Cyber Crime – An Indian Scenario As India is marching towards its development, many new technologies have entered into the nook and corner of the country. Of these, Information Technology with computers has paved a way to Internet, e-Banking, e-Commerce and other types of communication systems. This has reduced the cost, increased the sophistication, more speed, efficient and reduced the manpower. These technologies has emerged as a blessing for the present pace of life but at the same time also resulted in various threats to the consumers and other institutions for which it proved to be most beneficial. It even did not spare the security of the country when this crime reached its pinnacle. In a Cyber Crime the criminals use computes as a tool, target or both for their unlawful act either to gain information which result in heavy loss or damage to the owner of that intangible sensitive information. They can launch an attack from any corner of the world without any fear of being traced or prosecuted. This is an international problem with no national boundaries. Though the pattern of cyber crime is similar through out the world there are some difference in few countries according to the technology, culture and economy of that country. The scenario in India is also different from the rest of the world. Here very high technology cyber crimes like Hacking, virus attack etc., are in the budding stage where as pornography, forgery, fraud etc., are spreading like a wild fire.
Legal framework on Cyber Crime The information Technology (IT) Act, 2000, specifies the acts which are punishable. Since the primary objective of this Act is to create an enabling environment for commercial use of I.T., certain omissions and commissions of criminals while using computers have not been included. Several offence have bearing on cyber-arena are also registered under the appropriate sections of the IPC with the legal recognition of Electronic Records and the amendments made in several sections of the IPC vide the IT Act, 2000.
Cyber Pornography Cyber Pornography is believed to be one of the largest businesses on the Internet today. The hundreds of pornographic websites with Indian contents have flourish on the Internet are testimony to this. They operate from across the nation and there agents will upload the pornography contents from India. While pornography per se is not illegal in many countries, child pornography is strictly illegal in most nations today. They accept online payments and allows paying customers to view or download pornographic pictures, videos etc., from that website. There were also some website which offers pornographic pictures and videos free of cost. They are mainly responsible for the spread of pornography through out the country. The major victims for this type of crime are children and youth especially teen ages. It is very easy to keep these contents in one’s cell phone and pass on to others. According to the Crime in Indian 2007 report 45.6% (99 cases) of the total 217 cases registered under IT Act 2000 were related to Obscene Publication or Transmission in electronic form, normally known as cyber pornography. 86 persons were arrested for committing such offence during 2007. 55.8% (86 out of 154) of the offenders arrested under ‘Obscene Publication or Transmission in electronic form’ of which 70.9% (61 out of 86) were in the age-group 18-30 years. Table - 1 show that there is a steady increase in this crime when compare with the previous years. Table - 1 Cyber Crimes/Cases Registered and Persons Arrested under IT Act during 2004 - 2007 Cases Registered Crime Heads Obscene publication/transmission in electronic form
2004
2 005
2 006
2007
34
88
69
99
% Variation in 2007 over 2006 43.5
Persons Arrested 2 004
2 005
2 006
2 007
21
125
81
86
% Variation in 2007 over 2006 6.2
Source: Crime in India 2007
2
Hacking with Computer System Computer Hacking Hacker is a computer expert who uses his knowledge to gain unauthorized access to the computer network. He is not any person who intends to break through the system but also includes one who has no intent to damage the system but intends to learn more by using one’s computer. IT Act 2000 doesn’t make hacking per se an offence but looks into factor of mens rea. Crackers on the other hand use the information cause disruption to the network for personal or political motives. Hacking by an insider or an employee is quite prominent in present days. Most business organization stores their sensitive information in computer systems. This information is targeted by rivals, criminals and sometimes disgruntled employees. The skilled hackers were employed to obtain the vital information from the rival company. In one case a very good looking woman was sent to meet the system administrator of a large company, she interviewed the administrator for a “Magazine Article”. During the interview she flirted a lot with the administrator and while leaving she left her pen drive at the system administrator’s room. The system administrator accessed the pen drive and saw that it contained many photographs of the lady. He did not realize that the photographs were Trojanized. Once the Trojan was in place, a lot of sensitive information was stolen very easily. There were 76 cases of Hacking with Computer System during the year wherein 48 persons were arrested. Out of the total (76) Hacking cases, the cases relating to Loss or damage of computer resource or utility under section 66(1) of the IT Act 2000 were 39.5% (30 cases) whereas the cases related to Hacking under section 66(2) of IT Act were 60.5% (46 cases). Table – 2 shows the increase in the percentage of hacking over the previous years.
