Cybercrime is a form of crime where the Internet or computers are used as a medium to commit crime. Issues surrounding this type of crime have become high-profile, particularly those surrounding hacking, copyright infringement, child pornography, and child grooming. There are also problems of privacy when confidential information is lost or intercepted, lawfully or otherwise.
Cyber crime encompasses a broad range of potentially illegal activities. Generally, however, it may be divided into one of two types of categories;
(1) crimes that target computer networks or devices directly;
(2) crimes facilitated by computer networks or devices, the primary target of which is independent of the computer network or device.
Examples of crimes that primarily target computer networks or devices would include:
- Malware (malicious code)
- Denial-of-service attacks
- Computer viruses
Examples of crimes that merely use computer networks or devices would include:
- Cyber stalking
- Fraud and identity theft
- Phishing scams
- Information warfare
A common example is when a person starts to steal information from sites, or cause damage to, a computer or computer network. This can be entirely virtual in that the information only exists in digital form, and the damage, while real, has no physical consequence other than the machine ceases to function. In some legal systems, intangible property cannot be stolen and the damage must be visible, e.g. as resulting from a blow from a hammer. Where human-centric terminology is used for crimes relying on natural language skills and innate gullibility, definitions have to be modified to ensure that fraudulent behavior remains criminal no matter how it is committed.
A computer can be a source of evidence. Even though the computer is not directly used for criminal purposes, it is an excellent device for record keeping, particularly given the power to encrypt the data. If this evidence can be obtained and decrypted, it can be of great value to criminal investigators.
Various forms of Cyber Crime may include:
- altering computer input in an unauthorized way. This requires little technical expertise and is not an uncommon form of theft by employees altering the data before entry or entering false data, or by entering unauthorized instructions or using unauthorized processes;
- altering, destroying, suppressing, or stealing output, usually to conceal unauthorized transactions: this is difficult to detect;
- altering or deleting stored data;
- altering or misusing existing system tools or software packages, or altering or writing code for fraudulent purposes. This requires real programming skills and is not common.
Spam or the unsolicited sending of bulk email for commercial purposes, is unlawful to varying degrees. As applied to email, specific anti-spam laws are relatively new, however limits on unsolicited electronic communications have existed in some forms for some time.
Computer fraud is any dishonest misrepresentation of fact intended to let another to do or refrain from doing something which causes loss. In this context, the fraud will result in obtaining a benefit by:
Other forms of fraud may be facilitated using computer systems, including bank fraud, identity theft, extortion, and theft of classified information.
A variety of Internet scams target consumers directly.
Obscene or offensive content
The content of websites and other electronic communications may be distasteful, obscene or offensive for a variety of reasons. In some instances these communications may be illegal. Many jurisdictions place limits on certain speech and ban racist, blasphemous, politically subversive, libelous or slanderous, seditious, or inflammatory material that tends to incite hate crimes. The extent to which these communications are unlawful varies greatly between countries, and even within nations. It is a sensitive area in which the courts can become involved in arbitrating between groups with entrenched beliefs. One area of Internet pornography that has been the target of the strongest efforts at curtailment is child pornography.
Whereas content may be offensive in a non-specific way, harassment directs obscenities and derogatory comments at specific individuals focusing for example on gender, race, religion, nationality, sexual orientation. This often occurs in chat rooms, through newsgroups, and by sending hate e-mail to interested parties (see cyber bullying, cyber stalking, harassment by computer, hate crime, online predator, and stalking). Any comment that may be found derogatory or offensive is considered harassment.
Drug traffickers are increasingly taking advantage of the Internet to sell their illegal substances through encrypted e-mail and other internet technology. Some drug traffickers arrange deals at internet cafes, use courier Web sites to track illegal packages of pills, and swap recipes for amphetamines in restricted-access chat rooms. The rise in Internet drug trades could also be attributed to the lack of face-to-face communication. These virtual exchanges allow more intimidated individuals to more comfortably purchase illegal drugs. The sketchy effects that are often associated with drug trades are severely minimized and the filtering process that comes with physical interaction fades away. Furthermore, traditional drug recipes were carefully kept secrets. But with modern computer technology, this information is now being made available to anyone with computer access.
