Cyber Crime or Computer Crime
Computer crime refers to any crime that involves a computer
and a network.
History reveals that the Cyber crime originated even from the year 1820. That is not surprising considering the fact that the abacus, which is thought to be the earliest form of a computer, has been around since 3500 B.C. in India, Japan and China in 1820, Joseph-Marie Jacquard, a textile manufacturer in France, produced the loom. This device allowed the repetition of a series of steps in the weaving of special fabrics. This resulted in a fear among Jacquard's employees that their traditional employment and livelihood were being threatened. They committed acts of sabotage to discourage Jacquard from further use of the new technology. This is the first recorded cyber crime!
Hacker means someone who finds weaknesses in a computer or
computer network.
There is an equivalent term to hacking i.e. cracking, but
from Indian Laws perspective there is no difference between the term hacking
and cracking. The term hacker is reclaimed by computer programmers who argue
that someone breaking into computers is better called a cracker, not making a
difference between computer criminals (black hats) and computer security
experts (white hats). Some white hat hackers claim that they also deserve the
title hacker, and that only black hats should be called crackers.
The term "white hat" in Internet slang refers to
an ethical hacker, or a computer security expert, who specializes in
penetration testing and in other testing methodologies to ensure the security
of an organization's information systems. White-hat hackers are also called
"sneakers", red teams, or tiger teams
A "black hat" hacker is a hacker who
"violates computer security for little reason beyond maliciousness or for
personal gain"
A grey hat hacker is a combination of a Black Hat and a
White Hat Hacker. A Grey Hat Hacker may surf the internet and hack into a
computer system for the sole purpose of notifying the administrator that their
system has been hacked, for example. Then they may offer to repair their system
for a small fee.
A social status among hackers, elite is used to describe the
most skilled. Newly discovered exploits will circulate among these hackers.
Elite groups such as Masters of Deception conferred a kind of credibility on
their members.
A script kiddie (or skiddie) is a non-expert who breaks into
computer systems by using pre-packaged automated tools written by others
A neophyte, "n00b", or "newbie" is
someone who is new to hacking or phreaking and has almost no knowledge or
experience of the workings of technology, and hacking.
A blue hat hacker is someone outside computer security
consulting firms who is used to bug test a system prior to its launch, looking
for exploits so they can be closed.
A hacktivist is a hacker who utilizes technology to announce
a social, ideological, religious, or political message. In general, most
hacktivism involves website defacement or denial-of-service attacks.
Intelligence agencies and cyberwarfare operatives of nation
states.
"Bots: Automated software tools, some freeware,
available for the use of any type of hacker"
A vulnerability
scanner is a tool used to quickly check computers on a network for known
weaknesses. Hackers also commonly use port scanners.
Password cracking is the process of recovering passwords
from data that has been stored in or transmitted by a computer system. A common
approach is to repeatedly try guesses for the password
A packet sniffer is an application that captures data
packets, which can be used to capture passwords and other data in transit over
the network.
A Trojan horse is
a program which seems to be doing one thing, but is actually doing another. A
trojan horse can be used to set up a back door in a computer system such that
the intruder can gain access later.
"A virus is a self-replicating program that spreads by
inserting copies of itself into other executable code or documents. Therefore,
a computer virus behaves in a way similar to a biological virus, which spreads
by inserting itself into living cells. While some are harmless or mere hoaxes
most computer viruses are considered malicious."
What is Virus? A computer virus attaches itself to a program
or file enabling it to spread from one computer to another, leaving infections
as it travels. Like a human virus, a computer virus can range in severity. Almost all viruses are attached to an executable file, which means
the virus may exist on your computer but it actually cannot infect your
computer unless you run or open the malicious program. It is important to note
that a virus cannot be spread without a human action.
A worm is similar to a virus by design and is considered to be a sub-class of a virus. Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any human action. A worm takes advantage of file or information transport features on your system, which is what allows it to travel unaided. The biggest danger with a worm is its capability to replicate itself on your system, so rather than your computer sending out a single worm, it could send out hundreds or thousands of copies of itself, creating a huge devastating effect
Viruses are sometimes confused with worms and Trojan horses,
which are technically different. A worm can exploit security vulnerabilities to
spread itself automatically to other computers through networks, while a Trojan
horse is a program that appears harmless but hides malicious functions. Worms
and Trojan horses, like viruses, may harm a computer system's data or performance.
Some viruses and other malware have symptoms noticeable to the computer user,
but many are surreptitious or simply do nothing to call attention to
themselves.
Spyware is a type of malware (malicious software) installed
on computers that collects information about users without their knowledge.
Adware, or advertising-supported software, is any software
package which automatically renders unwanted advertisements.
The Information Technology ACT 2000
CHAPTER 1 - PRELIMINARY
1) Short title, extent, commencement and application
2) Definitions
CHAPTER 2 - DIGITAL SIGNATURE
3) Authentication of electronic records.
CHAPTER 3 - ELECTRONIC GOVERNANCE
4) Legal recognition of electronic records.
5) Legal recognition of digital signatures.
6) Use of electronic records and digital signatures in Government and its agencies.
7) Retention of electronic records.
8) Publication of rules, regulation, etc., in Electronic Gazette.
