CYBER CRIME NOTES

CYBER CRIME DEFINITION

Some authorities feel that the term ‘cyber crime’ is misnomer as this term is nowhere
defined in any statute or Act enacted by the parliament. In a séance it is not radically different
from the concept of conventional crime insofar as both included conduct whether Act or
omission, which causes breach of law and therefore, it is punishable by the state.

A cyber crime may be defined as any criminal activity that use computer either as an
instrumentality, target or means of perpetrating further crime. In other words, cyber crime is
an unlawful Act wherein is computer either a tool or target or both.

The distinction between cyber crime and conventional crime lies in the involvement
of the medium in case of cyber crime. That is there should be involvement, at any stage, of
the virtual cyber space medium in case of cyber crime.

CONVENTIONAL CRIME-

Crime is a social and economic phenomenon and is as old as the human society.
Crime is a legal concept and has the sanction of the law. Crime or an offence is “a legal
wrong that can be followed by criminal proceedings which may result into punishment.” The
hallmark of criminality is that, it is breach of the criminal law. Per Lord Atkin “the criminal
quality of an act cannot be discovered by reference to any standard but one: is the act
prohibited with penal consequences”.

A crime may be said to be any conduct accompanied by act or omission prohibited by

law and consequential breach of which is visited by penal consequences.
CYBER CRIME

Cyber crime is the latest and perhaps the most complicated problem in the cyber
world. “Cyber crime may be said to be those species, of which, genus is the conventional
crime, and where either the computer is an object or subject of the conduct constituting
crime”. “Any criminal activity that uses a computer either as an instrumentality, target or a
means for perpetuating further crimes comes within the ambit of cyber crime”

A generalized definition of cyber crime may be “ unlawful acts wherein the computer
is either a tool or target or both” The computer may be used as a tool in the following kinds
of activity- financial crimes, sale of illegal articles, pornography, online gambling,
intellectual property crime, e-mail spoofing, forgery, cyber defamation, cyber stalking. The
computer may however be target for unlawful acts in the following cases- unauthorized
access to computer/ computer system/ computer networks, theft of information contained in
the electronic form, e-mail bombing, data did ling, salami attacks, logic bombs, Trojan
attacks, internet time thefts, web jacking, theft of computer system, physically damaging the
computer system.

DISTINCTION BETWEEN CONVENTIONAL AND CYBER CRIME-

There is apparently no distinction between cyber and conventional crime. However

on a deep introspection we may say that there exists a fine line of demarcation between the
conventional and cyber crime, which is appreciable. The demarcation lies in the involvement
of the medium in cases of cyber crime. The sine qua non for cyber crime is that there should
be an involvement, at any stage, of the virtual cyber medium.
 REASONS FOR CYBER CRIME

Hart in his work “The Concept of Law” has said ‘human beings are vulnerable so rule of law
is required to protect them’. Applying this to the cyberspace we may say that computers are
vulnerable so rule of law is required to protect and safeguard them against cyber crime. The
reasons for the vulnerability of computers may be said to be:

1. Capacity to store data in comparatively small space-

2. The computer has unique characteristic of storing data in a very small space.
This affords to remove or derive information either through physical or virtual
medium makes it much easier.

3. Easy to access-

The problem encountered in guarding a computer system from unauthorised

access is that there is every possibility of breach not due to human error but due to the
complex technology. By secretly implanted logic bomb, key loggers that can steal access
codes, advanced voice recorders; retina imagers etc. that can fool biometric systems and
bypass firewalls can be utilized to get past many a security system.

3. Complex-

The computers work on operating systems and these operating systems in turn
are composed of millions of codes. Human mind is fallible and it is not possible that there
might not be a lapse at any stage. The cyber criminals take advantage of these lacunas and
penetrate into the computer system.

4. Negligence-

Negligence is very closely connected with human conduct. It is therefore very

probable that while protecting the computer system there might be any negligence, which
in turn provides a cyber criminal to gain access and control over the computer system.

5. Loss of evidence-

Loss of evidence is a very common & obvious problem as all the data are
routinely destroyed. Further collection of data outside the territorial extent also paralyses
this system of crime investigation.
 CYBER CRIMINALS:

The cyber criminals constitute of various groups/ category. This division may
be justified on the basis of the object that they have in their mind. The following are the
category of cyber criminals-

1. Children and adolescents between the age group of 6 – 18 years –

The simple reason for this type of delinquent behaviour pattern in children is
seen mostly due to the inquisitiveness to know and explore the things. Other cognate
reason may be to prove themselves to be outstanding amongst other children in their
group. Further the reasons may be psychological even. E.g. the Bal Bharati (Delhi) case
was the outcome of harassment of the delinquent by his friends.

2. Organised hackers-

These kinds of hackers are mostly organised together to fulfil certain

objective. The reason may be to fulfil their political bias, fundamentalism, etc. The
Pakistanis are said to be one of the best quality hackers in the world. They mainly target
the Indian government sites with the purpose to fulfil their political objectives. Further the
NASA as well as the Microsoft sites is always under attack by the hackers.