Government officials and Information Technology security specialists have documented a significant increase in Internet problems and server scans since early 2001. But there is a growing concern among federal officials that such intrusions are part of an organized effort by cyber terrorists, foreign intelligence services, or other groups to map potential security holes in critical systems. A cyber terrorist is someone who intimidates or coerces a government or organization to advance his or her political or social objectives by launching computer-based attack against computers, network, and the information stored on them.
Cyber terrorism in general, can be defined as an act of terrorism committed through the use of cyberspace or computer resources (Parker 1983). As such, a simple propaganda in the Internet, that there will be bomb attacks during the holidays can be considered cyber terrorism. At worst, cyber terrorists may use the Internet or computer resources to carry out an actual attack. As well there are also hacking activities directed towards individuals, families, organised by groups within networks, tending to cause fear among people, demonstrate power, collecting information relevant for ruining people's lives, robberies, blackmailing etc.
Email bombing refers to sending a large amount of emails to the victim resulting in the victim's email account (in case of an individual) or mail server (in case of a company or an email service provider) crashing.
This kind of an attack involves altering the raw data just before it is processed by a computer and then changing it back after the processing is completed.
This attack is used for the commission of financial crimes. The key here is to make the alteration so insignificant that in a single case it would go completely unnoticed, e.g. a bank employee inserts a program into the bank's servers, which deducts a small amount of money (say Rs.5 a month) from the account of every customer. No single account holder will probably notice this unauthorized debit, but the bank employee will make a sizable amount of money every month.
Internet time theft
This connotes the usage by an unauthorized person of the Internet hours paid for by another person.
This is event dependent program. This implies that this program is created to do something only when a certain event (known as a trigger event) occurs, e.g. some viruses may be termed logic bombs because they lie dormant all through the year and become active only on a particular date (like the Chernobyl virus).
Virus / worm attack
Virus is a program that attaches itself to a computer or a file and then circulates itself into other files and to other computers on a network. They usually affect the data on a computer, either by altering or deleting it. Worms, unlike viruses do not need the host to attach themselves to. They merely make functional copies of themselves and do this repeatedly till they eat up all the available space on a computer's memory.
A Trojan, the program is aptly called an unauthorized program which functions from inside what seems to be an authorized program, thereby concealing what it is actually doing.
Denial of service attack
This involves flooding a computer resource with more requests than it can handle. This causes the resource (e.g. a web server) to crash thereby denying authorized users the service offered by the resource.
Distributed denial of Service attack
This is a denial of service attack wherein the perpetrators are many and are geographically widespread. It is very difficult to control such attacks.
This would include pornographic websites, pornographic magazines produced using computers (to publish and print the material) and the Internet (to download and transmit pornographic pictures, photos, writings etc.)
A spoofed email is one that appears to originate from one source but actually has been sent from another source.
Intellectual Property Crime
This includes software piracy, copyright infringement, trademarks violations etc.
The Oxford dictionary defines stalking as "pursuing stealthily". Cyber stalking involves following a person's movements across the Internet by posting messages (sometimes threatening) on the bulletin boards frequented by the victim, entering the chat-rooms frequented by the victim, constantly bombarding the victim with emails etc.
Initiatives by Karnataka Police against Cyber Crime
A Cyber Crime Cell was started at Criminal Investigation Department - Head Quarters, Bangalore to deal with Cyber Crime, vide Govt. Notification No. HD173POP 99 dt.15-10-1999. The Cyber Crime Cell started functioning at Criminal Investigation Department - Head Quarters, Bangalore from 21-10-1999, with one Deputy Superintendent of Police and four Police Inspectors along with supporting staff. The Cyber Crime Cell was declared as Cyber Crime Police Station on 13th September 2001 vide Govt. Notification No. HD173POP99dt.13th September 2001. It was duly notified in the Karnataka Official Gazette, vide Part IV-A No.1840, on Monday, the 22nd October 2001 and from then it has been functional.
