecuted during the period November 2007 through May 2008. h e prosecution was done by the Assistant US Attorney Matthew D. Segal,
who worked as prosecutor in the office’s Computer Hacking and Intellectual Property (CHIP) unit. According to Attorney Mathew, the accused Michael
Largent developed a computer program allowing him to defraud a few companies such as “E-Trade,” “Charles Schwab & Co.” and Google by opening
or attempting to open more than 58,000 brokerage accounts. He did this to steal the “micro-deposits.” Michael knew that a financial institution make a
micro-deposit when an account is opened to test the functionality of an account. h e amounts deposited in this case were in the range $0.01 to $2.00.
To cover his identity, Michael Largent used false names, addresses, driver’s license numbers and social security numbers, including the names of
known cartoon and comic book characters to open the accounts. When the deposits took place, he would divert the funds into his own bank accounts or
onto prepaid debit cards, without the authorization or knowledge of his victims. As a result, Michael Largent fraudulently obtained or attempted to obtain
tens of thousands of dollars which he used for personal expenses.
Two organizations, namely, E*TRADE (E-Trade Financial Corporation) and Charles Schwab & Co. Inc., in parallel notified the law enforcement agency
when they detected the fraud. Assistant US Attorney Robin R. Taylor, also of the CHIP unit, brought the criminal complaint and the indictment in this case
in May 2008 and Segal took over in January 2009. In sentencing, Judge England observed that Michael Largent’s scheme took some sophistication, and
wondered why he had not used his skills and talents in a lawful way.

Cyber security_Chapter 11.indd 612 2011-03-25 10:34:40 AM

 Cybercrime: Illustrations, Examples and Mini-Cases 613

11.2.14 Example 14: Man Goes Behind Bars for Computer Fraud Offense
Here is another example similar to the previous one (Example 13). h is example shows the hazards of not monitoring remote access permissions and the
consequences of perhaps too much faith placed in the “insiders” with a naive belief that the “insiders” would never bring harm to their organizations (remember the
discussion in Chapter 9). h e ill use of administrator account and password also comes to the fore. h ere are tremendous learning implications for organizational
information security practices. Noteworthy is the nature of punishment given to the guilty thereby creating an opportunity for remorse and also to morally guide
others to avoid his wrong-doing. Read on for further details on this case.
Jeffrey H. Sloman, US Acting Attorney for the Southern District of Florida, and Jonathan
I. Solomon, Special Agent in Charge (from FBI, Miami Field Office) announced that defendant, Lesmany Nunez, on 14 July 2009, was sentenced by Chief US
District Judge Federico A. Moreno to 12 months and 1 day imprisonment after pleading guilty to computer fraud, in violation of Title 18, United States Code, Section
1030(a)(5)(A)(ii). Upon his release from prison, Nunez was ordered to serve 3 years of supervised release, with a special condition that he performs 100 hours of
community service by lecturing young people on the implications of hacking into other people’s computers and networks. Nunez was also ordered to pay $31,560 in
restitution.
As per the facts revealed during in-court statements, Nunez, aged 30, was a former computer support technician at Quantum Technology Partners (QTP),
located in Miami-Dade County. QTP provides ser- vices such as data storage, E-Mail communication and scheduling for their client companies. Late Saturday night,
Nunez remotely accessed QTP’s network without authorization, using an administrator account and password. He first changed the passwords of all of the IT
system administrators and then he shut down almost all of the QTP servers. What is more, Nunez also deleted files. Had he not done that, it would have been
possible to re-install the data from backup tapes much easily and in less time. As a result of Nunez’s malformed acts, QTP and their clients could not perform their
normal business functions for a number of days, suffering a tremendous business loss.
As a result of the unauthorized access to the system and the deletion of data, QTP suffered over $30,000 in damages. h is included the cost of responding to the
offense; conducting a damage assessment; restoring the data, system and information to their previous condition; and other costs incurred due to the interruption of
network services. h rough forensics investigations, Nunez was identified as the perpetrator. Investigators found that the activity on QTP’s computer could be traced to
his home network. Additional evidence was also found subsequently when they performed a search of his computer.
Source: www.cybercrime.gov; posted on 14 July 2009.

11.2.15 Example 15: “Justice” vs. “Justice” – Software Developer Arrested for Launching Website Attacks
Denial-of-service attack (DoS) was mentioned in Chapters 1 and 2. It is explained in Chapter 4 (Section 4.9). Hacking and website defacement were addressed
in Section 1.5.11 of Chapter 1. Screen shots of hacked websites were presented in Figs. 1.6–1.10. h is real-life example shows the crime by a young software
engineer who launched a series of “denial-of-service attacks” on various websites. It shows what misled/ confused youth can do and in turn, how they become
cybercriminals by embracing false motives. It is a reflection of rapidly changing values in our society. Forensics comes the fore in the example.
Bruce Raisley, aged 47, was a software developer from Monaca, Pennsylvania, when he was charged with the offense of computer fraud and abuse. He quietly
surrendered to the FBI on 1 July 2009. More specifically, Bruce was charged with the unauthorized access of protected computers with the intention of causing denial-of-service

Cyber security_Chapter 11.indd 613 2011-03-28 3:59:43 PM

 614 Cyber Security: Understanding Cyber Crimes, Computer Forensics and Legal P erspectives

and/or losses to the websites. A number of websites were impacted – among them were, RollingStone.com and the website of Rick A. Ross Institute of New
Jersey (Rick Ross Institute), based in Hudson County, NJ, who run the Internet archive service “for the study of destructive cults, controversial groups and
movement” and “Perverted Justice,” a Portland, Oregon-based organization (operated by X. E.). Perverted Justice is an organization that seeks to identify and
expose pedophiles and sexual predators targeting minors.
Around 2004, Bruce had volunteered for “Perverted Justice.” Perverted-Justice.com. mentioned before, is a loosely organized group of computer gamers,
students and the occasional well-meaning but misguided “reactionary” who claimed that their primary purpose was to bring about the complete destruction of
the lives of anyone they believe is guilty of chatting with one of their “baiters.” h eir baiters troll Internet chat rooms pretending to be young teen-aged
girls in the hopes of entrapping men into sexually suggestive conversations. Once targeted, members of “Perverted Justice” organization search the Internet for
all avail- able information to publicly identify the “target,” along with complete information about the target – the family, target’s employer, friends, associates,
neighbors, etc. Next, they launch a brutal harassment campaign against anyone listed on their site via phone calls, Internet messages, E-Mails, neighborhood
flyers, etc.
Another impacted organization was Corrupted-Justice.com – a civil rights advocacy organization. It is a group of like-minded people who are dedicated to
bringing about an end, using legal means, to the harass- ment and terrorism being perpetrated by the vigilante group. In this case, host of attacks were mounted
on Corrupted Justice, an organization whose stated purpose is claimed to educate the public on the actions of various purported cybervigilante groups,
including perverted Justice. In year 2006 or around that time, Bruce had become a member of “Corrupted Justice,” after becoming disenchanted with Perverted
Justice!
According to the criminal complaints received, in September 2006 and July 2007, Radar Magazine and the Rolling Stone published two separate articles
(“Strange Bedfellows” and “To Catch a Predator”: h e New American Witch Hunt for Dangerous Pedophiles). Both articles presented positive and negative
views on the activities conducted by “Perverted Justice” and its volunteers. h e articles described what was termed as “questionable tactics” by Perverted Justice to
silence critics. One of these tactics was an episode between X.E. and Bruce. In or about 2007, Strange Bedfellows was reprinted on numerous websites.
Around 25 September 2007, the Rick Ross Institute experienced a distributed denial-of-Service (DDoS) attack. One of the attacking computers was found
to be that of the Academic and Research Network of Slovenia (ARNES). Upon examination, they found a malicious program on their network.
Around 20 November 2007, the Slovenian Computer Emergency Response Team (SI-CERT) further determined that the DDOS program downloaded
instructions from two locations, dosdragon.com and n9zle.com. h ese locations instructed the program to repeatedly target the victim websites.
Victim Rolling Stone was subjected to multiple DDOS attacks directed specifically at the webpage which hosted “ h e New American Witch Hunt.” During
the height of the DDOS attacks, the page requests for the article escalated from a few requests per day to millions of page requests per day, causing the
web- site to experience significant slowdown. On 7 March 2008, the US Computer Emergency Response Team (US-CERT) confirmed SI-CERT ’s findings.
On 16 January 2008 and 8 February 2008, Internet Service Provide records showed that Bruce controlled both command and control systems.
“Corrupted Justice” was the victim of a similar attack on 25 July 2007. As a result of this particular attack, their website was shut down for 4 days. h ey were
attacked again on or about 2 November 2007 and on or about 10 March 2008, resulting in additional 7 days without service. As per the complaint lodged,
Bruce had contacted Corrupted Justice to show off that he had again taken down their servers. h e complaint also states that Bruce told Corrupted Justice
that he “unleashed a virus that could never be stopped,” that [Corrupted Justice] could “kiss goodbye to their website because nothing could protect their
servers against this attack.” During a search of his home on 27 March 2008, Bruce admitted to contacting both Rick Ross Institute and Corrupted Justice, asking
them to take the articles off from their websites. Additionally, Bruce

Cyber security_Chapter 11.indd 614 2011-03-25 10:34:40 AM

 Cybercrime: Illustrations, Examples and Mini-Cases 615

stated that he wrote the programs on a memory stick – it was seized by FBI as part of the search. Bruce also admitted that he used these programs to attack
the Perverted Justice, Corrupted Justice and Rick Ross Institute websites. A forensics review of the seized electronic media confirmed that it contained copies of
programs used in conjunction with the DDoS attack.
h is case was prosecuted in the District of New Jersey. Bruce was scheduled for an initial appearance on 1 July 2009 before the Honorable Patty Schwartz, US
Magistrate. Upon being convicted, Bruce received a maximum of up to 10 years imprisonment along with the fine of $250,000. As would be known to readers/
students well-versed with law, criminal complaint is merely an accusation. Despite this accusation, every defendant is presumed innocent unless and until
proven guilty beyond a reasonable doubt. Special Agent in charge of this case stated that in this situation, this type of “cyberbullying” (the term was introduced
in Chapter 2, Box 2.8) was used as a way to silence the media and deny them of their constitutional rights to the freedom of press. h e Agent further stated that
“cyberbullying” is not acceptable. He thanked all the team members involved for a job well done. h is real-life example shows that technology works both ways
and the criminal will get caught.
Source: http://www.cybercrime.gov; posted on 1 July 2009.

11.2.16 Example 16: CAN-SPAM Act Violation through E-Mail Stock Fraud
Spamming is explained in Chapter 1 (Section 1.5 and Box 1.5). Anti-Spam Laws in Canada are explained in Section 6.2.3 of Chapter 6. Here is a real life
happening on that. h is example involves the CAN-SPAM Act – for those who are not aware of it, refer to the links about this Act in Ref. #30, Additional Useful
Web References, Further Reading. h e full form of CAN-SPAM Act is “Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003.” Five
individuals pleaded guilty on 23 June 2009 in the federal court in Detroit for their involvement in a wide-ranging international stock fraud scheme that had the
illegal use of bulk commercial E-Mails or “spamming.” Considering the advanced age of one of the fraudsters in this example, we can say that just like
cybercrime knows no national boundaries, criminals seem to have no heed to their age!
Alan M. Ralsky, aged 64, and Scott K. Bradley, aged 38; both pleaded guilty to conspiring to commit wire fraud, mail fraud and of violating the CAN-
SPAM Act. h is act defines a “commercial electronic mail message” as “any electronic mail message the primary purpose of which is the commercial
advertisement or promotion of a commercial product or service (including content on an Internet website operated for a commercial purpose).” It exempts
“transactional or relationship messages.” Ralsky and Bradley also pleaded guilty to “wire fraud” and “money laundering” apart from the violation of CAN-
SPAM Act. Under the terms of his plea agreement, Ralsky acknowledged facing up to 87 months in prison and a $1 million fine under the federal sentencing
guidelines while Bradley acknowledged facing up to 78 months in prison and a
$1 million fine under the federal sentencing guidelines.
For some time, Alan Ralsky was the world’s most notorious illegal spammer. In fact he was the self- proclaimed “Godfather of Spam.” Today Ralsky, his son-
in-law Scott Bradley and three of their co-conspirators stand convicted for their roles in running an international spamming operation that sent billions of illegal
E-Mail advertisements to pump up Chinese “penny” stocks and then reap profits by causing trades in these same stocks while others bought at the inflated prices.
Using the Internet to manipulate the stock market through Spam E-Mail campaigns is a serious crime. h is case shows that federal law enforcement has the
both the capability and the will to successfully investigate, prosecute and punish such cybercrimes.
h e CAN-SPAM Act was passed by Congress in 2003 to address Spam E-Mails. h e Act has certain provisions (criminal provisions) to prohibit
falsification of certain information used in E-Mail transmission. John S. Bown, 45, of Fresno, California, pleaded guilty to conspiracy to commit wire fraud, mail
fraud and

Cyber security_Chapter 11.indd 615 2011-03-25 10:34:40 AM

 616 Cyber Security: Understanding Cyber Crimes, Computer Forensics and Legal P erspectives

to violate the CAN-SPAM Act. He also pleaded guilty to conspiring to commit computer fraud by creating a Botnet and violating the CAN-SPAM Act. A Botnet
is a network of computers that have been infected by malicious software. Under the terms of his plea agreement, Bown acknowledges he is facing up to 63 months
in prison and a $75,000 fine under the federal sentencing guidelines.
Yet another person, William C. Neil, aged 46, of Fresno, admitted that he had conspired to violate the CAN-SPAM Act. Under the terms of his plea
agreement, Neil acknowledged facing up to 37 months in prison and a $30,000 fine under the federal sentencing guidelines. James E. Fite, aged 36, of Culver
City, California, pleaded guilty to conspiracy to commit wire fraud, mail fraud and to violate the CAN-SPAM Act. Apart from this, he also pleaded guilty of
making false statements to FBI agents. Under the terms of his plea agreement, Fite acknowledged that he was to face up to 2 years in prison and a $30,000 fine
under the federal sentencing guidelines. Finally, Spam King Alan Ralsky got 4 years in jail.
Assistant Attorney General said “We will not allow criminals to use E-Mail as a conduit for fraud. h is prosecution, the Department’s largest to date under the
CAN-SPAM Act, underscores our strong and stead- fast commitment to ridding our financial markets and cyberspace of E-Fraudsters looking to prey on inno-
cent victims.” Special Agent in Charge mentioned that cybercrime investigations are a top priority of the FBI who is known to aggressively investigate those
individuals who exploit computers for committing vari- ous crimes. In today’s aggressive international business world, there will always be a select few who
illegally manipulate the system for their own profit. According to Special Agent in Charge, Internal Revenue Service Criminal Investigation (IRS-CI), they, that is,
IRS CI, diligently follows the money frauds and assists in the seizure and penalty for any illegal gains from their illegal business practices.
According to court records, from January 2004 through September 2005, Ralsky, Bradley, Judy Devenow, Bown, William Neil, Anki Neil, James Bragg, Fite,
Peter Severa, Wai John Hui, Francis Tribble, and others engaged in a related set of conspiracies designed to use Spam E-Mails to manipulate thinly traded
stocks and profit by trading in those stocks once their share prices increased after recipients of the Spam E-Mails traded in the stocks being promoted. h e
defendants were indicted in the Eastern District of Michigan in December 2007.
Ralsky served as the Chief Executive Officer and primary deal maker for the Spam E-Mail operation. Bradley, Ralsky’s son-in-law, served as the Chief
Financial Officer and Director of operations for the Spam E-Mail operation. Bown, who was Chief Executive Officer of an Internet services company called
“GDC Layer One,” served as the Chief Technology Officer for the Spam E-Mail operation. William Neil, who was an employee of GDC Layer One, built and
maintained a computer network used to transmit Spam E-Mails as part of the conspiracy. Fite was a contract spammer who hired others to send Spam E-Mails as
part of the conspiracy. Devenow, Hui and Tribble previously pleaded guilty for their roles in the conspiracy.
Devenow managed the Spam E-Mail operation and also sent Spam E-Mails. Tribble took charge of planning and directing the stock trading to further the
conspiracy. Hui, CEO of China World Trade, served as the lead dealmaker to represent the companies whose stocks were being promoted via Spam E-Mail.
Court documents revealed that many of the Spam E-Mails promoted thinly traded “pink sheet” stocks for US companies owned and controlled by individuals in
Hong Kong and China. h e Spam E-Mails contained significantly false and deceptive information or omissions. h ose E-Mails were created and sent using some
peculiar software programs to make it difficult to trace them back to the conspirators. According to the indictment, the conspirators used wire
communications, the US mail and common carriers to further their frauds. h e conspirators also participated in money laundering involving millions of
dollars generated by their manipulative stock trading.
h e defendants were indicted to have used several illegal methods in order to maximize the amount of Spam that evaded Spam-blocking devices and tricked
recipients into opening, and acting on, the advertise- ments in the Spam. h ese included using falsified “headers” in the E-Mail messages, using proxy computers to

Cyber security_Chapter 11.indd 616 2011-03-25 10:34:40 AM

 Cybercrime: Illustrations, Examples and Mini-Cases 617

relay the Spam, using falsely registered domain names to send the Spam, and also making misrepresentations in the advertising content of some of the underlying E-
Mail messages. An accusation is merely an indictment and defendants are presumed innocent until and unless proven culpable at trial beyond a reasonable doubt.
h e charges arose after a 3-year investigation, led by the FBI with assistance from the US Postal Inspection Service and IRS-CI exposed a sophisticated and
widespread spamming operation. h e case is being pros- ecuted by US Attorney Terrence Berg and Trial Attorneys h omas Dukes and Mona Sedky Spivack of
the Criminal Division’s Computer Crime and Intellectual Property Section.
Source: www.usdoj.gov

17. Example 17: Business Liability through Misuse of Organization’s Information Processing Assets
In Chapter 2, Box 2.7 explains how criminals can create false E-Mail IDs. h is example is a real-life scenario of that. In one bank, a management trainee of the bank
was engaged with a girl working in the same bank. h ey were to get married in due course of time. During the post-engagement period, the couple exchanged many
E-Mails; however, the boy and the girl used to write the mails during work hours using the company computers. Unfortunately, after some time the relationship
went sore and the two broke up. h e girl created fraudulent E-Mail IDs such as “indianbarassociations.” She used that ID to send E-Mails to the boy’s foreign clients.
h e girl used the bank’s computer for sending these mails. h e mails had negative publicity about the bank. h e boy lost a large number of clients assigned in his
portfolio. Moreover, those clients sued the bank. h e bank was held accountable for the E-Mails sent using the bank’s system. h is small example is a lesson –
organizations must have well-established computing guidelines (this is addressed in Chapter 9 – Section 9.8) and strict vigilance on how organizations computing
and communication facilities are being used.

