Cyber LawPPT on engineering and technology

Cyber Law 7 th Semester, Computer Science & Engineering (Elective:- Cyber Security)

Content Cybercrime / Cyber Classification of Cyber Crime Prevention of Cyber Crime Cyber Criminals and its types Ranjit Patnaik GIET University, Gunupur 2

UNIT-III Ranjit Patnaik GIET University, Gunupur 3

Cybercrime / Cyber Fraud Cybercrime or a computer-oriented crime is a crime that includes a computer and a network. The computer may have been used in the execution of a crime or it may be the target. Cybercrime is the use of a computer as a weapon for committing crimes such as committing fraud, identity theft, or breaching privacy. Cybercrime, especially through the Internet, has grown in importance as the computer has become central to every field like commerce, entertainment, and government. Cybercrime may endanger a person or a nation’s security and financial health. Cybercrime encloses a wide range of activities, but these can generally be divided into two categories: Crimes that aim at computer networks or devices. These types of crimes involve different threats (like virus, bugs etc.) and denial-of-service (DoS) attacks. Crimes that use computer networks to commit other criminal activities. These types of crimes include cyber stalking, financial fraud or identity theft. Ranjit Patnaik GIET University, Gunupur 4

Classification of Cyber Crime Cyber Terrorism – Cyber terrorism is the use of the computer and internet to perform violent acts that result in loss of life. This may include different type of activities either by software or hardware for threatening life of citizens. In general, Cyber terrorism can be defined as an act of terrorism committed through the use of cyberspace or computer resources. Cyber Extortion – Cyber extortion occurs when a website, e-mail server or computer system is subjected to or threatened with repeated denial of service or other attacks by malicious hackers. These hackers demand huge money in return for assurance to stop the attacks and to offer protection. Cyber Warfare – Cyber warfare is the use or targeting in a battle space or warfare context of computers, online control systems and networks. It involves both offensive and defensive operations concerning to the threat of cyber attacks, espionage and sabotage. Ranjit Patnaik GIET University, Gunupur 5

Internet Fraud – Internet fraud is a type of fraud or deceit which makes use of the Internet and could include hiding of information or providing incorrect information for the purpose of deceiving victims for money or property. Internet fraud is not considered a single, distinctive crime but covers a range of illegal and illicit actions that are committed in cyberspace. Cyber Stalking – This is a kind of online harassment wherein the victim is subjected to a barrage of online messages and emails. In this case, these stalkers know their victims and instead of offline stalking, they use the Internet to stalk. However, if they notice that cyber stalking is not having the desired effect, they begin offline stalking along with cyber stalking to make the victims’ lives more miserable. Ranjit Patnaik GIET University, Gunupur 6

Prevention of Cyber Crime Use strong password – Maintain different password and username combinations for each account and resist the temptation to write them down. Weak passwords can be easily cracked using certain attacking methods like Brute force attack, Rainbow table attack etc , So make them complex. That means combination of letters, numbers and special characters. Use trusted antivirus in devices –Always use trustworthy and highly advanced antivirus software in mobile and personal computers. This leads to the prevention of different virus attack on devices. Keep social media private –Always keep your social media accounts data privacy only to your friends. Also make sure only to make friend who are known to you. Keep your device software updated –Whenever your get the updates of the system software update it at the same time because sometimes the previous version can be easily attacked. Ranjit Patnaik GIET University, Gunupur 7

Use secure network – Public Wi-Fi are vulnerable. Avoid conducting financial or corporate transactions on these networks. Never open attachments in spam emails – A computer get infected by malware attacks and other forms of cybercrime is via email attachments in spam emails. Never open an attachment from a sender you do not know. Software should be updated – Operating system should be updated regularly when it comes to internet security. This can become a potential threat when cybercriminals exploit flaws in the system. Ranjit Patnaik GIET University, Gunupur 8

First Cyber Fraud in India The first cybercrime occurred in 1992 when the first polymorphic virus was released. The case of Yahoo v. Akash Arora (1999) was one of the earliest examples of cybercrime in India. The defendant, Akash Arora, was accused of utilizing the trademark or domain name ‘yahooindia.com,’ and a permanent injunction was sought in this case. Ranjit Patnaik GIET University, Gunupur 9

Preventive Measure Backup all data, system, and considerations: This enables data stored earlier to assist businesses in recovering from an unplanned event. Enforce concrete security and keep it up to date: Choose a firewall with features that protect against malicious hackers, malware, and viruses. This enables businesses to identify and respond to threats more quickly. Never give out personal information to a stranger: They can use the information to commit fraud. Check security settings to prevent cybercrime: A cyber firewall checks your network settings to see if anyone has logged into your computer. Using antivirus software: Using antivirus software helps to recognize any threat or malware before it infects the computer system. Never use cracked software as it may impose the serious risk of data loss or malware attack. When visiting unauthorized websites, keep your information secure: Using phishing websites, information can easily bypass the data. Use virtual private networks (VPNs): VPNs enable us to hide our IP addresses. Restriction on access to your most valuable data: Make a folder, if possible, so that no one can see confidential documents. Ranjit Patnaik GIET University, Gunupur 10

Who commits cyber-crimes? Cyber criminals, also known as hackers, often use computer systems to gain access to business trade secrets and personal information for malicious and exploitive purposes. Hackers are extremely difficult to identify on both an individual and group level due to their various security measures, such as proxies and anonymity networks, which distort and protect their identity. Cybersecurity experts assert that cyber criminals are using more ruthless methods to achieve their objectives and the proficiency of attacks is expected to advance as they continue to develop new methods for cyber attacks. The growth of the global cyber criminal network, which is largely credited to the increased opportunity for financial incentives, has created a number of different types of cyber criminals, many of which pose a major threat to governments and corporations. Ranjit Patnaik GIET University, Gunupur 11

Common Types of Cyber Criminals Identity Thieves Internet Stalkers Phishing Scammers Cyber Terrorists Ranjit Patnaik GIET University, Gunupur 12

