In the fast developing world of technology and globalization, we have achieved what we never thought of. As the coins have two sides, the technologies also face problems and the most harmful one is the ‘Cybercrime’. Today most of us are dependent on the computers and the networking. Thus, this dependency has resulted in the increase of cybercrime. Cybercrime is the crime in the Cyberspace which includes computers and networks. Cybercrimes are also known as the ‘computer-crime’, ‘computer-related crime’, ‘net crime’, ‘digital crime’ , ‘virtual crime’, or ‘High-tech’ crime, etc.
The normally cybercrimes are defined as criminal activities carried out by means of computers or internet or unlawful acts wherein the computer is either a tool or a target or both”. Cybercrimes are a threat to the individuals and society.
In 1820 the first ever cybercrime was witnessed. Joseph-Marie Jacquard, a textile manufacturer produced loom in France. The device helped to do the manual works technically by allowing repetition of a series of steps in weaving special fabrics. The employees feared of losing their employment as conventional methods were being replaced. They deliberately destroyed and sabotaged the new technology.
Hacking can be traced back to 1960’s. Hacking means the act of modifying a product or procedure to alter its normal function or to fix a problem. They were not used for criminal purposes at that time but for improving the function. In 1970’s malicious activities relating to hacking developed in order to have free long distance telephonic services. In the passing of the legislation the Computer Fraud and Abuse Act, 1984. In 1988 Morris worm virus was the first to affect the computers causing malfunction and resource depletion. In 1990’s hackers broke into Graffith Air Force Base, NASA, Korean Atomic Research Institute, etc. The 1984 Act was amended in 1994 and later in 1996.
MEANING AND NATURE:
During the 10th United Nations Congress on the Prevention of Crime and the Treatment of Offenders, two definitions were developed within a related –
- Cybercrime in a narrow sense (computer crime) covers any illegal behaviour directed by means of electronic operations that target the security of computer systems and the data processed by them.
- Cybercrime in a broader sense (computer-related crimes) covers any illegal behaviour committed by means of, or in relation to, a computer system or network, including such crimes as illegal possession and offering or distributing information by means of a computer system or network.
Cybercrimes are not exactly defined. Even the IT Act 2002, fails to define the term but lays down the criteria to form a cybercrime under ‘computer-related offences’. The cybercrimes are different from the conventional crimes. They are technically unique and not requires even to move from a place to commit a crime. There is no physical evidence nor eyewitness. The impact is high.
TYPES OF CYBERCRIME:
Cybercrimes are generally targeted against individuals, organizations, and society at large.
Generally, they are divided into three categories:
- Target cybercrime- In target cybercrime the computer is the target of the offence.
- Tool cybercrime- in which the computer is considered as a tool in committing an offence
- Computer incidental- the computer only plays a minor role in the commission of an offence.
On the basis offences, they can be classified as
- Offences against the confidentiality, integrity and availability of computer data and system through illegal access (hacking and cracking), illegal data acquisition (data espionage), illegal interception.
- Computer-related offences such as fraud, forgery, phishing, theft and misuse of devices.
- Content-related offences such contents which is illegal, including pornography, xenophobic materials, insults relating to religious symbols, illegal gambling and online gaming.
- Copyright-related offences which includes the piracy, misuse the identical names and marks.
- Combination offences means the compilation of several offences to cause malfunction to the networking system by terrorists.
On a general note, the kinds of cybercrimes are divided as the following:
- Hacking- It is the most common cybercrime across the world. According to the oxford dictionary, ‘hacking’ means to use a computer to read or alter information in another computer without permission, i.e. unauthorised use of one’s computer. Hacking has been further defined under the Information Technology Act, 2000 under Sec 66 as “Whoever with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person destroys or deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means, commits hacking.” And the punishment for hacking is 3 years imprisonment or fine up to 2 lakhs or both.
- Virus, Trojans and Worms- William Stallings in his book ‘Computer Security: Principles and Practice’ has explained the term ‘virus’ as a computer virus is a type of malicious software program that, when executed, replicates itself by modifying other computer programs and inserting its own code. A Trojan horse is malicious, security-breaking program which is designed for the particular function but it provides an unauthorized access to the target computers. It may be in the form of game, program to destroy virus etc. Computer worms are similar to viruses but they do not need a host program. They are self-replicating malwares that duplicates itself and spreads to the uninfected computers to malfunction them.