18. Example 18: Parliament Attack

Forensics fundamentals were introduced in Chapter 7; this example illustrates the scenario in which it was used. Bureau of Police Research and Development
(BPRD) at Hyderabad handled some of the top cybercases. One such case involved analyzing and retrieving information from the laptop recovered from
terrorists, who attacked the Parliament. h e laptop was seized from the two terrorists, who were gunned down when Parliament was under siege on 13
December 2001. Police sent the seized laptop to Computer Forensics Division of BPRD after computer experts at Delhi failed to trace much out of its contents.
Inside the laptop there were a number of evidences that established the motives of the two terrorists, namely (a) the sticker of the Ministry of Home that they had
made on the laptop and pasted on their ambassador car to gain entry into Parliament House and (b) the fake ID card that one of the two terrorists was carrying
with a Government of India emblem and seal. It was also found that the emblems (of the three lions) were care- fully scanned and the seal was also deviously made
along with residential address of Jammu and Kashmir. But careful forensics detection proved that it was all forged and was created using the laptop.

19. Example 19: Game Source Code Stolen!

Source code theft is considered as an IPR theft (IPR is Intellectual Property Rights) and this example is about source code theft in real life. Given the life style
and preferences of the young generation today, one can understand the popularity of game software packages. Game software can be loaded on the mobile hand- sets
as well. Readers can refer to Chapter 3 where cybercrimes are described in the context of mobile devices. h e episode described in this example involves game
software. It is an episode of IPR theft that took place in 2003.

Cyber security_Chapter 11.indd 617 2011-03-25 10:34:40 AM

 618 Cyber Security: Understanding Cyber Crimes, Computer Forensics and Legal P erspectives

It so happened that a computer user in China obtained the source code of a popular game “Lineage I” from an unprotected website. h is proprietary code
was then sold to several people in 2004. One of those people set up a website, www.l2extreme.com, to offer the “Lineage” game at a discount. After noticing this,
the South Korean company that owned the Lineage source code sent legal warnings. However, in spite of those warnings, the suspect did not shut down the
site. He rented powerful servers – enough to accom- modate 4,000 simultaneous gamers and solicited donations from users to help defray the costs. h e loss in
potential revenues for the South Korean company was estimated at $750,000 a month. h e US FBI arrested the suspect and the website was shut down.
Even after this action, the source code stealing of this kind did not stop. In 2007, a prominent Korean Newspaper “Chsun IIbo” had reported that the source
code for upcoming MMORPG Lineage III may have been stolen and sold to an undisclosed “major Japanese game company.” It was suspected that this could be
an “insider” job. h e Seoul Metropolitan Police investigated seven former NCSoft employees in conjunction with this crime. NCSoft estimated a damage value for
the lost data at over 1 billion dollars US. h is sub- stantial figure was supposedly a projection based off the combined worth of the Lineage IP and its current
subscriber value. At present, Lineage has over 1.5 million subscribers worldwide (mainly in Asia) and its current sales is over 1.6 billion dollars (1.5 trillion
Korean won) spread across both titles.
“Insider attacks” (they could be by disgruntled employees or even by un-instigated employees with malicious minds) are worse because, when exposed,
they can considerably dampen employee spirit, as happened in this case too. Morale at the impacted company NCsoft was in its worst stage even before word of
the theft hit mainstream news. h e company experienced serious turnover since the sacking of one of its senior game developers for “poor leadership skills.”
Since the layoff, most of the 90-person development team has, likewise, decided to follow their chief elsewhere.
Police reported that the data theft may actually have occurred during a job interview! In the interview, one or more ex-NCsoft programmers demonstrated
the code for external review. Roots of the problem may actually go all the way back to when program designs for Lineage III were reputedly leaked via E-Mail and/
or portable disk.

20. Example 20: The Petrol Pump Fraud

h ank God that in India, we do not as yet have the system of automated petrol pumps! h is feeling of relief comes after reading this example of fraud. h e fraud
took place in a petrol pump in the US. In India, it is a common practice to keep an “eye” on the delivery of petrol (of course, assuming that the pump has been cali-
brated and periodically inspected to ensure that it is dispensing as it should). h e example here can be con- sidered as “Salami Technique” example, because things
got discovered based on “little-by-little” happening! Here is how that happened.
Four men in Los Angeles, US, were charged with fraud for allegedly installing computer chips in gaso- line pumps that cheated consumers by overstating the
amounts pumped. h e problem was noted when a rising number of consumers complaints were received which claimed that they had been sold more gasoline
than the capacity of their gas tanks! However, the fraud was difficult to prove initially because the perpetra- tors programmed the chips to deliver exactly the right
amount of gasoline when asked for 5 and 10 gallon amounts (precisely the amounts typically used by inspectors).

21. Example 21: Xiao Chung’s Story – Life of a Hacker

Chapter 1 (Section 1.4 and Table 1.3) and Chapter 10 (Figure 10.3 and Section 10.4.1), we mentioned about “motives” for hacking. Here is story of young
hacker Xiao Chung (he has got another pet name in the dark world of the ace hacker community but it is kept confidential) who seemed eager to tell his

Cyber security_Chapter 11.indd 618 2011-03-25 10:34:40 AM

 Cybercrime: Illustrations, Examples and Mini-Cases 619

story. Like many hackers, he wants recognition for his hacking skills even as he values anonymity to remain un-detected. h e New York Times found him
through another well-known hacker who belongs to a hacker group and who vouched that Xiao Chung is too skilled. On condition that he should not be
identified by his real name, Xiao agreed to allow a reporter to visit his modest home in a poor town outside Changsha, and watch him work.
It is quite eerie – just a few quick keystrokes and Xiao Chung proudly brings up a screen displaying his latest victims. He says with a quite a wicked smile,
“Here’s a list of the people who’ve been infected with my Trojan Horse, and they don’t even know what’s gone wrong with them!” You may think that Xiao
may be earning a lot from his craft; but that is not true. For all the seemingly terrific power in his hand to “affect” so many people, the hacker has a modest living
- he works from a dingy apartment on the outskirts of this city in central China (Fig. 11.3).
Although Xiao Chung’s technical cyberattack claims cannot be verified, he is happy to demonstrate his hacking skills. He met a journalist at a cafe one
night in February 2010, and invited him to his home, where he showed how he hacked into the website of a Chinese company. Once the website popped up
on his screen, he created additional pages and typed the word “hacked” onto one of them. Further, he goes on to explain that it is an online “trapdoor”
which he created just over a week ago, and has already lured 2,000 people from China and overseas – people who clicked on something they should not
have, inad- vertently spreading a virus that allows him to take control of their computers and steal numerous bank account passwords. It is hard to believe
that Xiao Chung, a soft-spoken college graduate in his early 20s, is a cyberthief! He operates secretly and illegally, as part of a community of hackers who
exploit flaws in computer software to break into websites, steal valuable data and sell it for a profit. Recall the Zero Day attacks mentioned in Chapter 2,
Box 2.10).
According to Internet security experts, China has legions of hackers just like Xiao Chung, and the experts say that they are the culprits for an escalating number
of global attacks launched to steal credit card numbers, commit corporate espionage and even wage online warfare on other nations. In some cases, these attacks
have

Figure 11.3 | The young hacker at work.

Cyber security_Chapter 11.indd 619 2011-03-25 10:34:40 AM

620 Cyber Security: Understanding Cyber Crimes, Computer Forensics and Legal P erspectives

been traced back to China. In addition to independent criminals like Xiao Chung, computer security specialists say there are so-called patriotic hackers (i.e., “Hacktivists”)
who focus their attacks on political targets.
h e People’s Liberation Army has got intelligence-oriented hackers. It is said that there are also more shady groups who are believed to work with the State
Government. It is said that in China, as well as in parts of Eastern Europe and Russia, computer hacking has become something of a “national sport,” and a lucrative one.
It is being done with all the professional aplomb; for example, there are hacker conferences, hacker training academies and magazines with names like Hacker X
Files and Hacker Defense, which offer tips on how to break into computers or build a Trojan Horse, step by step. Refer to Ref. #5, Additional Useful Web References,
Further Reading.
It is getting easy for hackers; for less than $6, one can even purchase the Hacker’s Penetration Manual. Books on hacking are also sold, to a lesser extent, in the
US and elsewhere. With 380 million web users in China and a sizzling online gaming market, analysts say it is no wonder that Chinese youths are so skilled at
hacking. Many Chinese hackers are interviewed to get them inducted into a loosely defined commu- nity of computer devotees working independently. h ey are
also selling services to corporations and even the military! Because it is difficult to trace hackers, exactly who is behind any specific attack and how and where they
operate remains to a large extent a mystery. And that is just the way Xiao Chung, the young Chinese hacker, wants it.
Xiao Chung’s story is like most young hackers who fall in love with hacking in college. Xiao, too, took to hacking after friends showed him how to break into
computer systems during his first year in the college. After earning a degree in engineering, he took a job with a government agency, largely to please his parents, just
to show them a “regular” job. However, hacking remains his “passion”! At the end of his work at the “regular” job, Xiao turns to his passion: hacking. He admits
that he does it for the lure of money. Many hackers make a lot of money, he says, and he seems to be charting his own path. Exactly how much he has earned, he
would not like to disclose. But he does admit to selling Malicious Code to others, and boasts of being able to tap into people’s bank accounts by remotely operating
their computers.
Xiao is consumed by the challenges it presents. He reads hacker magazines, swaps information with a small circle of hackers and writes Malicious Code. He
uses Trojan Horses to sneak into people’s computers and infect them, so he can take control. “Most hackers are lazy,” he says, smugly seated in front of a computer in his
spare bedroom, overlooking a dilapidated apartment complex. According to Xiao “Only a few of us can actually write code. h at’s the hard part.”
Computer hacking is illegal in China. Last year, Beijing revised and stiffened a law that makes hacking a crime, with punishments of up to 7 years in prison.
Xiao Chung does not seem bothered by the law, largely because he thinks it is not strictly enforced. However, he is clever enough to cover his tracks. Financial
incentives motivate many young Chinese hackers like Xiao Chung. Scott J. Henderson, author of “ h e Dark Visitor: Inside the World of Chinese Hackers,” had
spent years tracking Chinese hackers, sometimes with financial help from the US Government. One Chinese hacker who broke into a US Government site
later lectured on hacking at a leading university and worked for China’s security ministry. According to Henderson, recently many Chinese hackers have been
seeking to profit from stealing data from big corporations or teaching others how to hijack computers. h ey make a lot of money selling viruses and Trojan Horses to
infect other people’s computers. h ey also break into online gaming accounts and sell the virtual characters. It’s big money for these hackers.
“Hack-star” Xiao Chung lives with his parents, and his bedroom has little more than a desktop computer, a high-speed Internet connection and a large closet. h e
walls are bare. Most of his socializing occurs online; his “after regular job” hours range from about 6:30 p.m. to 12:30 a.m., starting every evening by perusing
computer websites like cnBeta.com. Xiao values his freedom and that is one strong reason he puts forth for not working for any major Chinese technology
company. He even claims to know details of the

Cyber security_Chapter 11.indd 620 2011-03-25 10:34:40 AM

 Cybercrime: Illustrations, Examples and Mini-Cases 621

Google attack. “ h at Trojan Horse on Google was created by a foreign hacker,” he says, indicating that the virus was then altered in China. “A few weeks before
Google was hijacked, there was a similar virus. If you opened a particular page on Google, you were infected.” Oddly, Xiao’s parents did not know that he does the
“hack-job” at night. One day, however, he explained the intricacies of computer hacking and stealing data while his mother stood nearby, listening silently. Xiao
and his fellow hackers keep secret their knowledge of certain so-called “zero-day vulnerabilities” – software flaws – for future use. When asked whether hackers
work for the government, or the military, he says “yes.”

11.2.22 Example 22: Killers Take Tips from 26/11 Attack to Use VOIP
h e term “cyberterrorism” was explained in Chapter 1 (Box 1.1 and Section 1.2) and here is a real-life incidence involving cyberterrorism in the countrythat
has just about settled from the shock of 26/11 attacks on Mumbai. h ose attacks revealed the wireless communication technology used by the terrorists. h is
real-life example comes from that background. In Chapter 7, E-Mail forensics is explained – fully aware that electronic mails can be traced, cybercriminals as well
as terrorists adopt a technique whereby they do not send attack-related mail and yet they communicate with their counterparts. h is real-life example showshow
that technique was used.
Investigations in the murder of criminal lawyer Shahid Azmi revealed that the killers had used communication techniques similar to the ones used by
terrorists during the 26/11 terror attacks and the 11/7 train blasts. According to crime branch sources, gangster Bharat Nepali, who had hired men to eliminate
Azmi, had used Voice over Internet Protocol (VoIP) system to communicate with the killers. During the investigations it was revealed that at least six calls
were made, before and after Azmi’s murder, using VoIP service from Hong Kong, Los Angeles, London and Israel. h e usage of VoIP for criminal activity came
to light during the 26/11 terror attacks in Mumbai. Handlers of the terrorists, who attacked the city on the night of 26 November 2008, were found to be using
VoIP service to communicate with the 10 men who laid siege at various locations in the city.
Use of draft E-Mail system was another communication technique used by Azmi’s killers. h e same technique was used by terrorists in the 11/7 train
blasts that rocked Mumbai city in 2006. According to a crime branch official, a person from Bangkok attached photographs of Azmi in a mail and saved it
as a draft in an E-Mail account. h e killers, Devendra Jagtap and Hasmukh Solanki, who knew the password of the E-Mail account opened the draft mail and
thus identified Azmi.
Azmi’s killing (on 11 February 2010) had shocked the city’s legal fraternity. It was scary – the three men had barged into Azmi’s Kurla office to shoot him
dead and then they ran away from the scene. Azmi was defence lawyer in the 26/11 trial for Faheem Ansari, who was recently acquitted by the court due to
lack of evidence. h e first round of investigations revealed that it was a contract killing undertaken for ` 1 lakh (` 1,00,000) at the command of Nepali, a former
aide of infamous Chhota Rajan.
Later on crime branch officials detained Devendra Jagtap, Pintu Dagle and Vinod Vichare from Mulund, while the fourth accused, Hasmukh
Solanki, was taken into custody on 9 March 2010. h e police also seized four weapons that were used in the killing, three rounds of live cartridges and
five mobile phones from the group. Of the 10 accused, six, including Nepali, his close aide Vijay Shetty, Santosh Shetty, Rajiv Tiwari and two others,
were absconding. According to Public Prosecutor Kalpana Chavan, Nepali had given contract to kill Azmi because he believed that the lawyer was defending
those who according to him are anti-nationals. h e shooting was part of Nepali’s efforts to establish his suprem- acy in the underworld.