Cyber Crime Techniques Botnet – a strategically developed network of bots which crawl the backend of the web to spread malware with very little detection. Zombie Computer – a computer which is deliberately hacked by cyber criminals in order to gain access to and/or attack a private network. Distributed Denial of Service (DDoS) – with a DDoS attack, cyber criminals are not necessarily seeking to access data, but rather are hoping to shut down a network via an overload of junk data. An example of a DDoS attack occurred on Friday, October 21, 2016, when cyber criminals shut down a number of highly utilized websites, including Twitter, Spotify, and Amazon. Metamorphic Malware – one of the more advanced techniques, metamorphic malware, repeatedly adjusts its code, making it extremely difficult to detect by even the most advanced anti-virus software. Experts predict that by the end of 2017, there will be an emergence of malware that can infiltrate networks, steal information and cover up their activities. These forms of malware will make it difficult for government agencies and businesses to establish the extent to which data has been tampered with, as well as prevent law enforcement from pursuing and prosecuting the offenders. Ranjit Patnaik GIET University, Gunupur 13

Penalties and offences under the IT Act, 2000 Offences: Cyber offences are the illegitimate actions, which are carried out in a classy manner where either the computer is the tool or target or both. Cyber-crime usually includes the following − Unauthorized access of the computers Data diddling Virus/worms attack Theft of computer system Hacking Denial of attacks Logic bombs Trojan attacks Internet time theft Web jacking Email bombing Salami attacks Physically damaging computer system. Ranjit Patnaik GIET University, Gunupur 14

Penalties and offences under the IT Act, 2000 The offences included in the I.T. Act 2000 are as follows − Tampering with the computer source documents. Hacking with computer system. Publishing of information which is obscene in electronic form. Power of Controller to give directions. Directions of Controller to a subscriber to extend facilities to decrypt information. Protected system. Penalty for misrepresentation. Penalty for breach of confidentiality and privacy. Penalty for publishing Digital Signature Certificate false in certain particulars. Publication for fraudulent purpose. Act to apply for offence or contravention committed outside India Confiscation. Penalties or confiscation not to interfere with other punishments. Power to investigate offences. Ranjit Patnaik GIET University, Gunupur 15

Penalties under the IT Act, 2000 Section 65: Any person tamper, conceal, destroy, or alter any computer source document intentionally, then he shall be liable to pay penalty upto Rs.2,00,000/-, or Imprisonment upto 3 years, or both. Section 66: Any person dishonestly, or fraudulently does any act as referred in Section 43, then he shall be liable to pay penalty upto Rs.5,00,000/-, or Imprisonment upto 3 years, or both. Section 66B: Any person dishonestly, or fraudulently receives or retains any stolen computer resource or communication device, then he shall be liable to pay penalty upto Rs.1,00,000/-, or Imprisonment upto 3 years, or both. Section 66C: Any person dishonestly, or fraudulently make use of Electronic Signature, Password or any other Unique Identification Feature of any other person, then he shall be liable to pay penalty upto Rs.1,00,000/-, or Imprisonment upto 3 years, or both. Section 66D: Any person dishonestly, or fraudulently by means of any communication device or computer resource cheats by personating, then he shall be liable to pay penalty upto Rs.1,00,000/-, or Imprisonment upto 3 years, or both. Section 66E: Any person intentionally captures, publishes, or transmits image of private area of any person without consent, then he shall be liable to pay penalty upto Rs.2,00,000/-, or Imprisonment upto 3 years, or both. Ranjit Patnaik GIET University, Gunupur 16

Penalties under the IT Act, 2000 Section 66F: Any person does any act electronically, or with use of computer with intent to threaten unity, integrity, security, or sovereignty of India, then he shall punishable with Imprisonment for Life. Section 67: Any person publishes, or transmits in electronic form any material which appeals to prurient interest, or if its effect is such as to tend to deprave and coorupt persons who are likely to read, see, or hear matter contained in it, then he shall be liable to pay penalty upto Rs.5,00,000/-, or Imprisonment upto 3 years, or both, And in the event of second or subsequent conviction, he shall be liable to pay penalty upto Rs.10,00,000/-, or Imprisonment upto 5 years, or both. Section 67A: Any person publishes, or transmits in electronic form any material which contains sexually explicit act, or conduct, then he shall be liable to pay penalty upto Rs.10,00,000/-, or Imprisonment upto 5 years, or both, And in the event of second or subsequent conviction, he shall be liable to pay penalty upto Rs.10,00,000/-, or Imprisonment upto 7 years, or both. Section 68: The Controller may, by order, direct a Certifying Authority or any employee of such Authority to take such measures or cease carrying on such activities as specified in the order if those are necessary to ensure compliance with the provisions of this Act, rules or any regulations made thereunder and if any person who intentionally or knowingly fails to comply with the order, then he shall be liable to pay penalty upto Rs.1,00,000/-, or Imprisonment upto 2 years, or both. Ranjit Patnaik GIET University, Gunupur 17

Penalties under the IT Act, 2000 Section 69: Where the Central Government or a State Government or any of its officers specially authorized by the Central Government or the State Government, as the case may be, in this behalf may, if satisfied that it is necessary or expedient so to do, in the interest of the sovereignty or integrity of India, defense of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence relating to above or for investigation of any offence, it may with reasons to be recorded in writing, by order, direct any agency of the appropriate Government to intercept, monitor or decrypt or cause to be intercepted or monitored or decrypted any information generated, transmitted, received or stored in any computer resource, Any person who fails to comply with the order, then he shall be liable to Imprisonment of 7 years, along with the fine (amount of fine is not specified in the act). Section 70: The appropriate Government may, by notification in the Official Gazette, declare any computer resource which directly or indirectly affects the facility of Critical Information Infrastructure, to be a protected system, Any person who fails to comply with the notification, then he shall be liable to Imprisonment of 10 years, along with the fine (amount of fine is not specified in the act). Section 71: Whoever makes any misrepresentation to, or suppresses any material fact from the Controller or the Certifying Authority for obtaining any License or Electronic Signature Certificate, as the case may be, then he shall be liable to pay penalty upto Rs.1,00,000/-, or Imprisonment upto 2 years, or both. Ranjit Patnaik GIET University, Gunupur 18

