![WISDOM CRUX [ISSN 2456-6233]](https://www.wisdomcrux.lawtimesjournal.in/wp-content/uploads/2020/12/WISDOM-CRUX-ISSN-2456-6233.png)
[Volume 2, Issue 7] – July, 2017
Author – Tarun Sharma, B.A.LL.B(Hons), University of Petroleum & Energy Studies
INTRODUCTION:-
Move back ourselves to the era of nineties, where Internet was argued to be an idiosyncratic channel who demonstrates the fastest speed of scattering in human beings. Today there are only few people whose life is affected by the broad increment of use of internet. On the productive hand, the propensity to allocate and reciprocity information expeditiously has provided prodigious benefits in the area of education, commerce, entertainment, and social interaction. On the abrogative hand, it has increased the contingency for the commencement of crimes. Information technology has enabled potential offenders to commit large scale crimes with almost no monetary cost and much leaser rise of being caught. Collate to offenders of traditional economic motivated crimes (e.g., burglaries, larcenies, bank robberies), online swindlers are relatively free of worry from directly encountering law enforcement and witnesses. As crime has strengthened with the technology, the area of online services and the numbers of users have continued to increase. We are witnessed for the helping hand of internet for humans but the same way it became the short way to get more and stand like the wall middle of the road. The integration of many myriad technological applications coupled with the rapid growth of online users make fraudulent activities likely to rise if no intervention is proposed and implemented. Internet is believed to be full of mobocracy and a system of law and regulation therein seems contradictory. However, Cyberspace is being governed by a system of law called Cyber law. Cyber law is a generic term which refers to all the legal and regulatory aspects of Internet. Publishing a web page is an excellent way for any business to vastly increase its exposure to millions of individuals world-wide. It is that feature of the Internet which is causing much controversy in the legal community. Cyber law is a constantly evolving process. As the Internet grows, numerous legal issues arise. One of the most important issues concerning cyberspace today is that of Cyber-crime. Cyber-crime is defined as: “Offences that are committed against individuals or groups of individuals with a criminal motive to intentionally harm the reputation of the victim or cause physical or mental harm to the victim directly or indirectly, using modern telecommunication networks such as Internet (Chat rooms, emails, notice boards and groups) and mobile phones (SMS/MMS).((Rajarshi Rai Choudhury et al, / (IJCSIT) International Journal of Computer Science and Information Technologies, Vol. 4 (5), 2013, 729-732.))
HISTORICAL BACKGROUND:-
The first recorded cyber-crime took place in the year 1820. That is not surprising considering the fact that the abacus, which is thought to be the earliest form of a computer, has been around since 3500 B.C. in India, Japan and China. The era of modern computers, however, began with the analytical engine of Charles Babbage. In 1820, Joseph-Marie Jacquard, a textile manufacturer in France, produced the loom. This device allowed the repetition of a series of steps in the weaving of special fabrics. This resulted in a fear amongst Jacquard’s employees that their traditional employment and livelihood were being threatened. They committed acts of sabotage to discourage Jacquard from further use of the new technology. This, in broader aspect, is considered as the first recorded cyber-crime.((Ibid)) As truly said, crimes have “always depends on the force, vigor and movement of public opinion from time to time and country to country and even same country, from decade to decade”.((R.C. Nigam, “Law of crimes in India”, Principals of Criminal Law, Vol 1 (Asia Publishing House, 1965))) They were entwined with the religious beliefs, cultural landscape and judicial preferences of the area.
WHAT IS CYBER CRIME:-
“Cybercrime” means any criminal or other offence that is facilitated by or involves the use of electronic communications or information systems, including any device or the Internet or any one or more of them.((https://cybercrime .org.za))
Territory is no longer the barrier, as it may also exist in cyberspace, where corporation, which serve computer and telecommunications networks also control access. The concept can be said as the “growth of crimes on internet is directly proportional to the growth of internet itself.” “Cybercrimes are harmful acts committed from or against a computer or network.” Cyber or computer crimes are white collar crimes and are committed by students, nonprofessional computes programmers, business rivals, individuals having vested interest and criminal. To define the crime one should keep in mind these three points:((Dr. Amita Verma, cyber crimes in India (central law publication, 68-69)2012))
When a computer is used in committing such a crime.
When computer technology is responsible for the wrongful loss and wrongful gain of two individuals in a single transaction.
When any person commits any of the acts, he is a guilty of a computer crime.
