ultimate law

Information Technology Act 2000

Submitted To:Prof. Anant Amdekar

Submitted By:Abhimanyu MundraBhavana Lohia Geetesh ThakurHimanshu ShahJugal ShahKeshwanand Pandey

Rather than giving Information and Technology gives rise to more Cyber crimes

Kirti Shahu

Information Technology Act 2000 2

Table of Content

Sr. No.

Particulars Page No.

1 Introduction of Information Technology Act, 2000 (IT Act) 3

2 Advantages of IT Act 5

3 Shortcomings of IT Act 6

4 NASSCOM’s Contribution to IT in India 7

5 Introduction to Cyber Crime 10

6 Defining Cyber Crime 13

7 Types of Cyber Crime 14

8 Cyber Crime Statistics of India 21

9 Types of Cyber Criminals 22

10 Some of important Definition 23

11 Writing requirements 24

12 Penalties for Computer Crimes 24

13 Police Powers 25

14 Digital Signature 26

15 Possible use of E-Governance 28

16 MCA21 project under E-Governance 29

17 Contribution of Information Technology in Banking Sector 33

18 Comparison between India & China 36

19 Some Indian Case Studies 40

20 Conclusion 46

21 Suggestion 48

22 Bibliography 49


Information Technology Act 2000

Connectivity via the Internet has greatly abridged geographical distances

and made communication even more rapid. While activities in this limitless new

universe are increasing incessantly, laws must be formulated to monitor these

activities. Some countries have been rather vigilant and formed some laws

governing the net. In order to keep pace with the changing generation, the Indian

Parliament passed the much-awaited Information Technology Act, 2000 .As they

say,

"It’s better late than never".

However, even after it has been passed, a debate over certain controversial

issues continues. A large portion of the industrial community seems to be

dissatisfied with certain aspects of the Act. But on the whole, it is a step in the

right direction for India.

The Information Technology Act 2000 regulates the transactions relating

to the computer and the Internet.

The objectives of the Act as reflected in the Preamble to the Act are:

1. The Preamble to the Act states that it aims at providing legal -

recognition for transactions carried out by means of electronic data

interchange and other means of electronic communication,

commonly referred to as "electronic commerce", which involve the

use of alternatives to paper-based methods of communication and

storage of information and aims at facilitating electronic filing of

documents with the Government agencies.

2. To facilitate electronic filing of the document with the government

of India.

3. To give legal recognition to digital signature for accepting any

agreement via computer.

4. According to I.T. Act 2000, any company can store their data in

electronic storage.


5. To make more power to IPO, RBI and Indian Evidence act for

restricting electronic crime.

The General Assembly of the United Nations had adopted the Model Law

on Electronic Commerce adopted by the United Nations Commission on

International Trade Law (UNCITRAL) in its General Assembly Resolution

A/RES/51/162 dated January 30, 1997. The Indian Act is in keeping with this

resolution that recommended that member nations of the UN enact and modify

their laws according to the Model Law.

Thus with the enactment of this Act, Internet transactions will now be

recognized, on-line contracts will be enforceable and e-mails will be legally

acknowledged. It will tremendously augment domestic as well as international

trade and commerce.

The Information Technology Act extends to the whole of India and, saves

as otherwise provided in this Act , it applies also to any offence or contravention

there under committed outside India by any person.

However The Act does not apply to:

1. A negotiable instrument as defined in section 13 of the Negotiable

Instruments Act,1881;

2. A power-of-attorney as defined in section 1A of the Powers-of-

Attorney Act, 1882;

3. A trust as defined in section 3 of the Indian Trusts Act, 1882;

4. A will as defined in clause (h) of section 2 of the Indian Succession

Act, 1925 including any other testamentary disposition by whatever

name called;

5. Any contract for the sale or conveyance of immovable property or

any interest in such property;

6. Any such class of documents or transactions as may be notified by

the Central Government in the Official Gazette.


Advantages of I.T. Act 2000:-

1. Helpful to promote e-commerce

• Email is valid

• Digital signature is valid.

• Payment via credit card is valid.

• Online contract is valid

Above all things validity in eye of Indian law is very necessary. After making IT

act 2000, all above things are valid and these things are very helpful to promote

e-commerce in India.

2. Enhance the corporate business

After issuing digital signature, certificate by Certifying authority, now Indian

corporate business can enhance.

3. Filling online forms

After providing facility, filling online forms for different purposes has become so

easy.

4. High penalty for cyber crime

Law has power to penalize for doing any cyber crime. After making of this law,

nos. of cyber crime has reduced.


Shortcomings of I.T. Act 2000:-

1. Infringement of copyright has not been included in this law.

2. No protection for domain names.

3. The act is not applicable on the power of attorney, trusts and will.

4. Act is silent on taxation.

5. No, provision of payment of stamp duty on electronic documents


NASSCOM’s contribution to IT in India: NASSCOM is India's National Association of Software and Service Companies, the premier trade body and the chamber of commerce of the IT software and services industry in India. NASSCOM is a global trade body with over 1100 members, of which over 250 are global companies from the US, UK, EU, Japan and China. NASSCOM's member companies are in the business of software development, software services, software products, IT-enabled/BPO services and e-commerce.

NASSCOM was set up to facilitate business and trade in software and services and to encourage advancement of research in software technology. It is a not-for-profit organization, registered under the Societies Act, 1860.

NASSCOM has been the strongest proponent of global free trade in India. NASSCOM is committed to work proactively to encourage its members to adopt world class management practices, build and uphold highest quality standards and become globally competitive.

In India and around the world, NASSCOM members are participants in the new global economy and are reputed for their cutting-edge business practices and social initiatives.

NASSCOM's Vision

NASSCOM's vision is to establish India as the 21st century's software powerhouse and position the country as the global sourcing hub for software and services.

NASSCOM Membership

NASSCOM welcomes as members, companies and firms that are incorporated and/or are registered in India, which have made and will make positive contributions to the IT industry in India and globally. Member companies are expected to comply with the Association’s code of conduct.

Membership Strength

The membership of NASSCOM has been steadily increasing. In 1988, NASSCOM had 38 members, who together contributed close to 65 percent of the revenue of the software industry. Since then, membership of NASSCOM has grown multifold to reach over 1100 members. These members currently account for over 95 percent of the revenues of the software industry in India.

Here is a list of prominent members of executive council of NASSCOM.

Som Mittal - President of NASSCOM for 2009-2010 Pramod Bhasin - Chairman of NASSCOM(former) Harsh Manglik -Chairman of NASSCOM for 2010-2011 Mr. Rajendra S. Pawar as the new Chairman of its Executive Council for the year

2011-2012 (April 26, 2011)


http://en.wikipedia.org/wiki/Som_Mittal

http://en.wikipedia.org/wiki/Pramod_Bhasin

Aims and Objectives

The primary objective of NASSCOM is to act as a catalyst for the growth of the software driven IT industry in India. Other goals include facilitation of trade and business in software and services, encouragement and advancement of research, propagation of education and employment, enabling the growth of the Indian economy and provide compelling business benefits to global economies by global sourcing.

NASSCOM also endeavors to leverage IT and narrow the digital divide in India and enable her citizens to enjoy the benefits of IT. It also boosts the process of Innovation; IT workforce development and enhance cyber security.

NASSCOM is achieving its objectives by following a seven fold strategy: Partner with Government of India and State Governments in formulating IT policies

and legislation. Partner with global stakeholders for promoting the industry in global markets.

Strive for a thought leadership position and deliver world-class research and strategic inputs for the industry and its stakeholders.

Encourage members to uphold world class quality standards. Strive to uphold Intellectual Property Rights of its members. Strengthen the brand equity of India as a premier global sourcing destination. Expand the quantity and quality of the talent pool in India. Continuous engagement with all member companies and stakeholders to devise

strategies to achieve shared aspirations for the industry and the country.

Partnership with the Government

NASSCOM acts as an advisor, consultant and coordinating body for the software and

services industry in India.

NASSCOM has representatives in various committees in the Government of India including

the Ministry of Information Technology, Ministry of Commerce, the Ministry of Finance,

Department of Telecommunication, Ministry of Human Resources Development, Ministry of

Labor and the Ministry of External Affairs. NASSCOM also acts as a consulting body for

various State Governments in India.

NASSCOM has played a key role in enabling the government in India to develop industry

friendly policies. NASSCOM has been a proponent of free trade, arguing for zero tariff

protection, strong intellectual property and data protection laws, deregulation of the telecom

market and the creation of software technology parks and private sector participation in the

education system - measures which have resulted in significant growth of the industry.

NASSCOM has also been engaged with various governments overseas, to promote a win-win


partnership via global sourcing. NASSCOM also plays a role in engaging with global

alliances on software quality standards, immigration policies, WTO and free trade in services,

and next-generation best practices in global sourcing of services.

Partnership with Members

NASSCOM provides value-added services to its members to grow their business and create an ecosystem which promotes growth and profitability.

This includes: Forums for making business connections and sharing best practices Participation in seminars and conferences (in India and abroad) with customer

delegations Access to world-class research and market intelligence services; and counsel from

leading analysts and think tanks and consultants Access to knowledge of global business practices (taxation, legislation, immigration

policies, recruitment and branding) Opportunity to "give back" to the society by participation in NASSCOM Foundation,

IT Workforce development initiative and other digital divide initiatives

Contribute in development of global standards and thought leadership in areas of IP creation,

security, data protection, and next-generation software quality standards.


I ntroduction to Cyber Crime

The first recorded cyber crime took place in the year 1820! That is not

surprising considering the fact that the abacus, which is thought to be the earliest

form of a computer, has been around since 3500 B.C. in India, Japan and China.

The era of modern computers, however, began with the analytical engine of

Charles Babbage. Cyber crime is an evil having its origin in the growing

dependence on computers in modern life. In a day and age when everything from

microwave ovens and refrigerators to nuclear power plants is being run on

computers, cyber crime has assumed rather sinister implications. Major cyber

crimes in the recent past include the Citibank rip off. US $ 10 million were

fraudulently transferred out of the bank and into a bank account in Switzerland. A

Russian hacker group led by Vladimir Kevin, a renowned hacker, perpetrated the

attack. The group compromised the bank's security systems. Vladimir was

allegedly using his office computer at AO Saturn, a computer firm in St.

Petersburg, Russia, to break into Citibank computers. He was finally arrested on

Heathrow airport on his way to Switzerland.

With increased use of computers in homes and offices, there has been a

proliferation of computer-related crimes. These crimes include:

(i) Crimes committed by using computers as a means, including

conventional crimes.

(ii) Crimes in which computers are targets.

The Internet in India is growing rapidly. It has given rise to new opportunities

in every field we can think of – be it entertainment, business, sports or education.

There are two sides to a coin. Internet also has its own disadvantages. One of the

major disadvantages is Cybercrime – illegal activity committed on the Internet.

The Internet, along with its advantages, has also exposed us to security risks that

come with connecting to a large network. Computers today are being misused for

illegal activities like e-mail espionage, credit card fraud, spams, and software

piracy and so on, which invade our privacy and offend our senses. Criminal

activities in the cyberspace are on the rise.


Success in any field of human activity leads to crime that needs

mechanisms to control it. Legal provisions should provide assurance to users,

empowerment to law enforcement agencies and deterrence to criminals. The law

is as stringent as its enforcement. Crime is no longer limited to space, time or a

group of people. Cyber space creates moral, civil and criminal wrongs. It has now

given a new way to express criminal tendencies. Back in 1990, less than 100,000

people were able to log on to the Internet worldwide. Now around 500 million

people are hooked up to surf the net around the globe.

"The modern thief can steal more with a computer than with a gun.

Tomorrow's terrorist may be able to do more damage with a keyboard than

with a bomb".

Until recently, many information technology (IT) professionals lacked

awareness of and interest in the cyber crime phenomenon. In many cases, law

enforcement officers have lacked the tools needed to tackle the problem; old laws

didn’t quite fit the crimes being committed, new laws hadn’t quite caught up to

the reality of what was happening, and there were few court precedents to look to

for guidance? Furthermore, debates over privacy issues hampered the ability of

enforcement agents to gather the evidence needed to prosecute these new cases.

Finally, there was a certain amount of antipathy—or at the least, distrust—

between the two most important players in any effective fight against cyber

crime: law enforcement agencies and computer professionals. Yet close

cooperation between the two is crucial if we are to control the cyber crime

problem and make the Internet a safe “place” for its users.

In the world of cyber crime, evil bytes are fast replacing whizzing bullets.

The Indian authorities are aware of the fight ahead. But the future does not look

optimistic, shares experts.

Life is about a mix of good and evil. So is the Internet. For all the good it

does us, cyberspace has its dark sides too. Unlike conventional communities

though, there are no policemen patrolling the information superhighway, leaving

it open to everything from Trojan horses and viruses to cyber stalking, trademark

counterfeiting and cyber terrorism.


Given the unrestricted number of free Web sites, the Internet is undeniably

open to exploitation. Known as cyber crimes, these activities involve the use of

computers, the Internet, cyberspace and the World Wide Web. "Any criminal

activity that uses a computer either as an instrumentality, target or a means for

perpetuating further crimes comes within the ambit of cyber crime," says

Supreme Court advocate and cyber law expert Pavan Duggal.

While the worldwide scenario on cyber crime looks bleak, the situation in

India isn't any better. There are no concrete statistics but, according to Duggal,

Indian corporate and government sites have been attacked or defaced more than

780 times between February 2000 and December 2002.

Mr. Duggal stated that, Despite the Information Technology Act, 2000,

there are still several grey areas that exist within the law. "The IT Act, 2000, is

primarily meant to be a legislation to promote e-commerce. It is not very

effective in dealing with several emerging cyber crimes like cyber harassment,

defamation, stalking and so on."


Defining Cyber Crime

Defining cyber crimes, as "acts that are punishable by the Information

Technology Act" would be unsuitable as the Indian Penal Code also covers many

cyber crimes, such as email spoofing and cyber defamation, sending threatening

emails etc. A simple yet sturdy definition of cyber crime would be "unlawful acts

wherein the computer is either a tool or a target or both".

Information Technology Act & Indian Penal Code

All cyber crimes do not come under the IT Act. Many cyber crimes come under

the Indian Penal Code.

Sending threatening messages by email: Section 506 IPC

Sending defamatory messages by email : Section 499 IPC

Web-jacking: Section 383 IPC

Online sale of narcotics: NDPS Act

Online sale of weapons: Arms Act

E- mail Abuse: Section 500 IPC

Hacking: Section 66 IT Act

Pornography: Section 67 IT Act

Virus attacks: Section 43, 66 IT Act

Salami attacks: Section 66 IT Act


Types of Cyber Crimes

Financial crimes

This would include cheating, credit card frauds, money laundering etc. To

cite a recent case, a website offered to sell Alphonso mangoes at a throwaway

price. Distrusting such a transaction, very few people responded to or supplied

the website with their credit card numbers. These people were actually sent the

Alphonso mangoes. The word about this website now spread like wildfire.

Thousands of people from all over the country responded and ordered mangoes by

providing their credit card numbers. The owners of what was later proven to be a

bogus website then fled taking the numerous credit card numbers and proceeded

to spend huge amounts of money much to the chagrin of the card owners.

Caselet: Wipro Spectra mind lost the telemarketing contract from Capital

one due to an organized crime. The telemarketing executives offered fake

discounts, free gifts to the Americans in order to boost the sales of the Capital

one. The internal audit revealed the fact and surprisingly it was also noted that

the superiors of these telemarketers were also involved in the whole scenario.

Cyber pornography

This would include pornographic websites; pornographic magazines

produced using computers (to publish and print the material) and the Internet (to

download and transmit pornographic pictures, photos, writings etc). Recent Indian

incidents revolving around cyber pornography include the Air Force Balbharati

School case. A student of the Air Force Balbharati School, Delhi, was teased by

all his classmates for having a pockmarked face. Tired of the cruel jokes, he

decided to get back at his tormentors. He scanned photographs of his classmates

and teachers, morphed them with nude photographs and put them up on a website

that he uploaded on to a free web hosting service. It was only after the father of

one of the class girls featured on the website objected and lodged a complaint

with the police that any action was taken.

In another incident, in Mumbai a Swiss couple would gather slum children

and then would force them to appear for obscene photographs. They would then

upload these photographs to websites specially designed for paedophiles. The

Mumbai police arrested the couple for pornography.


http://www.indiaforensic.com/wipro.htm

Sale of illegal articles

This would include sale of narcotics, weapons and wildlife etc., by posting

information on websites, auction websites, and bulletin boards or 167 simply by

using email communication. E.g. many of the auction sites even in India are

believed to be selling cocaine in the name of 'honey'.

Phishing

In computing, phishing (also known as carding and spoofing) is a form of

social engineering, characterized by attempts to fraudulently acquire sensitive

information, such as passwords and credit card details, by masquerading as a

trustworthy person or business in an apparently official electronic

communication, such as an email or an instant message. The term phishing arises

from the use of increasingly sophisticated lures to "fish" for users' financial

information and passwords.

Caselet: RBI Phishing Scam: In a daring phishing attack of its kind, the fraudsters

even have not spared the Reserve Bank of India. The phishing email disguised as originating

from the RBI, promised its recipient prize money of Rs.10 Lakhs within 48 hours, by giving a

link which leads the user to a website that resembles the official website of RBI with the

similar logo and web address. The user is then asked to reveal his personal information like

password, I-pin number and savings account number. However, the RBI posted a warning

regarding the fraudulent phishing e-mail on the bank's official website.

Online gambling

There are millions of websites; all hosted on servers abroad, that offer

online gambling. In fact, it is believed that many of these websites are actually

fronts for money laundering.

Caselet: Recent Indian case about cyber lotto was very interesting. A man

called Kola Mohan invented the story of winning the Euro Lottery. He himself

created a website and an email address on the Internet with the address

'[email protected].' Whenever accessed, the site would name him as the

beneficiary of the 12.5 million pound. After confirmation a telgu newspaper

published this as news. He collected huge sums from the public as well as from

some banks for mobilization of the deposits in foreign currency. However, the


fraud came to light when a cheque discounted by him with the Andhra Bank for

Rs 1.73 million bounced. Mohan had pledged with Andhra Bank the copy of a

bond certificate purportedly issued by Midland Bank, Sheffields, London stating

that a term deposit of 12.5 million was held in his name.

Intellectual Property crimes

These include software piracy, copyright infringement, trademarks

violations, theft of computer source code etc.

Caselet: These include software piracy, copyright infringement,

trademarks violations, theft of computer source code etc. In other words this is

also referred to as cybersquatting. Satyam Vs. Siffy is the most widely known

case. Bharti Cellular Ltd. filed a case in the Delhi High Court that some cyber

squatters had registered domain names such as barticellular.com and

bhartimobile.com with Network solutions under different fictitious names. The

court directed Network Solutions not to transfer the domain names in question to

any third party and the matter is sub-judice.

Cyber Defamation

This occurs when defamation takes place with the help of computers and or the

Internet. E.g. someone publishes defamatory matter about someone on a website

or sends e-mails containing defamatory information to all of that person's friends.

Caselet: India’s first case of cyber defamation was reported when a

company’s employee started sending derogatory, defamatory and obscene e-mails

about its Managing Director. The e-mails were anonymous and frequent, and were

sent to many of their business associates to tarnish the image and goodwill of the

company. The company was able to identify the employee with the help of a

private computer expert and moved to the Delhi High Court. The court granted an

ad-interim injunction and restrained the employee from sending, publishing and

transmitting e-mails, which are defamatory or derogatory to the plaintiffs.


Cyber stalking

The Oxford dictionary defines stalking as "pursuing stealthily". Cyber

stalking involves following a person's movements across the Internet by posting

messages (sometimes threatening) on the bulletin boards frequented by the

victim, entering the chat-rooms frequented by the victim, constantly bombarding

the victim with emails etc.

Caselet: Ritu Kohli has the dubious distinction of being the first lady to

register the cyber stalking case. A friend of her husband gave her telephonic

number in the general chat room. The general chatting facility is provided by

some websites like MIRC and ICQ, Where the person can easily chat without

disclosing his true identity. The friend of husband also encouraged this chatters to

speak in slang language to Ms. Kohli.

Unauthorized access to computer systems or networks

This activity is commonly referred to as hacking. The Indian law has

however given a different connotation to the term hacking, so we will not use the

term "unauthorized access" interchangeably with the term "hacking".

Caselet: However, as per Indian law, unauthorized access does occur, if

hacking has taken place. An active hackers’ group, led by one “Dr. Nuker”, who

claims to be the founder of Pakistan Hackerz Club, reportedly hacked the

websites of the Indian Parliament, Ahmedabad Telephone Exchange, Engineering

Export Promotion Council, and United Nations (India).

Sending threatening emails

Caselet: A 16 year old student from Ahmadabad who threatened to blow up

Andheri Railway station in an email message was found guilty by the Juvenile

court in Mumbai. A private news channel received an email on 18 March 2008

claiming sender as Dawood Ibrahim gang saying a bomb would be planted on an

unspecified train to blow it up. The case was registered in Andheri Police station

under section 506 of IPC and transferred to cyber crime investigation cell. During

Investigation CCIC traced the cyber cafe from which the email account was

created and threatening email was sent. Cafe owner told police about friends

which had come that day to surf the net. Police summoned them and found that


the system which was used to send email was accessed by only one customer. On

22nd March 08, police arrested the boy a Class XII science student who during

interrogation said that he sent the email for fun of having his prank flashed as

“breaking news’’ on

television.

Salami attacks

These attacks are used for the commission of financial crimes. The key

here is to make the alteration so insignificant that in a single case it would go

completely unnoticed.

Virus / worm attacks

Viruses are programs that attach themselves to a computer or a file and

then circulate themselves to other files and to other computers on a network. They

usually affect the data on a computer, either by altering or deleting it. Worms,

unlike viruses do not need the host to attach themselves to. They merely make

functional copies of themselves and do this repeatedly till they eat up all the

available space on a computer's memory

Caselet: E.g. love bug virus, which affected at least 5 % of the computers of the

globe. The losses were accounted to be $ 10 million. The world's most famous worm was the

Internet worm let loose on the Internet by Robert Morris in 1988 that almost brought

development of Internet to a complete halt.

Logic bombs

These are event dependent programs. This implies that these programs are

created to do something only when a certain event (known as a trigger event)

occurs. E.g. even some viruses may be termed logic bombs because they lie

dormant all through the year and become active only on a particular date


Trojan attacks

A Trojan as this program is aptly called is an unauthorized program which

functions from inside what seems to be an authorized program, thereby

concealing what it is actually doing.

Web jacking

This occurs when someone forcefully takes control of a website (by

cracking the password and later changing it). The actual owner of the website

does not have any more control over what appears on that website in a recent

incident reported in the USA the owner of a hobby website for children received

an e-mail informing her that a group of hackers had gained control over her

website.

Caselet: Recently the site of MIT (Ministry of Information Technology) was hacked by the Pakistani hackers and some obscene matter was placed therein. Further the site of Bombay crime branch was also web jacked. Another case of web jacking is that of the ‘gold fish’ case. In this case the site was hacked and the information pertaining to gold fish was changed. Further a ransom of US $ 1 million was demanded as ransom. Thus web jacking is a process where by control over the site of another is made backed by some consideration for it.

Pay-Per Click Fraud

Caselet: Click fraud (sometimes called pay-per-click fraud) is the practice

of artificially inflating traffic statistics to defraud advertisers or Web sites that

provide venues for advertisers. In the common pay-per-click advertising model,

advertisers pay a fee for each click on their link. According to a CNET News

article some industry segments have costs-per-click of several dollars. By using

automated clicking programs (called hit bots) or employing low-cost workers to

click the links, the perpetrators create the illusion that a large number of potential

customers are clicking the advertiser's links, when in fact there is no likelihood

that any of the clicks will lead to profit for the advertiser.

Click fraud scammers often take advantage of the affiliate programs offered by

some Web sites, such as Google and Yahoo! Search Marketing. The scammers

sign up for the affiliate programs, agreeing to provide further exposure to the

advertising in question and receiving a portion of the pay-per-click fees in return.

The perpetrators place the ads on Web sites created solely for this purpose that,


naturally, doesn’t have any real traffic. Once the ads are in place, the hitbots or

workers generate large volumes of fraudulent clicks, often in a very short time

period, for which the scammer bills the owner of the affiliate program. Both

Google and Yahoo! Search Marketing have had to reimburse advertisers for pay-

per-click fees that were discovered to have been the result of click fraud.


Cyber Crime Statistics of India

Source:-http://www.consumerfraudreporting.org/internet_scam_statistics.htm


Types of Cyber Criminals

Kids (age group 9-16 etc.)

It seems really difficult to believe but it is true. Most amateur hackers and

cyber criminals are teenagers. To them, who have just begun to understand what

appears to be a lot about computers, it is a matter of pride to have hacked into a

computer system or a website. There is also that little issue of appearing really

smart among friends. These young rebels may also commit cyber crimes without

really knowing that they are doing anything wrong.

Organized hacktivists

Hacktivists are hackers with a particular (mostly political) motive. In other

cases this reason can be social activism, religious activism, etc. The attacks on

approximately 200 prominent Indian websites by a group of hackers known as

Pakistani Cyber Warriors are a good example of political hacktivists at work.

Disgruntled employees

One can hardly believe how spiteful displeased employees can become. Till

now they had the option of going on strike against their bosses. Now, with the

increase independence on computers and the automation of processes, it is easier

for disgruntled employees to do more harm to their employers by committing

computer related crimes, which can bring entire systems down.

Professional hackers (corporate espionage)

Extensive computerization has resulted in business organizations storing

all their information in electronic form. Rival organizations employ hackers to

steal industrial secrets and other information that could be beneficial to them. The

temptation to use professional hackers for industrial espionage also stems from

the fact that physical presence required to gain access to important documents is

rendered needless if hacking can retrieve those.


Some of the Important Definition

1. "Affixing digital signature" with its grammatical variations and cognate

expressions means adoption of any methodology or procedure by a person

for the purpose of authenticating an electronic record by means of digital

signature;

2. "Certifying Authority" means a person who has been granted a licence to

issue a Digital Signature Certificate under section 24;

3. "Certification practice statement" means a statement issued by a

Certifying Authority to specify the practices that the Certifying Authority

employs in issuing Digital Signature Certificates;

4. "Digital signature" means authentication of any electronic record by a

subscriber by means of an electronic method or procedure in accordance

with the provisions of section 3;

5. "Digital Signature Certificate" means a Digital Signature Certificate

issued under subsection of section 35;

6. "Electronic form" with reference to information means any information

generated, sent, received or stored in media, magnetic, optical, computer

memory, micro film, computer generated micro fiche or similar device;

7. "Secure system" means computer hardware, software, and procedure that—

(a) are reasonably secure from unauthorised access and misuse;

(b) provide a reasonable level of reliability and correct operation;

(c) are reasonably suited to performing the intended functions; and

(d) adhere to generally accepted security procedures;


Writing requirements

Section 4 of the Act states that when under any particular law, if any

information is to be provided in writing or typewritten or printed form, then

notwithstanding that law, the same information can be provided in electronic

form, which can also be accessed for any future reference. This non-obstinate

provision will make it possible to enter into legally binding contracts on-line!

Penalties for Computer Crimes


Source:- http://www.indiaitlaw.com/comcriact.htm

Police Powers

A police officer not below the rank of deputy superintendent of police has

the power to enter any public place and arrest any person without a warrant if he

believes that a cyber crime has been or is about to be committed. This provision

may not turn to be very effective for the simple reason that most of the cyber

crimes are committed from private places such as ones own home or office.

Cyber-cafés and public places are rarely used for cyber crimes. However, if the

Act did give the police department powers to enter people’s houses without

search warrants, it would amount to an invasion of the right to privacy and create

pandemonium. Keeping this in mind, the Legislature has tried to balance this

provision so as to serve the ends of justice and at the same time, avoid any chaos.

On being arrested, the accused person must, without any unnecessary

delay, be taken or sent to the magistrate having jurisdiction or to the officer-in-

charge of a police station. The provisions of the Code of Criminal Procedure,

1973 shall apply in relation to any entry, search or arrest made by the police

officer.


Digital Signature

Digital Signature means authentication of any electronic record by a

subscriber by means of an electronic method or procedure.

Rapid developments in e-business pose a growing need for online security

and authentication. Many emerging technologies are being developed to provide

online authentication. The major concern in e-business transactions is the need

for the replacement of the hand-written signature with an online signature. The

traditional e-mail system, which has problems of message integrity and non-

repudiation, does not fulfil the basic requirements for an online signature.

Further, since the Internet communication system is prone to various types of

security breaches, the discussion of robust and authenticated e-business

transactions is incomplete without consideration of ‘security’ as a prominent

aspect of ‘online signatures’.

One may consider an e-signature as a type of electronic authentication.

Such authentication can be achieved by means of different types of technologies.

A Digital Signature (DS) can be considered as a type of e-signature, which uses a

particular kind of technology that is DS technology. DS technology involves

encrypting messages in such a way that only legitimate parties are able to decrypt

the message. Two separate but interrelated ‘keys’ carry out this process of

encryption and decryption.

One party in the transactions holds the secret key, or the private key, and

the other party holds the public key or the key with wide access. The selection

and use of an encryption technique plays a crucial role in the design and

development of keys. In short, a DS satisfies all the functions, such as

authenticity, non-repudiation, and security, of a hand-written signature. Such a

‘signature’ can be viewed as a means of authentication and can be owned by an

individual. While using this technology, there must be third party involvement

order to handle the liability issues that may be raised by bilateral transactions.

With this existing legal infrastructure and the rapid emergence of software

security products, it is important to understand the role of emerging technologies


like DS in e-business. One of the major indicators of technological improvements

is the market development and commercialization of that technology.

Legitimacy and Use of Digital Signatures

The Act has adopted the Public Key Infrastructure for securing electronic

transactions. As per Section 3 of the Act, a digital signature means an

authentication of any electronic record by a subscriber by means of an electronic

method or procedure in accordance with the other provisions of the Act. Thus a

subscriber can authenticate an electronic record by affixing his digital signature.

A private key is used to create a digital signature whereas a public key is used to

verify the digital signature and electronic record. They both are unique for each

subscriber and together form a functioning key pair.

Section 5 provides that when any information or other matter needs to be

authenticated by the signature of a person, the same can be authenticated by

means of the digital signature affixed in a manner prescribed by the Central

Government. Under Section 10, the Central Government has powers to make rules

prescribing the type of digital signature, the manner in which it shall be affixed,

the procedure to identify the person affixing the signature, the maintenance of

integrity, security and confidentiality of electronic records or payments and rules

regarding any other appropriate matters.

Furthermore, these digital signatures are to be authenticated by Certifying

Authorities (CA’s) appointed under the Act. These authorities would inter alias;

have the license to issue Digital Signature Certificates (DSC’s). The applicant

must have a private key that can create a digital signature. This private key and

the public key listed on the DSC must form the functioning key pair.

Once the subscriber has accepted the DSC, he shall generate the key pair

by applying the security procedure. Every subscriber is under an obligation to

exercise reasonable care and caution to retain control of the private key

corresponding to the public key listed in his DSC. The subscriber must take all

precautions not to disclose the private key to any third party. If however, the

private key is compromised, he must communicate the same to the Certifying

Authority (CA) without any delay.


Possible Uses of E-Governance

The future of e-governance is very bright. With the help of information

technology, the daily matters can be effectively taken care of irrespective of the

field covered by it. For instance, the Delhi Police Headquarter has launched a

website, which can be used for lodging a First Information Report. Similarly, the

Patna High Court has taken a bold step of granting bail on the basis of an online

bail application. The educational institutions, including universities, are issuing

admission forms electronically, which can be downloaded from their respective

websites. The results of examinations of various educational institutions, both

school level and university level, are available online, which can be obtained

without any trouble. These are but some of the instances of the use of technology

for a better e-governance.

The beneficial concept of e-governance can be utilized for the following

purposes:

To have access to public documents.

For making online payments of various bills and dues.

To file statutory documents online.

To file the complaints, grievances and suggestions of citizens online.

The online facility can be used to enter into a partnership the appropriate

government in cases of government contracts.

The citizens can use the online facility to file their income tax returns.

The citizens will enjoy the facility of online services.


MCA21 project under E-Governance

Background

Keeping in tune with the E-Governance initiatives the world over, Ministry of Company Affairs (MCA), Government of India, has initiated the MCA21 project, which will enable an easy and secure access to MCA services in a manner that best suits the corporate entities and professionals besides the public. MCA21 is intended to achieve all the objectives of a versatile E-Governance project. The project is named as MCA21 as it aims at repositioning MCA as an organization capable of fulfilling the aspirations of its stakeholders in the 21st century. Rather than compelling the business community to physically travel to MCA offices, MCA services will be made available at the place of their choice, be it their homes or offices. The major components involved in this comprehensive E-Governance project are Front Office and Back Office.

The MCA21 project is designed to fully automate all processes related to the proactive enforcement and compliance of the legal requirements under the Companies Act, 1956. This will help the business community to meet their statutory obligations. From the customer perspective, the Front Office operations assume significance, which would be administered through the Front Office portal. The entire Back Office operations of the MCA would be automated so as to achieve the objective of a user friendly computerized environment. My MCA portal is the single point of contact for all MCA related services, which can be easily accessed over the Internet by all users.

The project also envisages a cost effective integrated software solution for computerizing various in‐house functions like Human Resources Management, Payroll, Accounting and Finance for internal users (employees) of MCA. Permanent documents of existing companies like memorandum of association, articles of association, current charge documents, are presently maintained in paper form across various Registrar of Companies (RoC) offices. These documents are being converted into electronic format and it is being carried out at the respective RoC offices as part of this project.

The scope of MCA21 project covers only the offices of RoCs, Regional Directors and the Headquarters at New Delhi. It does not include other offices of MCA like Official Liquidators, Company Law Board / Tribunal and Courts. The success of the service oriented approach, the most fundamental ingredient of this project, will depend greatly on analyzing and responding to the needs of all stakeholders. To that extent, the project will develop a mechanism to constantly develop and improve the MCA21 system. It will be made possible by analyzing usage patterns and error/status messages as well as feedback from the customers comprising the corporate, professionals and the public.

Key Benefits of MCA21 Project

MCA21 seeks to fulfill the requirements of the various stakeholders including the corporate, professionals, public, financial institutions and banks, Government and the MCA employees. The key benefits of MCA21 project are as follows:

a) On line incorporation of companies on line b) Simplified and easy mode of filing of Forms/ Returns c) Registration as well as verification of charges anytime and from anywhere d) Inspection of public documents of companies anytime from anywhere e) Corporate centric approach


f) Building up a centralized database repository of corporate operating in India g) Enhanced service level fulfillment and customer relationship building h) Total transparency through E-Governance i) Timely redressed of investor grievances j) Availability of more time for MCA employees for qualitative analysis of

corporate information

An Overview of MCA set up

The MCA mainly administers the Companies Act, 1956 and The Monopolies and Restrictive Trade Practices Act 1969. Besides, it also administers the following Acts:

a) The Competition Act, 2002 b) The Chartered Accountants Act, 1949 c) The Costs and Works Accounts Act, 1959 d) The Company Secretaries Act, 1980 e) The Partnership Act, 1932 f) The Societies Registration Act, 1860 g) The Companies (Donation to National Fund) Act, 1951

The MCA, which functions under overall direction and supervision of the Minister of Company Affairs, has a three tier organizational set up for administration of the Act, namely, the Headquarters at New Delhi, the Regional Directors at Mumbai, Kolkata, Chennai and Noida and the RoCs in States and Union Territories. The Official Liquidators who are attached to various High Courts functioning in the country are also under the overall administrative control of the Ministry. The Company Law Board, a quasi judicial body, has its Principal Bench at Delhi, an additional Principal Bench for Southern States at Chennai and four Regional Benches located at Delhi, Mumbai, Kolkata and Chennai.

The four Regional Directors are in charge of the respective regions, each region comprising a number of States and Union Territories. They supervise the working of the offices of the RoCs and the Official Liquidators working in their regions. They also maintain liaison with the respective State Governments and the Central Government in matters relating to the administration of the Companies Act. Certain powers of the Central Government under the Act have been delegated to the Regional Directors. There is also an inspection unit attached to the office of every Regional Director for carrying out the inspection of the books of accounts of Companies under Section 209A of the Companies Act.

RoCs appointed under Section 609 of the Companies Act and covering the various States and Union Territories are vested with the primary duty of registering companies in the respective States and the Union Territories and ensuring that such companies comply with statutory requirements under the Act. These offices function as registry of records, relating to the companies registered with them, which are available for inspection by members of public on payment of the prescribed fee. The Central Government exercises administrative control over these offices through the respective Regional Directors.


Services Available on MCA21

The following services will be available under the MCA21 Project: Registration and incorporation of new companies Filing of Annual Returns and Balance Sheets Filing of forms for change of names/address/Director’s details Registration and verification of charges Inspection of documents Applications for various statutory services from MCA Investor grievance redressed

Organization of RoC Office under MCA

The RoC office working from its present address will virtually become the Back Office of the Ministry. There are likely to be a number of companies/entities who may find it difficult to switch over to e-Filing at the initial stage. Facilitation Centers known as Physical Front Offices (PFOs) are being set up at 53 locations throughout the country to provide requisite comfort for e-Filing to such companies.

1. Front Office (FO)

The Front Office represents the interface of the corporate and public user with the MCA21 system. This comprises of Virtual Front Office and Physical Front Office. Virtual Front Office merely represents a computer facility for filing of digitally signed e-Forms by accessing the My MCA portal through Internet. It also pre supposes availability of related facilities to convert documents into PDF format and scanning of documents wherever required. When a company or user does not have these computer facilities, it can avail of these facilities at the designated facilitation centers, known as the Physical Front Offices.

2. Virtual Front Office (VFO)

Virtual Front Office facilitates online filing of the e-Forms using Internet. The system automatically does pre scrutiny of the e-Forms filed and indicates error messages in case of incomplete or invalid particulars. Upon successful submission, a Service Request Number (SRN) will be generated by the system for the user, which will be used for future correspondence with MCA. The system calculates the fee payable for the form and accepts online payment through credit cards and Internet banking. There is also an option to make offline payment at designated bank branches through challan generated by the system. In the latter case, the MCA system gets updated on the realizations made by the designated banks on a daily basis.

Virtual Front Office is meant for electronically delivering services at a place and time convenient to the business community through the Front Office portal. The following are the system requirements for VFO:

A Personal Computer Web Browser – Internet Explorer, Netscape Navigator Internet access Adobe Acrobat Reader 7.0.5 WinZip 8.0 Scanner (for scanning of paper documents to be filed as attachments to e-Form)


Printer (for printing bank payment challan or service fee bill)

Thus, you have a Virtual Front Office in your home/office with the above mentioned facilities. You can even use a cyber café or kiosk equipped with above facilities as a Virtual Front Office.

3. Physical Front Office (PFO)

Physical Front Office replaces the existing RoC office counters. It is meant to serve as a facilitation centre to facilitate filing of e-Forms, scanning attachments to e-Forms, generating challans for making payment of fees at the designated bank and finally, uploading the filled in digitally signed e-Forms. The Physical Front Offices will be designed to facilitate electronic delivery of services, similar to the type available at the Virtual Front Office, and will serve corporate who do not have access to computers and Internet.

As part of MCA21, adequate number of Physical Front Offices, including Temporary Front Offices (TFOs), to cater to peak seasonal load, will be established throughout the country to serve better the interests of corporate and professionals. The details of likely Physical Front Offices are given in Appendix A. The finalized address of Physical Front Office in your city can be referred from My MCA portal. While encouraging customers to use Virtual Front Office for fulfilling their obligations as stipulated under the Companies Act 1956, Physical Front Offices would ensure a smooth transition to fully electronic delivery of MCA services. Members of the business community can walk into these offices and obtain services. All the services for scanning and uploading of e-Forms at PFOs would be available free of cost in the Physical Front Offices. Since these facilitation centers are being set up to facilitate e-Filing during the transition period, these will remain operational for a period of three years only, by which time, it is expected that all clients will operate through Virtual Front Offices.

Back Office

The Back Office represents the office of RoCs, Regional Directors, and Headquarters

and takes care of internal processing of the forms filed by the corporate user as per MCA

norms and guidelines. The e-Forms will be routed dynamically to the concerned

authority for processing depending upon the assigned role. All the e-Forms along with

the attachments will be stored in the electronic repository, which the staff of MCA can view

depending upon the access rights.


Contribution of Information Technology in Banking Sector

IT in the Indian Financial Sector – the Beginnings

1. The use of technology in expanding banking has been a key focus area of the Reserve Bank. Technological innovation not only enables a broader reach for consumer banking and financial services, but also enhances its capacity for continued and inclusive growth.

2. There are several factors attributed to India’s high growth in the recent period - improved productivity, growing entrepreneurial spirit, and higher savings, to name the most important. But one factor usually goes unacknowledged – that is financial intermediation. Improvement in the quantum and quality of financial intermediation ranks along with other factors that are mentioned above is a key growth driver. And one of the factors that drove the improvement in the quantum and quality of financial intermediation is more wide spread and more efficient use of IT.

3. Implementing IT in an Indian banking system dominated by government-owned banks has not been easy. In his book ‘Imagining India – Ideas for the New Century’, Nandan Nilekani makes interesting references to this issue. He writes about his travels around the country in the early 1990s, speaking about the role of, what was then called in typical Indian English as ‘electronification’ in Indian banking. After one such presentation, Nandan writes, the chairman of a bank advised him to stop preaching, warning him that (quote), ‘The unions will gherao you in your house!’ Nandan goes on to describe another presentation before an incredibly hostile audience, who dismissed out of hand all his ideas and suggestions. But at the end of the presentation, the union leader told him privately that both his sons were working for Microsoft on software solutions.

Initial days of IT implementation at the Reserve Bank, systems had to be smuggled into the office when ‘the world was sleeping’. IT implementation no longer faces opposition from any quarter. Indeed, everyone welcomes it. Even the trade unions have become extensive users of technology.

IT in the Indian Financial Sector – Status Today

1. More than most other industries, banks and financial institutions rely on gathering, processing, analyzing and providing information in order to meet the needs of customers. Given the importance of information in banking, it is not surprising that banks were among the earliest adopters of automated information processing technology. The visible benefits of IT in day-to-day banking in India are quite well known. There’s ‘Anywhere Banking’ through Core Banking Systems, ‘Anytime Banking’ through new, 24*7*365 delivery channels such as Automated Teller Machines (ATMs), and Net and Mobile Banking.

In addition, IT has enabled the efficient, accurate and timely management of the increased transaction volume that comes with a larger customer base. It has also facilitated the movement from class banking to mass banking.

2. The past few years saw RBI marking some major milestones in the Indian payment and settlement systems. The introduction of the Real Time Gross Settlement (RTGS) System has resulted in compliance with the Basle Core Principles for Systemically Important Payment Systems of the Bank for International Settlements. It also has paved the way for risk-free, credit push based fund transfers settled on a real-time basis and in central bank money. The facility for inter-bank funds settlement through RTGS is today available


across more than 55,000 bank branches, in more than 2500 regional centers across the country – a coverage span perhaps not seen anywhere else in the world.

Now, let’s compare today’s situation with what was in place in 2004, when only 4,800 branches offered RTGS. The rapid acceptance of RTGS by users can be measured by the daily transaction volume: today, close to 100,000 transactions a day in the RTGS mode, up from just about 6000 transactions a day in 2004-05.

3. In fact, quick, safe and efficient electronic movement of funds from virtually any part of the country to any other location is now almost guaranteed. This is enabled by the coordination with the National Electronic Funds transfer (NEFT) System and the National Electronic Clearing Service (NECS). In 2005, RBI was clearing about 2.70 lakh NEFT transactions a month. This number has jumped exponentially to nearly 40 lakh a month today. The establishment of the legal framework for all of this – in the form of the Payment and Settlement Systems Act, 2007 – provides the requisite supportive structure for these systems.

4. The extent of customer migration to electronic payments in India. From less than half a percent of transactions in the electronic mode in 2001, today we process close to about 30 crore transactions per year in the electronic mode. The same holds true for RBI’s recent initiative away from High Value Clearing to electronic modes – a move aimed at creating a safer, secure and credit-push based funds transfer route that has gained considerable traction.

5. There are developments seen in the communication network and messaging system in India. This Institute for Development and Research in Banking Technology (IDRBT), set up by the RBI in 1997, implemented the INdianFInancialNETwork – the INFINET – a ‘one-of-a-kind’ initiative for the banking sector aimed at sharing expensive IT resources so as to achieve economies of scale. One of IDRBT’s notable achievements has been the implementation of Public Key Infrastructure (PKI) - based electronic data transfer with very high security levels. The Institute also developed a messaging standard called Structured Financial Messaging System (SFMS) with security features superior even to SWIFT. Today INFINET has migrated to the latest MPLS technology in an effort to provide a state-of-the-art network.

6. IDRBT also set up the National Financial Switch for interconnecting ATMs. It’s interesting to note that at the turn of the century, there were only about 4000 ATMs in all of India, and today there are more than ten times this number, and all of them interconnected. These changes have enabled RBI to take major step in this area. Like, ATM card holders can use any ATM in the country irrespective of which bank issued them the card.

7. Given the growing importance of IT in the banking sector, it is appropriate that the IDRBT provides incentives to the IT-based operations of commercial banks by evaluating their IT capabilities and motivating them to push for improvements by instituting awards.

IT in the Financial Sector: the Continuing Agenda

1. Information technologies and the innovations they enable are strategic tools for enhancing the value of customer relationship. They reduce the costs of financial transactions, improve the allocation of financial resources, and increase the competitiveness and efficiency of financial institutions.


2. Even as the achievements of IT in the banking sector are impressive, RBI has a big agenda on the way forward. Current financial sector leaders still need to take greater advantage of new technologies and information-based systems and expand the coverage of the Indian banking and financial system. For instance, the potential of IT in extending banking services to under-served markets in rural and semi-urban areas is enormous. The use of Smart Card technology, mobile ATMs, coverage of post offices under electronic payments networks in out-of-reach areas – all could play significant roles in providing financial services to more people and thereby serve financial inclusion.

3. There is tremendous potential for the business growth of financial institutions on the one hand and the inclusive growth of India on the other. We have already seen banks using innovative approaches such as solar power- and mobile technology-based connectivity for branches. A variety of options are available which enable extended reach of such services. The banks should identify the technological model that is right for them. We have already seen the positive benefits that come from extending the reach of banking services through pilot projects in Andhra Pradesh and parts of the North East. The Reserve Bank also has announced its intention to expand the reach of banking in the North East even further by funding the cost of connectivity using VSAT technology. IBA is working on the details of this effort.

4. India is experiencing an explosion in the use of mobile communication technology. And this is a development that the financial sector can exploit. Mobile phone users belong to all strata of society, spread across metropolitan centers, towns and villages. Banks can take advantage of this expanded reach of telecom if they provide services through this medium. The phone’s integrated chip can function as a multi-application smart card, thus making banking services available to virtually every mobile phone owner. This holds substantial promise as the delivery vehicle of the future: there is huge potential and an exciting opportunity. However, the expansion of such capabilities must be accompanied by a minimum level of essential security features and continued compliance with established covenants relating to privacy of customer transactions.

5. The potential of IT for the near future also includes:• Enabling differentiation in customer service;• Facilitating Customer Relationship Management (CRM) based on available

information, which can be stored and retrieved from data warehouses;• Improving asset-liability management for banks, which has a direct bearing on the

profits of banks;• Enhancing compliance with anti-money laundering regulations.

Hence, Investments in newer technologies must be made to modernize existing operations, to face competitive challenges, and to meet customer expectations. Some of these investments will also be made with the goal of achieving cost savings, energy efficiency and environmental friendliness. In the years ahead, the ability of banks to harness new technologies to meet the demands of households and businesses will be tested.


Comparison between INDIA & CHINA

India China

Year 2006 2011 2006 2011

Cases 142 420 400 2050

Arrested 154 288 250 1300

Source: - http://www.gcl.in/downloads/bm_cybercrime.pdf

http://www.webwire.com/ViewPressRel.asp?aId=115645

Over 90% of computer crimes involved were registered under the Information

Technology Act.

Cases fell under two major categories -forgery and criminal breach of trust.

Cybercrime Rates

China 83 % followed by Brazil and India at 76 % and

America ranking third on the list of most victimized

countries. Less than one in 10 people (9%) who responded

said they feel ‘very’ safe online.

India have 10 million compared to China currently has 420 million Internet users, the

largest in the world.

Last year, 250,000 IP addresses in India were hit by Trojans.

262,000 IP addresses in China were hit by Trojans planted by

nearly 165,000 overseas IP addresses.

Penalty for unauthorized data accessing:

India $4500

China $20000

.


Source: - http://www.globe7.com

http://www.gcl.in/downloads/bm_cybercrime.pdf

CHINA

The Ministry of Public Security set up a public information and internet security

supervision department. Police from the supervision department became a new police entity,

mainly in charge of tasks such as supervising, checking and directing the protection of

computer internet information system security; and detecting and dealing with illegal

behaviors and crimes endangering computer internet information system security.

Regarding investigation skills, the public information and internet security supervision

department initiated a research project for “cyber crime investigation skills” with the

approval of the Ministry of Science and Technology, and has been listed in the tenth five-year

plan of technology break-through.

20% of cyber crime cases have been investigated and solved. In China, 25% of major

cyber crimes are internet frauds. A second form of cyber crimes is to spread pornographic

messages and shows. Another form is that criminals reach potential victims through the

internet, with the purpose of committing sexual assault or murder. There are also internet

traps and canvassing etc, which are present in 15% of cases.

Beijing: Nearly 180 cyber crimes were solved during November and more than 460

suspects were arrested for their involvement, China's ministry of public security said on

Tuesday.

Fourteen websites were shut during the month for allegedly providing hacker

software, training hackers and organizing cyber attacks, Xinhua reported.


INDIA

The MoU establishes collaboration through the Cyber and Hi-Tech Crime

Investigation & Training (CHCIT) Centre of CBI and the Data Security Council of India

(DSCI), a section 25 not-for-profit company, setup as an independent self regulatory

organization by Nasscom. The scope for the collaboration ranges from better awareness on

emerging technologies and security standards to best practices and education in emerging

cyber technologies.

Hacking ruled the roost within these 420 cases, where 233 cases were of alleged

hacks. Pornography closely followed by 139 offences. They both were 74 and 88

respectively in 2006.

According to sources, Under the Indian Penal Code (IPC) a total of 276 cases,

were registered during 2009 as compared to 176 such cases during 2008, an increase of 56.8

percent. Majority of the crimes out of276 cases fell under two categories -forgery and

criminal breach of trust.

Cities like Bangalore, Ahmedabad, Delhi, Ludhiana, Pune among others, saw

high occurrence of cyber crime cases under the IT act with a total of 145 of the 178

cases.


Critical Infrastructures under Constant Cyber attack Globally

Critical infrastructure systems around the world are the targets of repeated cyber

attacks, according to a new global survey of technology executives in these industries. They

believe some of the attacks are coming not just from individual cybercriminals but terrorists

and foreign nation states. The United States and China are believed to be the most likely

countries to conduct a cyber attack against the critical infrastructure of another nation,

according to the respondents.

Companies and agencies operating in the banking and finance sectors, energy and

natural resources, telecommunications and internet service providers, transportation and mass

transit, chemical production and storage, food distribution and government services are

considered critical infrastructure companies.


Some Indian Case Studies:

First conviction in India

A complaint was filed in by Sony India Private Ltd, which runs a website called

sony-sambandh.com, targeting Non Resident Indians. The website enables NRIs

to send Sony products to their friends and relatives in India after they pay for it

online.

The company undertakes to deliver the products to the concerned recipients. In

May 2002, someone logged onto the website under the identity of Barbara Campa

and ordered a Sony Colour Television set and a cordless head phone.A lady gave

her credit card number for payment and requested that the products be delivered

to Arif Azim in Noida. The payment was duly cleared by the credit card agency

and the transaction processed. After following the relevant procedures of due

diligence and checking, the company delivered the items to Arif Azim.

At the time of delivery, the company took digital photographs showing the

delivery being accepted by Arif Azim. The transaction closed at that, but after

one and a half months the credit card agency informed the company that this was

an unauthorized transaction as the real owner had denied having made the

purchase.

The company lodged a complaint for online cheating at the Central Bureau of

Investigation which registered a case under Section 418, 419 and 420 of the

Indian Penal Code. The matter was investigated into and Arif Azim was arrested.

Investigations revealed that Arif Azim, while working at a call centre in Noida

gained access to the credit card number of an American national which he

misused on the company’s site. The CBI recovered the colour television and the

cordless head phone. The accused admitted his guilt and the court of Shri Gulshan

Kumar Metropolitan Magistrate, New Delhi, convicted Arif Azim under Section

418, 419 and 420 of the Indian Penal Code — this being the first time that a cyber

crime has been convicted. The court, however, felt that as the accused was a


young boy of 24 years and a first-time convict, a lenient view needed to be taken.

The court therefore released the accused on probation for one year.

India's First ATM Card Fraud

The Chennai City Police have busted an international gang involved in cyber

crime, with the arrest of Deepak Prem Manwani (22), who was caught red-handed

while breaking into an ATM in the city in June last, it is reliably learnt.

The dimensions of the city cops' achievement can be gauged from the fact that

they have netted a man who is on the wanted list of the formidable FBI of the

United States.

At the time of his detention, he had with him Rs 7.5 lakh knocked off from two

ATMs in T Nagar and Abiramipuram in the city. Prior to that, he had walked

away with Rs 50,000 from an ATM in Mumbai.

While investigating Manwani's case, the police stumbled upon a cyber crime

involving scores of persons across the globe.

Manwani is an MBA drop-out from a Pune college and served as a marketing

executive in a Chennai-based firm for some time. Interestingly, his audacious

crime career started in an Internet cafe. While browsing the Net one day, he got

attracted to a site which offered him assistance in breaking into the ATMs. His

contacts, sitting somewhere in Europe, were ready to give him credit card

numbers of a few American banks for $5 per card. The site also offered the

magnetic codes of those cards, but charged $200 per code.

The operators of the site had devised a fascinating idea to get the personal

identification number (PIN) of the card users. They floated a new site which

resembled that of a reputed telecom company's. That company has millions of

subscribers. The fake site offered the visitors to return $11.75 per head which, the

site promoters said, had been collected in excess by mistake from them.


Believing that it was a genuine offer from the telecom company in question,

several lakh subscribers logged on to the site to get back that little money, but in

the process parted with their PINs.

Armed with all requisite data to hack the bank ATMs, the gang started its

systematic looting. Apparently, Manwani and many others of his ilk entered into a

deal with the gang behind the site and could purchase any amount of data, of

course on certain terms, or simply enter into a deal on a booty-sharing basis.

Meanwhile, Manwani also managed to generate 30 plastic cards that contained

necessary data to enable him to break into ATMS. He was so enterprising that he

was able to sell away a few such cards to his contacts in Mumbai. The police are

on the lookout for those persons too.

On receipt of large-scale complaints from the billed credit card users and banks in

the United States, the FBI started an investigation into the affair and also alerted

the CBI in New Delhi that the international gang had developed some links in

India too.

Manwani has since been enlarged on bail after interrogation by the CBI. But the

city police believe that this is the beginning of the end of a major cyber crime.

Case of Cyber Extortion

He does not know much about computer hacking, yet 51-year-old cyber criminal

Pranab Mitra has stunned even the cyber crime investigation cell of Mumbai

police with his bizarre fraud on the Net. Mitra, a former executive of Gujarat

Ambuja Cement, was arrested on Monday for posing as a woman and seducing

online an Abu Dhabi-based man, thereby managing to extort Rs 96 lakh from him.

Investigating officer, Assistant Commissioner of Police, J.S. Sodi, said Mitra has

been remanded to police custody till June 24, and has been booked for cheating,

impersonation, blackmail and extortion under sections 420, 465, 467, 471, 474 of

the IPC, read with the newly formed Information Technology Act.

Mitra posed as a woman, Rita Basu, and created a fake e-mail ID through which

he contacted one V.R. Ninawe. According to the FIR, Mitra trapped Ninawe in a


‘‘cyber-relationship’’ sending emotional messages and indulging in online sex

since June 2002.Later, Mitra sent an e-mail that ‘‘she would commit suicide’’ if

Ninawe ended the relationship. He also gave him ‘‘another friend Ruchira

Sengupta’s’’ e-mail ID which was in fact his second bogus address. When Ninawe

mailed at the other ID he was shocked to learn that Mitra had died. Then Mitra

began the emotional blackmail by calling up Abu Dhabi to say that police here

were searching for Ninawe. Ninawe panicked on hearing the news and asked

Mitra to arrange for a good advocate for his defence. Ninawe even deposited a

few lakh in the bank as advocate fees. Mitra even sent e-mails as high court and

police officials to extort more money. Ninawe finally came down to Mumbai to

lodge a police case.

ICICI Bank Phishing

Did you know that e-mails, long considered the most convenient form of

communication, can actually spring some nasty surprises for you? Recently, a few

ICICI Bank customers in Mumbai, to their utter dismay, discovered that e-mails

can be extremely hazardous, if not to their health, at least to their security. These

ICICI Bank customers received an e-mail from someone who posed as an official

of the bank and asked for sensitive information like the account holder's Internet

login name and password and directed them to a Web page that resembled the

bank's official site. When some customers wrote in to find out what the e-mail

was about, the bank officials registered a complaint with the police.

New as it may be in India, it is actually a popular banking scam, a warning

against which had been issued by many international banks including Barclays

and Citibank. rediff.com presents a guide that will help readers understand what

the scam is about and how they can stay clear of it.

What happened in the case of the e-mail scam involving ICICI Bank? A few

customers of ICICI Bank received an e-mail asking for their Internet login name

and password to their account. The e-mail seemed so genuine that some users

even clicked on the URL given in the mail to a Web page that very closely

resembled the official site. The scam was finally discovered when an assistant

manager of ICICI Bank's information security cell received e-mails forwarded by Information Technology Act 2000 44

the bank's customers seeking to crosscheck the validity of the e-mails with the

bank. Such a scam is known as 'phishing.'

Cyber Lotto an Effective Tool of Frauds

"It is a classic case of cyber crime, the first of its kind in Andhra Pradesh," was

how Vijayawada Police Commissioner Sudeep Lakhtakia summed up the case of

cheating and fraud registered against Kola Venkata Krishna Mohan, the self-

styled winner of the multi-million dollar Euro lottery. Mohan admitted that he did

not win the 12.5 million pound Euro lottery in November 1998, as he had

claimed, but merely played fraud to make good his losses in gambling.

"With the help of computers, the accused took the people for a ride," the

Vijayawada police commissioner pointed out. Mohan, using the Internet and

forged documents, allegedly cheated banks and several persons to the tune of 60

million rupees.

Kola Mohan was arrested by the Vijayawada city police on Monday in connection

with cases of fraud and forgery registered against him. He was remanded to

judicial custody till December 13 by Fifth Metropolitan Magistrate K B

Narsimhulu. He was shifted to the district jail at Gandhinagar in Vijayawada.

Mohan was accused of cheating the Andhra Bank to the tune of Rs 1.73 million.

By perpetrating the multi-million rupee fraud, Mohan has achieved the dubious

distinction of allegedly committing the first and biggest cyber crime in Andhra.

The state incidentally is making rapid strides in information technology, thanks to

the initiative of cyber-savvy Chief Minister N Chandrababu Naidu.

A compulsive gambler who played cards regularly at high stakes in various clubs

in the coastal city, Mohan told newsmen at the police commissioner's office at

Vijayawada on Monday that he had lost as much as Rs 30 million in 1998 when a

gambling syndicate led by a real estate dealer and a restaurant-owner cheated

him.

"I was on the look-out to make good the losses by hook or crook. During a visit to

London, I learnt about the Euro lottery. I staked some money on it in vain. Then,


I invented the story that I won the lottery. I created a website and an email

address on the Internet with the address '[email protected].' Whenever

accessed, the site would name me as the beneficiary of the 12.5 million pound

(that is, $ 19.8 million or Rs 840 million) Euro-lottery," Kola Mohan recalled.

A Telugu newspaper in Hyderabad received an email that a Telugu had won the

Euro lottery. The website address was given for verification. The newspaper sent

the query and got the "confirmation" since Kola Mohan had himself created and

manipulated the website


Conclusion

As we can see that there where so many cyber crimes happening in India before

the amendment of information technology act the rate of crime have not stopped

nor it have come down but it is reaching its high .

We have try to find out various reasons that despite of such a tight act and high

penalties and punishments what are the lope holes in the act which is blocking

the proper implementation of such a force full act .

Cyber Law in India is in its infancy stage. A lot of efforts and initiatives are

required to make it a mature legal instrument. Law has been instrumental in

giving Cyber Law in India a shape that it deserves. To make the circle complete

we are proudly introducing another effort in this direction.

Following are some of the lope holes which we have tried to figure out:

1. Reporting of important matters pertaining to Cyber Law in India:

2. Analysis of Cyber Law scenario in India,

3. Providing a comprehensive database for cases and incidents related to

Cyber Law in India,

4. A ready reference for problems associated with Cyber Law in India, etc.

The discussion group cum database will analyze Cyber Law of India that suffers

from the following drawbacks:

1. Non-inclusion of contemporary Cyber crimes and Contraventions like

Phishing, Spamming, Cyber extortions, Compromised e-mails, Cyber

Terrorism, etc.

2. An obscure position of Freedom of speech and expression under the IT Act,

2000.

3. Absence of Liability for illegal blocking of websites, blogs, etc.

4. Lack of Techno-Legal compliance under the IT Act, 2000.

5. Lack of Wireless security under the IT Act, 2000.

6. Absence of legal protection pertaining to IPRs in cyberspace.


7. A confusion regarding Locus-standi and due diligence.

8. Absence of Private defense in cyberspace.

9. Non-dealing of issues like Cyber terrorism and private defense,

10. E-waste in India must be taken seriously, etc.

Besides these grey areas India is also facing problems of lack of Cyber

Security in India as well as ICT Security in India. A techno-legal base is the need

of the hour. Unfortunately, we do not have a sound and secure ICT Security Base

in India and Cyber security in India is still an ignored World. If opening of Cyber

Cells and Cyber Units is Cyber Security than perhaps India is best in the World at

managing Cyber Security issues. Unfortunately ICT Security in India is equated

with face saving exercises of false claims and redundant exercises. The truth

remains that ICT Security in India is a myth and not reality. The Cyber Law in

India requires a dedicated and pro active approach towards ICT and Cyber

Security in India. In the absence of a dedicated and sincere approach, the Cyber

Law in India is going to collapse.

Now as we know what are the major lope holes in the act let us try to fine the

possible suggestion to over come these and try to learn form what US/UK are

following in order to have a virus free cyber.


Suggestion

Recruitment

There is a high need to increase the strength of staff for proper functioning

of the ACT.

Red coding System

Set - up a red coding system, with the help of which the government can

keep a tap on mails, chat, etc. this system will help the government to detect the

possibility of further cyber crime.

Training and Development

One of the most important requirements for the proper function of the ACT

is that, there should be good quality training programs on a regular base.

Domain

It is necessary, Domain should be treated as a separate entity rather then

treating it as IP ACT.

Cyber theft, cyber stalking, cyber harassment and cyber defamation are

presently not covered under the act.

These crimes need to have specific provisions in the act to enable the

police to take quick action.

Vague Definitions

Definitions, prescriptions of punishment and certain provisions (such as

that dealing with hacking) need specific amendment.

Parameters for its implementation

Law enforcement officials need to be trained for effective enforcement.


Bibliography:

http://www.cyberlawclinic.org/casestudy.asp

http://www.cybercellmumbai.com/case-studies

http://satheeshgnair.blogspot.com/2009/06/selected-case-studies-on-cyber-

crime.html

http://legalserviceindia.com/cyber/itact.html

http://www.cyberlawclinic.org/cybercrime.html

http://www.cyberlawclinic.org/cyberlaw.html

http://teck.in/news/indian-cyber-laws-it-rules-it-act-2000-and-objectives-

t118.html

http://business.svtuition.org/2009/11/what-is-information-technology-act-

2000.html

www.naavi.org/pati/pati_cybercrimes_dec03.htm

http://cybersecurity.nitrd.gov/profiles/blogs/phishing-scams-in-india-and

http://services.indiabizclub.com/info/types_of_service/nasscom

http://centralyma.org.in/seminar/Statistical%20Report%20of%20Cyber

%20Crime.pdf

http://www.emergence.nu/events/budapest/ahuja.pdf

http://rbidocs.rbi.org.in/rdocs/Speeches/PDFs/GOVSPC1805.pdf

http://www.reportcybercrime.com/offences.php

http://newstonight.net/content/r-chidambaram-committee-fight-cyber-

crime.htm


http://www.reportcybercrime.com/offences.php

http://rbidocs.rbi.org.in/rdocs/Speeches/PDFs/GOVSPC1805.pdf

http://www.emergence.nu/events/budapest/ahuja.pdf

http://centralyma.org.in/seminar/Statistical%20Report%20of%20Cyber%20Crime.pdf

http://centralyma.org.in/seminar/Statistical%20Report%20of%20Cyber%20Crime.pdf

http://services.indiabizclub.com/info/types_of_service/nasscom

http://cybersecurity.nitrd.gov/profiles/blogs/phishing-scams-in-india-and

http://www.naavi.org/pati/pati_cybercrimes_dec03.htm

http://business.svtuition.org/2009/11/what-is-information-technology-act-2000.html

http://business.svtuition.org/2009/11/what-is-information-technology-act-2000.html

http://teck.in/news/indian-cyber-laws-it-rules-it-act-2000-and-objectives-t118.html

http://teck.in/news/indian-cyber-laws-it-rules-it-act-2000-and-objectives-t118.html

http://www.cyberlawclinic.org/cyberlaw.html

http://www.cyberlawclinic.org/cybercrime.html

http://legalserviceindia.com/cyber/itact.html

http://satheeshgnair.blogspot.com/2009/06/selected-case-studies-on-cyber-crime.html

http://satheeshgnair.blogspot.com/2009/06/selected-case-studies-on-cyber-crime.html

http://www.cybercellmumbai.com/case-studies

http://www.cyberlawclinic.org/casestudy.asp

ultimate law

Documents