Penalties under the IT Act, 2000 Section 72: If any person who has secured access to any electronic record, book, register, correspondence, information, document or other material without the consent of the person concerned discloses such electronic record, book, register, correspondence, information, document or other material to any other person, then he shall be liable to pay penalty upto Rs.1,00,000/-, or Imprisonment upto 2 years, or both. Section 72A: If any person who has secured access to any material containing personal information about another person, with the intent to cause or knowing that he is likely to cause wrongful loss or wrongful gain discloses, without the consent of the person concerned, or in breach of a lawful contract, then he shall be liable to pay penalty upto Rs.5,00,000/-, or Imprisonment upto 3 years, or both. Section 73: If any person publishes a Electronic Signature Certificate, or make it available to any other person with the knowledge that Certifying Authority has not issued it, or Subscriber has not accepted it, or Certificate has been revoked or suspended then he shall be liable to pay penalty upto Rs.1,00,000/-, or Imprisonment upto 2 years, or both. Ranjit Patnaik GIET University, Gunupur 19

Penalties under the IT Act, 2000 Section 74: If any person knowingly creates, publishes, or otherwise makes available Electronic Signature Certificate for any fraudulent or unlawful purpose, then he shall be liable to pay penalty upto Rs.1,00,000/-, or Imprisonment upto 2 years, or both. Section 75: If any person have committed an offence, or contravention committed outside India, and if the act or conduct constituting the offence or contravention involves a computer, computer system or computer network located in India, then the provisions of this Act shall apply also to any offence or contravention committed outside India by any person irrespective of his nationality. Section 76: Any computer, computer system, floppies, compact disks, tape drives, or any other accessories related thereto, in respect of which any provision of this Act, rules, orders, or regulations made thereunder has been, or is being contravened, shall be liable to confiscation. However, if it is proved that such resources were not used in committing fraud then only person in default will be arrested. Ranjit Patnaik GIET University, Gunupur 20

Penalties under the IT Act, 2000 Section 74: If any person knowingly creates, publishes, or otherwise makes available Electronic Signature Certificate for any fraudulent or unlawful purpose, then he shall be liable to pay penalty upto Rs.1,00,000/-, or Imprisonment upto 2 years, or both. Section 75: If any person have committed an offence, or contravention committed outside India, and if the act or conduct constituting the offence or contravention involves a computer, computer system or computer network located in India, then the provisions of this Act shall apply also to any offence or contravention committed outside India by any person irrespective of his nationality. Section 76: Any computer, computer system, floppies, compact disks, tape drives, or any other accessories related thereto, in respect of which any provision of this Act, rules, orders, or regulations made thereunder has been, or is being contravened, shall be liable to confiscation. However, if it is proved that such resources were not used in committing fraud then only person in default will be arrested. Ranjit Patnaik GIET University, Gunupur 21

Investigation of cyber-crimes in India For conducting cyber-crime investigation, certain special skills and scientific tools are required without which the investigation is not possible. Due to the Information Technology Act, 2000 (“IT Act”), certain provisions of Criminal Procedure Code and the Evidence Act, have been amended. Along with this, certain new regulations had been enforced by the Indian legal system to meet with the need of cyber-crime investigation. Ranjit Patnaik GIET University, Gunupur 22

Who can investigate? The power to investigate the accused in regard to the cyber offences, has been entailed in Section 78 of the IT Act, which says that “not with standing anything contained in the Code of Criminal Procedure, 1973, a police officer not below the rank of Inspector shall investigate any offence under this Act”. Nevertheless, the IT Act is not sufficient to meet the necessity, therefore the Criminal Procedure Code, 1978 and the Indian Penal Code, 1860, were also amended accordingly to introduce cyber-crime under their ambit. This gives power to the Inspector to register and investigate the cyber-crime as like another crime. Ranjit Patnaik GIET University, Gunupur 23

Process of search & arrest The power of the police office and other officers to enter, search etc. is entailed in Section 80 (1) of the IT Act, which says that, notwithstanding anything contained in the Code of Criminal Procedure, 1973, any police officer, not below the rank of the Inspector or any other officer of the Central Government or State Government authorized by the Central Government in this regard, may enter any public place, search and arrest without warrant any person, who is reasonably suspected of having committed or of committing or about to commit an offence under the IT Act. Pursuant to Section 80 (2) of the IT Act, any person who is arrested under sub-section (1) by an officer other than a police officer then such officer shall, without any unreasonable delay, take or send the person arrested before a magistrate having jurisdiction in the case or before the officer-in-charge of a police station. Ranjit Patnaik GIET University, Gunupur 24

Process of search & arrest The Government of India had launched the online cyber-crime reporting portal, www.cybercrime.gov.in, which is a citizen-centric initiative, to allow the complainants to lodge complaints relating to child pornography/child sexual abuse material or any content which is sexual in nature. The Central Government has launched a scheme for formulating of Indian Cyber Crime Coordination Centre (I4C) to handle the cybercrime incidents in India, in an inclusive & coordinated manner. Ranjit Patnaik GIET University, Gunupur 25

Process of search & arrest The said scheme has following seven components: National Cybercrime Threat Analytics Unit (TAU) National Cybercrime Forensic Laboratory (NCFL) National Cybercrime Training Centre (NCTC) Cybercrime Ecosystem Management Platform for Joint Cybercrime Investigation Team National Cybercrime Reporting Portal National Cyber Research and Innovation Centre (NCR&IC) Ranjit Patnaik GIET University, Gunupur 26