- Cyber Pornography which includes child pornography in cyberspace.
- Cyber Stalking- ‘Stalking’ is being defined under Sec 354D of the IPC, 1860 as
Any man who—
- follows a woman and contacts, or attempts to contact such woman to foster personal interaction repeatedly despite a clear indication of disinterest by such woman; or
- monitors the use by a woman of the internet, email or any other form of electronic communication, commits the offence of stalking;
Also, it is punishable with imprisonment up to 3 years and shall also be liable for fine.
- Financial crimes- These financial crimes are done for the purpose of monetary gains by illegal means. For example: credit card frauds, money laundering, etc.
- Phishing- It is carried out to make victims disclose their personal/secret information. Firstly, offenders identify those companies who give online services, then, design similar websites and communicate with them to log in, so that they get their personal information.
- E-mail Bombing- The offenders will send huge number of mails to a particular mail id by various spammers, which results in overflow of the mailbox.
- E-mail Spoofing- It is a way in which the origin of an e-mail is hidden by phishing.
- Logic Bombs- It is a programming code inserted intentionally which is designed to explode at a certain circumstances or after some time. When explodes, it deletes or corrupts the data of the target system
- Web jacking- The offender will forcefully take control of the website, without the rightful owner’s authority. The owner will lose control over the website.
As the technology has developed there seems importance of legislation to control the exploitation of these growing and mishandling of the technologies. Cyber Law in its general sense means the law which governs the cyber space. Cyber Law is a wide term and it encompasses various legislations relating to: a) Cybercrimes, b) electronic and digital signatures, c) intellectual property, d) data protection and privacy.
The Cyber law has become necessary because, the offences committed in the cyber space cannot be dealt as if committed in the physical world. The cyber space is an intangible dimension and the crimes committed there are beyond the conventional crimes.
INTERNATIONAL CONVENTION AND TREATIES:
- Convention on Cyber Crime Treaty
The Council of Europe (CoE), which is an organization consisting of 47 countries appointed a Committee of Experts on crime in cyberspace, in 1997. The main aim was to define new crimes, jurisdictional rights and criminal liabilities concerning the Internet. The countries such as Canada, Japan, South Africa, and the U.S. were also invited to participate in it to make a common law applicable for all the countries. As a result of which Convention on Cyber Crime Treaty was passed on June 2001. The Convention entered into force on July 1, 2004. The convention is a way a framework for countries to act upon and the cooperation between countries in investigating and prosecuting the cybercrimes. Those who have agreed to this, has to pass legislation to address the computer crimes in their state.
In 1951, a treaty was made in alliance with three countries Australia, New Zealand and United States into bilateral bonds, with Australia as common to both. As New Zealand became inactive, it remains between United States and Australia. A new clause was added in 2011 that applies to cyberspace.
- The USA Patriot Act:
It was passed after the 9/11 Attack. It authorizes the interception of electronic communications for the collection of evidence related to terrorism, computer fraud, and abuse (Sections 201 and 202). It also clarifies the definition of protected computers and increases fines and prison terms for damage (Section 814).
- The Homeland Security Act:
It directs the U.S. Sentencing Commission to re-evaluate federal sentencing guidelines for crimes involving computer-related fraud and hacking offenses.
- Budapest Convention:
It is the Council of Europe Convention. It covers Europe as well as Russia. Canada and United States are observers. Around 100 countries have made their domestic legislations with the guidance of this convention and 35 countries are party to it.
- The United Nations (UN):
- The UN attempts to govern cyberspace through the International Telecommunications Union (ITU) and the regulations created by the ITU (ITRs).
- The United Nations Office for Drugs and Crime (UNODC) is also concerned with cybercrime.
- At the 8th U.N. Congress on the Prevention of Crime and the Treatment of Offenders in Havana, Cuba a resolution on Computer Crime legislation was adopted in the year 1990.
- In 2000 Resolution 55/63 on combating the criminal misuse of information technologies was adopted by the General Assembly, and it includes the following statements: – “States should ensure that their laws and practice eliminate safe havens for those who criminally misuse information technologies.” “Legal systems should protect the confidentiality, integrity, and availability of data and computer systems from unauthorized impairment and ensure that criminal abuse is penalized.”
- In 2010, the General Assembly adopted Resolution 65/230. The main purpose was to make a comprehensive study on the cybercrime and to propose new national and international legal or other responses to the crime.
- In 2012, in the World Conference on International Telecommunication held in Dubai, an amendment was made to the ITR.
- The Organisation for Economic Co-operation and Development (OECD):
The OECD was the first to develop guidelines for computer crime. It was in the year 1992 the Council of the OECD adopted the Recommendation of the Council Concerning Guidelines for the Security of Information Systems and the 24 OECD Member countries adopted the Guidelines for the Security of Information Systems.
- The North Atlantic Treaty Organization (NATO):
Cyber defence is the part of NATO’s core task of collective defence. Also, it has affirmed that the International law applies in cyberspace. NATO’s main focus in cyber defence is to protect its own networks and enhance resilience. In July 2016, Allies reaffirmed NATO’s defensive mandate and recognised cyberspace as a domain of operations in which NATO must defend itself as effectively as it does in the air, on land and at sea. In 2016 NATO signed a Technical arrangement on Cyber defence cooperation with the European Union.
- Asia Pacific Economic Cooperation (APEC):
APEC brings together nations like U.S., Canada, China and Russia. The APEC’S Telecommunications and Information Working Group, which works for the security in the cyber space.
- The Virtual Global Taskforce (VGT):
It is an alliance of international law enforcement agencies and private sector partners working together to combat online child sexual abuse.
- The Information Technology Act, 2000 (IT Act):
The Information Technology Act, 2000 has taken guidance from the UNCITRAL Model Law. The Act came into force on 17 October 2000. This Act penalises cybercrimes and awards punishments. The Act further amends the Indian Penal Code, 1860, The Evidence Act, 1872, The Banker’s Books Evidence Act, 1891 and The Reserve Bank of India Act, 1934.
Chapter XI of the Act talks about the offences.
- Sec 65 of the Act punishes a person with imprisonment up to 3 years or with fine up to 2 lakh or with both for tampering with computer source document.
- Sec 66 mentions about computer related offences Computer. Under which Sec 66A specifies punishment for sending offensive messages through communication service, etc. as imprisonment for a term up to 3 years or fine or both. Sec 66B specifies punishment for dishonestly receiving stolen computer resource or communication device as imprisonment up to 3 years and 1 lakh rupees fine or both. Sec 66C states the punishment for identity theft and Sec 66D states the punishment for cheating by personation by using computer resource as imprisonment for 3 years and shall be liable to pay 1 lakh fine. Sec 66E lays down the punishment for violation of privacy and state the punishment to be imprisonment extending to 3 years or with fine not exceeding 2 lakhs or both. Sec 66F provides punishment for cyber terrorism shall be punished with imprisonment for life.
- Sec 67 provides for the punishment to be given while publishing or transmitting obscene material in electronic form with imprisonment of either description for a term which may extend to three years and with fine which may extend to five lakh rupees. Sec 67A Punishment for publishing or transmitting of material containing sexually explicit act, etc., in electronic form and for first conviction with imprisonment of either description for a term which may extend to five years and with fine which may extend to ten lakh rupees. Sec 67B prescribes punishment for publishing or transmitting of material depicting children in sexually explicit act, etc., in electronic form and punished same as above.
- Sec 71 states about the Misrepresentation to the controller or the Certifying Authority with Imprisonment for a term which may extend to 2 years, or with fine up to 1 lakh Rupees, or with both.
- Sec 72 prescribes the penalty for breach of confidentiality and privacy with Imprisonment for a term which may extend to 2 years, or with fine up to 1 lakh Rupees, or with both.
- Sec 73 mentions about the publishing Digital Signature Certificate false in certain particulars with Imprisonment for a term which may extend to 2 years, or with fine which may extend to 1 lakh Rupees.
- Sec 74 states about the Publication for fraudulent purpose with Imprisonment for a term which may extend to 2 years, or with fine up to 1 lakh Rupees, or with both.
- The Indian Penal Code, 1860
The IT Act amends the IPC. The word document now includes an electronic record. The result is that anyone using forged electronic record or certificates is punishable under the IPC for offences related to false evidences and certificates. Sections under which they are punishable are
- Sec 120 A- Criminal Conspiracy
- Sec 153A (1)- Promoting enmity between different groups
- Sec 292- Sale, etc., of obscene books, etc.
- Sec 295 A- Deliberate and malicious acts, intended to outrage religious feelings of any class.
- Sec 383- Extortion (Web-jacking)
- Sec 463- Forgery (forgery of email records)
- Sec 416- Cheating by personation
- Sec 499- Defamation (Sending defamatory messages by email)
- Sec 501- Printing or engraving matter known to be defamatory
- Sec 503- Criminal Intimidation (Sending threatening messages by email)
- Sec 505(1) and 505(2)- Statements conducting to public mischief
- Sec 507- Criminal Intimidation by anonymous communication (criminal intimidation by email or chat)
- Sec 509- Word, gesture or act intended to insult the modesty of a woman.
- Indian Copyright Act, 1957:
Sec 51, Sec 63 and Sec 63B talks about piracy and its offences
- Indian Evidence Act, 1872:
The provisions of the Indian Evidence Act relating to the digital and electronic evidences:
- 2(1) (t) defines Electronic Record- “Electronic record” means data, record or data generated, image or sound stored, received or sent in an electronic form or micro film or computer generated micro fiche.
- 3 (a) – Scope of definition of evidence expanded to include electronic records.
- 65B – Admissibility of electronic records -The person owning or in-charge of the computer from which the evidence is taken has to give certificate as to the genuineness of electronic record.
- Sec 85B- Presumption as to electronic records and electronic signatures
- 88A – Presumption as to electronic messages The Court may presume that an electronic message forwarded by the originator through an electronic mail server to the addressee to whom the message purports to be addressed corresponds with the message as fed into his computer for transmission; but the Court shall not make any presumption as to the person by whom such message was sent.
- Relevant provisions of the Indian Evidence Act, 1872 as amended by the Information Technology Act – sections 3, 17, 22A, 34, 35, 39, 47A, 59, 65A, 65B, 67A, 73A, 81, 85A, 85B, 88A, 90A, 131
RECENT CYBER ATTACK:
WannaCry ransomware attack is the most recent attack which occurred during May 2017. It is a worldwide attack. Their main target was the computers running Microsoft Windows operating system. It took control over infected computers and encrypted the contents of their hard drives, then demanded a payment in Bitcoin in order to decrypt them.
Computer forensics involves the
- documentation and
- Interpretation of computer data.
The three main steps in any computer forensic investigation are acquiring, authenticating and analysing of the data. The objective is to identify digital evidence. Their value is based on the method used to identify the evidences. Even it is used to understand the criminal behaviour of a person through the investigation of the data stored in their private computers. The digital evidences form important part of crime investigation.
Computers have become part of our lives and needs. Their dependency on them has led to the increase of cybercrimes. There has to still more amendments made to the IPC and Indian Evidence Act to penalise such misuse of the cyberspace. The speed with which technology develops makes this a continual concern. India has to develop a special legislations to fight against cybercrime.
About The Author:
This article is written by Monika T. of Alliance Law School, Bangalore.
 Florida Tech, A brief History of Cyber Crime, https://www.floridatechonline.com/blog/information-technology/a-brief-history-of-cyber-crime/ (lastly visited on 25/11/2017 03:04 pm)
 Harish Goel, Cyber Crime, 1 st Edition, Rajat Publications, New Delhi, 2007, p.11
 Josh Fruhlinger, What is a cyberattack? Recent examples show distributing trends, CSO online, https://www.csoonline.com/article/3237324/cyber-attacks-espionage/what-is-a-cyber-attack-recent-examples-show-disturbing-trends.html (lastly visited on 30/11/2017 at 05:40 pm)
 Jitender Kumar, Cyber Crime in India: An Overview, IJIR, Vol 3, 2017, ISSN: 2454-1362.