3. Professional hackers / crackers –

Their work is motivated by the colour of money. These kinds of hackers are
mostly employed to hack the site of the rivals and get credible, reliable and valuable
information. Further they are ven employed to crack the system of the employer basically
as a measure to make it safer by detecting the loopholes.

4. Discontented employees-

This group include those people who have been either sacked by their
employer or are dissatisfied with their employer. To avenge they normally hack the
system of their employee.

There are some common cyber offences which are directed against computer system,
networks or data while there are other in which compute is used as an instrument for
communicating crime. Therefore, considered for this point of view, cyber crimes may
broadly be classified in to two major categories:-

1. Cyber crime where the computer is itself a target of crime

2. Cyber crime where the computer is an instrument of crime
 1. Cyber crime where the computer is itself a target of crime
a) In this category of Cyber crime, the computer is itself a target of crime
these crimes generally include
b) Sabotage of computer system or computer networks’
c) Sabotage of operating system and programmers’
d) Theft of data/information
e) Theft of intellectual property, such as computer software
f) Theft of marketing information
g) Blackmailing based on information gained from computerized file such as
personal history, sexual preferences, financial data, medical information
etc.

2. Cyber crime where the computer is an instrument of crime

In this category of Cyber crime the computer is used instrument to commit the crime.
The terrorists and criminal are using the internet to commit the crime such as e=mail to flash
out encrypted message around the world.

In these crimes, computer programs are manipulated to facilitate the offence. For
example, fraudulent use of Automatic Teller Machine (ATM) cards and accounts, frauds
related to e banking or e-commerce electronic data interchanging etc.

THE INFORMATION TECHNOLOGY ACT, 2000

An Act to provide legal recognition for transactions carried out by means of

electronic data interchange and other means of electronic communication, commonly
referred to as "Electronic Commerce", which involve the use of alternatives to paper-
based methods of communication and storage of information, to facilitate electronic filing
of documents with the Government agencies and further to amend the Indian Penal Code,
the Indian Evidence Act, 1872, the Bankers' Books Evidence Act, 1891 and the Reserve
Bank of India Act, 1934 and for matters connected therewith or incidental thereto.

WHERE AS the General Assembly of the United Nations by resolution

A/RES/51/162, dated the 30th January, 1997 has adopted the Model Law on Electronic
Commerce adopted by the United Nations Commission on International Trade Law;

AND WHERE AS the said resolution recommends, inter alia, that all States
give favourable consideration to the said Model Law when they enact or revise their laws,
in view of the need for uniformity of the law applicable to alternatives to paper-based
methods of communication and storage of information;

AND WHERE AS it is considered necessary to give effect to the said

resolution and to promote efficient delivery of Government services by means of reliable
electronic records.
Investigation of cyber crimes

The power of the investigate the offence under the information technology Act
2000 has been conferred on the controller or certifying Authorised (section 28 of the
information technology act 2000) the powers of the controller in this regard are similar to
those of income tax authorities (according to income tax Act 1961)

The power of the controller relating to investigation of cyber crimes extended

to the offence enumerated in the Act.

Section 80 specifically lays down the investigation procedure to be followed

by Police Officers for investigating cyber crime under the Information Technology Act.
The provision contained in this section

Will have over riding effect, not withstanding anything inconsistent therewith
contained in any other for the law for the time being in force. This, in other word means that
conflicting section of the Code of Criminal Procedure,1973 are not applicable in matters of
investigation of cyber crimes under the Act.

The police officer investigating cyber crimes under Section 80 of I.T.

Act should not be below the rank of Deputy Superintendent of Police.

VIRUSES

It would no exaggeration to say that there is a cyber crime wave in resent year.
Presently viruses are the most common problems which causing serious damage to computer
system. Viruses are the code or program that replicates and infects anther program, sector or
document by inserting itself or attaching itself to that medium. The effect of virus is that it
destroys or alters the data files and other programs. Expect in rare cases, the virus does not
damage the computer hardware; there are more than 5000 different strains of virus across the
globe. For instance, ‘Love Bug’ virus of May, 2000 caused severe damage to working
internet sites, also, the virus recently developed by Pakistan has defaced the Indian web-site.

Generally, there are two main classes of viruses. The file infectors, which attach
themselves to ordinary programs file. File infectors can either be direct action or resident. A
direct action virus select one of the other programs to infect each time to program that content
it, is executed. A resident virus hides itself somewhere in memory. The first time an infected
program is executed, and thereafter infects other programs when they are executed
 The second category of virus is boot-record infectors. This virus infects executable
code found in certain system areas on disk, which are not ordinary files. Example includes
Brian, Azusa, and Michelangelo etc. which are always resident viruses. However, there are
certain viruses which able infect both hence they are called “boot and file” viruses.

E.g.: Logic bombs-

These are event dependent programs. This implies that these programs are created to
do something only when a certain event (known as a trigger event) occurs. E.g. even some
viruses may be termed logic bombs because they lie dormant all through the year and become
active only on a particular date (like the Chernobyl virus).