Knowing or intentionally accesses and without permission alters, damages, deletes, destroys, or otherwise use any data , computer system, or computer network in order to –
(i) Devise or execute any unlawful scheme. (ii) Devise to defraud, deceive, or extort, or
(iii) Wrongfully control or obtain money, property, or data.((Dr. Amita Verma, cyber crimes in india (central law publication, 68-69)2012))
CYBER CRIMES IN INDIA:-
Cyber crime cases in the country registered under the IT Act surged nearly 300 per cent between 2011 and 2014, according to a study, which cautioned that cyber attacks around the world are occurring at a greater frequency and intensity. The study revealed that in the past, the attacks have been mostly initiated from countries like the US, Turkey, China, Brazil, Pakistan, Algeria, Europe, and the UAE, adding with growing adoption of internet and smart phones India has emerged as one of the primary targets among cyber criminals. “With every passing year, cyber attacks continue to escalate in frequency, severity as well as impact. In India, from 2011 to 2014, there has been a surge of approximately 300 per cent in cyber crime cases registered under the IT Act, 2000,” said the Assoc ham-PwC joint study. Attackers can gain control of vital systems such as nuclear plants, railways, transportation or hospitals that can subsequently lead to dire consequences such as power failures, water pollution or floods, disruption of transportation systems and loss of life, noted the study. The Indian Computer Emergency Response Team has also reported a surge in the number of incidents handled by it with close to 50,000 security incidents in 2015, noted the study titled „Protecting interconnected systems in the cyber era,‟ . The study highlighted that Operational systems are increasingly subject to cyber attacks, as many are built around legacy technologies with weaker protocols that are inherently more vulnerable. It pointed out that continued and regular sharing of cyber security intelligence and insights is essential for improving the resiliency of these systems and processes from emerging cyber risks.((http://indianexpress.com/article/technology/tech-news-technology/cyber-crime-in-india-up-300-in-3-years))
There is an increase in the types and number of cyber crimes every year. Ranging from obscenities spread on social media to content aimed at tarnishing the image of an individual and online frauds, the nature of the crimes differ. The police have to adopt multi-pronged approach to tackle these. Officials admit that the chance of arresting a person who committed a cyber crime is less compared to regular civil, crime and law and order cases and the reasons are many.((Editorial, “Challenges of cyber crimes” The Hindu, OCTOBER 31, 2016)) Cyber security in India is waved away as the remit of technical experts, while businesses and users believe their data can be protected through high-end devices or „air gapped‟ networks. However, most sophisticated cyber attacks have all involved a human element: Stuxnet needed the physical introduction of infected USB devices into Iran’s nuclear facilities; the 2016 cyber-heist of $950 million from Bangladesh involved gullible (or complicit) bankers handing over SWIFT codes to hackers. Similarly, „Legion‟ has not targeted first-generation Internet users but tech-savvy public figures that presumably use secure phones for communication. This episode underscores the difficulty in protecting digital networks if human involvement continues to be the weakest link in the chain.((Editorial, “Vulnerable in cyberspace”, The Hindu, DECEMBER 16, 2016))
TYPES OF CYBER CRIMES:-
1. Indemnity theft-
When someone uses your personal information to commit fraud. Identity theft is when someone uses your personal identifying information (e.g., name, address, ID number, banking account number, username or password) to commit fraud. Identity thieves may not only gain immediately from committing frauds or other crimes against properties but may also ―breed‖ further identities after initially obtaining victims„ identifying information. The context of this term ―breed‖ refers to the unauthorized use of identification means to generate and/or acquire additional fraudulent means of identification.((www.internetjournalofcriminology.com)) By abusing illegitimately obtained identifying information, an identity thief often commits fraud and gains financially through different paths as soon as s/he can. Less commonly, an identity thief may interfere with law enforcement by providing another person’s identity upon arrest or during a criminal investigation or pull-over. Under some extreme circumstances, victims of identity theft may suffer from being suspects of serious violence (e.g., murder) committed by identity thieves who un/intentionally leave the identifying means at the crime scene. Thus, as long as the identity thieves have knowledge of or keep a record of the stolen identities, deeper and long-term damage to the victims can ―explode‖ or ―surprise‖ the victims at any time after the initial damage. For that reason, in addition to financial and credit damages, some victims of identity theft may suffer from varied psychological, social, and/or legal disturbances. These hidden costs are considerable but usually are not addressed. The recent supplement of the National Crime Victimization Survey shed some light in this regard – the emotional distress experienced by some types of identity theft victims (e.g., open new account, stolen personal information) were comparable to an average violent crime victims.((Infra note 1))
2. Online fraud-
In general, fraud refers to the act of making benefits of others, through economic reasons, via varied deceptive means. Online fraud naturally refers to those conducted and/or facilitated by the Internet. In the era of the Internet, many existing frauds drive on this―information superhighway‖ and take advantage of the characteristic of anonymity in the cyberspace. Indeed, a good number of online frauds simply mirror existing frauds; others exhibit their uniqueness in this era. To distinguish the significance of online frauds, the coming discussions focus on those unique to the information age.