Cyber security_Chapter 11.indd 621 2011-03-25 10:34:41 AM

 622 Cyber Security: Understanding Cyber Crimes, Computer Forensics and Legal P erspectives

23. Example 23: “Robberson” Brothers Caught for Selling Pirated Software
Investigation of Maurice A. Robberson and his brother h omas Robberson was commenced by BSA (Business Software Alliance).
In early 2002, BSA had received complaints from software publishers and that was the basis for the investigation. After reviewing
the reported websites, BSA made undercover purchases and determined that the software sold was pirated. After this, BSA referred
the case to the Federal Bureau Washington Field Office. h e FBI Field Office conducted independent investigation and subsequently
shut the operation down in October 2005. h e investigation determined that starting in late 2002 the Robberson brothers sold more than
$5 million of counterfeit software products. In addition to running four for-profit websites, the Robberson brothers were also co-
conspirators with Danny Ferrer in the operation of www.BbuysUSusA.com.
It turned out from the investigations that, during the operation of the websites, h omas Robberson grossed more than $150,000 by selling
software with a retail value of nearly $1 million. Maurice Robberson amassed more than $855,000 through sales of software with a retail
value of nearly $5.6 million. In March 2008, Maurice Robberson was sentenced to 36 months in prison, whereas his brother h omas was
sentenced to 30 months. Both were also ordered to undergo an additional 3 years of supervisedrelease and pay restitution.

24. Example 24: BSA Uncovers Software IPR Breaches

h e issue of software piracy as Intellectual Property Offense is addressed in Section 9.2.2, Chapter 9. h is is a glaring example of that
type of offence. h is is one more example of the breach uncovered by BSA happened in Georgia State, US, in July 2008. It involved
interaction with eBay. Launched in 1995, eBay started as a place to trade collectables and hard-to-find items. Today, eBay is a global
marketplace where institutional buyers as well as individuals can buy and sell practically anything. You do not have to register to take a look
at what’s available, but you will need to register if you want to buy or sell. Today, eBay is the world’s online marketplace – it is a place for
both buyers as well as sellers to come together and trade almost anything. People use such facilities for the convenience, at times overseeing
the risks involved as we learn in this example.
A woman was stopped from selling counterfeit copies of Corel software on eBay. An investigation revealed that she had sold more than
$212,000 worth of unlicensed software to hundreds of consumers, in the period January–May 2008. A $250,000 civil judgment was entered
against her. In another episode of similar kind, uncovered by BSA, a person from yet another state was found to be involved. Jon Crain
of Coraopolis, Pennsylvania, operated nearly 20 websites distributing unlicensed copies of Adobe, McAfee, Microsoft and Symantec
software online. He was first targeted in March 2007 as part of an international legal action against five software pirates. h e other offenders
were located in the UK, Austria, and Germany. In many of these cases, BSA was alerted to the illegal activity by reports or complaints from
disappointed consumers who were initially attracted by low price deals. BSA sued Crain, and a civil judgment was entered that included a
hefty settlement payment and a requirement to remove the unlicensed software from his website.
Another example is this incidence that took place in July 2008. Jeremiah Mondello, a 23-year Oregon man, was sentenced to 4 years
in federal prison for selling more than $1 million worth of pirated software and distributing malware via instant message networks to steal
financial data from dozens of consumers. He then used the stolen bank account credentials to set up more than 40 online auction accounts
in the victims’ names and withdraw money from their debit accounts. In addition to the prison sentence, federal investi- gators also seized
computers and $220,000 in cash from Mondello. h e government also was entitled to seize his home and surrounding land.

Cyber security_Chapter 11.indd 622 2011-03-25 10:34:41 AM

 Cybercrime: Illustrations, Examples and Mini-Cases 623

11.2.25 Example 25: Pune City Police Bust Nigerian Racket

h is story had appeared in Pune Mirror dated 25 October 2010. Name of the victim has been masked to respect the privacy of the person. However, all the
events mentioned here are real and are presented exactly as they happened, as mentioned in the chain of events mentioned here is as at the time of writing this. Visit
Items No. 19 in Section 11.7 (Online Scams) – Nigerian Scam is explained there. What is described here is a real-life example of that. h is example re-emphasizes
the need for cybercrime awareness. As you can see in this example, even an educated person working in technology field got fooled by the perpetrators and suf-
fered a big financial loss. It also shows the greed of criminals.
h e police succeeded in nabbing two suspects in this fraud case. h is fraud happened when the police started probing into a complaint received from a
young software engineer working in Pune city. Arjun Changaokar, a resident in Warje area, was duped into parting with ` 10.27 lakhs (` 10,27,000) by making
him believe that he was going to be offered a high profile job in a London hotel called New Climax.
In an E-Mail chat with an alleged UK-based Councillor, Arjun, the techie from Rajiv Gandhi Infotech Park at Hinjewadi, was convinced to pack up and leave
India for UK! h e fraud got exposed when Arjun found that there was no flight to UK from Indira Gandhi International Airport at the time he was told by the
conmen! h e efforts expended by Warje police were successful and two perpetrators, including a bank account holder, were arrested. However, the real
mastermind Chong-Ching, who is a foreign national, was still absconding. A special squad of cyber experts has been investigating the Nigerian fraud racket run
from Meera Road. h e three accused in the FIR (First Information Report) filed by the victim include Shailendra Ramesh Soni, aged 24, a resident of
Shivajinagar in Govandi in Mumbai, Naresh Shubrakaran Sharma, aged 27, a resident of Queens Park in Mira-Bhayandar in h ane and Chong-Ching, the
foreign national whose complete name and address could not be traced (as at the time of writing this). h e fraud took place during the period 26 July–24
September 2010. h e accused have been charged under various sections of the IPC (Indian Penal Code – see Appendix P in CD) and the Indian IT Act (see
Appendix O in CD) for cheating and conspiracy using Information Technology.
As per complaint filed by the victim Arjun Changaokar, the fraud started with the mail he received on 26 July 2010. In that mail he was offered a job in UK-
based hotel “New Climax.” A person calling himself Chong-Ching claimed to be authority at the hotel and offered to victim the post of Sales Supervisor with a
handsome UK salary. h e victim responded to the E-Mail and accepted the offer. h ere onward, the cor- respondence continued. In another E-Mail, a person
called John Smith Levis introduced himself as UK councillor. John claimed to have been given the responsibility by the hotel to provide Visa. To get the Visa and
to pay for journey expenses and accommodation in the UK, John asked the victim for various amounts of money in a number of E-Mails. John gave to the victim
several account numbers in different branches of Axis Bank and ICICI Bank. Victim Arjun deposited those amounts ranging from ` 2 to 5 lakhs (` 2,00,000 to
5,00,000) on different occasions. Over a 2-month period, Arjun (the victim) deposited a total amount of
` 10.27 lakhs (` 10,27,000)! In the words of the victim
“At first, I received an email offering me a high paying job in UK hotel to get a visa and to pay for journey expenses and accommodation in UK, I was asked for
various amounts of money in multiple emails. He gave me several account numbers in different branches of Axis Bank and ICICI Bank. I deposited amounts ranging
from Rs. 25 lakh on different occasions. Over a two-month period, I deposited a total amount of Rs. 10,27,700.”
h e victim arranged the money from various sources. He shared with his parents and friends the news of his overseas job. According to the E-Mail, the victim
received on 10 October 2010, he was supposed to catch a flight from Indira Gandhi International Airport and a person was going to meet Arjun at the airport
with

Cyber security_Chapter 11.indd 623 2011-03-25 10:34:41 AM

 624 Cyber Security: Understanding Cyber Crimes, Computer Forensics and Legal P erspectives

a Visa and an air ticket. During the correspondence, receipts with fake stamps (as it turned out later) and signatures of the British High Commissioner were
sent to victim. When victim (Arjun) reached the airport, he found that there was no such person waiting for him. h at is when the victim realized that he had
been cheated. Arjun returned to Pune and tried to contact the concerned person but the concerned person never replied to his mails. Arjun then decided to
approach the police.
Inspector (Crime Branch) Solankar said “After receiving the complaint, we started investigating the accounts in which Arjun had deposited the
requested amounts of money. We identified an account in the name Shailendra Soni in the Shivajinagar branch of Axis Bank. We sent a team to Govandi and
laid a trap for him.” After the inquiry, the Police discovered that Soni was asked by someone called “Sharma” for permission to use his account. Police
nabbed Sharma in Mira-Bhayandar. h e investigation revealed that someone hailing from Nigeria asked them to commit the crime. He offered 7 of the
total amount to Sharma. Sharma, in turn, got Soni’s help by offering him a 5 commission. Sharma had met the suspected foreign national several times and
they had been running this racket for many years. Sharma has various cheating crimes registered to his name. h e Police took up the investigation aimed at
finding out other crimes committed by this gang.

11.3 Mini-Cases
In this section, we have provided real-life cases involving cyberpornography, cyberdefamation, Salami attack, Internet time theft, etc. Table 11.2 lists the Mini-
Cases of this section.
Table 11.2 | List of Mini-Cases in Section 11.3
Topic Chapter Cross-
Mini-Case Title No.
Reference
1 Cyberpornography Involving a Juvenile Criminal Cyberpornography Chapters 1 and 2
Indian Cyberdefamation Case of a Young Couple
2 Cyberdefamation, Chapters 1 and 7
spoofed mails with
ulterior motive
3 h e Zyg-Zigler Case Chapter 1
Salami attack, logic
4 Internet Time Stealing bomb
5 NewYork Times Company vs. Sullivan Case of Cyber Cybertheft Chapter 1
Defamation Cyberdefamation
6 Online gambling Chapter 1
h e Indian Case of Online Gambling IPR h e ft,
7 Chapters 1, 9 and 10
An Indian Case of Intellectual Property Crime Cybersquatting
8 h e SlumDog Millionaire Movie Piracy Case Chapters 1, 2, 4 and 9
Malicious Hacking Case – Organ Donation Database IPR theft
9 Chapters 1, 2, 4 and 9
Deleted Hacking of computer
10 network, insider attack
h e Case of Counterfeit Computer Hardware
— (Continued )

Cyber security_Chapter 11.indd 624 2011-03-25 10:34:41 AM

 Cybercrime: Illustrations, Examples and Mini-Cases 625

Table 11.2 | (Continued )

Topic Chapter Cross-
Mini-Case Title No.
Reference
11 h e Chinese Case of Trade Secret Stealing involving an Hacking Chapter 1
E-Waste Company
12 — Chapters 7 and 8
Internet Used for Murdering
13 Social networking evils Chapters 1 and 7
Social Networking Victim – MySpace Suicide Case
14 State of Tamil Nadu vs. Suhas Katti Case Pune Citibank Cyberdefamation Data Chapter 1
15 MphasiS Call Center Fraud NASSCOM vs. Ajay Sood theft Phishing Chapter 9
16 & Others Indian Case of Cyberdefamation Cyberdefamation Chapter 5
17 Cybersquatting IPR Chapter 1
Indian Cases of Cybersquatting
18 Swedish Case of Hacking and h eft of Trade Secrets theft Chapters 1 and 10
19
20 Chapters 1, 9
Chapters 1, 9 and 10
and 10
IPR Violation IPR theft
21 Indian E-Mail Spoofing Case Spoofing Chapter 2

1. Mini-Case 1: Cyberpornography Involving a Juvenile Criminal

Pornography is mentioned in Chapter 1. h ere was a recent Indian incident involving cyberpornography related to an 8th grade student of a certain Delhi school.
h e classmates used to tease the boy for having a pockmarked face. h is went on for quite some time and the teasing did not stop in spite of student’s appeals to his
friends and complaints to the school teachers. Tired of the cruel jokes about his face, the boy decided to get back at his tormentors. As revenge, he scanned
photographs of his classmates and teachers, morphed them with nude photographs and put them up on a website that he uploaded on to a free web hosting
service. Action against this student was taken after the father of one of the girls (featured on the website) objected and lodged a complaint with the police.
In another incident that occurred in Mumbai it was found that a Swiss couple would gather slum chil- dren and would force them to appear for obscene
photographs. h e couple would then launch these photo- graphs on to websites expressly designed for pedophiles. h e Mumbai police arrested the couple under the
charge of cyberpornography. Section 67 B of the ITA 2008 (Indian IT Act amendment of 2008) addresses child pornography and makes searching and browsing
also as offenses.

2. Mini-Case 2: Indian Cyberdefamation Case of a Young Couple

Sujata, a young girl, was about to get married to Sudesh whom she met during a social event. She was mighty pleased because she never believed in finding a
perfect match through an arranged marriage. Sudesh seemed to be open-minded and pleasant. h ey used to meet quite often during the pre-marriage period. One
day when Sujata met Sudesh, he looked worried and even a little upset. He did not seem interested in talking to her. When she asked, he told her that members
of his family had been receiving E-Mails that contained malicious stories about Sujata’s character. Some of them were of her past affairs. He told her that

Cyber security_Chapter 11.indd 625 2011-03-25 10:34:41 AM

 626 Cyber Security: Understanding Cyber Crimes, Computer Forensics and Legal P erspectives

his parents were very upset and he felt they were justified in getting upset; after all, Sujata was going to be their daughter-in-law soon. Sudesh told
Sujata that his parents were considering breaking off the engagement. Sujata was shocked obviously, but fortunately, Sudesh was able to convince his
parents and other elders of his house to approach police instead of blindly believing the mails. During investigation, it was revealed that the person
sending those E-Mails was none other than Sujata’s stepfather. Sujata was the main source of income in the family after her mother expired; the father
was a drunkard and had no means of livelihood. Sujata’s father (when he gave in during the police enquiries) admitted that he had sent those E-Mails to
break the engagement. He wanted Sujata to remain with him to continue providing him financial support. He admitted that Sujata’s marriage would have
caused him to lose control of her property of which he was the guardian till she got married. Sujata’s mother had bequeathed her all the propery
through a registered will because she was not sure if the property would be safe in the hand of her chronic alcoholic husband.
Section 49 of the Indian Penal Code is mentioned in reference to cyberdefamation in Chapter 1 (Section 1.5.3). Readers may like to note that
copy of the IPC (Indian Penal Code) is available in Appendix P.

Cyberdefamation is a cognizable offense. Chapter XXI of the Indian Penal Code (IPC) is about DEFAMATION. In Section 499 of Chapter XXI of
IPC, regarding “defamation” there is a mention that “Whoever, by words either spoken or intended to be read, or by signs or by visible
representations, makes or publishes any imputation concerning any person intending to harm, or knowing or having reason to believe that such
imputation will harm, the reputation of such person, is said, except in the cases hereinafter expected, to defame that person.”

h e investigation traced the perpetrators through E-Mail forensics (refer to Section 7.6 of Chapter 7).
Another famous case of cyberdefamation occurred in America. Friends and relatives of a lady were inundated with obscene E-Mail messages
appearing to originate from her account. h ese mails gave the lady a bad name and made her an object of ridicule. h e lady was an activist against
pornography. In reality, a group of people displeased with her views and angry with her for opposing them, had decided to get back at her by using such
underhanded methods. In addition to sending spoofed obscene E-Mails, they also launched websites about her basically meant to malign her character.

11.3.3 Mini-Case 3: The Zyg-Zigler Case

It is said that in the US, it is common to fire people from jobs. One employee of a bank in the US was dismissed from his job. h e disgruntled man felt
offended at have been mistreated by his employers. He decided to take revenge. He first introduced a logic bomb into one of the core banking systems ofthe
bank. h e logic bomb was programmed in such a way that the system would take 10 cents off from all the accounts in the bank and would deposit them into
the account of the person whose name was alphabetically the last in the bank’s rosters. h is disgruntled man then opened an account in the name of
Ziegler. h e amount debited from each of the accounts in the bank was so trivial that neither the account holders nor the bank officials noticed any fault.
Finally, this phenomenon came to the notice of the bank officials when another person by the name of Zygler opened his account in that bank. He was
astonished to find a substantial amount of money being transferred into his account every Saturday!

Cyber security_Chapter 11.indd 626 2011-03-25 10:34:41 AM

 Cybercrime: Illustrations, Examples and Mini-Cases 627

4. Mini-Case 4: Internet Time Stealing

h is is a case that took place before the ITA 2000, was enacted. In this case a services person was impacted. As you read on, you will realize how determination
led to revelation about the fraud which otherwise would not be detected. h e fraud described in this case could be detected due to victim’s alertness. Recall the
discus- sion in Section 4.12.2 about “ h eft of Internet Hours.”
Colonel Bajwa, a resident of New Delhi, asked a nearby net cafe owner to visit for re-installing his Internet connection. For this purpose, the net cafe owner
needed to know his username and password. After setting up the connection, the cybercafe owner walked away with the username and password noted down.
He then sold this information to another net cafe. After about a week, Colonel Bajwa discovered that his Internet hours were almost over! Out of the 100
hours that he had purchased, more than 90 hours had been used up within the span of that week. He noted that this had happened although he was inactive in
that week in terms of his use of the Internet from that connection that was set up with the help of the net cafe owner. Colonel Bajwa was surprised and became
suspicious of his suddenly depleting Internet account. So, he reported the incident to the Delhi Police. h e Police could not believe that time could be “stolen”
because they were not aware of the concept of “time-theft” at all. h ey could not understand how something “immovable” such as the Internet “hours” could be
stolen and so they rejected Colonel Bajwa’s report. Colonel Bajwa was not will- ing to give up and he decided to approach h e Times of India, New Delhi. h ey,
in turn, prepared a report about the shortfall of the New Delhi Police in handling cybercrimes. h e Commissioner of Police, Delhi took charge of the case
and the police under his directions raided the cybercafe and arrested the owner under the charge of theft as defined by the Indian Penal Code. h e net cafe
owner spent several weeks locked up in Tihar jail till the bail was granted. h ere are two points to note: (a) the modified IT Act, that is, the ITA 2008
addresses the cybercafe issue and (b) not having encountered such a situation before, the police were perplexed by the theft about something they considered
“immovable.”