Virus Hoax

A virus hoax generally appears an e-mail message those describes a particular virus
that does not in fact exist. Such messages are intended to create panic to computer users. The
writer or writers e-mail the warning and include a plea for the reader to forward it to other.
The message then spread like chain latter, programming throughout internet as individual
receive it and then innocently forward it.

 Hacking

Hacking is the most common form of the cyber crime in these days. The reason
why hacking include in cyber may vary from monetary gain political interest or it may even
be for the sake of sheer thrill. Hacking may be different from such web spoofing, e-mail
bombing, Trojan attacks, virus attacks, password cracking etc, in simple words hacking
means seeking unauthorized access through computer network. (Hacking is punishable under
IT Act 2000 with the imprisonment of up to three years and a fine up to one crore rupees for
unauthorized access. It is also punishable under section 66 of the Copyright Act with
imprisonment of up to three years and a fine of up to two lakh rupees)

Trojan is an unauthorized programme which gains control over another’s system

representing itself as an authorized programme.

The administrator of any website has a username and a password, then only he may
use to upload filed from his computer on the web server where his website is hosted. This
password remains secret with the administrator. If the hacker gets hold of this password or
this username, then he can pretend to be the administrator.
 Computer hackers may affect the commercial websites or email systems thus
paralyzing the entire business.

E.g.: Web jacking-

Web jacking is a species of hacking is nothing but forcefully taking over control of a
website of someone else to the victim. The motive is usually ransom or attainment of some
illegal political purpose.

This term is derived from the term hi jacking. In these kinds of offences the
hacker gains access and control over the web site of another. He may even mutilate or change
the information on the site. This may be done for fulfilling political objectives or for money.
E.g. recently the site of MIT (Ministry of Information Technology) was hacked by the
Pakistani hackers and some obscene matter was placed therein. Further the site of Bombay
crime branch was also web jacked. Another case of web jacking is that of the ‘gold fish’ case.
In this case the site was hacked and the information pertaining to gold fish was changed.
Further a ransom of US $ 1 million was demanded as ransom. Thus web jacking is a process
whereby control over the site of another is made backed by some consideration for it.

FRAUD & CHEATING

Online fraud and cheating is one of the most lucrative businesses that are growing
today in the cyber space. It may assume different forms. Some of the cases of online fraud
and cheating that have come to light are those pertaining to credit card crimes, contractual
crimes, offering jobs, etc.

Recently the Court of Metropolitan Magistrate Delhi (17) found guilty a 24-year-old
engineer working in a call centre, of fraudulently gaining the details of Campa's credit card
and bought a television and a cordless phone from Sony website. Metropolitan magistrate
Gulshan Kumar convicted Azim for cheating under IPC, but did not send him to jail. Instead,
Azim was asked to furnish a personal bond of Rs 20,000, and was released on a year's
probation.

 EMAIL SPOOFING

A spoofed email may be said to be one which misinterprets its origin. That is, it shows
its origin to be different from which it actually originates.

Email bombing means sending large number of mails to the victim who may be an
individual or a company to cause confusion or harassment.

For example, where ‘A’ sends a threatening mail to the President of the students
union threatening to detonate a nuclear device in the college campus and this email was sent
from the account of some other student, “A” would be guilty of email spoofing.
  COMPUTER VANDALISM

Literally speaking the term vandalism means destroying or damaging property of

another. In the context of cyber crime, computer vandalism included within it any kind of
physical damage done to the computer of any person.

It may be in the form of theft of the computer or some part thereof or a peripheral
attached to the computer.

 CYBER TERRIORISM

Cyber terrorism has domestic as well as international ramifications. It may be defined

as the premeditated use of disruptive activities or the threat thereof, in cyberspace, with the
intention to further social, religious, political, ideological or similar objectives, or to
intimidate any other person in furtherance of such objectives. A ‘cyber terrorist’ may be
defined as the person who uses computer to achieve the following objectives:-

 Putting the public or any section of the public in fear,

 Affecting adversely the harmony between many different religions , races

or any different castes or any communities,

 Coercing or overawing the government of law

 Endangering the sovereignty and the integrity of the nation.

Every act done in pursuance of the above objectives will be an act of the cyber
terrorism.
  CYBER PORNOGRAPHY

Pornography on the internet may take various forms. It may include hosting of a
website containing some obscene or prohibited materials or use of the computers for
producing some obscene materials. Such material tends to pervert the thinking of adolescents
and corrupts their minds. A person who publishes, transmits or causes to be publishes in the
electronic form of any material which is lascivious, or if its effect is as such to tend to
deprave or corrupts the mind of the people who are likely to see it, read it or hear the matter
contained in it. It is liable to a punishment which may extend to an imprisonment up to five
years and a fine which may extend up to rupees one lakh. (Section 67 of the IT ACT 2000).
The important ingredients of such an offence are publication and transmission through any
electronic medium, of pornographic material, in any electronic form.

It may be stated that child pornography constitutes a distinct category of cyber crime.
This is committed by the use of computers and the internet by its abusers to reach and abuse
children worldwide sexually and thus those children become their victims.

Pedophiles explore this chance by providing their false identity on the internet and
make contact with children in the chat rooms or via emails where this children are chatted for
gicing their personal information. The pedophiles drag children to the internet for the purpose
of sexual assault so as to use them as a sex object. They attract children by providing them
pornographic material. Indecent exposure is also covered in this category.