3. Dumpster Diving-
Dumpster diving is basically looking for treasure in someone else’s trash. In the world of Information technology dumpster driving can be stated as a technique used to save information that could be used to carry out an attack on a computer network. Dumpster diving isn’t limited to searching through the trash for obvious treasures like access codes or passwords written down on sticky notes. Intricate information that are otherwise personal to the person like a phone list, calendar, or organizational chart can be used to assist an attacker using social engineering techniques to gain access to the network. In many cases, dumpster diving involves receiving data about a user in order to impersonate that user and gain access to his or her user profiles or other classified capacities of the Internet.((Dumpster diving, http://searchsecurity.techtarget.com/definition/dumpster-diving [Last Modified September 2015]))
4. Skimming:-
An electronic method of capturing a victim’s personal information used by identity thieves. The skimmer is a small device that scans a credit card and stores the information contained in the magnetic strip. Skimming can take place during a legitimate transaction at a business. Credit Card Skimming is the method for hacking that has by and large come in the cybercrime classification. It for the most part occurs with the assistance of ATM machine and has turned out to be exceptionally normal. In today’s specialized world, the wellbeing procedures are being assaulted as we for the most part pay the cash by using Credit card, Debit card or other online/card payment. These all way are attacking point generally. In this manner card skimming is the duplicating the Credit Card data unlawfully from the illegally from the magnetic strips of the Debit or Credit cards.. They steal your account information and abuse that to make a fake card and afterward hurt you fiscally. Because of this, the casualty is for the most part unconscious of such kind of hacking. Skimming is generally happens with the help of some skimming devices. These devices are installed on the machine and their parts.
Three methods are used for that-
1. ATM Skimming using faceplates: This includes the installation of faceplates over the card slot of any ATM machine which is used for credit or debit cards access. These faceplates usally contain hardware that can read the magnetic strip befor entering original ATM card slot. They can then use your card information without returning to ATM machine as they can use wireless technology to track your information.
2. Replacing or modifying of pin pads at retail stores: In this, the pin pads of the retail stores are used. In this, the PIN of the pin pad is changed and recorded by some hidden cameras.
3. Using Skimming devices on machines: Skimming using a handheld device is very easy to These skimming devices are installed into the ATM machines that capture every information regarding the card.
4. Pretexting- Pretexting is demarcated as the exercise of presenting oneself as someone else in order to acquire secretive information((Shun-Yung Kevin Wang and Wilson Huang, “ONLINE FRAUDS IN THE ERA OF THE INTERNET” Internet Journal of Criminology[2011])). It is more than just crafting a lie, in some cases it can be forming a whole new identity and then using that identity to influence the receipt of information. Pretexting can also be used to impersonate people in certain professions and roles that they never themselves have done. Pretexting is also not a one-size fits all solution. A social engineer will have to develop many different pretexts over their career. All of them will have one thing in common, research. Good information gather techniques can make or break a good pretext. Being able to mimic the perfect tech support rep is useless if your target does not use outside support. Hence pretexting can be seen as a severe crime that shows up as a forged document or a fake identity. Pretexting can also be used as stated above to impersonate someone and have given out certain secretive documents and use them for illegal works.
6. Hacking-
Amid the 1990s, the expression “hacker” initially signified a talented software engineer capable in machine code and PC working frameworks. Specifically, these people could simply hack on an unsuitable framework to take care of issues and take part in a little programming organization undercover work by translating a contender’s code.
Tragically, some of these hackers likewise got to be specialists at getting to secret key ensured PCs, records, and systems and came to known as “cracker.” obviously, a successful and unsafe “cracker” must be a decent programmer and the terms got to be entwined. Programmer won out in well known utilize and in the media and today alludes to any individual who plays out some type of PC damage. Even though contemporary hacking is usually associated with stealing valuable information other than personal information (e.g., business secrets, confidential documents) and properties (e.g., copyrighted artifacts, billing) in cyberspace, it can be used as a means to obtain identifying information. Stolen identity information sometimes can be a by-product of hacking for other purposes. Hacking is famous for the reason that offenders do not have to physically appear at the crime scene to rob or steal from institutions. Instead, exploiting online financial and billing systems is enough to illegitimately gain privileged information. Especially after database technology is widely utilized by varied institutions to store and manage huge amounts of data, a copy of the database itself is very valuable and does not require much physical work for hacking requires a laptop and mental skills.((Shun-Yung Kevin Wang and Wilson Huang, “ONLINE FRAUDS IN THE ERA OF THE INTERNET” Internet Journal of Criminology [2011])) As more money, transactions, and even resources are moved to and managed in the virtual space for the sake of efficiency and convenience, it is likely hacking will remain a seductive means of identity stealing. Hacking leads to serious criminal offences which people today call as Cyber terrorism and Cyber extortion.