9) Sections 6,7 and 8 not to confer right to insist document should be accepted in electronic form
10) Power to make rules by Central Government in respect of digital signature
CHAPTER 4 - ATTRIBUTION, ACKNOWLEDGEMENT AND DESPATCH OF ELECTRONIC RECORDS
11) Attribution of electronic records.
12) Acknowledgement of receipt.
13) Time and place of despatch and receipt of electronic record.
CHAPTER 5 - SECURE ELECTRONIC RECORDS AND SECURE DIGITAL SIGNATURES
14) Secure electronic record.
15) Secure digital signature.
16) Security procedure.
CHAPTER 6 - REGULATION OF CERTIFYING AUTHORITIES
17) Appointment of Controller and other officers.
18) Functions of Controller.
19) Recognition of foreign Certifying Authorities.
20) Controller to act as repository.
21) Licence to issue Digital Signature Certificates.
22) Application for licence.
23) Renewal of licence.
24) Procedure for grant or rejection of licence.
25) Suspension of licence.
26) Notice of suspension or revocation of licence.
27) Power to delegate.
28) Power to investigate contraventions.
29) Access to computers and data.
30) Certifying Authority to follow certain procedures.
31) Certifying Authority to ensure compliance of the Act, etc.
32) Display of licence.
33) Surrender of licence.
34) Disclosure.
CHAPTER 7 - DIGITAL SIGNATURE CERTIFICATES
35) Certifying Authority to issue Digital Signature Certificate.
36) Representations upon issuance of Digital Signature Certificate.
37) Suspension of Digital Signature Certificate.
38) Revocation of Digital Signature Certificate.
39) Notice of suspension or revocation.
CHAPTER 8 - DUTIES OF SUBSCRIBERS
40) Generating key pair.
41) Acceptance of Digital Signature Certificate.
42) Control of private key.
CHAPTER 9 - PENALTIES AND ADJUDICATION
43) Penalty for damage to computer, computer system, etc.
44) Penalty for failure to furnish information, return, etc.
45) Residuary penalty.
46) Power to adjudicate.
47) Factors to be taken into account by the adjudicating officer.
CHAPTER 10 - THE CYBER REGULATIONS APPELLATE TRIBUNAL
48) Establishment of Cyber Appellate Tribunal.
49) Composition of Cyber Appellate Tribunal.
50) Qualifications for appointment as Presiding Officer of the Cyber Appellate Tribunal.
51) Term of office
52) Salary, allowances and other terms and conditions of service of Presiding Officer.
53) Filling up of vacancies.
54) Resignation and removal.
55) Orders constituting Appellate Tribunal to be final and not to invalidate its proceedings.
56) Staff of the Cyber Appellate Tribunal.
57) Appeal to Cyber Regulations Appellate Tribunal.
58) Procedure and powers of the Cyber Appellate Tribunal.
59) Right to legal representation.
60) Limitation.
61) Civil court not to have jurisdiction.
62) Appeal to High Court.
63) Compounding of contraventions.
64) Recovery of penalty
CHAPTER 11 - OFFENCES
65) Tampering with computer source documents.
66) Hacking with Computer System.
67) Publishing of information which is obscene in electronic form.
68) Power of the Controller to give directions.
69) Directions of Controller to a subscriber to extend facilities to decrypt information.
70) Protected system
71) Penalty for misrepresentation.
72) Breach of confidentiality and privacy.
73) Penalty for publishing Digital Signature Certificate false in certain particulars.
74) Publication for fraudulent purpose.
75) Act to apply for offences or contravention committed outside India.
76) Confiscation.
77) Penalties and confiscation not to interfere with other punishments
78) Power to investigate offences.
CHAPTER 12 - NETWORK SERVICE PROVIDERS NOT TO BE LIABLE IN CERTAIN CASES
79. Network service providers no to be liable in certain cases
CHAPTER 13 -MISCELLANEOUS
80) Power of police officer and other officers to enter, search, etc.
81) Act to have overriding effect.
82) Controller, Deputy Controller and Assistant Controllers to be public servants.
83) Power to give directions.
84) Protection of action taken in good faith.
85) Offences by Companies.
86) Removal of difficulties.
87) Power of Central Government to make rules.
88) Constitution of Advisory Committee.
89) Power of Controller to make regulations.
90) Power of State Government to make rules.
91) Amendment of Act 45 of 1860.
92) Amendment of Act 1 of 1872.
93) Amendment of Act 18 of 1891.
94) Amendment of Act 2 of 1934.
THE FIRST SCHEDULE (See section 91)
AMENDMENTS TO THE INDIAN PENAL CODE (45 OF 1860)
THE SECOND SCHEDULE (See section 92)
AMENDMENTS TO THE INDIAN EVIDENCE ACT, 1872 (1 OF 1872)
THE THIRD SCHEDULE (See section 93)
AMENDMENTS TO THE BANKERS' BOOKS EVIDENCE ACT 1891 (18 OF 1891)
THE FOURTH SCHEDULE(See section 94)
AMENDMENT TO THE RESERVE BANK OF INDIA ACT, 1934 (2 OF 1934)
REFERENCES
1. http://cybercrime.planetindia.net
2. http://cybercellmumbai.gov.in
3. www.wikipedia.org
4. http://www.mairec.org/IJRIM/Mar2012/3.pdf