 CYBER DEFAMATION

Cyber defamation is not different form the conventional defamation except that it involves
the use of cyber space medium. Any derogatory statement which is intended to defame a
person’s name or injure his reputation on a website or sending email containing defamatory
information’s to some other persons constitute the offence of cyber defamation.

E.g. the mail account of Rohit was hacked and some mails were sent from his account to
some of his batch mates regarding his affair with a girl with intent to defame him.
  EMAIL FRAUDS (SPAMS)

Email is the most inexpensive and poplar device for distributing fraudulent messages
to the potential victims. This technique not only helps to assume someone else’s identity, but
also helps to hide one’s own identity. Therefore the person committing the email has a little
chance of being detected or identified. The most common email fraud is “phishing’ i.e.
Personal information fraud. The purpose of such crimes is to trick the persons for divulging
their personal information so that the offender can steal his identity and commit crime in that
person’s name.

Since electronic funds transfer systems now have begun to proliferate, there is a
greater risk of transactions of being intercepted or diverted. Now a day’s valid credit card
numbers can be intercepted electronically as well as physically and the digital information
stored on a card can be counterfeited. Section 74 of the copyright Act makes internet fraud as
an offence punishable with imprisonment of up to two years or with fine which may extend to
rupees one lakh.

 MONEY LAUNDERING

It is a kind of cyber crime in which the money is illegally downloaded in transit.

There is a phenomenal increase in the incidence of such crimes. Out of 146 seizures made by
the Enforcement Directorate in money in 2005 recoveries were made in 106 cases involving
seizure of about 9.5 crore rupees.

 INTERNET TIME THEFTS

Normally in these kinds of thefts the Internet surfing hours of the victim are used up
by another person. This is done by gaining access to the login ID and the password. E.g.
Colonel Bajwa’s case- the Internet hours were used up by any other person. This was perhaps
one of the first reported cases related to cyber crime in India. However this case made the
police infamous as to their lack of understanding of the nature of cyber crime.

 DATA DIDDLING

This offence involves changing or erasing the data in subtle ways which makes it
difficult to put the data back or be certain of its accuracy. This is resorted for the purpose of
illegal monetary gains or for committing a fraud or a financial scam.
  INTELECTUAL PROPERTY CRIMES/ DISTRIBUTION OF PIRATED
SOFTWARE

Intellectual property (IP) crime is a generic term used to describe a wide range of
counterfeiting and piracy offences.

Trademark counterfeiting and copyright piracy: involvement of transnational

organized criminals.

Trademark counterfeiting and copyright piracy are serious Intellectual Property (IP)
crimes that defraud consumers, threaten the health of patients, cost society billions of dollars
in lost government revenues, foreign investments or business profits and violate the rights of
trademark, patent, and copyright owners. Fake products pose a significant safety threat to
consumers worldwide. Unsuspecting customers and patients put their health, and even lives,
in jeopardy each time they use fake medicines, alcoholic beverages, food products and travel
in automobiles or aircraft maintained with substandard counterfeit parts.

Transnational IP crime knows no boundaries and is evident all over the world.
Evidence shows that transnational organized crime groups are actively involved in trademark
counterfeiting and copyright piracy. These crimes are linked with money laundering, the
illicit trafficking of drug, firearms and other types of organized crime. In some instances
paramilitary terrorist organizations have traded in counterfeit and pirated goods to maintain
their organizations and fund their activities.

Worldwide losses caused by the involvement of transnational organized criminals in

fake product manufacture and distribution are estimated to be hundreds of billions of dollars
annually. The social, health and economic damages arising from the production and sale of
fake products are substantial. There are many victims of transnational organized IP crime
including people suffering from life threatening diseases who unknowingly use counterfeit
medicines containing little or no active ingredients.

E.g.: The Hyderabad Court has in a land mark judgement has convicted three people
and sentenced them to six months imprisonment and fine of 50,000 each for unauthorized
copying and sell of pirated software.
 PREVENTIVE LEGAL MEASURES AGAINST CYBER CRIME

Laws are generally meant for meeting the needs of the society and it is therefore
dynamic concept which under goes changes with the changing need of the society, this
modern information technology evolution has enabled human society to prosper and make
tremendous progress, but at the same time give rise to new problems hereto unknown to
mankind and cyber criminality is one such grave area. The progressive trend of computer
technology has accelerated transfer of information and tele-communicate and increased our
capacity to store, search, retrieve and communicate data over the world in shortest possible
time.

Consequent to the advancement of information technology and computer network, a

variety of legal issues related to use(misuse) of internet as digital processing devices such as
piracy, IPR2 violations, pornography, commercial and banking frauds etc have emerged
which need to be tackled through the instrumentality of law. Since cyber space has no
geographical boundaries, nor has it physical characteristics such as sex, age etc, it poses a big
challenge before the law enforcement agencies for regulating cyber-space transactions of
citizens within a country’s territorial jurisdiction. Though in practical terms, an Internet user
is subject to the laws of the state within which he or she goes online, but this general rule runs
into conflict when the disputes are international involving other countries as well. Because of
the anonymity of its character and negligible chances of being detected, the cyber offenders
are misusing the computer technology for committing a variety of crimes which need to be
prevented by an effective law and regulatory measures.