6. Phishing-
Phishing scams are regularly fraudlent email messages seeming to originate from genuine enterprises (e.g., your college, your Internet specialist organization, your bank). These messages generally guide you to a parodied site or generally inspire you to uncover private data (e.g., passphrase, charge card, or other record refreshes). The culprits then utilize this private data to confer wholesale fraud.
Phishing scams are crude social engineering tools designed to induce panic in the reader. These scams attempt to trick recipients into responding or clicking immediately, by claiming they will lose something (e.g., email, bank account). Such a claim is always indicative of a phishing scam, as responsible companies and organizations will never take these types of actions via email.((What are phishing scams, https://kb.iu.edu/d/arsf (Last modified on 2016-12-08 11:16:01).))
Specific types of phishing-
I. Deceptive Phishing- Deceptive phishing alludes to any assault by which fraudsters imitate a genuine organization and endeavor to take individuals’ close to home data or login qualifications. Those messages much of the time utilize dangers and a feeling of direness to alarm clients into doing the aggressors’ offering. For instance, PayPal scammers may convey an attack email that trains them to tap on a connection so as to correct a disparity with their record. In fact, the connection prompts to a fake PayPal login page that gathers a client’s login certifications and conveys them to the assailants.
II. Spear Phishing- Not all phishing scams need personalization – some utilization it For example, in spear phishing scams, fraudsters alter their assault messages with the objective’s name, position, organization, work telephone number and other data trying to trap the beneficiary into trusting that they have an association with the sender. The objective is the same as deceptive phishing: bait the casualty into tapping on a noxious URL or email connection, with the goal that they will hand over their own information. Spear phishing is particularly typical via web-based networking media destinations like LinkedIn, where aggressors can utilize various wellsprings of data to create a focused on assault email.
III. CEO fraud- Spear phishers can target anybody in an association, even top That is the logic behind a “whaling” attack, where fraudsters endeavor to spear an official and take their login accreditations. In the occasion their attack is effective, fraudsters can direct CEO fraud, the second period of a business email trade off (BEC) trick where assailants imitate an official and manhandle that individual’s email to approve fraudulent wire exchanges to a budgetary establishment of their decision. Whaling attacks work since officials frequently don’t take part in security mindfulness preparing with their representatives. To counter that danger, and additionally the danger of CEO fraud, all organization work force – including administrators – ought to experience progressing security mindfulness preparing. Associations ought to likewise consider correcting their budgetary arrangements, so that nobody can approve a money related exchange by means of email.
IV. Pharming- As clients become more clever to conventional phishing tricks, some fraudsters are relinquishing “teasing” their casualties altogether. Rather, they are falling back on pharming – a strategy for assault which originates from space name framework (DNS) store harming. The Internet’s naming framework utilizes DNS servers to change over in sequential order site names, for example, “www.microsoft.com,” to numerical IP addresses utilized for finding computer administrations and gadgets. Under a DNS store harming assault, a pharmer focuses on a DNS server and changes the IP address related with an in sequential order site name. That implies an attacker can divert clients to a noxious site of their decision regardless of the possibility that the casualties entered in the right site name.
V. Drop box Phishing- While some phishers no longer draw their casualties, others have particular their assault messages as indicated by an individual company or administration. Take Drop box, for instance. A large number of individuals utilize Dropbox consistently to go down, get to and share their documents. It’s no big surprise, along these lines, that attackers would attempt to gain by the stage’s prevalence by focusing on clients with phishing messages. One assault battle, for instance, attempted to draw clients into entering their login accreditations on a fake Drop box sign-in page facilitated on Drop box itself.
VI. Google Docs Phishing- Fraudsters could choose to target Google Drive similar to the way they might prey upon Drop box users.
CONCLUSION:-
It can be seen that the threat of computer crime is not as big as the authority claim. This means that the method s that they introducing to combat it represents an unwarranted attack on human rights and is not proportionate to the threat posed by cyber-criminals. Part of the problem is that there are no reliable statistics on the problem; this means that it is hard to justify the increased powers that the Regulation of Investigatory Powers Act has given to the authorities. These powers will also be ineffective in dealing with the problem of computer. The international treaties being drawn up to deal with it are so vague that they are bound to be ineffective in dealing with the problem. It will also mean the civil liberties will be unjustly affected by the terms of the treaties since they could, conceivably, imply that everybody who owns a computer fitted with a modem could be suspected of being a hacker. The attempts to outlaw the possession of hacking software could harm people who trying to make the internet more secure as they will not be able to test their systems.