Process of search & arrest The government is also planning to set up Regional Cyber Crime Coordination Centres at respective States/ UTs.By following below-mentioned steps, one can report a cyber-crime online: Step 1: Go to https://www.cybercrime.gov.in/Accept.aspx. Step 2: Click on ‘Report Other Cyber Crimes’ on the menu. Step 3: Create ‘Citizen login’. Step 4: Click on ‘File a Complaint’. Step 4: Read the conditions and accept them. Step 5: Register your mobile number and fill in your name and State. Step 6: Fill in the relevant details about the offence. Ranjit Patnaik GIET University, Gunupur 27

Process of Investigation Ranjit Patnaik GIET University, Gunupur 28

UNIT-IV Ranjit Patnaik GIET University, Gunupur 29

India Legal Framework Analysis The Government of India needs to have a separate Ministry for Co-operation instead of acting as an adjunct of the Department of Agriculture and Farmers welfare and nomenclature of the Registrar i.e. Department(s) of co-operation should be changed to Co-operative Promotio The model bylaw has become mandatory bylaw in practice. Hence while approving the The Model bylaws, the Registrar of Co-operative Societies needs to look into the provisions of the Co-operative Societies Act only. The organizational structure and staff remuneration are according to the directive of the Registrar of Co-operative Societies in most of the states. Co-operative being an autonomous and independent organization the structure and staff remuneration needs to be decided by the concerned co-operative. The Government may give certain guidelines so as to ensure that the financial stability of the society is not affected. The co-operatives should have discretion over their expenditure and investments. Law should not mandate expenditures on specific functions or require Government approval of basic business decisions. This is subject to general auditing requirements. The distribution of surplus of the co-operative should be according to the patronage of the co-operative rather than capital subscribed. There are a lot of variations in the co-operative societies Act of various states. There is a need to adopt the features that provide enabling provisions in the State Co-operative Societies Act. However, this does not mean that a uniform law across the country should be framed since Co-operation is a state subject and there are a lot of regional variations. Ranjit Patnaik GIET University, Gunupur 30

Cyber security framework under the IT Act in India Key developments in the cyber security framework in India The Indian Computer Emergency Response Team Constitution of committee of experts to review the IT Act Recommendations of the standing committee on IT on the IT (Amendment) Bill 2006 The Information Technology (Amendment) Act, 2008 Bill on Intelligence agency reforms National Cyber Security Policy, 2013 Standing committee on IT report on ‘Cyber Crime, Cyber Security and Right to Privacy’ Surveillance order issued by MHA National Cyber Security Strategy 2020 Ranjit Patnaik GIET University, Gunupur 31

Cyber security framework under the IT Act in India To manage cyber-related risks responsibly, the NIST Cybersecurity Framework includes guidelines, standards, and best practices. According to this framework, flexibility and affordability are of prime importance. Moreover, it aims at fostering resilience and protecting critical infrastructure by implementing the following measures: A better understanding, management, and reduction of the risks associated with cybersecurity. Prevent data loss, misuse, and restoration costs. Determine the most critical activities and operations that must be secured. Provides evidence of the trustworthiness of organizations that protect critical assets. Optimize the cybersecurity return on investment (ROI) by prioritizing investments. Responds to regulatory and contractual requirements Assists in the wider information security program. Ranjit Patnaik GIET University, Gunupur 32

Cyber security framework under the IT Act in India Ranjit Patnaik GIET University, Gunupur 33

Cyber Crimes against Individuals and State Cybercrime ranges variety of activities. Cyber crime can be basically divided into three major categories: Cyber crimes against persons like harassment occur in cyberspace or through the use of cyber space. Harassment can be sexual, racial, religious, or other. Cyber crimes against property like computer wreckage (destruction of others' property), transmission of harmful programs, unauthorized trespassing, unauthorized possession of computer information. Cyber crimes against government like Cyber terrorism Ranjit Patnaik GIET University, Gunupur 34

Cyber Crimes against Individuals and State Crimes against persons are: Cyber-Stalking: It means to create physical threat that creates fear to use the computer technology such as internet, e-mail, phones, text messages, webcam, websites or videos. Dissemination of Obscene Material: It includes Indecent exposure/ Pornography (basically child pornography), hosting of web site containing these prohibited materials. These obscene matters may cause harm to the mind of the adolescent and tend to deprave or corrupt their mind. Defamation: It is an act of imputing any person to lower down the dignity of the person by hacking his mail account and sending some mails with using vulgar language to unknown persons mail account. Hacking: It means unauthorized control/access over computer system and act of hacking completely destroys the whole data as well as computer programmers. Hackers usually hacks telecommunication and mobile network. Cracking: It is one of the serious cyber crimes known till date .Cracking means that a stranger has broken into your computer systems without your knowledge and consent and has tampered with precious confidential data and information. E-Mail Spoofing: A spoofed e-mail may be said to be one, which misrepresents its origin. It shows its origin to be different from which actually it originates. Ranjit Patnaik GIET University, Gunupur 35

Cyber Crimes against Individuals and State Crimes against persons are: SMS Spoofing: Spoofing is a blocking through spam which means the unwanted uninvited messages. Wrong doer steals mobile phone number of any person and sending SMS via internet and receiver gets the SMS from the mobile phone number of the victim. It is very serious cyber crime against any individual. Carding: It means false ATM cards i.e. Debit and Credit cards used by criminals for their monetary benefits through withdrawing money from the victim's bank account mala- fidely . There is always unauthorized use of ATM cards in this type of cyber crimes. Cheating & Fraud: It means the person who is doing the act of cyber crime i.e. stealing password and data storage has done it with having guilty mind which leads to fraud and cheating. Child Pornography: It involves the use of computer networks to create, distribute, or access materials that sexually exploit underage children. Assault by Threat: refers to threatening a person with fear for their lives or lives of their families through the use of a computer network i.e. E-mail, videos or phones. Ranjit Patnaik GIET University, Gunupur 36