The various offences and the punishment for them are contained in Chapters IX
(chapter IX deals with cyber crimes which are punishable with fine only, whereas Chapter XI
enumerates the cyber crime which are punishable with imprisonment and fine.) of the Act.
These offences are briefly stated as follows:-

1. Unauthorised Access (Section 43-A) - The section lays down that any person who
accesses or secures access to a computer, computer system or computer network without
permission or any person in charge of such computer, computer system or computer network,
shall be liable to pay damages by of compensation not exceeding one crore rupees to the
person who is so affected.
The term “access” as defined in Section 2(1)(a) of the I.T Act means “gaining entry
into, instructing or communicating with logical, arithmetical or monetary function resources
of a computer, computer system or computer network.
The following acts have been constructed to fall within the purview of the term
“access” as contemplated by the Act:-
 (a) Unlawfully switching over a computer;
(b) Using a software program installed on the computer;
(c) Viewing the contents of the floppy disc illegally;
(d) Illegally switching off a computer;
(e) Taking a computer print-out illegally’
(f) Logging on the internet; and
(g) Pinging a computer.

The offence of unauthorised access is completed when data, data base (explanation
appended to Section 43 clarifies that a computer data-base means representation of
information, knowledge, facts concept or instructions in text, image audio video that are
prepared in formalized manner and are intended for use in a computer.) or information is
downloaded, copied or extracted illegally from one computer to another.

2. Failure to furnish information, return etc. (Sec 44)- Where a person is required
under this Act or any rules made there under to furnish any document any document, return
or report to the Controller or Certifying authority; fails to furnish the same, he shall be liable
to pay penalty not exceeding 1.5 lakh rupees for each failure and in case of default, a penalty
of 5,000/- rupees for every day during which such failure or default continues.

3. Tampering with computer source documents (Section 65)- Tampering with the
computer source documents is made punishable under Section 65 of the I.T. Act. The
offences in respect of computer source document (codes) are to be kept or maintained by law
include knowingly or intentionally

(i) Concealing,
(ii) Destroying
(iii) Altering
(iv) Causing another to conceal
(v) Causing another to destroy
(vi) Causing another to alter the computer source code.

In simpler words, for the purpose of section 65, Tampering means to conceal (hide or
keep secret), destroy (demolish or reduce to nothing) or alter (change in characteristics or
positions) the computer source document.

4. Hacking (Section 66).- The essential ingredients of the hacking are intention to
cause wrongful loss or damage to any person by unlawful means or concealed, destroyed or
altered would cause damage to any person. This action is punishable under this section with
imprisonment which would extend to three years or with fine, which may extend to two lakh
rupee or with both.
 5. Publishing of information which is obscene in electronic form (Section 67).-
Pornography on the internet is punishable under section 67 of the I.T Act. The term
“publishing” for the purpose of this section means, “to make generally known, formally
promulgate or issue copies for sale to public. “ This disseminating of pornographic material
on the website is an offence punishable with imprisonment up to three years or with the fine
which may extent up to rupees two lakh rupee or both.

6. Failure to comply with direction of Controller Section 68).- Section 68

authorizes the controller or certifying Authority to intercept any information transmitted
through any computer resource whenever it is expedient to do so. Failure to comply with such
order shall render a person liable to imprisonment for a term up to three years or fine up to
two lakh rupees, or with both. However, the order passed by the Controller or Certifying
Authority should be made if it is necessary to ensure compliance of any of the provisions of
the I.T.Act or the rules made there under.

7. Failure to assist in Decryption (Section 69)-The Controller or Certifying

Authority or any employee of such Authority is authorized to intercept any information
transmitted through any computer resource when it is expedient to do so in the interest of the
sovereignty or integrity of India,the security of the state, friendly relations with foreign states
or public order or for preventing incitement to commission of any cognizable offence.

Any contravention of the provisions of this section i.e. Section 69 shall be punishable
with imprisonment for a term which may extend to seven years. The information Sub-section
(3) of Section 69 referred to in this section would apply to e-mail messages, pass-word
protected files, encrypted information etc.

8. Accessing Protected System (Section 70)-The special Provisions contained in

Section 70 relate to protected systems. The section provides that the appropriate Government
may, by notification in the Official Gazette, declare any computer, computer system or
computer network to be a ‘protected system.’

Any person who secures access or attempts to secure assess to a protected

system in contravention of the provisions of this section shall be liable to punishment with
imprisonment of either description which may extend to ten years and shall also be liable to
fine.

9. Misrepresentation Section 71)-Any misrepresentation while applying for a digital

signature certification to the Controller or Certifying Authority has been made an offence
under section 71 of the Act. Both, misrepresentation of any material fact and/or suppressing
any material fact from the Controller or Certifying Authority for obtaining license or digital
Signature certificate shall constitute an offence.
 A person while applying for the license has to fill in the form as required by the rule
10 of the I.T Rules Act 2000, giving the full details about himself.