5. Mini-Case 5: New York Times Company vs. Sullivan Case of Cyberdefamation

Here is the brief for the New York Times Co. v. Sullivan Case – facts of the case decided together with Abernathy v. Sullivan; this case concerns a full-page
advertisement in the New York Times which alleged that the arrest of the Rev. Martin Luther King, Jr. in Alabama was part of a campaign to destroy King’s
efforts to integrate public facilities and encourage blacks to vote. L. B. Sullivan, the Montgomery city commissioner, filed a libel action against the
newspaper and four black ministers who were listed as endorsers of the advertisement, claiming that the allegations against the Montgomery police defamed
him personally. Under Alabama law, Sullivan did not have to prove that he had been harmed. He also did not have to prove the defense claim that the
advertisement was untruthful because the advertisement contained factual errors. Sullivan won a $500,000 judgment. Question presented was “Did
Alabama’s libel law, by not requiring Sullivan to prove that an advertisement personally harmed him and dismissing the same as untruthful due to factual
errors, unconstitutionally infringe on the First Amendment’s freedom of speech and freedom of press protections?” Conclusion: h e court held that the
First Amendment protects the publication of all statements, even false ones, about the conduct of public officials except when statements are made with
actual malice (with knowledge that they are false or in reckless disregard of their truth or falsity). Under this new standard, Sullivan’s case collapsed.
h is was a US Supreme Court case which recognized the actual malice standard before press reports could be considered to be defamation and libel, and
hence allowed free reporting of the civil rights campaigns in

Cyber security_Chapter 11.indd 627 2011-03-25 10:34:41 AM

628 Cyber Security: Understanding Cyber Crimes, Computer Forensics and Legal P erspectives

the southern US. It is one of the key decisions supporting the freedom of the press. h e actual standard for malice requires that the publisher is aware whether the
statement is false or acts in an irresponsible manner without regard of the truth. h e decision established that for a plaintiff to win a libel ruling against a
newspaper, “actual malice” or “reckless negligence” must be proved on the part of the paper if the statement in question is about a public official or a public figure.
In the case of a private figure, the petitioner must merely prove carelessness. h e background for this case is described below.
On 29 March 1960, the New York Times carried a full-page advertisement titled “Heed h eir Rising Voices,” which solicited funds to defend Martin Luther
King, Jr. against an Alabama perjury indictment. In the advertisement there was description about actions against civil rights protesters and activists – some was
inaccurate and some involved the police force of Montgomery, Alabama. h e inaccurate criticism of the actions by the police was considered as defamation
against Commissioner L.B. Sullivan, whose duties included supervision of the police department. h ough he was not named in the advertisement but he held the
position of commissioner.
Alabama law denied a public officer recovery of punitive damages in a libel action brought on account of a publication concerning their official conduct unless
they first make a written demand for a public retraction and the defendant fails or refuses to comply, so Sullivan sent such a request. h e Times did not publish a
retraction in response to the demand. Instead it wrote a letter stating, among other things, that “we ... are somewhat puzzled as to how you think the statements in
any way reflect on you,” and “you might, if you desire, let us know in what respect you claim that the statements in the advertisement reflect on you.” Sullivan
didn’t respond but instead filed this suit a few days later. He also sued four black ministers mentioned in the ad, specifically Ralph Abernathy, S.S. Seay, Sr., Fred
Shuttlesworth and Joseph Lowery. Sullivan won $500,000 in an Alabama court judgment.
Eventually, h e Times did, however, publish a withdrawal of the advertisement upon the demand of Governor John Patterson of Alabama, who asserted that
the publication charged him with “grave misbe- havior and ... inappropriate actions and omissions as Governor of Alabama and Ex-Officio Chairman of the State
Board of Education of Alabama.” When asked to explain why there had been a retraction for the Governor but not for Sullivan, the Secretary of h e Times
testified: “We did that because we didn’t want anything that was published by h e Times to be a reflection on the State of Alabama and the Governor was, as far as we
could see, the embodiment of the State of Alabama and the proper representative of the State and, furthermore, we had by that time learned more of the actual
facts which the ad purported to recite and, finally, the ad did refer to the action of the State authorities and the Board of Education presumably of which the
Governor is the ex-officio chairman ... .” On the other hand, he testified that he did not think that “any of the language in there referred to Mr. Sullivan.” h e court
decision was decreed as described below.
h ere was the rule of law that was applied by the Alabama courts; however, it was found to be constitutionally deficient. h is was seen in the failure to
provide the safeguards for freedom of speech and of the press that are required by the First and Fourteenth Amendments in a libel action brought by a public official
against critics of his official conduct. h e decision further ruled that under the appropriate safeguards, the evidence presented in this case was not constitutionally
sufficient to support the judgment for Sullivan.

11.3.6 Mini-Case 6: The Indian Case of Online Gambling

h ere are millions of websites, hosted on many servers, to offer online gambling services. It is believed that many of these websites are actually fronts for
“money laundering.” Fraud cases of “Hawala” dealings and money mis-deals over the Internet have been reported in the past (in Ref. #8, Additional Useful Web
References, Further Reading, we have provided some links to “Hawala” systems for readers who have not

Cyber security_Chapter 11.indd 628 2011-03-25 10:34:41 AM

 Cybercrime: Illustrations, Examples and Mini-Cases 629

heard about this informal system of transferring money). It is not yet fully known if these sites have any rela- tionship with drug trafficking. Recent Indian case
about cyber lotto is very interesting. Kola Mohan was the man who invented the story of winning the Euro Lottery. He created a website and an E-Mail address on
the Internet with the address “[email protected].” Whenever accessed, the site would declare him as the recipi- ent of the 12.5 million pound. A Telgu newspaper
published this as news after confirmation. Meanwhile, Kola Mohan collected large sums of money from the public as well as from some banks for mobilization of
the deposits in foreign currency. He could have gone on merrily. h e fraud, however, got exposed when a discounted cheque from Kola Mohan with the Andhra
Bank for ` 1.73 million bounced. Kola Mohan had pledged with Andhra Bank the copy of a bond certificate purportedly issued by Midland Bank, Sheffields,
London stating that a term deposit of 12.5 million was held in his name.

7. Mini-Case 7: An Indian Case of Intellectual Property Crime

“Cybersquatting” is explained in Chapter 1 (Box 1.1). Also refer to Box 10.3 in Chapter 10. Satyam vs. Siffy is the most widely known case for that. Bharti Cellular
Ltd. made a case in the Delhi High Court with a com- plaint that some cybersquatters had registered domain names such as barticellular.com and bhartimobile.
com with network solutions under different fictitious names. h e court ordered Network Solutions not to transfer the domain names in question to any third
party and the matter was sub-judice. Similar issues were brought to various High Courts earlier. Yahoo had sued a man called Akash Arora for use of the domain
name “Yahooindia.Com” deceptively similar to its “Yahoo.com.” As this case was governed by the Trade Marks Act 1958, the additional defense taken against
Yahoo’s legal action for the interim order was that the Trade Marks Act was applicable only to goods. We know from Chapter 1 that intellectual property crimes
include software piracy, copyright infringement, trademarks violations, theft of computer source code, etc. In other words, this is also referred to as
cybersquatting.

8. Mini-Case 8: The Slumdog Millionaire Movie Piracy Case

h is incident was posted on 23 July 2009. A San Marcos man pleaded guilty to a felony charge of using the Internet to distribute a pirated copy of “Slumdog
Millionaire” in violation of federal copyright law. Owen Moody, aged 25, pleaded guilty to uploading a copyrighted work being prepared for commercial
distribution, admitting that he uploaded a copy of “Slumdog Millionaire” late 2008 to a website called thepiratebay.org, with the illicit desire that others could
download the movie over the Internet. Moody also posted a link to the upload at the Internet websites called demonoid.com and mininova.org. At the time
Moody uploaded the movie, it was in limited release in domestic theaters and was not yet available on DVD.
Moody used the Internet screen names “Tranceyo” and “Gizmothekitty.” He found the copy of “Slumdog Millionaire” on an Internet website called funfile.org,
where someone had uploaded a digital copy of the movie that had been sent as an Academy Award “screener” to a member of the Academy of Motion Picture
Arts and Sciences for voting consideration. When Moody searched the Internet, he realized the movie was not readily available to the general public. Moody then
downloaded the movie from funfile.org and uploaded it to piratebay.org. He also created links to the movie on the two other websites, to make the movie available
to the general public. Moody uploaded the movie from his home in San Marcos, the US. rights to “Slumdog Millionaire” under copyright ownership of Fox
Searchlight Pictures, Inc., which is located in Los Angeles County. At that time, the movie was in limited release in domestic theaters and was not yet available
on DVD. Moody pleaded guilty to the charge in front of the US District Judge Gary A. Feess in Los Angeles. Judge Feess scheduled to sentence Moody on 5
October 2009. In the US, if you upload a copyrighted work, such an act carries a statutory maximum penalty of 3 years in central prison and a $250,000 fine or
twice the gross gain or gross loss attributable to the offense, whichever is greater.

Cyber security_Chapter 11.indd 629 2011-03-25 10:34:41 AM

 630 Cyber Security: Understanding Cyber Crimes, Computer Forensics and Legal P erspectives

Another case: In first week of July 2009, a Ventura County man who obtained Academy Award screeners of “h e Curious Case of Benjamin
Button” and “Australia” pleaded guilty to uploading the films to the Internet. Derek Hawthorne, aged 21, of Moorpark, pleaded guilty to uploading a
copy- righted work being prepared for commercial distribution. He was sentenced by the US District Judge
R. Gary Klausner on 28 September 2009. h e US Secret Service was involved in the investigation of cases running against Moody and Hawthorne.

11.3.9 Mini-Case 9: Malicious Hacking Case – Organ Donation Database Deleted

Hackers are type II criminals (refer to Section 1.4, Chapter 1). As mentioned in that section and in Chapter 10, the typical “motives” behind
cybercrime seem to be greed, desire to gain “power” and/or “publicity,” desire for revenge, a sense of adventure, looking for thrill to access forbidden
information, destructive mindset, the desire to sell network security services. h is is a real life example showing the conse- quences of computer hacking. We know
that disgruntled employees tend to get into criminal acts, seen from the “motive” perspective of cybercrimes. h e example shows the “data loss” considering the
critical data and systems of an organization that were deleted in a criminal act; an act that was performed with malice and ill intentions.
h is is a classic case of an “Insider attack” (recall the discussion in Chapter 9). It involved hacking a former employer’s computer network. In this case,
the former IT Director of at a non-profit organ and tissue donation center was sentenced to 2 years in prison for hacking into her former employer’s
computer network, announced Assistant Attorney General Lanny A. Breuer of the Criminal Division and US Attorney for the Southern District of Texas Tim
Johnson.
h e woman called Danielle Duann, aged 51, of Houston, pleaded guilty on 30 April 2009, to criminal indictment charging her with unauthorized
computer access. Duann was sentenced to jail by US District Judge David Hittner in the Southern District of Texas. In addition to the 2-year prison term,
Judge Hittner sentenced Duann to a 3-year period of supervised release following completion of her prison sentence and ordered her to pay $94,222 in
restitution to compensate her former employer for the damage that resulted from her actions.
While pleading guilty, Duann admitted that she had illegally accessed the computer network of LifeGift Organ Donation Center and then intentionally
deleted organ donation database records, accounting invoice files, database and accounting software applications and various backup files, without authorization.
LifeGift is the exclusive supplier of organ procurement services for more than 200 hospitals throughout 109 counties in North, Southeast and West Texas.
As per the court documents, LifeGift removed Duann from her position as their director of Information Technology on 7 November 2005, and revoked all of
her previous administrative rights and access to the LifeGift computer network. In pleading guilty, Duann admitted that beginning of the evening of 7 November 2005,
and continuing until 8 November 2005, she repetitively gained unlawful access to the LifeGift computer network via a remote connection from her home and
intentionally caused damage by deleting numerous database files and software applications, as well as their backups, related to LifeGift’s organ and tissue recovery
operations.
Duann further admitted that in an attempt to conceal her activities, she disabled the computer logging functions on several LifeGift computer servers and
erased the computer logs that recorded her remote access to the LifeGift network. h is case was investigated by the FBI and was jointly prosecuted by Trial
Attorney h omas Dukes of the Criminal Division’s Computer Crime and Intellectual Property Section and Special Assistant US Attorney Bret W. Davis of the
US Attorney’s Office for the Southern District of Texas. h is example emphasizes the point that the possibility of “insider attacks” should never be ignored and
that

Cyber security_Chapter 11.indd 630 2011-03-25 10:34:41 AM

 Cybercrime: Illustrations, Examples and Mini-Cases 631

disgruntled employees do have the potential to cause damage to their organizations. Systems Administrators as professionals possess tremendous amount of
technical knowledge about how computer systems perform and, as this example shows, it can get put to malignant use with their motive to settle their personal
scores!
Source: www.usdoj.gov (12 May 2010).

10. Mini-Case 10: The Case of Counterfeit Computer Hardware

h is is a slightly different kind of case reported on 3 December 2009. Christopher Myers, aged 40, and Timothy Weatherly, aged 27 were charged with
conspiracy, trafficking in counterfeit goods and smuggling in counterfeit labels. In 2003, Myers founded a company called Deals Express. He conspired with
Weatherly, who in 2005 established a company called Deals Direct, Inc to import counterfeit Cisco brand computer hardware from China. For making the
hardware look genuine they attached fake Cisco labels to the compo- nents and packaged them in counterfeit Cisco boxes along with counterfeit Cisco manuals.
Myers and Weatherly arranged to have the counterfeit components despatched from China to various shipping addresses in Kansas State, including self-
storage facilities in Lenexa, Merriam, Mission, Overland Park, and Kansas City, KS, as well as UPS stores in Seattle, WA, and Portland, OR. In November
2005, shipments of counterfeit goods were confiscated in Louisville, KY, Los Angeles, CA and Wilmington, OH. h ese seized goods included counterfeit
hardware items such as network cards, connectors, manuals, labels and boxes. In August 2005, Weatherly established a website for Deals Direct and began
using eBay to sell counterfeit Cisco products under the name “direct2technology.” Myers and Weatherly made suggestions to their suppliers in Shenzhen,
China, and Hong Kong for adjustments to the products to make them appear more authentic. After these counterfeit goods were seized, the defendants
made various changes in their shipping arrangements in an attempt to avoid detection, including change of shipment address and having counterfeit goods
shipped through other countries including Sweden.
Myers and Weatherly, upon conviction, would face a maximum penalty of 5 years in federal prison and a fine up to $250,000 on the conspiracy
charge and a maximum penalty of 10 years and a fine up to
$2 million on each of the trafficking counts. Immigration and Customs Enforcement and the National Bureau of Investigation worked on the case.
Assistant US Attorney Scott Rask prosecuted the case. Legal professionals would know that defendants are considered not guilty until and unless they are
proven guilty. h e charges filed merely contain accusations of unlawful conduct.