Cyber Crimes against Individuals and State Crimes against Property: As there is rapid growth in the international trade where businesses and consumers are increasingly using computers to create, transmit and to store information in the electronic form instead of traditional paper documents. Intellectual Property Crimes: Intellectual property consists of a bundle of rights. Any unlawful act by which the owner is deprived completely or partially of his rights is an offence. The common form of IPR violation may be said to be software piracy, infringement of copyright, trademark, patents, designs and service mark violation, theft of computer source code, etc. Cyber Squatting: It means where two persons claim for the same Domain Name either by claiming that they had registered the name first on by right of using it before the other or using something similar to that previously. For example two similar names i.e. www.yahoo.com and www.yaahoo.com. Cyber Vandalism: Vandalism means deliberately destroying or damaging property of another. Thus cyber vandalism means destroying or damaging the data when a network service is stopped or disrupted. It may include within its purview any kind of physical harm done to the computer of any person. These acts may take the form of the theft of a computer, some part of a computer or a peripheral attached to the computer. Hacking Computer System: Hacktivism attacks those included Famous Twitter, blogging platform by unauthorized access/control over the computer. Due to the hacking activity there will be loss of data as well as computer. Also research especially indicates that those attacks were not mainly intended for financial gain too and to diminish the reputation of particular person or company. Ranjit Patnaik GIET University, Gunupur 37

Cyber Crimes against Individuals and State Crimes against Property: Transmitting Virus: Viruses are programs that attach themselves to a computer or a file and then circulate themselves to other files and to other computers on a network. They usually affect the data on a computer, either by altering or deleting it. Worm attacks plays major role in affecting the computerize system of the individuals. Cyber Trespass: It means to access someone's computer without the right authorization of the owner and does not disturb, alter, misuse, or damage data or system by using wireless internet connection. Internet Time Thefts: Basically, Internet time theft comes under hacking. It is the use by an unauthorized person, of the Internet hours paid for by another person. The person who gets access to someone else's ISP user ID and password, either by hacking or by gaining access to it by illegal means, uses it to access the Internet without the other person's knowledge. You can identify time theft if your Internet time has to be recharged often, despite infrequent usage. Ranjit Patnaik GIET University, Gunupur 38

Cyber Crimes against Individuals and State Cybercrimes against Government/ State There are certain offences done by group of persons intending to threaten the international governments by using internet facilities. It includes: Transmitting Virus: Viruses are programs that attach themselves to a computer or a file and then circulate themselves to other files and to other computers on a network. They usually affect the data on a computer, either by altering or deleting it. Worm attacks plays major role in affecting the computerize system of the individuals. Cyber Terrorism: Cyber terrorism is a major burning issue in the domestic as well as global concern. The common form of these terrorist attacks on the Internet is by distributed denial of service attacks, hate websites and hate e-mails, attacks on sensitive computer networks etc. Cyber terrorism activities endanger the sovereignty and integrity of the nation. Cyber Warfare: It refers to politically motivated hacking to damage and spying. It is a form of information warfare sometimes seen as analogous to conventional warfare although this analogy is controversial for both its accuracy and its political motivation. Ranjit Patnaik GIET University, Gunupur 39

Cyber Crimes against Individuals and State Cybercrimes against Government/ State Distribution of pirated software: It means distributing pirated software from one computer to another intending to destroy the data and official records of the government. Possession of Unauthorized Information: It is very easy to access any information by the terrorists with the aid of internet and to possess that information for political, religious, social, ideological objectives. Ranjit Patnaik GIET University, Gunupur 40

Hacking A commonly used hacking definition is the act of compromising digital devices and networks through unauthorized access to an account or computer system. Hacking is not always a malicious act, but it is most commonly associated with illegal activity and data theft by cyber criminals. Hacking refers to the misuse of devices like computers, smartphones, tablets, and networks to cause damage to or corrupt systems, gather information on users, steal data and documents, or disrupt data-related activity. Ranjit Patnaik GIET University, Gunupur 41

History of Hacking/Hackers Hacking first appeared as a term in the 1970s but became more popular through the next decade. An article in a 1980 edition of Psychology Today ran the headline “The Hacker Papers” in an exploration of computer usage's addictive nature. Two years later, two movies, Tron and WarGames , were released, in which the lead characters set about hacking into computer systems, which introduced the concept of hacking to a wide audience and as a potential national security risk. Sure enough, later that year, a group of teenagers cracked the computer systems of major organizations like Los Alamos National Laboratory, Security Pacific Bank, and Sloan-Kettering Cancer Center. A Newsweek article covering the event became the first to use the word “hacker” in the negative light it now holds. This event also led Congress to pass several bills around computer crimes, but that did not stop the number of high-profile attacks on corporate and government systems. Of course, the concept of hacking has spiraled with the release of the public internet, which has led to far more opportunities and more lucrative rewards for hacking activity. This saw techniques evolve and increase in sophistication and gave birth to a wide range of types of hacking and hackers. Ranjit Patnaik GIET University, Gunupur 42

Types of Hacking/Hackers Black Hat Hackers Black hat hackers are the "bad guys" of the hacking scene. They go out of their way to discover vulnerabilities in computer systems and software to exploit them for financial gain or for more malicious purposes, such as to gain reputation, carry out corporate espionage, or as part of a nation-state hacking campaign. These individuals’ actions can inflict serious damage on both computer users and the organizations they work for. They can steal sensitive personal information, compromise computer and financial systems, and alter or take down the functionality of websites and critical networks. White Hat Hackers White hat hackers can be seen as the “good guys” who attempt to prevent the success of black hat hackers through proactive hacking. They use their technical skills to break into systems to assess and test the level of network security, also known as ethical hacking. This helps expose vulnerabilities in systems before black hat hackers can detect and exploit them. The techniques white hat hackers use are similar to or even identical to those of black hat hackers, but these individuals are hired by organizations to test and discover potential holes in their security defenses. Grey Hat Hackers Grey hat hackers sit somewhere between the good and the bad guys. Unlike black hat hackers, they attempt to violate standards and principles but without intending to do harm or gain financially. Their actions are typically carried out for the common good. For example, they may exploit a vulnerability to raise awareness that it exists, but unlike white hat hackers, they do so publicly. This alerts malicious actors to the existence of the vulnerability. Ranjit Patnaik GIET University, Gunupur 43