In case of applying for a digital signature certificate, a person is required to fill in the
from prescribed by rule 23 with complete information about himself. In any of the above
information, details are misinterpreted or suppressed, then the person guilty of such
misinterpretation shall be punished with imprisonment for a term which may extend to two
years, or with fine which may extend to one lakh rupees or with both.

10. PENALTY FOR BREACH OF CONFIDENTALITY OR PRIVACY:

Any person who secures access to the any electronic record, book, register,
correspondences, information, document or other material in contravention of any provisions
of the Act or rule framed there under shall be punished with imprisonment which may extend
to two years or with fine up to one lakh rupees, or with both. However this provision would
not apply to the disclosure of personal information of a person by a website by his email
service provider.

11. PUBLISHING DIGITAL SIGNATURE CERTICIFICATE FALSE IN

CERTAIN PARTICULARS (SECTION 773)-

Publishing digital signature certificate false in certain particulars is a cyber offence

punishable under section 73 of the Act. The punishment may extend to imprisonment of up to
two years, or with the fine which may extend to one lakh rupees, or with the both.

It may be stated that provisions relating to the acceptance of the digital signature
certificate by the subscriber are connected in the section 41 of the I T Act whereas the
provision relating to suspension of digital signature certificate are enshrined in Section 37 of
the Act

The I T Act prohibits making available of Digital signature Certificate with the
knowledge that-

a) The certifying Authority listed in the certificate has not issued it

b) The subscriber listed in the certificate has not accepted

c) The certificate has been revoked or suspended

12. Publishing the digital certificate for fraudulent purpose (Section74)

This section provides the however knowingly creates, publishes or otherwise makes
available the digital signature certificate for any fraudulent purpose or knowingly publishing
or available for any such purposes, commits an offence under the I T Act and the offender
may be punished with imprisonment for a term which may extend to two years, or with fine
which may extent two one lakh rupees, or which both.
  ADJUDICATING OFFICER

The first authority that has jurisdiction to try offences enumerated in Chapter
of the I.T. Act is the Adjudicating Officer(Section 46(1) of IT Act 2000.). The Central
Government has been empowered to appoint any officer of the State Government of India or
an equivalent officer of the State Government to be an Adjudicating Officer.

The Adjudicating Officer shall, after giving the contravener at reasonable opportunity
for making representation in the matter and if on such inquiry, he is satisfied that the person
has committed the contravention, impose such penalty or award such compensation as he
thinks fit in accordance with the provisions of the Act Section 46(2).

It should be noted that the satisfaction of the Adjudicating Officer as to the

contravention should be based on material facts brought before him during inquiry.

Section 46(3) stipulates that the Adjudicating Officers are appointed; their jurisdiction
shall be specified by the Central Government. Every Adjudicating Officer shall have the
powers of a civil court which are conferred on the Cyber Appellate Tribunal under Section58
(2) of the I.T. Act. The proceedings before him are quasi-judicial proceedings under Section
193 and Section 228 of the I.P.C.

In course of Inquiry, the Adjudication Officer is empowered in respect of the

following matters:-

(1) Summoning and enforcing attendance of persons;

(2) Compelling production of documents or electronic records;
(3) Receiving evidence;
(4) Issuing Commission;
(5) Giving ex-parte decisions;
(6) Dismissing the application.
  INFORMATION TECHNOLOGY ACT 2008

An Act to provide legal recognition for the transactions carried our by means of
electronic data interchange and other means of electronic communication, commonly referred
to as "Electronic Commerce", which involve the use of alternatives to paper based methods of
communication and storage of information , to facilitate electronic filings of documents with
the Government agencies and further to amend the Indian Penal Code, Indian Evidence Act,
1872,, The Bankers' Books Evidence Act, 1891, and the Reserve Bank of India Act, 1934 and
for matters connected therewith or incidental thereto.

AND WHEREAS the said resolution recommends inter alia that all States give
favourable consideration to the said Model Law when they enact or revise their laws, in view
of the need for uniformity of the law applicable to alternatives to paper-based methods of
communication and storage of information;

AND WHEREAS it is considered necessary to give effect to the said resolution and to
promote efficient delivery of Government services by means of reliable electronic records,
BE it enacted by Parliament in the Fifty-first Year of the Republic of India as follows:-

 This Act may be called the Information Technology Act, 2000. [As Amended
by Information technology (Amendment) Act 2008]

P.S: Information Technology (Amendment) Bill 2006 was amended by

Information Technology Act Amendment Bill 2008 and in the process, the
underlying Act was renamed as Information Technology (Amendment) Act
2008 herein after referred to as ITAA 2008.

 It shall extend to the whole of India and, save as otherwise provided in this
Act, it applies also to any offence or contravention hereunder committed
outside India by any person.
 It shall come into force on such date as the Central Government may, by
notification, appoint and different dates may be appointed for different
provisions of this Act and any reference in any such provision to the
commencement of this Act shall be construed as a reference to the
commencement of that provision.[Act notified with effect from October 17,
2000. Amendments vide notified with ITAA-2008.