11. Mini-Case 11: The Chinese Case of Trade Secret Stealing Involving an E-Waste Company
h is case was published in September 2009 by the US Department of Justice. A citizen of the People’s Republic of China was charged in connection with
the scheme devised to steal trade secrets and proprietary information relating to computer systems and software with environmental applications from his New
Jersey employer, Acting US Attorney Ralph J. Marra, Jr., announced. h e indictment charges Yan Zhu, aged 31,
a.k.a. “Wesley ZHU,” a.k.a. “Westerly Zhu,” who resides in Lodi, with conspiracy to steal trade secrets and wire fraud. On the morning of 9 April 2009, FBI
Special Agents arrested Zhu at his residence while he was in the US on a work visa. Later that day, the defendant Zhu made an initial appearance in federal
court in front of US Magistrate Tonianne J. Bongiovanni. h e Magistrate released the defendant Zhu on a $200,000 secured bond. Zhu was later arrested on
the accusation in Federal Court after the case was assigned to a US District Judge.
h e indictment describes a scheme in which Zhu, along with other unindicted co-conspirators, used his employment with a business, which is identified in
the indictment only as “Company A,” to obtain access to the

Cyber security_Chapter 11.indd 631 2011-03-28 4:26:05 PM

 632 Cyber Security: Understanding Cyber Crimes, Computer Forensics and Legal P erspectives

company’s trade secrets and proprietary and confidential information relating to computer software developed for the Chinese market. According to the charges made
against Zhu, he (i.e., Zhu) worked with Company A as a senior environmental engineer from May 2006 until his termination in July 2008. Company A is a software
development and consulting company with its principal office in Mercer County. h e company is in the business of developing supporting, and implementing software
and computer systems for ecological applications.
While in the services of Company A, Zhu worked on a comprehensive hazardous waste information management system that Company A developed for
the Chinese market. h e purpose of this product was to allow a Company A customer, such as an environmental regulatory agency, as well as entities that interact with
the environmental regulatory agency, such as hazardous waste producers and shippers, to enter, organize and view certain data regarding pollution and hazardous
waste within that agency’s jurisdiction. In addition, it was alleged that Zhu worked on Company Adatabase application that was related to this software system.
h e allegation further stated that Zhu operated his scheme with at least two co-conspirators, identified only as Co-conspirators 1 (CC-1) and 2 (CC-2), both
Chinese nationals residing in China. According to the indictment, CC-1 had been introduced to Company A through Zhu and hired as Company A’s sales repre-
sentative in the Science and Technology High-Tech Zone in Xian City, Shanxi Province, China. Company A rented office space in Xian City. From this office CC-1
represented Company A and hosted the subject soft- ware on his/her own computer system. h e charges filed allege that Zhu, CC-2 and CC-1, were all associated
with a company known only as “Company X,” an environment-related software company in China.
It is further alleged that Zhu and his co-conspirators exploited the trust placed in Zhu by Company Aby stealing Company A’s trade secrets and proprietary
and confidential business information, and exploit- ing an opportunity for Company A to market its product to the Chinese government. h e indictment also
alleges that, as early as January 2008, Zhu began sending Company A’s computer software source code to CC-2 in China. Eventually, the Indictment alleges,
the co-conspirators used this computer source code to develop a modified version of the Mercer County company’s software in China, which was marketed under
the Company X banner. It is further alleged that the co-conspirators took control of the Mercer County company’s office in China, and used that space to
conduct business for Company X. According to the indictment, Zhu was terminated on 17 July 2008, in part because Company A became aware that Zhu had
sent Company A trade secret and confidential and proprietary information to his personal E-Mail account. h e charge of conspiracy to steal trade secrets carries a
maximum penalty of 10 years in prison and a fine of
$250,000 or twice the aggregate loss to the victims or gain to the defendants. Each count of wire fraud carries a maximum penalty of 20 years in prison and a fine of
$250,000 or twice the aggregate loss to the victims or gain to the defendants. Despite the accusation, the defendant is presumed innocent unless proven guilty beyond
a reasonable doubt. Marra credited Special Agents of the FBI’s Trenton Resident Agency, under the direction of Special Agent in Charge Weysan Dun in Newark, with
the investigation leading to the indictment. h e govern- ment was represented by Assistant US Attorney Eric M. Schweiker of the Criminal Division in Trenton.

12. Mini-Case 12 – Internet Used for Murdering

Refer to Section 8.6 “An Illustration on Real Life Use of Forensics” in Chapter 8 to read this case.

13. Mini-Case 13: Social Networking Victim – MySpace Suicide Case

h is is about “MySpace” suicide case reported in the New York Times. “Myspace” is a social networking sites. In Section 7.14 of Chapter 7 there is a
discussion about social networking sites and the potential security/privacy threats arising from them. In that section, there was the mention about a mother
convicted of computer fraud for her involvement in creating a phony account on MySpace to trick a teenager, who later

Cyber security_Chapter 11.indd 632 2011-03-25 10:34:42 AM

 Cybercrime: Illustrations, Examples and Mini-Cases 633

committed suicide. h is case shows that social networking sites, though popular, can result in someone losing his/her precious life, as this real-life case reveals. h is
case, (a real-life story) was reported in New York Times and posted on 26 November 2008. It is a sad story of the family members and friends of the teenaged
girl who lost her life. She was a victim of social networking. Megan Meier, aged 13, committed suicide in October 2008. Apparently, the suicide was caused by
cruel messages she received on the social networking site “Myspace.” h is incidence, in a way, is also sad reality in a “boyfriend-oriented culture.”
Readers, who have not yet read previous chapters, may like to read about cyberbullying in Box 2.8 of Chapter 2. According to the legal experts in the US,
this was country’s first cyberbullying verdict, in which a Missouri woman was convicted of three misdemeanor charges of computer fraud for her involvement in cre-
ating a phony account on MySpace to trick a teenager, who later committed suicide. h e accused, Ms. Lori Drew went through a 5-day trial. During the trial,
prosecutors portrayed Ms. Lori Drew had worked in col- lusion with her daughter, Sarah, aged 13 at that time, along with Ms. Ashley Grills, a young family
friend and also an employee of Ms. Lori Drew’s magazine coupon business in Dardenne Prairie. h e testimony showed that they “created” a teenage boy, “Josh
Evans,” as an identity on MySpace. h e conspiracy was to make this pseudo character (created on MySpace) to communicate with Sarah’s rival, Megan Meier, who
was also 13 years old then. Megan was known to have a history of depression and suicidal impulses. According to testimony at the trial there were weeks of online
courtship with “Josh.” Megan was distressed one afternoon in October 2006, when she received an E-Mail message from “Josh” saying that “h e world would be a
better place without you.”
Ms. Ashley Grills, who is now 20, testified (under an immunity agreement) that shortly after that message was sent, Megan wrote back, “You’re the kind of boy a
girl would kill herself over.” Totally depressed having such a message from her boyfriend (in reality only a pseudo character on MySpace) Megan hanged herself
that same afternoon in her bedroom. h e jury appeared to reject the government’s contention that Ms. Lori Drew had intended to harm Megan. However, the
convictions signaled the 12-member Jury’s belief that she had, nonetheless, violated federal laws that prohibit gaining access to a computer without
authorization. Readers will recall that in Chapter 1, there is discussion about “unauthorized access to computer” (Sections 1.3–1.5 and Table 1.5). Specifically, the
jury found Ms. Lori Drew culpable of illegally accessing a computer system on three occasions, in reference to the fraudulent postings on MySpace in the name of
“Josh Evans.” h e federal Computer Fraud and Abuse Act was passed in 1986 in the US and has been amended several times since then. According to legal and
computer fraud experts, the application of the law appeared to be expanding with technology and the growth of social networking on the Internet. In general,
prosecutions under the act have been associated with people who are computer systems hackers. Until recently, social networking sites such as MySpace did not
exist. h erefore, this case would be simply another important step in the expanded use of this statute to protect the public from computer crime. Although it was
unclear how severely Ms. Lori Drew would be punished, the jury reduced the charges to misdemeanors from felonies, and no sentencing date was set. According to
computer fraud experts, the conviction was highly significant as it was the first time that a federal statute designed to combat computer crimes was used to
prosecute what were
essentially abuses of a user agreement on a social networking site.
Under federal sentencing guidelines, Ms. Lori Drew could face up to 3 years in prison and $300,000 in fines, even though she had no previous criminal record.
Her lawyer asked for a new trial. While this is a case from another country, it is a lesson for all of us. h is case sends an overwhelming message to users of the
Internet and social networking sites.

11.3.14 Mini-Case 14: State of Tamil Nadu vs. Suhas Katti Case
Cyberdefamation was addressed in Chapter 1 and that is the concept reference in this fairly well-known and a truly landmark case. It is considered to be
India’s First cybercrime conviction. People’s perception is

Cyber security_Chapter 11.indd 633 2011-03-25 10:34:42 AM

 634 Cyber Security: Understanding Cyber Crimes, Computer Forensics and Legal P erspectives

that conviction takes a very long time in the jurisdiction. However there are exceptions as seen in this case. h is well-known case of Suhas Katti (year 2004) is
available in the public domain. It is noteworthy for the fact that the conviction was achieved successfully within a relatively short time of 7 months from the
date of filing of the FIR (First Information Report). h e case illustrates how the Indian IT was used to file the case. Similar cases have been awaiting judgment
in other states for a much longer time. h is case had a relatively more efficient handling in the sense that this was the first case of the Chennai Cybercrime Cell
going to trial. h erefore, it deserves a special mention.
h is case involves posting of obscene, defamatory and annoying message about a divorcee woman in the yahoo message group. E-Mails were also sent to the victim
for information by the accused. However, this was done through a false E-Mail account opened by him in the name of the victim. h e posting of the message
resulted in annoying phone calls to the lady in the belief that she was soliciting.
Based on a complaint made by the victim in February 2004, the Police traced the accused to Mumbai and arrested him within the next few days. h e
accused was a known family friend of the victim and was said to be interested in marrying her. She, however, married another person. Later, the wedding
ended in a divorce, and the accused once again started making contacts with the lady. On her reluctance to marry him, the accused took up the harassment
through the Internet. On 24 March 2004, a charge sheet was filed under Section 67 of IT Act 2000, 469 and 509 IPC before h e Hon’ble Addl. CMM Egmoreby
citing 18 wit- nesses and 34 documents and material objects. Prosecution examined 12 witnesses and complete documents were marked as “Exhibits.”
h e Defense argued that the offending mails would have been given either by ex-husband of the complainant or the complainant herself to implicate
the accused as accused alleged to have turned downthe request of the complainant to marry her.
Further, the Defense Counsel argued that some of the documentary evidence was not sustainable under Section 65B of the Indian Evidence Act.
However, the court relied upon the expert witnesses and other evidence produced before it, including the witnesses of the cybercafe owners and came to the
conclusion that the crime was conclusively proved. h e judgment was submitted in May 2004 as stated below:
“ h e accused is found guilty of offences under section 469, 509 IPC and 67 of IT Act 2000 and the accused is convicted and is sentenced for the offence to
undergo rigorous imprisonment for 2 years under 469 IPC and to pay fine of Rs. 500/- and for the offence under Section 509 IPC sentenced to undergo 1 year
simple imprisonment and to pay fine of Rs. 500/- and for the offence under Section 67 of IT Act 2000 to undergo rigorous imprisonment for 2 years and to pay
fine of Rs. 4000/-.”
h e accused paid the fine amount and waslodged at Central Prison, Chennai. h is is considered as the first case convicted under Section 67 of ITA 2000 in India.
IMPORTANT NOTE – h e information contained in this case is meant for informational purpose only and is based on material available in public domain. Authors
do not make any claim about its accuracy or authenticity. h e name of the victim is masked to protect identity. h e information provide here is based on the extracts
from the Judgment pronounced in the First Cybercrime Conviction in India.

11.3.15 Mini-Case 15: Pune Citibank MphasiS Call Center Fraud

BPO and call center business is growing in India has become a popular destination for outsourcing back- office work. h is case involves a BPO scenario and
is an eye opener. US$ 3,50,000 belonging to four US customers were fraudulently transferred to fake accounts. h is was enough to give ammunition to
those

Cyber security_Chapter 11.indd 634 2011-03-25 10:34:42 AM

 Cybercrime: Illustrations, Examples and Mini-Cases 635

lobbying against outsourcing of work from the US to other countries; especially to India. Such cases are not uncommon but media likes to focus on them
when it happens in India. It is a case of sourcing engineering, also known as “social engineering.” Some employees gained customer confidence and
obtained their PIN numbers to commit fraud. h ey got these under the disguise of helping the customers out of difficult situ- ations. Highest security
prevails in the call centers in India as they know that they will lose their business. h ere was not as much of breach of security but of sourcing
engineering/social engineering.
As an industry practice in security, the call center employees are checked when they go in and out of the work place. h is is done to ensure that they do
not copy down numbers or any other business confidential information. However, in this case, the employees of the call center must have remembered
these numbers, gone out immediately to a cybercafe and accessed the Citibank accounts of the customers. All accounts were opened at Pune. h e customers
lodged a complaint that the funds from their accounts were transferred to Pune accounts. h is is how the criminals were traced. Police were able to prove
the honesty of the call center and has frozen the accounts where the money was transferred.
h e ISO 27001 standard for information security recommends many controls and one such control is about HR checks. As a best practice, there
should be strict background check of the call center executives. However, even the best of background checks cannot fully eliminate the bad elements from
coming in and breaching security. We must still ensure such checks when a person is hired. h ere is need for a national ID and a national database
where a name can be referred to. In this case first round of investigations did not disclose that the criminals had any criminal history. Customer education
is crucial so that customers are not taken for a ride. Most consumers may feel that banks are guilty of not doing this.

11.3.16 Mini-Case 16: NASSCOM vs. Ajay Sood and Others

Phishing is explained in Chapter 5 – this case is to be read in that context. h e petitioner in this case was the National Association of Software and
Service Companies (NASSCOM), India’s premier software asso- ciation. h e defendant was Ajay Sood & Others and the case was delivered in March
2005. In this case, the Delhi High Court declared “Phishing” on the Internet to be an illegal act, entailing an injunction and recovery of damages.
h e court elaborated on the concept of “Phishing,” in order to lay down a precedent in India. h e court stated that it is a form of Internet fraud where a
person pretends to be a legitimate association, such as a bank or an insurance company, in order to extract personal data from a customer such as access codes,
passwords, etc. Personal data so collected by misrepresenting the identity of the legitimate party is commonly used for the collecting party’s advantage. h e
court also stated, by way of an example, that typical Phishing scams involve persons who pretend to represent online banks and siphon cash from E-
Banking accounts after conning consumers into handing over confidential banking details.
According to the Delhi High Court, even though there is no specific legislation in India to penalize Phishing, it held that Phishing to be an illegal
act by defining it under Indian law as “a misrepresentation made in the course of trade leading to confusion as to the source and origin of the E-Mail causing
immense harm not only to the consumer but even to the person whose name, identity or password is misused.” h e court held the act of Phishing as passing off and
tarnishing the plaintiff’s image.
h e defendants were running a placement agency engaged in providing head-hunting and recruitment services. In order to obtain “personal data,”
which they could use for purposes of head-hunting, the defen- dants composed and sent E-Mails to third parties in the name of NASSCOM. h e high
court recognized the trademark rights of the plaintiff and passed an ex-parte ad interim injunction restraining the defendants

Cyber security_Chapter 11.indd 635 2011-03-25 10:34:42 AM

 636 Cyber Security: Understanding Cyber Crimes, Computer Forensics and Legal P erspectives

from using the trade name or any other name deceptively similar to NASSCOM. h e court further ordered the defendants not to hold themselves out as being
associates or a part of NASSCOM. For readers not savvy with legal terms – “Ex–parte” means on behalf of only one party, without notice to any other party.
For example, a request for a search warrant is an ex parte proceeding, since the person subject to the search is not notified of the proceeding and is not present at the
hearing.
h e court appointed a commission to conduct a search at the defendants’ premises. Two hard disks of the computers, from which the fraudulent E-Mails were
sent by the defendants to various parties, were taken into custody by the local commissioner appointed by the court. h e offending E- Mails were then down-
loaded from the hard disks and presented as evidence in court. During the progress of the case, it became clear that the defendants, in whose names the
offending E-Mails were sent, were fictitious identities created by an employee on defendants’ instructions, to avoid recognition and legal action.
On discovery of this fraudulent act, the fictitious names were deleted from the array of parties as defendants in the case. Later, the defendants admitted
their criminal acts and the parties settled the matter through the recording of conciliation in the suit proceedings. According to the terms of compromise, the
defendants agreed to pay a sum of ` 1.6 million to the plaintiff as damages for violation of the plaintiff’s trademark rights. h e court also ordered the hard disks
seized from the defendants’ premises to be handed over to the plaintiff who would be the owner of the hard disks.
h is case achieves clear milestones (a) It brings the act of “Phishing” into the ambit of Indian laws even in the absence of specific legislation. (b) It
demonstrates a point – the perception that there is no “damages culture” in India for violation of IP rights is not true. h is case reaffirms Intellectual Property
owners’ faith in the Indian judicial system’s ability and willingness to protect intangible property rights and send a strong message to IP owners that they can do
business in India without sacrificing their IP rights.