The Whole of the State of Karnataka in respect of the offences specified below;
The Cyber Crime Police Station shall have jurisdiction in respect of all the offences committed under 'The Information Technology Act, 2000' (Central Act.No.21 of 2000) or offences relating to Intellectual Property Rights.
Working of Cyber Crime Police Station
The Cyber Crime Police Station has strength of four Deputy Superintendents of Police and four Police Inspectors assisted by supporting staff. There is one legal adviser of the rank of Deputy Director of Prosecution assisting the Police Officers on legal issues. Depending upon legal and technical requirement, assistance from outside experts is also taken.
Functioning of Cyber Crime Police Station is supervised by Superintendent of Police (CID), Deputy Inspector General of Police - Economic Offences (CID), Inspector General of Police - Economic Offences (CID), under the overall supervision and guidance of Director General of Police - Criminal Investigation Department - Training, Special units and Economic Offences, Bangalore.
- Do not give your password to anybody. Somebody who is malicious can cause great harm to you and your reputation. It is like leaving your house open for a stranger and walking away.
- When talking to somebody new on the net, do not give away personal information-like numbers of the credit card used by your parents, your home addresses/phone numbers and such other personal information.
- If you feel uncomfortable or threatened when somebody on the net feeds you an improper or indecent message inform your parents or elders.
- Do not break into somebody else's computer and worse still change things; you are probably destroying a lifetime of hard work by somebody. You may be intelligent but use your intelligence for better things. Somebody else can be as ruthless and as intelligent to break into your system and destroy your creations as well.
- Do not copy a program that is copyrighted on the net. It is illegal. You are actually stealing somebody else's hard work. There is a lot of illegally available material on the net. Do not use it yourself.
- Don't delete harmful communications (emails, chat logs, posts etc). These may help provide vital information about the identity of the person behind these.
- Try not to panic.
- If you feel any immediate physical danger of bodily harm, call your local police.
- Avoid getting into huge arguments online during chat or discussions with other users.
- Remember that all other internet users are strangers. You do not know who you are chatting with. So be careful and polite.
- Be extremely careful about how you share personal information about yourself online.
- Choose your chatting nickname carefully so as not to offend others.
- Do not share personal information in public spaces anywhere online, do not give it to strangers, including in e-mail or chat rooms. Do not use your real name or nickname as your screen name or user ID. Pick a name that is gender and age neutral and do not post personal information as part of any user profile.
- Be extremely cautious about meeting online acquaintances in person. If you choose to meet, do so in a public place and take along a friend.
- Make sure that your ISP and Internet Relay Chat (IRC) network have an acceptable use policy that prohibits cyber-stalking. And if your network fails to respond to your complaints, consider switching to a provider that is more responsive to user complaints.
- If a situation online becomes hostile, log off or surf elsewhere. If a situation places you in fear, contact a local law enforcement agency.
- Save all communications for evidence. Do not edit or alter them in any way. Also, keep a record of your contacts with Internet System Administrators or Law Enforcement Officials.
Suggestions for better security
- Use strong passwords. Choose passwords that are difficult or impossible to guess. Give different passwords to all other accounts.
- Make regular back-up of critical data. Back-up must be made at least once in each day. Larger organizations should perform a full back-up weekly and incremental back-up every day. At least once in a month the back-up media should be verified.
- Use virus protection software. That means three things: having it on your computer in the first place, checking daily for new virus signature updates, and then actually scanning all the files on your computer periodically.
- Use a firewall as a gatekeeper between your computer and the Internet. Firewalls are usually software products. They are essential for those who keep their computers online through the popular DSL and cable modem connections but they are also valuable for those who still dial in.
- Do not keep computers online when not in use. Either shut them off or physically disconnect them from Internet connection.
- Do not open e-mail attachments from strangers, regardless of how enticing the subject line or attachment may be. Be suspicious of any unexpected e-mail attachment from someone you do know because it may have been sent without that person's knowledge from an infected machine.
- Regularly download security patches from your software vendors
Hacking is an offence under section 66 of the IT Act. Hacking attracts serious penalties which include a jail term of 3 years, a fine of Rs. 2 Lakh or both.