 (Substituted Vide ITAA-2008)

 Nothing in this Act shall apply to documents or transactions specified in the
First Schedule by way of addition or deletion of entries thereto.
 (Inserted vide ITAA-2008)

Every notification issued under sub-section (4) shall be laid before each House
of Parliament
  M-COMMERCE LAW (As per information technology act 2008)

The coming of the Internet has really changed perceptions, behaviours, societies and
nations at large. It has changed the way we perceive, the way we interact and the way we do
commerce. Internet has really enabled the making of electronic commerce as a practical
reality.

The emergence of other technologies notably wireless technologies have resulted in a

new dimension for the applicability of electronic commerce. This is a new emergent field of
Mobile Commerce or m-commerce. M-Commerce is a new method of commerce that takes
place on and through the medium of wireless applications, sets, mobile phones and the like.

Mobile commerce is expected to be the dominant form of electronic commerce in the

times to come, especially with the proliferation, growth and penetration of mobiles and other
handheld devices. Mobile commerce is a reality today, but its adoption by large numbers
would transform it into a practical mass revolution and reality.

The emergence of Mobile commerce or mobile commerce is resulting in highly

technical disputes, doubts and complicated questions of law which have a direct bearing on
the future growth of mobile commerce. As such the discipline of Mobile Commerce Law or
M-COMMERCE LAW is the latest to be emerging in the field of Cyber law. This is a highly
specialized and niche field of Cyber law which is developing throughout the world, as till
date there has no uniformity of approach as to the adoption of Wireless Application Protocol
(WAP) as the universal mobile commerce technology platform and protocol.

This website enables you to keep up with the latest developments in mobile commerce
law. The site has its Chief Advisory in Mr. Pavan Duggal, Advocate, Supreme Court of India
and one of the leading Cyber law experts throughout the world and the pioneering M-
Commerce law expert
Some Indian Case

1. PUNE CITIBANK MPHASIS CALL CENTER FRAUD

US $ 3, 50,000 from accounts of four US customers were dishonestly

transferred to bogus accounts. This will give a lot of ammunition to those lobbying against
outsourcing in US. Such cases happen all over the world but when it happens in India it are a
serious matter and we cannot ignore it. It is a case of sourcing engineering. Some employees
gained the confidence of the customer and obtained their PIN numbers to commit fraud. They
got these under the guise of helping the customers out of difficult situations. Highest security
prevails in the call centers in India as they know that they will lose their business. There was
not as much of breach of security but of sourcing engineering.

The call center employees are checked when they go in and out so they can
not copy down numbers and therefore they could not have noted these down. They must have
remembered these numbers, gone out immediately to a cyber café and accessed the Citibank
accounts of the customers.

All accounts were opened in Pune and the customers complained that the
money from their accounts was transferred to Pune accounts and that’s how the criminals
were traced. Police has been able to prove the honesty of the call center and has frozen the
accounts where the money was transferred.

There is need for a strict background check of the call center executives.
However, best of background checks can not eliminate the bad elements from coming in and
breaching security. We must still ensure such checks when a person is hired. There is need for
a national ID and a national data base where a name can be referred to. In this case
preliminary investigations do not reveal that the criminals had any crime history. Customer
education is very important so customers do not get taken for a ride. Most banks are guilt of
not doing this.

2. BAAZEE.COM CASE

CEO of Baazee.com was arrested in December 2004 because a CD with

objectionable material was being sold on the website. The CD was also being sold in the
markets in Delhi. The Mumbai city police and the Delhi Police got into action. The CEO was
later released on bail. This opened up the question as to what kind of distinction do we draw
between Internet Service Provider and Content Provider. The burden rests on the accused that
he was the Service Provider and not the Content Provider. It also raises a lot of issues
regarding how the police should handle the cyber crime cases and a lot of education is
required.
3. STATE OF TAMIL NADU VS SUHAS KATTI

The Case of Suhas Katti is notable for the fact that the conviction was
achieved successfully within a relatively quick time of 7 months from the filing of the FIR.
Considering that similar cases have been pending in other states for a much longer time, the
efficient handling of the case which happened to be the first case of the Chennai Cyber Crime
Cell going to trial deserves a special mention.

The case related to posting of obscene, defamatory and annoying message

about a divorcee woman in the yahoo message group. E-Mails were also forwarded to the
victim for information by the accused through a false e-mail account opened by him in the
name of the victim. The posting of the message resulted in annoying phone calls to the lady
in the belief that she was soliciting.

Based on a complaint made by the victim in February 2004, the Police traced
the accused to Mumbai and arrested him within the next few days. The accused was a known
family friend of the victim and was reportedly interested in marrying her. She however
married another person. This marriage later ended in divorce and the accused started
contacting her once again. On her reluctance to marry him, the accused took up the
harassment through the Internet.

On 24-3-2004 Charge Sheet was filed u/s 67 of IT Act 2000, 469 and 509 IPC
before The Hon’ble Addl. CMM Egmore by citing 18 witnesses and 34 documents and
material objects. The same was taken on file in C.C.NO.4680/2004. On the prosecution side
12 witnesses were examined and entire documents were marked as Exhibits.