11.3.17 Mini-Case 17: Indian Case of Cyberdefamation

h is is another well-known case available in the public domain. h ough an old case, it is considered to be India’s first case of cyberdefamation, in which a Court
of Delhi assumed jurisdiction over a matter where a corporate’s reputation was being defamed through E-Mails and passed an important ex-parte injunction. For
readers who do not come from legal background, ex-parte is a Latin legal term meaning “from (by or for) one party.” An ex-parte decision is one decided by a
judge without requiring all parties to the controversy to be present. According to legal doctrines in Australia, Canada, the UK, India and the US, “ex–parte”
means a legal proceeding brought by one person in the absence of and without representation or notice of other parties. It is also used as a slack reference to
unacceptable one-sided contacts with a court, arbitrator or represented party without notice to the other party or counsel for that party.
h e Delhi High Court conceded an ex-parte ad interim order in the case entitled “SMC Pneumatics (India) Pvt. Ltd. v. Jogesh Kwatra” being Suit No.
1279/2001. h is matter was handled by one of India’s leading cyberlawyers. h e defendant Jogesh Kwatra was an employee of the plaintiff company. He
started sending defamatory, derogatory, vulgar, filthy, obscene and abusive E-Mails to his employers as also to different subsidiaries of the said company all
over the world with the aim to defame the company and its Managing Director Mr. R.K. Malhotra. h e plaintiff filed a suit for permanent injunction
restraining the defendant from doing his illegal acts of sending derogatory E-Mails to the plaintiff.
Arguing on behalf of the plaintiffs, the cyberlawyer handling the case contended that the E-Mails sent by the defendant were distinctly obscene, vulgar, abusive,
intimidating, humiliating and defamatory in nature. h e lawyer further argued that the aim of sending the said E-Mails was to malign the impeccable reputation of
the plaintiffs all over India and the world. h e lawyer further contended that the acts of the defendant in sending the E-Mails had resulted in invasion of legal
rights of the plaintiffs. Further, it was argued that the

Cyber security_Chapter 11.indd 636 2011-03-25 10:34:42 AM

 Cybercrime: Illustrations, Examples and Mini-Cases 637

defendant is under a duty not to send the aforesaid E-Mails. After the claimant company made a discovery that the said worker of their organization was
possibly involved in the act of sending offensive E-Mails, the claimant terminated the services of the defendant.
After hearing detailed arguments of the lawyer, Honorable Justice J.D. Kapoor of the Delhi High Court passed an ex-parte ad interim injunction
observing that a prima facie case had been made out by the plaintiff. As a result, the Delhi High Court stopped the defendant from sending defamatory
obscene derogatory, humiliating, vulgar and abusive E-Mails either to the plaintiffs or to its associate companies and/or sister concerns all over the world
including their Managing Directors and their Sales and Marketing departments. In addition, Honorable Justice J.D. Kapoor also stopped the defendant from
transmitting, publishing, or causing to be published any information in the physical world as well as in cyberspace which is deprecating or slanderous or
offensive to the plaintiffs.
h e matter was posted for 4 October 2001. h is decree by Delhi High Court has remarkable meaning because this is for the first time that an
Indian Court assumes authority in a matter concern- ing cyberdefamation and grants an ex-parte injunction restraining the defendant from defaming
the plaintiffs by sending derogatory, defamatory, abusive and obscene E-Mails either to the plaintiffs or their subsidiaries.

11.3.18 Mini-Case 18: Indian Cases of Cybersquatting

h e term “cybersquatting” is explained in Chapter 1 (Box 1.1). It is reproduced here again for reader’s quick reference to understand the examples presented
below. “Cybersquatting” means registering a popular Internet address – usually a company name – with the aim of selling it to its lawful owner. After presenting the
short examples, we have summarized the learning points.

Yahoo Inc. vs. Akash Arora Case of Cybersquatting

h is is probably the first reported Indian case wherein the plaintiff (the person who lodges the complaint) is the registered owner of the domain name
yahoo.com and the plaintiff succeeded in obtaining an interim order restraining the defendants and agents from dealing in service or goods on the Internet or
otherwise under the domain name yahooindia.com or any other trademark/domain name which is misleadingly analogous to the plaintiffs trademark
Yahoo. As on the date of writing this, there are only a small number of reported judgments in our country; however, newspaper reports and information
from dependable sources indicate that there are at least 25 disputes pertaining to domain names pending before the Delhi High Court itself. Refer also to
the mini-case under Section 11.3.7.

Tata Sons Ltd vs. Ramadasoft Case of Cybersquatting

h is cybersquatting case involved Tata Sons Ltd vs. Ramadasoft. Tata Sons is the holding company of India’s largest industrial corporation, the Tata Group. Tata
Sons won a case to evict a cybersquatter from 10 contested Internet domain names. Tata Sons had filed a complaint at the World Intellectual Property
Organization. h e respondent was proceeded ex-parte. As explained earlier, an ex-parte decision is one decided by a judge without requiring all of the parties to
the controversy to be present. h e board reached a conclusion that the respondent owns the domain names. h ese domain names are confusingly similar to
the complainant’s trademark TATA, and the respondent has no rights or legitimate interests in respect of the domain names, and he has registered and used the
domain names in bad faith. h ese facts permit the plaintiff to an order transferring the domain names from the respondent.

Cyber security_Chapter 11.indd 637 2011-03-25 10:34:42 AM

638 Cyber Security: Understanding Cyber Crimes, Computer Forensics and Legal P erspectives

SBI Cards and Payment Services Private Limited vs. Domain Active Pty. Limited
h is is the case that involved SBI Cards and Payment Services Private Limited vs. Domain Active Pty. Limited. Sbicards.com was ordered by the World Intellectual
Property Organization (WIPO) to be trans- ferred to the Indian Company from an Australian entity, which hijacked the domain name hoping to later sell it for a hefty
sum to the State Bank of India subsidiary. h e panel accepted SBI Card counsels argument that the Australian company was in the business of buying and selling domain
name through its website.

Mahindra & Mahindra Limited (M&M) Case

Yet another Indian instance of cybersquatting involved Mahindra & Mahindra Limited (M&M). In this case, a young student residing in Andhra Pradesh registered the
domain names mahindra.com, mahindra. net and mahindra.org, in his name. M&M made an appeal to the WIPO saying that they had registered the name “Mahindra” as
the registered trademark in India and the US. As per the order passed by the panelists, the domain names were to be immediately transferred in favor of the Indian company.

Titan Industries Ltd. vs. Prashanth Koorapati and Others

In this case of Titan Industries Ltd. vs. Prashanth Koorapati & Ors., the Delhi High Court sanctioned an ex-parte ad interim restriction (i.e., in the meantime) to
restrain the defendants from using the name TANISHQ on the Internet or otherwise and from committing any other act as is likely to lead to passing off of the business and
goods of the defendants as the business and goods of the plaintiff.

Bennett Coleman & Co Ltd. vs. Steven SLalwani Case

h is is another interesting case of cybersquatting. Since 1996, the complainant has been holding the domain name www.economictimes.com, for electronically publishing it in
newspapers. h e plaintiff had registered in India this mark for literary purposes. However, in 1998, Steven S. Lalwani, US, registered the same domain name.
h e WIPO judgment made it clear that the complainant have a very substantial reputation in their newspaper titles arising from their daily use in hard copy and
electronic publication. It was also firmly held that the registration and use of the domain names by the respondents is not in good faith in that their use meant an intentional
attempt to attract (with commercial gain as the purpose), Internet users to their websites by creating a possibility of misunderstanding with the complainants marks as to the
source, sponsorships, affiliation or endorsement of those websites and the services on them.

Rediff Communication Limited vs. Cyberbooth Case

In Rediff Communications Ltd. vs. Cyberbooth, petitioner, the proprietor of the well-known portal and domain name rediff.com filed for embargo against the defendant,
registrant of the domain name rediff.com. h e Judge was convinced that there was a clear intention to deceive and granted interim relief to the plain- tiff. h e judge affirmed
that a “domain name” is more than an Internet address and is entitled to as much protection as that provided for a trademark.
h e terms IPR, Copyright, Trademark, Trade secret, etc. are explained in Ref. #1, Books, Further Reading and also in Chapter 10 (Section 10.2). h e discussion here
assumes that readers are familiar with these terms.

Cyber security_Chapter 11.indd 638 2011-03-25 10:34:42 AM

 Cybercrime: Illustrations, Examples and Mini-Cases 639

If not, we recommend readers to refer to the said chapter of the book mentioned. To know about Indian Trademark Law, we have provided links in Ref. #71,
Additional Useful Web References, Further Reading. h e various statues dealing with Intellectual Property Laws in India are as follows:
1. Trademarks Act 1999 (see Appendix S).
2. Copyright Act 1957 (see Appendix T).
3. Patents Act 1970 as amended by Patents (Amendments) Act 2005 (see Appendix R).
4. Designs Act 2005.
5. Code of Civil Procedures 1908.
6. Indian Penal Code 1860 (see Appendix P).
7. Geographical Indication of Goods (Registration & Protection) Act 1999.
8. Semiconductor, Integrated Circuit Layout Design Act 2000.
9. Plants Varieties Protection and Farmers’Rights Act 2001.
10. Information Technology Act 2000 (see Appendix O).
From the cybersquatting examples described so far, note the following points:

1 . h e trademark law has been drastically broadened to accommodate domain name disputes. However, in author’s opinion, the trademark law should
not be too widely broadened to confer upon trademark owners the rights that they otherwise are not entitled to. h e tricky question is whether the law will
eventually give large trademark owners property rights in domain names, that is, the ability to exclude others from using them. In deciding how far the
trademark laws should reach, it may become essential to revisit the rationale behind trademark protections. Trademark protection is meant to provide
consumers with exact information about the merchandise and services presented by the mark, and to provide incentives to companies so that they become
interested in investing in their marks and also to enhance quality control. Trademarks, therefore, lower consumer search costs and promote the economic
functioning of the market. “Marks” themselves are not protected, but the law protects the goodwill the marks embody.
2. Allowing exclusive rights in domain names will put off companies from using names that are already used. Conventional financial explanation for trademark
law rests on the premise that there is an countless number of marks available. However, there are only a limited number of domain names available.
3. One more area of concern with such a right is that it would allow trademark owners to preclude others from using not only one but several marks. It is
now a general practice for companies to register all possible domain names they can think of, that contain their company name. For example, Exxon
currently holds the rights of over more than 120 domain names incorporating the word “EXXON.”
4 . h e current law seems to endorse protection of large companies more, that is, those who want rights in every possible variations of their name.
5. From a realistic point of view, the current expansion in law gives trademark owners a significant amount of leverage. For example, often people with
genuine interests in their domain names cannot pay for fighting with trademark owners. Naturally, this will force many to simply turn over their rights in
order to avoid corporate bullying.

Do refer to the “Intellectual Property in the Cyberspace” discussion in Section 10.2 of Chapter 10 – that discussion will provide greater details of IP.

Cyber security_Chapter 11.indd 639 2011-03-25 10:34:42 AM

 640 Cyber Security: Understanding Cyber Crimes, Computer Forensics and Legal P erspectives

19. Mini-Case 19: Swedish Case of Hacking and Theft of Trade Secrets
Stealing of IPR/trade secrets is one of the major threats to industries and individuals in the modern era. Here is a real-life scenario on that. Two well-known
organizations co-operated with Government for the investigation of this case.
Philip Gabriel Pettersson, a.k.a. Stakkato, aged 21, a Swedish national, was indicted on 17 May 2009 on the grounds of intrusion and trade secret theft
charges. h is was announced by the US Attorney for the Northern District of California and the Justice Department’s Criminal Division.
h e charges included one intrusion attempt and two attempts of trade secret misappropriation involv- ing Cisco Systems Inc. (Cisco), San Jose, CA, a
provider of computer network equipment and producer of Internet routers. As per allegations in the condemnation, Pettersson purposely committed an
intrusion between 12 May 2004 and 13 May 2004 into the computer system and network of Cisco. It was alleged that during the suspected intrusion, some Cisco
Inter-network operating system code was misappropriated. h e accusation also included two intrusion attempts involving the National Aeronautics and Space
Administration (NASA), including computers at the Ames Research Center and the NASA Advanced Supercomputing Division, located at Moffett Field,
CA. h e accusation alleges Pettersson committed these intrusions on 19 May 2004, 20 May 2004 and 22 October 2004.
Cisco and NASA cooperated in the government’s investigation. Following the incident, Cisco reported that they could not believe that any customer information,
partner information or financial systems were affected. h e Department of Justice worked in cooperation with the Swedish authorities on this case. From legal per-
spective, it is to be noted that an indictment is merely an accusation. All defendants are presumed innocent until proven guilty at trial beyond a reasonable doubt.
h e maximum penalty for each charge of intrusion and theft of trade secrets is 10 years in prison, a 3-year term of supervisedrelease, and a fine of $250,000.
h e prosecution was the result of an investigation by the FBI; US Secret Service; NASA Office of Inspector General, Office of Investigations,
Computer Crimes Division; and numerous additional federal agencies. A senior officer at the Criminal Division’s Computer Crime and Intellectual
Property Section (CCIPS) prosecuted the case with assistance from other officers. CCIPS Senior Counsel also assisted in the prosecution. h e Criminal
Division’s Office of International Affairs assisted on international coordination issues in the case.
Source: www.cybercrime.gov

20. Mini-Case 20: IPR Violation

Intellectual property stealing is mentioned in Chapters 1 and 9. Intellectual Property in the Cyberspace is explained in Chapter 10 (Section 10.2). h is
example involves a counterfeit software program. Below is explained how this crime happened in real life.
On 12 June 2009, Rodolfo Rodriguez Cabrera, aged 43, a Cuban national, and Henry Mantilla, aged 35, of Cape Coral, FL, were accused about a plot to
manufacture and sell fake International Game Technology (IGT)-brand video gaming machines, commonly known as “slot machines,” and counterfeit IGT
computer programs. Cabrera was arrested on 8 June 2009, based on the indictment. Mantilla was scheduled to appear based on a summon in the US District
Court for the District of Nevada on 2 July 2009.
As per the indictment, Cabrera was the owner as well as operator of a company called FE Electronic in Riga, Latvia, and Mantilla owned and operated a
company named Southeast Gaming Inc., in Cape Coral, FL. h e indictment makes an allegation that during the period that spanned between August 2007
and 15 April 2009, Cabrera and Mantilla were part of the conspiracy that involved making illegal copies of IGT

Cyber security_Chapter 11.indd 640 2011-03-25 10:34:42 AM

 Cybercrime: Illustrations, Examples and Mini-Cases 641

video gaming machine computer programs, placing counterfeit labels bearing IGT’s registered trademark on the computer programs, installing the counterfeit computer
programs in IGT gaming machine cabinets and then sell the counterfeit computer programs and gaming machines through their respective companies. h ey did all this without
the permission of the trademark and copyright owner, IGT.
h e charge against Cabrera and Mantilla indicated that they were involved with a conspiracy of traffick- ing in counterfeit goods, trafficking in counterfeit labels and
criminal copyright infringement. If convicted of all charges, each defendant faces a maximum of up to 45 years in prison and $5.25 million in fines. h e accusation also
contains 13 penalty allegations that require the defendants, if convicted, to forfeit any and all counterfeit items and to forfeit up to $5 million in proceeds from their alleged
criminal activity.
h e case was investigated by the FBI and prosecuted by Assistant US Attorney of the US Attorney’s Office for the District of Nevada and Trial Attorney of the Criminal
Division’s Computer Crime and Intellectual Property Section (CCIPS). Significant assistance came in this case from the Central Criminal Police Department of the
Latvian Ministry of Interior; Latvia’s Office of the Prosecutor General, International Cooperation Division; and Senior Trial Attorney Deborah Gaynus of the Criminal
Division’s Office of International Affairs. CCIPS Trial Attorney also assisted with the prosecution. IGT also provided assistance in this matter. An indictment is merely a
formal charge by the grand jury. As legal professionals know, a defendant is assumed to be innocent unless and until proven guilty in a court of law.
Source: www.usdoj.gov
11.3.21 Mini-Case 21: Indian E-Mail Spoofing Case
h is is a case registered by the Indian police as the first case of cyberstalking in Delhi. To maintain confiden- tiality and privacy of the entities involved, we have masked their
names. Mrs. Joshi received almost 40 calls in 3 days mostly at odd hours from as far away as Kuwait, Cochin, Bombay and Ahmedabad. h ese calls created havoc in the
personal life destroying mental peace of Mrs. Joshi. She decided to register a complaint with Delhi Police. A person was using her ID to chat over the Internet at the website
www.mirc.com, mostly in the Delhi channel for 4 consecutive days. h e person was chatting on the Internet, using her name and giving her address, talking in profane
language. h e same person was also deliberately giving her telephone number to other chatters encouraging them to call Mrs. Joshi at odd hours.
While “cyberstalking” does not have a standard definition, it means threatening, unwarranted behavior or advances directed by one person toward another person
using Internet and other forms of online communication channels as medium.
h is ends all the mini-cases of this section and now we move on to illustrations of financial crimes in the banking domain including the credit card frauds.

11.4 Illustrations of Financial Frauds in Cyber Domain

In this section, we have provided illustrations of banking frauds (including credit card-related crimes), online gambling, IPR crimes, digital media piracy, hacking, computer frauds,
website attacks, counterfeit hardware, mali- cious use of the Internet, social networking victims, etc. Table 11.3 lists the illustrations providedin this section.

11.4.1 Banking-Related Frauds

Illustration 1: Stolen Credit Card Information
In the introduction section, it was mentioned that cybercriminals operate beyond geographic boundaries. With the background of credit card frauds addressed in Chapter 5 (under
“Phishing”), this case is interesting to read.