3
Table - 2 Cyber Crimes/Cases Registered and Persons Arrested under IT Act during 2004 – 2007 Cases Registered Crime Heads
2004
2005
2006
2007
i) Loss/damage to computer resource/utility
14
33
25
30
ii) Hacking
12
41
34
46
% Variation in 2007 over 2006
Persons Arrested
% Variation in 2007 over 2006
2004
2005
2006
2007
20.0
31
27
34
25
26.5
35.3
1
14
29
23
-20.7
Hacking with Computer System
Source: Crime in India 2007
Email Hacking Email Hacking is the new trend of crime that is emerging all over India now. Emails are increasingly being used for social interaction, business communication and online transactions etc. Most email account holders do not take basic precautions to protect their email account passwords. Cases of theft of emails passwords and subsequent misuse of email accounts are becoming very common. In one case the victim’s email account password is stolen and the account is then misused for sending out malicious code (virus, worm, Trojan etc.) to people in the victim’s address book. The recipients of these viruses believe that the email is coming from a known person and run the attachments. This in turn infects their computer with the malicious code. In another incident the victim’s email account password is stolen and obscene emails are sent to the people in the victim’s address book or request for money is made to from the victim’s friends who are in the address book.
Fake Profile in Social Networking Website Yahoo messenger, MSN messenger and Orkut are some of the famous social networking websites. Of these Orkut is a very popular online community website. This website is very familiar to school and college students as they can search for and interact with people who share the same hobbies and interests. They can create and join a wide variety of online community. Profile of a person can be created using any email account. These profiles of the members are publicly viewable. 4
A fake profile of a women can be created by create a free email account where there is no need to give correct name or address. Then the profile displays her correct name and contact information (such as address, residential phone number, cell phone number etc.). Sometimes it can even have her obscene photograph. In some cases the profile describes her as a prostitute or a woman of “loose character” who wants to have sexual relations with anyone. Other members see this profile and start calling her at all hours of the day asking for sexual favours. This leads to a lot of harassment for the victim and also defames her in society. Using this fake email account an online hate community can be created. This community displays objectionable information against a particular country, religious or ethnic group or even against national leaders and historical figures. In some cases the victim will not come forward to report the case as it may aggravate the problem faced by them. Most of the offenders in this type of crime are from school going children. Still some of the crimes could not be traced as there is no proof of address of the offenders.
Cyber Frauds and Forgeries Credit Card Fraud Credit cards are commonly being used for online booking of airline and railway tickets and for others e-commerce transactions. Although most of the e-commerce website have implemented strong security measure (such as SSl, secure web servers etc.), instance of credit card frauds are increasing. The offender would install key loggers in public computers (such as cyber cafes, airport lounges etc.) or the computers of the victim. Unsuspecting victims would use these infected computers and the card information of the victim would be emailed to the offender. Offenders also use the Social Engineering methods to collect the important information about the card, CVV or CVC number, PIN number etc. Innocent women and people with no knowledge on these types of offence become an easy target to this crime. There is an urgent need to create a awareness among the people about the protection of the passwords and other secret numbers.
5
Online share trading fraud With the advent of dematerialization of shares in India, it has become mandatory for investors to have demat accounts. In most cases an online banking account is linked with the share trading account. This has led to a high number of online share trading frauds. This is done by using the victim’s stolen account passwords and misusing his accounts for making fraudulent bank transfers or doing unauthorized transactions that result in the victim making losses.
Tax Evasion and Money laundering Fraud Many unscrupulous businessmen and money launders are using virtual as well as physical storage media for hiding information and records of their illicit business. They use both physical and or virtual storage media for hiding the information, ex. USB dirves, mobile phone memory cards, iPods, email accounts, online briefcases, FTP sites etc.