The Defence argued that the offending mails would have been given either by
ex-husband of the complainant or the complainant her self to implicate the accused as
accused alleged to have turned down the request of the complainant to marry her.

Further the Defence counsel argued that some of the documentary evidence
was not sustainable under Section 65 B of the Indian Evidence Act. However, the court relied
upon the expert witnesses and other evidence produced before it, including the witnesses of
the Cyber Cafe owners and came to the conclusion that the crime was conclusively proved.
Ld. Additional Chief Metropolitan Magistrate, Egmore, delivered the judgement on 5-11-04
as follows:
 " The accused is found guilty of offences under section 469, 509 IPC and 67 of
IT Act 2000 and the accused is convicted and is sentenced for the offence to undergo RI for 2
years under 469 IPC and to pay fine of Rs.500/-and for the offence u/s 509 IPC sentenced to
undergo 1 year Simple imprisonment and to pay fine of Rs.500/- and for the offence u/s 67 of
IT Act 2000 to undergo RI for 2 years and to pay fine of Rs.4000/- All sentences to run
concurrently."

The accused paid fine amount and he was lodged at Central Prison, Chennai.
This is considered as the first case convicted under section 67 of Information Technology Act
2000 in India.
4 PARLIAMENT ATTACK CASE

Bureau of Police Research and Development at Hyderabad had handled some

of the top cyber cases, including analysing and retrieving information from the laptop
recovered from terrorist, who attacked Parliament. The laptop which was seized from the two
terrorists, who were gunned down when Parliament was under siege on December 13 2001,
was sent to Computer Forensics Division of BPRD after computer experts at Delhi failed to
trace much out of its contents.

The laptop contained several evidences that confirmed of the two terrorists’
motives, namely the sticker of the Ministry of Home that they had made on the laptop and
pasted on their ambassador car to gain entry into Parliament House and the the fake ID card
that one of the two terrorists was carrying with a Government of India emblem and seal.

The emblems (of the three lions) were carefully scanned and the seal was also
craftly made along with residential address of Jammu and Kashmir. But careful detection
proved that it was all forged and made on the laptop.

5. ANDHRA PRADESH TAX CASE

Dubious tactics of a prominent businessman from Andhra Pradesh was

exposed after officials of the department got hold of computers used by the accused person.
The owner of a plastics firm was arrested and Rs 22 crore cash was recovered from his house
by sleuths of the Vigilance Department. They sought an explanation from him regarding the
unaccounted cash within 10 days.

The accused person submitted 6,000 vouchers to prove the legitimacy of trade
and thought his offence would go undetected but after careful scrutiny of vouchers and
contents of his computers it revealed that all of them were made after the raids were
conducted.

It later revealed that the accused was running five businesses under the guise
of one company and used fake and computerized vouchers to show sales records and save
tax.
 PREVENTION OF CYBER CRIME:
Prevention is always better than cure. It is always better to take certain
precaution while operating the net. A should make them his part of cyber life.
Saileshkumar Zarkar, technical advisor and network security consultant to the
Mumbai Police Cyber crime Cell, advocates the 5P mantra for online security:
Precaution, Prevention, Protection, Preservation and Perseverance. A netizen should
keep in mind the following things-

1. To prevent cyber stalking avoid disclosing any information pertaining to oneself.

This is as good as disclosing your identity to strangers in public place.

2. Always avoid sending any photograph online particularly to strangers and chat
friends as there have been incidents of misuse of the photographs.

3. Always use latest and update antivirus software to guard against virus attacks.

4. always keep back up volumes so that one may not suffer data loss in case of virus
contamination

5. Never send your credit card number to any site that is not secured, to guard
against frauds.

6. Always keep a watch on the sites that your children are accessing to prevent any
kind of harassment or depravation in children.

7. It is better to use a security programme that gives control over the cookies and
send information back to the site as leaving the cookies unguarded might prove
fatal.

8. Web site owners should watch traffic and check any irregularity on the site.
Putting host-based intrusion detection devices on servers may do this.

9. Use of firewalls may be beneficial.

10. Web servers running public sites must be physically separate protected from
internal corporate network.

Adjudication of a Cyber Crime - On the directions of the Bombay High Court

the Central Government has by a notification dated 25.03.03 has decided that the
Secretary to the Information Technology Department in each state by designation
would be appointed as the AO for each state.
 CONCLUSION:

Capacity of human mind is unfathomable. It is not possible to eliminate cyber crime

from the cyber space. It is quite possible to check them. History is the witness that no
legislation has succeeded in totally eliminating crime from the globe. The only possible step
is to make people aware of their rights and duties (to report crime as a collective duty towards
the society) and further making the application of the laws more stringent to check crime.
Undoubtedly the Act is a historical step in the cyber world. Further I all together do not deny
that there is a need to bring changes in the Information Technology Act to make it more
effective to combat cyber crime. I would conclude with a word of caution for the pro-
legislation school that it should be kept in mind that the provisions of the cyber law are not
made so stringent that it may retard the growth of the industry and prove to be counter-
productive.