Types of Hacking/Hackers Ranjit Patnaik GIET University, Gunupur 44

Digital Forgery Ranjit Patnaik GIET University, Gunupur 45 Forgery is defined as the production of a document that is known to be fake but appears to be genuine. It is usually seen in documents such as cheques, passports, visas, certificates, other identification documents etc. and people are easily hoodwinked, especially when the forgery is done digitally. It is impossible to tell the difference between genuine and falsified documents unless you’ve been trained to do so. Forgeries are dangerous because they are frequently difficult to spot as fakes. As a result of digital forgeries, the victims of these activities may suffer financial loss as well as a loss of reputation. The number of crimes pertaining to forgery is increasing day by day. It is not very hard for forgers to falsify documents and signatures especially if it is a digital one but it can be extremely difficult for a layman to figure out the minute indications and details in a document that distinguish a fake one from an original. Digital forgery is at an all-time high in today’s contemporary world and as a matter of fact, the majority of people do not realise when their documents are forged.

Digital Forgery- Solution Ranjit Patnaik GIET University, Gunupur 46 There are several approaches and tools available today for detecting forgeries. Apart from standard procedures like ocular analysis of a picture and parameter adjustment (such as brightness, contrast, and so on), the forensic experts employ the following: reflections and shadows, lighting, analysis of thumbnails, error level analysis (ELA), examination of brightness gradients, principal component analysis (PCA), clone detection, stamp investigation of chromatic aberrations, noise analysis.

Cyber Stalking/Harassment Ranjit Patnaik GIET University, Gunupur 47 Cyberstalking refers to the use of the internet and other technologies to harass or stalk another person online, and is potentially a crime in the United States. This online harassment, which is an extension of cyberbullying and in-person stalking, can take the form of e-mails, text messages, social media posts, and more and is often methodical, deliberate, and persistent. Most of the time, the interactions do not end even if the recipient expresses their displeasure or asks the person to stop. The content directed at the target is often inappropriate and sometimes even disturbing, which can leave the person feeling fearful, distressed, anxious, and worried. Examples of Cyberstalking Post rude, offensive, or suggestive comments online Follow the target online by joining the same groups and forums Send threatening, controlling, or lewd messages or emails to the target Use technology to threaten or blackmail the target Tag the target in posts excessively, even if they have nothing to do with them Comment on or like everything the target posts online

Cyber Stalking/Harassment Ranjit Patnaik GIET University, Gunupur 48 Examples of Cyberstalking Create fake accounts to follow the target on social media Message the target repeatedly Hack into or hijack the target's online accounts Attempt to extort sex or explicit photos Send unwanted gifts or items to the target Release confidential information online Post or distribute real or fake photos of the target Bombard the target with sexually explicit photos of themselves Create fake posts designed to shame the victim Track the target's online movements by installing tracking devices Hack into the target's camera on their laptop or smartphone as a way to secretly record them Continue the harassing behavior even after being asked to stop

How to Prevent Cyber stalking/Harassment Ranjit Patnaik GIET University, Gunupur 49 Create strong passwords. Make sure you have strong passwords for all your online accounts as well as strong passwords for your devices. Then, set a reminder on your phone to regularly change your passwords. Choose passwords that would be difficult to guess but are easy for you to remember. Be sure to log out every time. It may seem like a pain, but make sure you log out of email, social media accounts, and other online accounts after using them. This way, if someone were able to get into your device they would not have easy access to your accounts. Keep track of your devices. Don't leave your phone sitting on your desk at work or walk away from an open laptop. It only takes a minute or two for someone to install a tracking device or hack your device. So, make sure you keep these things in your possession or that you secure them in some way.

Right to Privacy and Data Protection on Internet Ranjit Patnaik GIET University, Gunupur 50

Self-regulation approach to privacy Defining Self-Regulation self-regulation is almost always a misnomer. It hardly ever exists without some relationship to the state; a relationship that itself varies greatly. The meaning of self-regulation shifts depending upon the extent of government coercion or involvement and upon accurate public perceptions of the relationship of private sector and state. A study on self-regulation in the Media Sector and European Community Law noted that "The term "self-regulation" is often used as a matter of course, as if it were (1) a specific and defined term, and (2) an equally specific and defined regulatory practice. Yet in general, this is not the case" ( Ukrow 1999: 11). From the outset, then, there needs to be an exploration of the variety of meanings of "self-regulation" and the implications of each grouping of them for the better management of social concerns with the new technology. Ranjit Patnaik GIET University, Gunupur 51

Self -Regulatory Tools A wide array of self-regulatory tools have proven track records as substitutes for government regulation. They assume many forms, ranging from social control to formal contracts. Codes of conduct, voluntary standards, contractual provisions, accreditation, third-party certification, audits, best practices and performance goals and objectives have all withstood scrutiny in lieu of prescriptive regulation in a variety of industry settings, including the media. Dispute resolution is also an important element within a self regulatory regime for the Internet. Ranjit Patnaik GIET University, Gunupur 52

Intellectual Property in Cyberspace Intellectual Property (IP) simply refers to the creation of the mind. It refers to the possession of thought or design by the one who came up with it. It offers the owner of any inventive design or any form of distinct work some exclusive rights, that make it unlawful to copy or reuse that work without the owner’s permission. It is a part of property law. People associated with literature, music, invention, etc. can use it in business practices. There are numerous types of tools of protection that come under the term “intellectual property”. Notable among these are the following: Patent Trademark Geographical indications Layout Designs of Integrated Circuits Trade secrets Copyrights Industrial Designs Ranjit Patnaik GIET University, Gunupur 53