Fraud Digital Signature Certificate Digital Signature Certificates are used to confirm the receipt of the information and for the secure transfer of the data from one computer to another computer. One has to pay fees and proper residential proof in order to obtain a Digital Signature Certificate from the Registering Authority. This Digital Certificate is must for all kinds of e-Commerce so, the offenders try to get it by giving false information. According to Crime in India 2007 there is a 300 % increase in this type of crime. Table - 3 Cyber Crimes/Cases Registered and Persons Arrested under IT Act during 2004 – 2007 Cases Registered Crime Heads Fraud Digital Signature Certificate
2004
2 005
2 006
2007
0
1
1
3
% Variation in 2007 over 2006 200.0
Persons Arrested 2 004
2 005
2 006
2 007
0
3
0
3
% Variation in 2007 over 2006 -
Source: Crime in India 2007
6
Forgery and Criminal Breach of Trust Using a computer and the advanced software one can create any kind of duplicate document or stamp paper or counterfeit currency. Indians are were very much talented in art and artistic work, so with the help of computers he can create all kinds of ID’s and Certificates. This can fetch more money if it feels in the hands of criminal minded person. As per Crime in India 2007 record Majority of the crimes out of total 339 cases registered under IPC falls under 2 categories viz. Forgery (217) and Criminal Breach of Trust or Fraud (73). Although such offences fall under the traditional IPC crimes, these cases had the cyber overtones wherein computer, Internet or its enabled services were present in the crime and hence they were categorized as Cyber Crimes under IPC. The Cyber Forgery (217 cases) accounted for 0.33% out of 65,326 cases reported under cheating. The Cyber Fraud (73) accounted for 0.47% of the total Criminal Breach of Trust cases (15,531) A total of 429 persons were arrested in the country for Cyber Crimes under IPC during 2007. 61.5% offenders (264) of these were taken into custody for offences under “Cyber Forgery”, 19.8% (85) for “Criminal Breach of Trust or Fraud” and 11.4% (49) for “Counterfeiting Currency or Stamps”. The offenders arrested under Cyber Crime (IPC) for the year 2007 revealed that offenders involved in Forgery cases were more in the agegroup of 30 – 45 (54.9%) (145 out of 264). 57.6% of the persons arrested under Criminal Breach of Trust or Cyber Fraud offence were in the age group of 30 – 45 years (49 out of 85). Table - 4 Cyber Crimes/Cases Registered and Persons Arrested under IPC during 2004 – 2007 Cases Registered Crime Heads
2004
2005
2006
2007
Forgery
77
48
160
217
Criminal Breach of Trust/Fraud
173
186
90
Property / Mark
12
0
Currency / Stamps
10
59
% Variation in 2007 over 2006
Persons Arrested
% Variation in 2007 over 2006
2004
2005
2006
2007
35.6
81
71
194
264
36.1
73
- 18.9
181
215
121
85
-29.8
13
8
-38.5
8
0
7
23
228.6
48
36
-25.0
43
82
89
49
-44.9
Source: Crime in India 2007
7
Source Code Theft Computer source code is the most important asset of software companies. Simply put, source code is the programming instructions that are compiled into the executable files that are sold by software development companies. As is expected, most source code thefts take place in software companies. Some cases are also reported in banks, manufacturing companies and other organizations that get original software developed for their use. This is being done by copying the code in virtual or small physical storage devices.
Piracy Software Piracy Many people do not consider software piracy to be theft. They would never steal a rupee from someone but would not think twice before using pirated software. There is a common perception amongst normal computer users not to consider software as “Property”. This has led to software piracy becoming a flourishing business. The most common type of piracy is creating duplicate CDs by using high speed CD duplication equipment. This pirated software is sold through a network of computer hardware and software vendors. In other method the offender registers a domain name using a fictitious name and then hosts his website using a service provider that is based in a country that does not have cyber laws. Anybody can download the required software by paying either by credit Card or through Pay Pal. Such service providers do not divulge client information to law enforcement officials of other countries
Audio and Video Piracy There are so many music and movie lovers in our country. Each and Every day there may be new relies of music and movie in some part of the country. It will give a huge profit if it is sold in the market without purchasing the right to copy and sale. Due to Piracy many entertainment companies are suffering huge loss. Though there were many
8
law enforcing agencies like Anti pirate CD cell the pirated CDs still reaches the end user without any difficulty. The offenders sell this or circulate this through websites, bulletin boards, newsgroups, spam emails etc.
Email Scams Criminals are using emails extensively for their illicit activities. Most of the offenders operate from abroad and all the victims are educated people who fell in the offenders trap. The offender convinces the victim that the victim is going to get a lot of many. They offer this by way of a lottery or from a corrupt African bureaucrat who wants to transfer his ill gotten gains out of his home country. In order to convince the victim, the suspect sends emails that contain official looking documents as attachment which are forged using software. Once the victim believes this story, the suspect asks for a small fee to cover the legal expenses or courier charges. If the victim pays up the money the suspect stops all contact or ask to arrange some credit card details from which they swindle all the money from the victim’s card.
Phishing With the tremendous country wide increase in the use of online banking, online share trading and e-Commerce and there has been a corresponding growth in the incidents of phishing being used to carry out financial frauds. It involves fraudulently acquiring sensitive information (e.g. passwords, credit card details etc) by masquerading as a trusted entity. The victim receives an email that appears to have been sent from his bank. The email urges the victim to click on the link in the email. When the victim does so, he is taken to “an anther page of the bank’s website”. The victim believes the web page to be authentic and he enters his username, password and other information. In reality, the website is a fake and the victim’s information is stolen and misused.
9
The offender registers a domain name using fictitious details. The domain name is usually such that it can be misused for spoofing eg. Noodle Bank has its website at www.noodle.org. The offender then sends spoofed emails to the victims e.g. the emails may appear to come from genuine website but it may be from different domine name like
[email protected]. The fake website is designed to look exactly like the original website.