Cyber security_Chapter 11.indd 641 2011-03-25 10:34:42 AM

 642 Cyber Security: Understanding Cyber Crimes, Computer Forensics and Legal P erspectives

Table 11.3 | List of illustrations in Section 11.4

Illustration Title No. Topic Chapter Cross-
Reference
1 Stolen Credit Card Information Phishing and credit card frauds Chapter 5
(banking frauds)
2 Phishing Incidence Chapter 5
Phishing (credit card frauds) Credit
3 Online Credit Card h eft Ring Understanding Credit Chapter 5
card frauds
4 Card Fraud Scenarios ShadowCrew– the Internet Mafia Chapter 5
Credit card frauds Credit
5 Gang Dirty Relations – Goods DeliveryFraud Fake Mails —
card frauds
6 Promising Tax Refunds: Beware Phone Scam Targets Your Chapters 2 and 4
Frauds from online purchasing Internet
7 Bank Account Chapters 1, 3
banking
8
9 Cookies and Beacons – h e FacebookControversy Cookies and Beacons and 4
DoS (denial-of-service) attack
Privacy Loss through Leakage of Users’ Facebook —
10 Personal privacyloss leading to Chapter 5
Profiles
cybercrimes
11 Debit Card Frauds – Global Wave in Real Life —
Financial frauds with debit card
Stolen credit card information is savored by cybercriminals. “DarkMarket” is an English-speaking Internet cybercrime forum created by Renukanth Subramaniam in
London. It was shut down in 2008 after an FBI agent infiltrated it, leading to more than 60 arrests worldwide. Renukanth Subramaniam admitted conspiracy to defraud and
was sentenced to nearly 5 years in prison in February 2010. h e website permitted buyers and sellers of stolen identities and credit card data to meet on the Net and
establish a criminal enterprise in an entrepre- neurial, peer-reviewed environment. It had 2,500 users at its peak, according to the FBI.
To the casual observer, there was not much to differentiate the Java Bean Internet cafe in Wembley from the hundreds of others in the capital. But to the
surveillance officers staking it out month after month, this ordinary looking venue was the key to busting an astonishing and complicated network of cybercriminals. h ere
were many computers inside the café and a former pizza bar employee ran an international cyber “super- market” for selling stolen credit card and account details,
costing the banking industry tens of millions. Renukanth Subramaniam, aged 33, was revealed as the founder and a major “orchestrator” of the secret –
“DarkMarket website,” where elite fraudsters bought and sold personal data, before it was infiltrated by the FBI and the US Secret Service. Membership to
DarkMarket was strictly by invitation. But once vetted, its 2,000 sellers and buyers traded the whole lot – from card details (obtained through hacking, Phishing attacks
– visit Chapter 5 for details of “Phishing” and ATM skimming devices), to viruses using which buyers could extract money by threatening company websites. h is top
cybercrime site in the world offered online tutori- als in illicit topics such as account takeovers, credit card deception and money laundering. h ere were equip- ments
such as false ATM, pin machines as well as everything needed to set up a credit card factory.
Subramaniam, a Sri Lankan-born British citizen, was a past member of ShadowCrew’s predecessor. Subramaniam worked at Pizza Hut and as a
dispatch courier. In 2004, the US Secret Service uncovered ShadowCrew. “JiLsi” was one of the uppermost cybercriminal in the country. With this criminal,
Subramaniam managed to set up a forum globally. Without JiLsi, DarkMarket was just not possible – that was the close associaton and deep involvement that
JiLsi had with DarkMarket. In spite of this being

Cyber security_Chapter 11.indd 642 2011-03-28 4:27:17 PM

 642 Cyber Security: Understanding Cyber Crimes, Computer Forensics and Legal P erspectives

Table 11.3 | List of illustrations in Section 11.4

Illustration Title No. Topic Chapter Cross-
Reference
1 Stolen Credit Card Information Phishing and credit card frauds Chapter 5
(banking frauds)
2 Phishing Incidence Chapter 5
Phishing (credit card frauds) Credit
3 Online Credit Card h eft Ring Understanding Credit Chapter 5
card frauds
4 Card Fraud Scenarios ShadowCrew– the Internet Mafia Chapter 5
Credit card frauds Credit
5 Gang Dirty Relations – Goods DeliveryFraud Fake Mails —
card frauds
6 Promising Tax Refunds: Beware Phone Scam Targets Your Chapters 2 and 4
Frauds from online purchasing Internet
7 Bank Account Chapters 1, 3
banking
8
9 Cookies and Beacons – h e FacebookControversy Cookies and Beacons and 4
DoS (denial-of-service) attack
Privacy Loss through Leakage of Users’ Facebook —
10 Personal privacyloss leading to Chapter 5
Profiles
cybercrimes
11 Debit Card Frauds – Global Wave in Real Life —
Financial frauds with debit card
Stolen credit card information is savored by cybercriminals. “DarkMarket” is an English-speaking Internet cybercrime forum created by Renukanth Subramaniam
in London. It was shut down in 2008 after an FBI agent infiltrated it, leading to more than 60 arrests worldwide. Renukanth Subramaniam admitted conspiracy to defraud
and was sentenced to nearly 5 years in prison in February 2010. h e website permitted buyers and sellers of stolen identities and credit card data to meet on the
Net and establish a criminal enterprise in an entrepre- neurial, peer-reviewedenvironment. It had 2,500 users at its peak, according to the FBI.
To the casual observer, there was not much to differentiate the Java Bean Internet cafe in Wembley from the hundreds of others in the capital. But to the
surveillance officers staking it out month after month, this ordinary looking venue was the key to busting an astonishing and complicated network of cybercriminals.
h ere were many computers inside the café and a former pizza bar employee ran an international cyber “super- market” for selling stolen credit card and
account details, costing the banking industry tens of millions. Renukanth Subramaniam, aged 33, was revealed as the founder and a major “orchestrator” of
the secret – “DarkMarket website,” where elite fraudsters bought and sold personal data, before it was infiltrated by the FBI and the US Secret Service.
Membership to DarkMarket was strictly by invitation. But once vetted, its 2,000 sellers and buyers traded the whole lot – from card details (obtained through
hacking, Phishing attacks
– visit Chapter 5 for details of “Phishing” and ATM skimming devices), to viruses using which buyers could extract money by threatening company websites. h is
top cybercrime site in the world offered online tutori- als in illicit topics such as account takeovers, credit card deception and money laundering. h ere were equip-
ments such as false ATM, pin machines as well as everything needed to set up a credit card factory.
Subramaniam, a Sri Lankan-born British citizen, was a past member of ShadowCrew’s predecessor. Subramaniam worked at Pizza Hut and as a
dispatch courier. In 2004, the US Secret Service uncovered ShadowCrew. “JiLsi” was one of the uppermost cybercriminal in the country. With this criminal,
Subramaniam managed to set up a forum globally. Without JiLsi, DarkMarket was just not possible – that was the close associaton and deep involvement
that JiLsi had with DarkMarket. In spite of this being

Cyber security_Chapter 11.indd 642 2011-03-28 4:27:17 PM

 Cybercrime: Illustrations, Examples and Mini-Cases 643

so, DarkMarket’s 2,000 members could never meet JiLsi in real life – he truly was a “shadow operator”! Somehow, DarkMarket was finicky about banning
“rippers” who would deceive other criminals. Honor among thieves was paramount. Subramaniam was one of the top administrators. He stored his operating
system on memory sticks. But when one of his memory sticks was stolen, it cost him £100,000 in losses. It also resulted in compromising the site’s security.
With this mishap, Subramaniam was downgraded to merely a reviewer. Surveillance officers trapped him logging on to the website when JiLsi was unaware that
the fellow criminal MasterSplyntr whom he trusted was, in fact, an FBI agent called Keith Mularski.

Illustration 2: Phishing Incidence

Phishing is explained in Chapter 5 and here is an illustration of Phishing attack in real life. According to the news posted on 14 April 2010 (Ref. #72, Additional
Useful Web References), it could well be termed India’s first legal adjudication of a dispute raised by a victim of a cybercrime. h e judgment for the first case was
filed under the IT Act. In this judgment, Tamil Nadu’s IT Secretary ordered ICICI Bank to pay ` 12.85 lakhs (` 12,85,000) to an Abu Dhabi-based NRI
within 60 days – in compensation for the loss suffered by him as a result of a Phishing fraud. Phishing is an Internet fraud through which cybercriminals
illegally obtain sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity.
In this case, the reimbursement, that is the compensation, included the loss suffered by the supplicant, the travel expenses and the financial loss incurred due
to “complete lack of involvement of the respondent bank – as per order from Tamil Nadu’s IT Secretary. h e order came based on an appeal (i.e., petition) that
was filed by Umashankar Sivasubramaniam. As per Umashankar’s claim, he received an E-Mail in September 2007 from ICICI, asking him to reply with his
Internet banking username and password or else his account would become non-existent. He replied and later he found ` 6.46 lakhs (` 6,46,000) moved
from his account to the account of another company. h at company did a withdrawal of ` 4.6 lakhs (` 4,60,000) from an ICICI branch in Mumbai and
retained the balance in its account.
An application was prepared as arbitration for proceedings under the IT Act. h e application was presented to the state IT Secretary on 26 June 2008. In that
application, Umashankar held the bank responsible for the loss that he suffered. ICICI Bank, however, claimed that the applicant (Umashankar) had failed to
pro- tect his confidential information. According to IC ICI Bank, Umashankar carelessly disclosed his confidential information such as password. According to the
bank, he became the victim of a Phishing attack because of this carelessness. Bank spokesperson said that customers are fully apprised on security aspects of Internet
banking through various means. ICICI Bank officials empathetically said that bank’s security systems are continu- ously audited and neither the security nor
bank’s processes have been breached.
h e bank decided to appeal the order. h e bank spokesperson said that ICICI Bank endeavors to offer world-class service to its customers. h ey further said
that they have hundreds types of transactions, which can be completed online without having to walk into a branch. Further, they added that the bank strives
for convenience and safety of their customers and uninterrupted availability of services through self-service channels. h e bank claims that they also continuously
upgrade their systems and technology to ensure that customers get the best experience and a safe environment while transacting online.
Vijayashankarm a techno-legal consultant appeared for the petitioner. According to him, while the order may lead to tightening of cyberlaws in the country, the
judgment reflects the lack of accountability of using Internet banking. He further opined that, although Phishing f raud is very common, banks are not accepting the
liabilities. In his view, such a ruling will set a good precedent. In India, although there are 300-odd cases of Phishing attacks recorded or contended, most cases do
not get pursued under proper legal framework. Some such cases were filed at consumer courts. Figure 11.4 conceptually depicts the fate of cybercrimes.

Cyber security_Chapter 11.indd 643 2011-03-25 10:34:42 AM

 644 Cyber Security: Understanding Cyber Crimes, Computer Forensics and Legal P erspectives

Crim inality Figures

Total cases

Reported

Investigated

Brought to court

Sentenced

Figure 11.4 | Fate of cybercrime cases (total cases-to-sentenced cases).

11.4.2 Credit Card-Related Frauds
Illustration 3: Online Credit Card Theft Ring
Phishing and credit card frauds are addressed in Chapter 5. Here is a real-life example about that. h is case took place in June 2009 and involved 36-year-old Max
Ray Butler (also known as Max Ray Vision) resident of San Francisco, California. Max pleaded guilty in Federal Court in Pittsburgh to wire fraud charges to
two counts before Senior US District Judge. In connection with the guilty plea, the attorney mentioned in the court that Butler, known widely on the Internet as
“Iceman,” among other aliases, conducted computer hacking and identity theft on the Internet on a massive scale. As part of the conspiracy, Butler cracked into
financial institutions, credit card processing centers as well as other secure computers with the illicit purpose of acquiring credit card account information and other
personal identification information. Several of these cards were made available to Christopher Aragon – he was a partner in crime and was based in the Los
Angeles area. Christopher used these cards with the help of a team of associates to buy up commodities for sale. Max sold the remaining card numbers out-and-
out over the Internet.
Max and Christopher formed a website known as “CardersMarket.” h ey devoted this crafty site for the acquisition, utilization and sale of credit card account
information. h is illicit process is known as “carding.” A main intention of the site was to employ brilliant individuals to assist in carding activity. During the
best of times (from criminals’ view point), CardersMarket had approximately 4,500 worldwide members! Refer to Figure 11.5 to understand the entities
involved in credit card transactions.
Max was arrested on a criminal complaint on 5 September 2007 in San Francisco. A search of the com- puter systems in Max’s apartment revealed more than
1.8 million stolen credit card account numbers. When these card account numbers were provided to Visa, MasterCard, American Express and Discover, it was
revealed that the amount of fraudulent charges on the cards in Max’s possession totaled approximately $86.4 million. h ese losses had to be borne by the thousands
of banks that issued the cards. On 20 October 2009,

Cyber security_Chapter 11.indd 644 2011-03-25 10:34:42 AM

 Cybercrime: Illustrations, Examples and Mini-Cases 645

and/or

MasterCard
is a member of is a member of

Acquirer
Issuer
may or may not
provides be the same as issues cards to
processing
services to
Cardholder
Merchant uses card to
buy from

Figure 11.5
| Source: Author’s presentation in PCI-DSS awareness sessions for industry professionals.
Entities involved in credit card transactions.

punishment was handed: 30 years in prison, a fine of $1,000,000 or both – and that is what the law could provide as a maximum sentence. As per
Federal Sentencing Guidelines, the actual sentence imposed was based on the gravity of the offense and the previous criminal history, if any, of the accused.
Many agencies were involved in inquiry of Max’s illegal activities – Computer Crime and Intellectual Property Section (CCIPS) of the Department of
Justice; the Federal Bureau of Investigation; the Vancouver Police Department, Vancouver, Canada; the Newport Beach Police Department, Newport Beach,
California; and the Orange County Sheriff’s Department, Orange County, California; and the US Attorney’s Office for the Northern District of California.
If we wonder what happens to the “stolen” credit card data, the following “dark market” price information below is shocking as well as an eye opener. One
can well imagine how this information must be rapidly exchanging hands in the global black market (this information is as current at the time of writing
this; authors by no means have any validation responsibility here):
1. Data Dumps from magnetic stripes on batches of 10 cards are sold.
2. Standard cards: $50. Gold/platinum: $80. Corporate: $180.
3. Card verification values information needed for online transactions: $3–$10 depending on quality.
4. Complete information/change of billing information needed for opening or taking over account details – $150 for account with $10,000 balance;
$300 for one with $20,000 balance.
5. Skimmer device to read card data – up to $7,000.
6. Bank log-ins 2 of available balance.
7. Hire of Botnet Software robots used in Spam attacks – $50 a day (“Botnets” are explained in Section
2.6 of Chapter 2).
8. Credit card images: Both sides of card – $30 each.

Cyber security_Chapter 11.indd 645 2011-03-25 10:34:42 AM

 646 Cyber Security: Understanding Cyber Crimes, Computer Forensics and Legal P erspectives

As known to law professionals, an indictment is only a charge and is not an evidence of guilt. A defendant is presumed innocent and is entitled to a fair trial at
which the government must prove guilt beyond a reason- able doubt.
Source: www.cybercrime.gov

Illustration 4: Understanding Credit Card Fraud Scenarios

In Chapter 5, we learned about Phishing and credit card frauds are addressed in Chapter 3. What is explained here is based on that background. Figure11.6
presents a schema for categorizing credit card frauds. Figure 11.5 shows main entities involved in the normal credit card transactions. Not all types depicted in
Fig. 11.6 fall under “cybercrime”; however, given the rise in the number of electronic transactions handled over the Internet, most would be. Note that a “fraud”
can be defined as willful deceit or trickery or a decep- tive or spurious act. In an era of advanced technology, it should be easy to catch criminals and fraudsters.
However, the reality is far from this. “Credit cards” are not “anonymous like the paper money” and so, their theft can be traced. Criminals and fraudsters do not
give up; in fact, they make themselves technology savvy to keep ahead in the game! h ey are led by the single aim of reaping the monetary benefits and satisfying
that ego! h e key entities involved in credit card transactions, are shown in Fig. 11.5 – their role is briefly described for reference during the fraud scenarios
described in the next section.
h ere are more than 50 different types of cards available in the market – we have considered only the major ones. Visa and MasterCard are made up of
member organizations who can be either acquirers or issu- ers (or both). “Acquirers” are the members of the Visa or MasterCard organizations that handle
“Merchants.” “Issuers” are the members of the Visa or MasterCard organizations that issue the cards to cardholders. “Merchants” are those entities who
“accept” card transactions. “Service Providers” are the entities that pro- vide services related to the processing, storing or transportation of card information on
behalf of any of the entities mentioned (Issuers, Acquirers, Merchants). With that preamble, a few scenarios relating to credit card frauds are now explained.
Keep in mind the classification chart of credit card frauds shown in Fig. 11.6. Some of them are described in the following pages. In the reference section, links to
credit card fraud related video clips are provided in Refs. #1, 2, 3 and 4, Video Clips, Further Reading.

Classification of Credit Card Frauds

Application Lost/ fraud Special Merchant ATM ROC Altered Skimming Multiple card
stolen frauds collusion fraud pumping imprints
fraud
Hit and Trapping Validity
run date
Operational Card Terminal
fraud number
take-over
Carding
Fake Signature fraud
ATMs panel
Phishing
Shoulder Magnetic
surfing* strip
Figure 11.6
| *Shoulder surfing is explained in Chapter 2 (Section 2.3.1).
Credit card fraud classification.

Cyber security_Chapter 11.indd 646 2011-03-25 10:34:43 AM

 Cybercrime: Illustrations, Examples and Mini-Cases 647

Credit Card Application Fraud

In an “Application Fraud,” the fraudster obtains information about a person who is eligible for getting a credit card and has applied for it. h e
fraudster then makes his/her application to the “Issuer” with that person’s details except for the residential address. h e residential address of the
actual applicant is substituted by fraudster’s (mostly temporary) address. h e issuer, not being aware of this, would end up sending the card at
that address! In another variety of this fraud scenario, the fraudster obtains the card details of an already existing card member (this is done
through Phishing attacks). He then calls up the call center of the issuing organization, pretending to be the actual card owner. He reports the
card as “lost” and asks them to issue a “replacement card” at his address, informing them also about the change of address. Now, if the issuing
organization (typically a bank) is not security-savvy enough to call the actual card holder to validate if he/she indeed had make such a
request, the fraudster will get a genuine card at the cost of the scape goat (the actual card owner) to run up whopping bills for his/her own
use (which they normally are smart enough to avoid) or to “sell” the card in
the “dark market” – the dark market “rates” for “stolen information” were mentioned in Illustration 3.
With the growing number of Internet-based applications for credit card, obtaining such information would be possible with a man-
in-the-middle attack launched. In a typical “man-in-the-middle attack,” elec- tronic messages, transmitted through the Internet, are
intercepted. Man-in-the-middle attack is illustrated in Fig. 11.7. Also recall that “passive” and “active” attacks were explained in Chapter 2
(Sections 2.2.2 and 2.2.3, respectively). h ese attacks are also explained in Chapter 4 (Section 4.4). h e “man-in-the-middle” attack
intercepts communication taking place between two systems. h ese attacks are also explained in Sections 4.4.1, 4.12 and Table 4.19 in
Chapter 4. For example, in an http transaction the target is the TCP connection between client and server. With the use of different
techniques, the attacker divides the original TCP connection into two separate and new connections – one between the client (i.e., the
victim’s machine) and the attacker and the other between the attacker and the server, as shown in Fig. 11.7. Once the TCP connection is
intercepted, the attacker acts as a proxy, being able to read, insert and modify the data in the intercepted communication.

Original connection

Victim ’s
Web
m achine MITM
server
connection

Attacker’s machine

Figure 11.7 | Man-in-the-middle attack.

Cyber security_Chapter 11.indd 647 2011-03-25 10:34:43 AM

 648 Cyber Security: Understanding Cyber Crimes, Computer Forensics and Legal P erspectives

Frauds Involving Lost and Stolen Credit Cards

In this scenario, it can so happen that a card holder genuinely loses his/her credit card when he forgets to collect it from the ATM (Automatic Teller Machine –
most credit cards can be used to also withdraw cash from ATMs). Card holder may also forget to collect his/her credit card after signing for the goods purchased.
h ere are also many other ways to lose the credit card (leaving the wallet/purse behind in which the card is or the card getting dropped out of pocket or wallet, etc.)
When the fraudster finds a lost card, either he himself uses that for shopping (which is not what the fraudster would typically do) or he sells the lost card to a gang
with whom he works. h ere are many agencies that specialize in credit card-related crimes. For example, the Russian Business Network (RBN) is a multifaceted
cybercrime organization, specializing in some cases monopolizing personal identity theft for resale! RBN was registered as an Internet site in 2006. Initially,
much of its activity was legitimate. It appeared that the founders soon found that it was more lucrative to host illegal activities and started hiring criminals for
their services. RBN provides web hosting services and Internet access to all types of criminal and offensive activities, with individual activities earning up to $150
million in 1 year! Recall “DarkMarket” described in Illustration 1.
Such gangs have multiple layers of operations with many counterparts. Some of them are called “runners.” h eir job is to show their face in the shops by physically
visiting the shops for small amount purchases with the objective of ascertaining whether the “lost” card is put on hold or if it is on “hot list.” In other words,
“runners” are hired to find out the validity of lost/stolen cards. If the card is found to be “clean,” the fraudster would either use the card immediately for a high value
purchase (by forging the signature of course) or will sell it in the dark market. Dark market rates for stolen/lost credit cards were mentioned in Illustration 3:
Online Credit Card h eft Ring.

The Fraud through Merchant Collusion

h is fraud occurs when the “Merchant” joins hands with the fraudster by providing details of the genuine cards in return for a share of the returns from this
manipulation. h e merchant can allow members of a gang to use his terminal as a host in order to transfer information on credit cards, which are swiped at the
merchant’s terminal. One way of doing this is that another “swipe” slot is kept hidden or discreetly near the actual swipe machine at the Point of Sale (PoS)
terminal at the merchant’s establishment. Always be wary and be on the look-out if the merchant is scanning your card more than once for one pretext or the
other. For example, by asking you to let him scan it again because the first scan was not successful. Also, never loose site of your credit card. Always insist that you
want your credit card to be swiped in your presence: be it a restaurant or a brand hotel (five stars hotels, etc.). h is is important because, as a part of collusion,
once the merchant allows his terminal to the members of the fraudster gang in order to transfer the confidential information on the magnetic card on the credit
card, that information is gone in the wrong hands! h e fraudster’s terminal, known as the “receptor” (because it receives the information), downloads the
confiden- tial details of the genuine card from the host terminal. h is stolen information can be used in a number of ways to cheat the “Issuers,” at a later date. h e
information can be used to manufacture counterfeit cards or to obtain genuine cards by reporting the card as “lost” or to defraud by mail order. In the reference
section at the end of this chapter, we have provided a video link in Ref. #4, Video Clips, Further Reading to show how they fake a card.
h ere are instances where the customer also colludes with the Merchant to cheat the Issuer. Customer uses the card at the Merchant establishment, that is, a
shop/mall, for a single transaction but allows the Merchant to take multiple prints of the charge slip. h e Merchant submits these charge slips with forged
signatures and obtains the payment due to him (the Merchant) from the Acquirer (see the transactions flow depicted in Fig. 11.5). At the end of the card
holder’s billing cycle, when the credit card statement is

Cyber security_Chapter 11.indd 648 2011-03-25 10:34:43 AM

 Cybercrime: Illustrations, Examples and Mini-Cases 649

presented for payment, the card holder disputes the charge by claiming that the transactions are fradulent and refuses to pay. Meanwhile, the merchant has
already recovered his sale due amount. Because the card holder refuses to pay the Issuer (typically the bank), it is the Issuer who has to bear the loss. h e
problem is that it is difficult to “prove” such collusion. Until and unless the same card holder keeps appearing in many such cases of frauds, tracing becomes
difficult. It is said that the card issuers assume a certain small percent of their overall transactions volume, as “bad debt” and levy it across their base of card
holders (which runs in thousands and thousands). h ey present it in the charge statement as a line item.

Frauds at the ATMs

Card frauds and operation frauds are the two main types of ATM frauds. Research by Retail Banking estimates that worldwide, there are more than 1.5 million
ATM (Automated Tailor Machines – sometimes jocularly referred as “Any-Time-Money”!). It is said that a new ATM gets installed every five minutes
somewhere in the world! All around the world, people carry out successful ATM transactions (withdrawing money from their bank accounts, viewing their
bank balance, etc.). For more than three decades, ATM operations have been going on successfully. However, that does not mean that ATMs are completely
risk-free. ATMs, like most other devices that are designed to store and dispense valuable items, have been targets of frauds. ATM thefts, burglaries and electronic
frauds committed at the ATM make news lines almost daily, all over the world. Most of the “ATM frauds” reported by media as “debit card frauds” are to do
with the compromise of “Personal Identification Number” (PIN). PIN and credit card code are explained later in this section. As per reports of Global ATM
Security Alliance, only 0.0016 of all ATM transactions are impacted by crime or fraud worldwide. Notwithstanding this claim of “secure” ATM transactions,
ATM fraud and security or rather the lack of it is one of the most popular topics in the media!
In Europe, “Card Skimming” (Fig. 11.8 shows how the skimmer device looks) fraud is one of the big- gest crimes affecting ATMs. Card skimming at
ATMs caused losses of 44 million Euros across Europe and is known to be a source of funding for criminal operations in the East European countries. Cash
trapping and transactional reversal crimes are on the rise; especially in Eastern Europe. h ieves fix a device to the cash dispensing slot of the ATM – this action causes
currency notes to get stuck inside the slot. Criminals return later to remove the cash from inside the dispenser. Trapping attacks like these resulted in losses amounting
to 2 mil- lion Euros in 2005. ATM market is growing fast in Latin America and highly advanced ATM machines are deployed in this region. ATM card fraud in
the Latin American region increased by nearly 15 in the last 5 years. In the Asian region, China and India are the fastest growing ATM markets. China now has
more than 86,000 ATMs and the Indian ATM market is growing at the rate of 100 annually as per reports of Frost and Sullivan. h e top ATM fraud in Asia
is ATM dispenser trapping. Asia has one of the world’s highest Phishing attacks. You can read about Phishing in detail in Chapter 5. Refer to Ref. #5, Video
Clips, Further Reading for useful tips to protection from ATM thefts.

Carding Frauds
It was mentioned that “carding” involves acquisition, utilization and sale of credit card account information. When a credit card is stolen, the thief does not know
whether the card is valid. So the thief wants to find out about the status of the card (active, cancelled, etc.). From the thief ’s perspective, there are many possibilities
– the card holder may have immediately reported the loss of the card or the card limit may have been com- pletely used up. In such cases, the card is of no use
to the thief. h e smart thief uses the Internet to ascertain if the stolen card is still “good” for use. h e thief could use the stolen card to make a small amount
purchase using the online purchase facility on the Internet. However, that would involve the “shipping address” and that would expose the thief. So the smart
thief uses the stolen card for making a charity donation! h at way,

Cyber security_Chapter 11.indd 649 2011-03-25 10:34:43 AM

 650 Cyber Security: Understanding Cyber Crimes, Computer Forensics and Legal P erspectives

the thief does not have to waste time in searching items on the product catalogues on the sale portal of any online seller. h e thief makes
the donation amount relatively small so that the card limit is not used up. He does this for one more reason – a large amount would make
the transaction immediately noticeable. Carding fraud is also used when the credit card is obtained fraudulently through card “skimming”
(explained next) or when a Phishing attack is done on the card.

Credit Card Skimming

Tips to prevent credit card frauds were addressed in Chapter 3 (see Box 3.2). Section 3.4 of Chapter 3 is about credit card frauds. With
that thread, the card skimming fraud is explained here. Card skimming is done with “skimmer” devices; see Fig. 11.8. h e relative
proportions in those images help us understand how tiny the device is and that makes it simple for fraudster to conceal it out of view of the
victim. Skimming is in a way, fraudster’s revenge on the Customer Verification Value (CVV – see the links in Ref. #36, Additional Useful Web
References, Further Reading to understand this).
Figure 11.9 depicts where the card security code is located. h is code has various terminologies attached with it: Card Security Code
(CSC), Card Verification Data (CV D), Card Verification Value (CVV or CV2), Card Verification Value Code (CVVC), Card Verification Code
(CVC), Verification Code (V-Code or V Code), or Card Code Verification (CCV). h e CVV is an algorithm (software program logic) that is
very difficult to break. h e fraudster, therefore, does not take the trouble to break the code. He simply colludes with a single merchant or
with a group of merchants. He provides the merchant with the terminal number similar to the one provided to the merchant by Acquirer or
the bank (because in some cases the bank, that is, the Issuer and the Acquirer, can be the same institution). h e only difference is that the
fraudster’s terminal is capable of also reading the card data that is recorded on the credit card’s magnetic strip. h e swiping equipment
provided by the Issuer bank/Acquirer can only process the data by connecting to the bank’s server but it

Figure 11.8 | Credit card skimmer devices.

Cyber security_Chapter 11.indd 650 2011-03-25 10:34:43 AM

 Cybercrime: Illustrations, Examples and Mini-Cases 651

This number is printed on your Master Card & Visa cards in the signature area of the back of the card. (it is the last 3
digits AFTER the credit card number in the signature area of the card).

You can find your four-digit card verification number on the front of
your American Express credit card above the credit card number on
either the right or the left side of your credit card.

Figure 11.9
| Source: http://www.sti.nasa.gov/cvv.html
Credit card security code.

does not have the capability to record the data on the magnetic strip of the card. Now comes the criminal act – the fraudulent merchant or the fraudster
working at the Merchant’s PoS (Point of Sale) terminal, swipes your credit card twice – of course without you realizing it; even if you notice it and bring it
to his notice, he will give you one explanation or the other why he swiped your credit card more than once. Now, the card is swiped once across
bank-provided swiping equipment and second time on the fraudster’s terminal. h e security code (CVV, CCV, etc.) which is encoded on the magnetic
strip on the back side of the credit card (see the top right object in Fig. 11.9), and is decoded on the terminal, gets recorded on the fraudster’s terminal.
He now gets the genuine card information (card holder name, card number, date of validity) along with the security code! His job is done and he is ready
to use that information for creating fake credit card (in Ref. #2, Video Clips, Further Reading, we have provided a link to the video clip that explains
this). See the credit card skimming video clip provided there.
It may so happen that in some restaurants, a waiter could have a collusion with a fraudster gang – he could hide the skimmer device in his socks. As
you stand near the payment counter for your credit card to be swiped, after taking the card from you, the waiter may pretend to drop it. h en waiter will
bend down to pick up the card – on its way up, the card would get swiped across the skimmer device in his socks and you may never even realize it as this
may happen in less than minute! In another variant of this scenario, the skimmer device (with a slit type – see Fig. 11.8) could be located next to the
actual card swiping device authorized to the merchant by the Acquirer. If you are not carefully watching, the fraudster colluding with the merchant (he
could very well be the PoS staff of the merchant) after swiping the card with the actual credit card swip- ing machine (see Fig. 11.10), will swipe your
credit card also through the skimmer device to read the confi- dential card details (card number, date of validity and most important the credit card
security code – CCV, CVV, etc.) to his benefit! You can watch one such video clip demo by visiting the link mentioned in Ref. #2, Video Clips, Further
Reading.

Cyber security_Chapter 11.indd 651 2011-03-25 10:34:43 AM

 652 Cyber Security: Understanding Cyber Crimes, Computer Forensics and Legal P erspectives

Figure 11.10 | Credit card swiping machine.

Illustration 5: ShadowCrew – The Internet Mafia Gang
h is is a case reported in the public domain. It shows how ruthlessly the criminals can operate in the world of credit cards. h is illustration has a lesson for all of
us that we should take adequate care not to succumb to credit card frauds. In Chapter 4 (Section 4.10), we learned about “SQL Injection.” Criminals used SQL
Injection technique in this case. h is illustration also brings to fore an important point – today’s cyberfraud- sters are tech-savvy people. h at is how this hacker
gang operated. h e links related to this illustration are provided in Ref. #40, Additional Useful Web References, Further Reading.
“ShadowCrew” was an international crime message board. h e board offered a haven for “carders” and hackers to trade, buy and sell anything from stolen
personal information (through identity theft – the topic is discussed at length in Chapter 5) to hacked credit card numbers and false identification. As we
know, a bank card number is the primary account number found on credit cards and bank cards. It has a peculiar type of internal structure and it also shares a
common numbering scheme. Credit card numbers are a special case of ISO/IEC 7812 bank card numbers. As mentioned in Illustration 3 (Online Credit Card
h eft Ring), “CardersMarket” is devoted to the acquisition, use and sale of credit card account information, a process known as “carding.”
h e genesis of this fraud group is interesting – in early 2002, ShadowCrew emerged from an under- ground site, counterfeitlibrary.com, and was
followed up by carderplanet.com, a primarily Russian site. It was created by only a few of people, most notably Kidd (Seth Sanders), MacGyver (Kim
Taylor) and CumbaJohnny (Albert Gonzalez, who would later become an informant for the Secret Service beginning April 2003). Other main people who
would become Administrators and Moderators were Deck (Andrew Mantovani), BlackOps (David Appleyard) and a handful of others.
Over a period of short time, ShadowCrew grew to over 3,000 members (many were “clones” and inactive accounts) worldwide with a small group of members
leading the forums. During its inception, the site was hosted overseas, in Hong Kong. However, shortly before CumbaJohnny’s arrest, the server was in his
possession. h e server was hosted somewhere in New Jersey. h e downfall of the site started although it had flourished initially.
h e site was doing well from the time it was launched in 2002 until its shut down in late October 2004. Although there were many criminal activities taking
place on the site and all seemed well, the members were not aware of what was going on behind the scenes. Federal agents received a major breakthrough
when they found CumbaJohnny. During the period April 2003 to October 2004, Cumba helped in

Cyber security_Chapter 11.indd 652 2011-03-25 10:34:44 AM