Intellectual Property in Cyberspace Online content needs to be protected and hence Intellectual Property Rights and Cyber laws cannot be separated. In cyberspace, sometimes one person makes a profit by using another person’s creation without the owner’s consent. This is a violation of privacy, and it is protected by IPR. We have certain laws to avoid violation of Intellectual Property Rights in cyberspace and when it is violated, then additionally we have several remedies in law. Ranjit Patnaik GIET University, Gunupur 54

Copyright Infringement Copyright protection is given to the owner of any published artistic, literary, or scientific work over his work to prohibit everyone else from exploiting that work in his name and thereby gain profit from it. When these proprietary creations are utilized by anyone without the permission of the owner, it leads to copyright infringement. If copies of any software are made and sold on the internet without the permission of the owner or even copying the content from any online source, these all are examples of copyright infringement. Ranjit Patnaik GIET University, Gunupur 55

Copyright Issues in Cyberspace Linking – It permits a Website user to visit another location on the Internet. By simply clicking on a word or image on one Web page, the user can view another Web page elsewhere in the world, or simply elsewhere on the same server as the original page. Linking damages the rights or interests of the owner of the Linked webpage. It may create the supposition that the two linked sites are the same and promote the same idea. In this way, the linked sites can lose their income as it is often equal to the number of persons who visit their page. Software Piracy – Software piracy refers to the act of stealing software that is lawfully shielded. This stealing comprises various actions like copying, spreading, altering, or trading the software. It also comes under the Indian copyright act. An example of software piracy is downloading a replica of Microsoft Word from any website other than Microsoft to avoid paying for it as it is a paid software. Piracy can be of 3 types: Soft lifting Software Counterfeiting Uploading-Downloading. Ranjit Patnaik GIET University, Gunupur 56

Interface with Copyright Law Copyright is a bundle of exclusive rights given by the law to the creators of original works. It is a form of intellectual property protection granted by law. The rights provided under Copyright law include the rights of reproduction of the work, communication of the work to the public, adaptation of the work and translation of the work. Copyright laws serve to create property rights for certain kinds of intellectual property, generally called works of authorship. Copyright laws protect the legal rights of the creator of an ‘original work’ by preventing others from reproducing the work in any other way. Ranjit Patnaik GIET University, Gunupur 57

Interface with Copyright Law The main goals of copyright are: - To encourage the development of culture, science and innovation To provide a financial benefit to copyright holders for their works To facilitate access to knowledge and entertainment for the public. Ranjit Patnaik GIET University, Gunupur 58

Interface with Copyright Law SUBJECT MATTER OF COPYRIGHT, ECONOMICS AND MORAL RIGHTS Modern copyright laws serve to protect a variety of intellectual property ranging from songs and jingles to computer software and proprietary databases. All subject matters protected by copyright are called ‘works’. Thus according to Section 13 of The Copyright Act 1957, it may be subjected for the following works: Clause (a) of this Section 13 provides the definition of original work whereas clause (b) and (c) provides secondary works. Primary Works Original Literary Work, Original Dramatic work, Original Musical work, Original Artistic Work, Secondary Works Cinematography films, and Sound recordings. Ranjit Patnaik GIET University, Gunupur 59

Interface with Patent Law Patent law is the branch of intellectual property law that deals with new inventions. Traditional patents protect tangible scientific inventions, such as circuit boards, car engines, heating coils, or zippers. However, over time patents have been used to protect a broader variety of inventions, such as coding algorithms, business practices, or genetically modified organisms. In general, a patent can be granted if an invention is: not a natural object or process; new; useful; and not obvious. Ranjit Patnaik GIET University, Gunupur 60

Interface with Patent Law Terms to Know Application: The collection of documents that must be filed with the U.S. Patent and Trademark Office (USPTO) in order to obtain a patent. Agent: Someone who is not an attorney, but who is authorized to file patent applications on behalf of inventors. Claims: The section of the patent application that defines the new and nonobvious part of the invention and the part of the invention that can later be protected. Counterpart: A patent application before the USPTO concerning an invention that is already patented in another country. Typically, the same person files both patent applications. Infringement: Making or selling a patented device without a license from the patent owner. Prior Art: The state of the industry before the patent was filed. Things that are considered prior art are not eligible for patent protection because they are not new. Patent Prosecution: The process of applying for and receiving a patent. Patent Litigation: The process of defending a patent against infringement. Ranjit Patnaik GIET University, Gunupur 61

Trademarks & Domain Names Related issues Trademark Registration After successful trademark registration, there can be nothing worse for a businessman than finding out that the corresponding domain name isn’t available. Such trademark issues related to domain names are fairly common and can be resolved based on the context. Let’s understand trademark and domain name issues in detail. Once the trademark registration is complete, hosting a website is the next step, for which a domain name is to be registered. The regulating body responsible for maintaining IP address records is called the Internet Corporation for Assigned Names and Numbers (ICANN). Ranjit Patnaik GIET University, Gunupur 62

Trademarks & Domain Names Related issues A domain name can be divided into Top Level Domain (TLD) and Second Level Domain (SLD). TLD is further divided into generic (gTLD) or geographic (CcTLD), wherein generic domain names are international in nature (Ex - . edu , .com) and geographic domain names are for particular nations (Ex - .in). Thus, the first step in domain registration is deciding the TLD and SLD. Once that has been settled, the registrar will collect the necessary information and send it to the registry that maintains the directory. Ranjit Patnaik GIET University, Gunupur 63