Online Sale of Illegal Articles It is becoming increasingly common to find cases where sale of narcotics drugs, weapons, wildlife etc. is being facilitated by the Internet. Information about the availability of the products for sales is being posted on auction websites, bulletin boards etc. which has a server in some other country where there is no proper law for cyber crime. If the buyer and seller trust each other after their email and or telephonic conversation, the actual transaction can be concluded. In March 2007, the Pune rural police cracked down on an illegal rave party and arrested hundreds of illegal drug users.
Virus Attacks Computer Viruses are malicious programs that destroy electronic information. As the world is increasingly becoming networked, the threat and damage caused by viruses is growing by leaps and bounds. A highly skilled programmer creates a new type of strain of virus and releases it on the Internet so that it can spread all over the world. Anti virus companies are usually able to find a solution after 8 to 48 hours. In India though there is no record of such a high skilled virus programmer some young computer engineers create such small programs for fun and it gets detected by anti virus program very soon. So they did not get caught to law enforcing agents. Indian computer are the victims to the virus attacks that were programmed from abroad. There some illegal website which installs some Ad-ware and compels the victim to purchase the product to remove the particular virus.
10
Web Defacement Web defacement is usually the substitution of the original home page of a website with another page usually pornographic or defamatory in nature by a hacker. Religious and government sites are regularly targeted by hackers in order to display political or religious beliefs. Disturbing images and offensive phrases might be displayed in the process as well as a signature of sorts, to show who was responsible for the defacement. Even they insert some links to pornographic website which could not be found to normal view.
Use of Internet and Computers by Terrorists Many terrorists are using virtual as well as physical storage media for hiding information and records of their illicit business. They also use emails and chat rooms to communicate with their counterparts around the globe. One terrorist composes an email and saves it in the draft folder. Another terrorist logs into the same account from another city or country and reads the saved draft mail. He then composes his reply and saves it in that draft folder. The emails are not actually sent. This makes email tracking and tracing almost impossible. The also use the encryption and other ways of secrete communication methods like Steganography and decoders. It has been found in the parliament attack case that they use steganography to send secrete message which were embedded in images. They also use GPS and Internet phones to execute the plane as the terrorist did in the Mumbai attack. The devices seized from the terrorist helped the investigator to trace the origin of these attackers and the method of their operation.
A futuristic approach to control this Cyber Crime Though there are many techniques evolved to curb the criminal activities by Cyber Criminals but still the problem persists in legal structure and has failed to produce a deterring effect on the criminals. Crucial aspect of problem faced in combating crime is that, most of the countries especially India lack enforcement agencies to combat crime relating to Internet and bring some level of confidence in users. 11
Present law lacks teeth to deter the criminal group for committing cyber crimes. Law has to be created or amended keeping mind the growing trend of cyber crime in India. In order to control external cyber attacks there is an urgent need to make Extradition Treaties with all the countries of the globe and instruct the global emailing service providers to follow the rule otherwise they may be subjected to be blocked on the Indian cyber space. The Crime in India 2007 report clearly shows that the younger generation is very much prone to the Cyber Crime. They need proper guidance and awareness through education system on this issue. So, a subject has to be introduced on Cyber Crime and IT Security in their school curriculum.
References National Crime Records Bureau, ‘Crime in India 2007’ Asian School of Cyber Law, ‘Real World Cyber Crime Cases’ Akanksha Malhotra & Aksha kumar, ‘Cyber Crime And Law – Indian Perspective’ Sankar Sen, ‘Human Rights & Law Enforcement’, 1st ed., 2002, Concept Publishing Co., New Delhi. Dr. Subhash Chandra Gupta, ‘Information technology Act, 2000 and its Drawbacks’, National Conference on Cyber Laws & Legal Education, Dec. 22-24th 2001, NALSAR, University of Law, Print House, Hyderabad. Dr. Farooq Ahmed, ‘Cyber Law in India (Laws on Internet)’, Pioneer Books, Delhi. 1992 U.S. App. LEXIS 9562 (4th May 4, 1992) Dr. Farooq Ahmed, ‘Cyber Law in India (Laws on Internet)’, Pioneer Books, Delhi. R V. Sean Cropp, Snearesbrook Crown Court, 4th July 1991. (303) B.R Suri & T.N Chhabra, ‘Cyber Crime’, 1st ed., 2002, Pentagon Press, Delhi. Dr. Farooq Ahmed, ‘Cyber Law in India (Laws on Internet)’, Pioneer Books, Delhi. Rupam Banerjee, ‘The Dark world of Cyber Crime’, July 7, 2006 can be viewed at http://articles.sakshay.in/index.php?article=15257 Prof. Unni, ‘Legal Regulations on Internet Banking’, 2007, NALSAR University of Law,
12