Trademarks & Domain Names Related issues Disputes Cybersquatting Suppose a highly prestigious company, say Tanishq , does not have a website yet. Someone buys the domain name ‘tanishq.com’ either intending to sell it later to Tanishq at a profit or to attract traffic and generate money through advertising. You just got yourself a case of cybersquatting: the act of registering and using a domain name in bad faith, a common trademark and domain name dispute. Cyber Twins Cyber twins or concurrent disputes arise when both parties have a legitimate claim to a domain name. This is the most complicated of all trademark issues related to a domain name. For example, the case of Indian Farmers Fertilizer Cooperation Ltd vs. International Foodstuffs Co. for the domain name iffco.com. Reverse Domain Name Hijacking As the name suggests, RDNH is the inverse of Domain Hijacking, when a trademark holder falsely accuses a legitimate domain name holder with cybersquatting and wrongly pressurizes him to give it up to another party. For instance, the infamous case of Indian Hotels Company Ltd. and the domain name IndianHotels.com. Ranjit Patnaik GIET University, Gunupur 64

Trademarks & Domain Names Related issues Settlement There are several ways in which trademark issues related to domain names can be settled Non - Intervention If the domain name is not vital, contesting for it will only cost time and money. Therefore, it is not worth fighting over. Mutual Agreement Another way of dealing with such issues is to arrive at a pact of understanding between the two parties. This could either take place in the form of a disclaimer on the domain owner’s website stating that it is not related to the trademark holder’s business or a link displayed which redirects traffic that has erroneously arrived at their site, back to the trademark bearer’s website. Ranjit Patnaik GIET University, Gunupur 65

Dispute Resolution in Cyberspace The Information Technology Act, 2000 establishes quasi-judicial bodies, such as adjudicating officials, to resolve disputes (offences of a civil nature as well as criminal offences). The adjudicating officer has the jurisdiction to award compensation as a civil remedy as well as impose fines for violating the Act, giving them civil and criminal court-like powers. The Cyber Appellate Tribunal is the first level of appeal, with a Chairperson and any additional members appointed by the Central Government. A second appeal may be lodged with a High Court having jurisdiction within 60 days after the Cyber Appellate Tribunal’s ruling has been communicated. Ranjit Patnaik GIET University, Gunupur 66

The adjudicating officer The Central Government appoints an “Adjudicating Officer” (AO) with the authority to make decisions. The secretary of each state’s department of information technology is designated as the AO for that state by default, according to the Ministry of Electronics and Information Technology (“ MeitY ”). The AO is a quasi-judicial entity since it has the ability to: Order investigation, i.e. hold an inquiry into a breach of the IT Act, 2000 based on the evidence presented to it; and Adjudicate, i.e. determine the amount of compensation or punishment to be awarded in the event of a violation. Ranjit Patnaik GIET University, Gunupur 67

The adjudication process as provided by the IT Act, 2000 The adjudication process as provided by the Information Technology Act, 2000 has been discussed in pointers hereunder: Filing of the complaint to the AO. Notice to the necessary parties containing the date and time of the first hearing is issued by the AO. On the date provided in the notice, the AO explains alleged contraventions to the party against whom allegations are made. The three possible instances that can take place subsequent to this are provided below: The person against whom the allegation is made pleads guilty, or The person against whom the allegation is made shows cause why an inquiry should not be held against him/her, or The person against whom the allegation is made fails to appear. In that case, the AO proceeds with the inquiry in absence of such a person. Ranjit Patnaik GIET University, Gunupur 68

The adjudication process as provided by the IT Act, 2000 If the situation in point (a) happens, then the consequence will be the imposition of penalty or awarding of compensation as per the provisions of the IT Act, 2000, by the AO. If the circumstance provided in point (b) unfolds itself, the outcomes are: The AO decides on the basis of submission of parties and/or preliminary investigation in order to determine whether there is sufficient cause to order an inquiry or not. The AO will fix another date for production of documents or evidence and then finally pass an order on the basis of the evidence presented. The AO dismisses the complaint on finding no sufficient cause to proceed with it. The AO has jurisdiction over cases in which the claim for compensation or harm is less than INR 5 crore. The AO has the authority to order an investigation into a complaint at any time after receiving it. An officer from the Office of the Controller of Certifying Authorities, or (CERT-In), or a Deputy Superintendent of Police conducts the inquiry. Ranjit Patnaik GIET University, Gunupur 69

Cyber Appellate Tribunal Sub-clause (1) Section 58 of the IT Act, 2000 states that the Cyber Appellate Tribunal is not bound by the Code of Civil Procedure, 1908, but rather by the principles of natural justice, and the Cyber Appellate Tribunal has the authority to regulate its own procedure, including the location of its hearings, subject to the other provisions of this Act and any rules. Clause (2) Section 58 provides that the Cyber Appellate Tribunal shall have the same powers as a civil court under the Code of Civil Procedure, 1908, when trying a case, for the purposes of carrying out its tasks under this Act: Having any person summoned and compelled to appear, as well as questioning him under oath; Requiring documents or other electronic records to be discovered and produced; Receiving evidence on affidavit; Appointing commissions to examine witnesses or documents; Reconsidering its decisions; Dismissing an application due to default or making an ex parte decision; Any additional matter that the court may deem necessary. Ranjit Patnaik GIET University, Gunupur 70

Cyber Appellate Tribunal Clause (3) Section 58 provides that any proceeding before the Cyber Appellate Tribunal is to be treated as a judicial proceeding for the purposes of Sections 193 and 228 of the Indian Penal Code, 1860, and the Cyber Appellate Tribunal is treated as a civil court for the purposes of Section 195 and Chapter XXVI of the Code of Criminal Procedure, 1973. The High Court. Ranjit Patnaik GIET University, Gunupur 71

Cyber LawPPT on engineering and technology

About This Presentation

Slide Content

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

Cyber LawPPT on engineering and technology

About This Presentation

Slide Content

Slide 1

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14

Slide 15

Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32

Slide 33

Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Slide 39

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58

Slide 59

Slide 60

Slide 61

Slide 62

Slide 63

Slide 64

Slide 65

Slide 66

Slide 67

Slide 68

Slide 69

Slide 70

Slide 71

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows