1.

INTRODUCTION TO CYBERCRIME

2. Introduction Cybercrime:
3. Definition and Origins of the Word
4. Cybercrime and Information Security
5. Who are Cybercriminals?
 **Cybercriminals** are individuals or groups who engage in illegal activities
using computers and the internet to commit crimes.
 The motivation behind their actions can vary widely, from personal
recognition to financial gain or revenge.

### **Common Cybercrime Activities:**

- **Credit card fraud**: Stealing credit card information to make unauthorized
purchases.

- **Cyberstalking**: Using online platforms to harass or intimidate individuals.

- **Online defamation**: Spreading false information to damage someone's

reputation.

- **Unauthorized access**: Hacking into computer systems without permission.

- **Copyright infringement**: Ignoring intellectual property rights, such as software

licensing and trademark protection.

- **Encryption bypass**: Cracking encryption to make illegal copies of software or

other digital media.

- **Software piracy**: Distributing illegal copies of software.

- **Identity theft**: Stealing someone’s personal information to commit fraud or

other criminal acts.

### **Categories of Cybercriminals**:

#### **Type I: Cybercriminals Hungry for Recognition**:

These individuals commit cybercrimes for fame or recognition within their
communities or online. They may not always have financial motives but seek
acknowledgment of their skills.

- **Hobby hackers**: Individuals who hack systems for fun or to challenge

themselves.
 - **IT professionals**: Using their knowledge of systems to engage in social
engineering or hacking activities.

- **Politically motivated hackers**: Hackers who attack systems for political or

ideological reasons.

- **Terrorist organizations**: Using cyberattacks as a tool for furthering their agenda

or spreading fear.

#### **Type II: Cybercriminals Not Interested in Recognition**:

These individuals or groups are not concerned with fame but rather with personal,
financial, or political gain.

- **Psychological perverts**: Individuals engaging in cyberstalking or other predatory

online behaviors.

- **Financially motivated hackers**: Individuals involved in activities like **corporate

espionage**, stealing intellectual property or financial data for profit.

- **State-sponsored hackers**: Government-backed hackers engaged in

**espionage** or **sabotage**, targeting other nations or organizations for national
security or competitive advantage.

- **Organized crime syndicates**: Groups that use cybercrime for large-scale

financial gain, such as through ransomware, fraud, or trafficking.

#### **Type III: Cybercriminals – The Insiders**:

These criminals work within the organizations they target and may act out of
revenge, greed, or under influence from external entities.

- **Disgruntled employees**: Current or former employees seeking for revange

- **Corporate espionage**: Employees of one company who are used by competing
companies to steal trade secrets or inflict financial damage on their employer.

Each type of cybercriminal poses unique risks, and their actions can have far-reaching
consequences for individuals, businesses, and even governments. Would you like to
know more about any particular type or crime?
6. Classifications of Cybercrimes
Crime is defined as an act or the commission of an act that is forbidden
Cybercrimes can be broadly classified into different categories depending on the
target of the criminal activity. Below are the primary classifications:
1. Cybercrime Against Individuals:
These crimes are targeted towards specific individuals with the aim of causing harm
or committing fraud. Examples include:
o E-Mail Spoofing: Sending an email that appears to come from a trusted
source but is actually from a malicious actor, often to harm relationships or
trick the recipient.
o Online Fraud: Phishing(Phishing is the process of collecting your personal
information through e-mails or websites claiming to be legitimate. This
information can include usernames, passwords, credit card numbers, social
security numbers, etc. Often times the e-mails directs you to a website where
you can update your personal information. Because these sites often look
“official,” they hope you’ll be tricked into disclosing valuable information that
you normally would not reveal. This often times, results in identity theft and
financial loss.)
, spyware, viruses,( Spyware and viruses are both malicious programs that are
loaded onto your computer without your knowledge. The purpose of these
programs may be to capture or destroy information, to ruin computer
performance or to overload you with advertising. Viruses can spread by
infecting computers and then replicating. Spyware disguises itself as a
legitimate application and embeds itself into your computer where it then
monitors your activity and collects information) and other forms of fraud
aimed at stealing personal information or financial assets.

o Phishing, Spear Phishing(Spear Phishing is a method of sending a Phishing

message to a particular organization to gain organizational information for
more targeted social engineering. Here is how Spear Phishing scams work;
Spear Phishing describes any highly targeted Phishing attack. Spear phishers
send E-Mail that appears genuine to all the employees or members within a
certain company, government agency, organization or group. The message
might look as if it has come from your employer, or from a colleague who
might send an E Mail message to everyone in the company; it could include
requests for usernames or passwords. While traditional Phishing scams are
designed to steal information from individuals, spear phishing scam works to
gain access to a company's entire computer system),
Vishing(Vishing (voice phishing) is a type of phishing attack that is conducted
by phone and often targets users of Voice over IP (VoIP) services like Skype.
It’s easy to for scammers to fake caller ID, so they can appear to be calling
from a local area code or even from an organization you know. If you don’t
pick up, then they’ll leave a voicemail message asking you to call back.
Sometimes these kinds of scams will employ an answering service or even a
call center Once again, the aim is to get credit card details, birthdates,
account sign-ins, or sometimes just to harvest phone numbers from your
contacts. If you respond and call back, there may be an automated message
prompting you to hand over data and many people won’t question this,
 because they accept automated phone systems as part of daily life now..),
and Smishing(Smishing (SMS phishing) is a type of phishing attack conducted
using SMS (Short Message Services) on cell phones. Just like email phishing
scams, smishing messages typically include a threat or enticement to click a
link or call a number and hand over sensitive information. Sometimes they
might suggest you install some security software, which turns out to be
malware. Smishing example: A typical smishing text message might say
something along the lines of, “Your ABC Bank account has been suspended.
To unlock your account, tap here: https://bit.ly/2LPLdaU” and the link
provided will download malware onto your phone. Scammers are also adept
at adjusting to the medium they’re using, so you might get a text message
that says, “Is this really a pic of you? https://bit.ly/2LPLdaU” and if you tap
that link to nd out, once again you’re downloading malware):

o Spamming: (Spamming
Spamming refers to the practice of sending unsolicited, bulk messages across
various electronic communication platforms, primarily for advertising
purposes. People who engage in this activity are known as spammers. Spam is
an abuse of electronic messaging systems and can occur in various forms
across multiple platforms, not just email.
Common Forms of Spam:
Email Spam: The most widely recognized form, where spammers send bulk
messages to email addresses without consent, often for advertising or
malicious purposes.
Instant Messaging Spam: Unsolicited messages sent via platforms like
WhatsApp, Facebook Messenger, or other chat services.
Usenet Newsgroup Spam: Excessive posting in newsgroups, disrupting
discussions with unrelated or irrelevant content.
Search Engine Spam: Manipulating search engine results by using deceptive
techniques to increase a website’s ranking for specific keywords.
Blog and Wiki Spam: Posting irrelevant comments or links to unrelated
products on blogs or wikis to generate traffic or backlinks.
Social Media Spam: Unsolicited promotions or phishing messages posted on
social media platforms, including Twitter, Instagram, and Facebook.
Forum Spam: Mass-posting irrelevant content or links to online forums.
Mobile Messaging Spam: Unrequested bulk SMS or multimedia messages
sent to mobile phone users.
File Sharing Network Spam: Uploading fake or malicious files to file-sharing
platforms.
Video Sharing Spam: Posting irrelevant or promotional comments or videos
on platforms like YouTube.
Junk Fax and Spam over Internet Fax: Sending unwanted promotional
content via fax machines.
 Why Spamming is Difficult to Control:
Economic Viability: Spammers incur minimal costs since electronic messaging
systems are generally free or low-cost. Managing mailing lists and sending
bulk messages are inexpensive, making it easy for spammers to profit with
little upfront investment.
Low Barrier to Entry: Due to the ease and low cost of setting up spam
campaigns, almost anyone can start spamming. There is little accountability
or regulation that effectively prevents it.
Volume of Spam: With millions of spammers operating globally, the volume
of unrequested mail or messages becomes overwhelming, further
complicating efforts to curb the practice.
Techniques Often Used by Spammers (and Best Avoided):
To make spam harder to detect and to manipulate web traffic or search
engine rankings, spammers employ various deceptive techniques. These
include:
Repeating Keywords: Overloading a page with the same keyword in hopes of
improving search rankings.
Irrelevant Keywords: Using popular but unrelated keywords to draw traffic to
the page.
Fast Meta Refresh: Automatically redirecting users to a different page shortly
after loading.
Redirection: Sending users to a different URL than what was clicked on.
IP Cloaking: Serving different content to search engine crawlers than to
regular users to manipulate rankings.
Coloured Text on the Same Colour Background: Hiding keywords from users
but making them visible to search engines.
Tiny Text: Using very small font sizes to hide text full of keywords from the
user while search engines index them.
Duplicate Pages: Creating multiple pages with identical content but different
URLs to flood search engine results.
Hidden Links: Inserting links that are not visible to users but can be indexed
by search engines.
Gateway Pages: Using different pages that all lead to the same destination
URL, often in an attempt to boost search engine rankings artificially.
Impact of Spamming:
User Experience: Spam clutters inboxes, search results, social media feeds,
and forums, making it harder for users to find relevant and useful
information.
System Overload: Excessive spamming can overwhelm email servers,
networks, and websites, reducing their performance.
Security Risks: Spam is often used as a vector for phishing attacks, malware
distribution, and other cybercrimes.)

o Cyber Defamation: (
 Definition of Defamation:
According to legal definitions, defamation occurs when someone makes or
publishes a statement, whether through spoken words, written text, signs, or
visible representations, intending to harm, or knowing that the statement
could harm, the reputation of another person. Cyber defamation occurs when
these defamatory actions take place through computers or the internet.
Cyber Defamation in Practice:
 Online Publications: A person may post defamatory statements on blogs, websites,
or social media platforms, intending to harm someone’s reputation. This could
include spreading false accusations or damaging opinions about an individual or
organization.
 Emails and Messages: Sending defamatory content through emails or messages to
third parties is also considered cyber defamation. For instance, an email containing
false allegations sent to an individual’s employer or social circle can lead to
reputational damage.
 Social Media Defamation: Defamatory statements on platforms like Facebook,
Twitter, or Instagram can spread quickly and widely, making them particularly
harmful. The rapid sharing nature of these platforms amplifies the effects of such
content.
 Discussion Forums: Posting defamatory material in online discussion forums or
newsgroups can also constitute cyber defamation.
Example Scenarios:
1. Website Posting: Someone publishes false, damaging content about an individual or
company on a website or blog. This could be a review or article that accuses the
target of illegal or immoral activities that are untrue.
2. Email Defamation: An individual sends an email to multiple people, falsely claiming
that a person has engaged in criminal activity or unethical behavior, thereby
damaging the recipient's perception of that person.
3. Social Media Slander: A person posts unsubstantiated, harmful claims about
someone on a social media platform, which is then seen by hundreds or even
thousands of people, tarnishing the reputation of the target.
Legal Considerations:
Cyber defamation is a cognizable offense, meaning it can be reported to law
enforcement and investigated as a criminal act. Many countries have laws
specifically addressing cyber defamation or include it within their broader
defamation and cybercrime laws.
 Intent: For cyber defamation to be actionable, it must be shown that the individual
responsible for the defamatory statement intended to cause harm or had reason to
believe that the statement would harm the person’s reputation.
 Exceptions: Some exceptions apply to defamation claims, including statements made
in good faith, fair criticism, or privileged communications (such as in court or
government proceedings).
Impact:
Cyber defamation can have severe consequences, including:
 Reputational Damage: The victim may suffer personal or professional harm, leading
to job loss, strained relationships, or public embarrassment.
 Emotional Distress: Being the target of online defamation can cause significant
emotional and psychological harm.
 Legal and Financial Ramifications: Both the person responsible for cyber defamation
and the platforms that host the defamatory content may face legal action, resulting
in fines, compensation to the victim, or even criminal penalties in some jurisdictions.
)

o Cyberstalking: 6. Cyberstalking and harassment: The dictionary meaning of

“stalking” is an “act or process of following prey stealthily – trying to
approach somebody or something.” Cyberstalking has been defined as the
use of information and communications technology, particularly the Internet,
by an individual or group of individuals to harass another individual, group of
individuals, or organization. The behaviour includes false accusations,
monitoring, Downloaded by Sriram Kuriseti (sriramkuriseti@gmail.com)
lOMoARcPSD|45814754 transmission of threats, ID theft, damage to data or
equipment, solicitation of minors for sexual purposes, and gathering
information for harassment purposes. As the internet has become an integral
part of our personal & professional lives, cyberstalkers take advantage of ease
of communication & an increased access to personal information available
with a few mouse clicks or keystrokes. They are 2 types of stalkers: Online
Stalkers: aim to start the interaction with the victim directly with the help of
the internet. Offline Stalkers: the stalker may begin the attack using
traditional methods such as following the victim, watching the daily routine of
the victim. 7. Computer Sabotage: The use of the Internet to stop the normal
functioning of a computer system through the introduction of worms, viruses
or logic bombs, is referred to as computer sabotage. It can be used to gain
economic advantage over a competitor, to promote the illegal activities of
terrorists or to steal data or programs for extortion purposes. Logic bombs
are event-dependent programs created to do something only when a certain
event (known as a trigger event) occurs. Some viruses may be termed as logic
bombs because they lie dormant all through the year and become active only
on a particular date. 8. Pornographic Offenses: Child pornography means any
visual depiction, including but not limited to the following: 1. Any photograph
that can be considered obscene and/or unsuitable for the age of child viewer;
2. film, video, picture; 3. computer-generated image or picture of sexually
explicit conduct where the production of such visual depiction involves the
use of a minor engaging in sexually explicit conduct. Child Pornography is
considered an offense. The internet is being highly used by its abusers to
reach and abuse children sexually, worldwide. The Internet has become a
household commodity in the urban areas of the nation. Its explosion has
made the children a viable victim to the cybercrime. As the broad-band
connections get into the reach of more and more homes, larger child
 population will be using the Internet and therefore greater would be the
chances of falling victim to the aggression of pedophiles. Pedophiles are the
people who physically or psychologically coerce minors to engage in sexual
activities, which the minors would not consciously consent too. Here is how
pedophiles operate:       Step 1: Pedophiles use a false identity to trap
the children/teenagers. Step 2: They seek children/teens in the kids’ areas on
the services, such as the Games BB or chat areas where the children gather.
Step 3: They befriend children/teens. Step 4: They extract personal
information from the child/teen by winning his/her confidence. Step 5:
Pedophiles get E-Mail address of the child/teen and start making contacts on
the victim’s E-Mail address as well. Sometimes, these E-Mails contain sexually
explicit language. Step 6: They start sending pornographic images/text to the
victim including child pornographic images in order to help child/teen shed
his/her inhibitions so that a Downloaded by Sriram Kuriseti
(sriramkuriseti@gmail.com) lOMoARcPSD|45814754 feeling is created in the
mind of the victim that what is being fed to him is normal and that everybody
does it.  Step 7: At the end of it, the pedophiles set up a meeting with the
child/teen out of the house and then drag him/her into the net to further
sexually assault him/her or to use him/her as a sex object. 9. Password
Sniffing: is a hacking technique that uses a special software application that
allows a hacker to steal usernames and passwords simply by observing and
passively recording network traffic. This often happens on public WiFi
networks where it is relatively easy to spy on weak or unencrypted traffic.
And yet, password sni 昀昀 ers aren’t always used for malicious intent. They are
often used by IT professionals as a tool to identify weak applications that may
be passing critical information unencrypted over the Local Area Network
(LAN). IT practitioners know that users download and install risky software at
times in their environment, running a passive password sniffer on the
network of a business to identify leaky applications is one legitimate use of a
password sniffer. Harassment or stalking using online methods to monitor or
threaten individuals.
o Computer Sabotage: Using malware like worms or viruses to disrupt
computer systems, often for personal or financial gain.
o Pornographic Offenses: Distributing or accessing child pornography or
engaging in illegal activities involving minors.
o Password Sniffing: A hacking technique used to steal usernames and
passwords from network traffic, often used on public WiFi networks.

Cybercrime against property 1. Credit Card Frauds: Credit card fraud is an inclusive
term for fraud committed using a payment card, such as a credit card or debit card.
The purpose may be to obtain goods or services, or to make payment to another
account which is controlled by a criminal. The Payment Card Industry Data Security
Standard (PCI DSS) is the data security standard created to help businesses process
card payments securely and reduce card fraud. Credit card fraud can be authorised,
where the genuine customer themselves processes a payment to another account
which is controlled by a criminal, or unauthorised, where the account holder does
not provide authorisation for the payment to proceed and the transaction is carried
out by a third party. Credit cards are more secure than ever, with regulators, card
providers and banks taking considerable time and effort to collaborate with
investigators worldwide to ensure fraudsters aren't successful. Cardholders' money is
usually protected from scammers with regulations that make the card provider and
bank accountable. The technology and security measures behind credit cards are
becoming increasingly sophisticated making it harder for fraudsters to steal money.
2. Intellectual Property (IP) Crimes: With the growth in the use of internet these days
the cybercrimes are also growing. Cyber theft of Intellectual Property (IP) is one of
them. Cyber theft of IP means stealing of copyrights, software piracy, trade secrets,
patents etc., using internet and computers. Copyrights and trade secrets are the two
forms of IP that is frequently stolen. For example, stealing of software, business
strategies etc. Generally, the stolen material is sold to the rivals or others for further
sale of the product. This may result in the huge loss to the company who originally
created it. Downloaded by Sriram Kuriseti (sriramkuriseti@gmail.com) lOMoARcPSD|
45814754 Another major cyber theft of IP faced by India is piracy. These days one
can get pirated version of movies, software etc. The piracy results in a huge loss of
revenue to the copyright holder. It is difficult to find the cyber thieves and punish
them because everything they do is over internet, so they erase the data
immediately and disappear within fraction of a second.  Internet time theft: Such a
theft occurs when an unauthorized person uses the Internet hours paid for by
another person. Basically, Internet time theft comes under hacking because the
person who gets access to someone else’s ISP user ID and password, either by
hacking or by gaining access to it by illegal means, uses it to access the Internet
without the other person’s knowledge. However, one can identify time theft if the
Internet time has to be recharged often, even when one’s own use of the Internet is
not frequent. The issue of Internet time theft is related to the crimes conducted
through identity theft. Cybercrime against Organization 1. Unauthorized accessing of
Computer: Hacking is one method of doing this and hacking is punishable offense.
Unauthorized computer access, popularly referred to as hacking, describes a criminal
action whereby someone uses a computer to knowingly gain access to data in a
system without permission to access that data. 2. Password Sniffing: Password
Sniffers are programs that monitor and record the name and password of network
users as they login, jeopardizing security at a site. Whoever installs the Sniffer can
then impersonate an authorized user and login to access restricted documents. Laws
are not yet set up to adequately prosecute a person for impersonating another
person online. Laws designed to prevent unauthorized access to information may be
effective in apprehending crackers using Sniffer programs. 3. Denial-of-service Attacks
(DoS Attacks): It is an attempt to make a computer resource (i.e.., information
systems) unavailable to its intended users. In this type of criminal act, the attacker
floods the bandwidth of the victim’s network or 昀椀 lls his E-Mail box with spam mail
depriving him of the services he is entitled to access or provide. The goal of DoS is
not to gain unauthorized access to systems or data, but to prevent intended users
(i.e., legitimate users) of a service from using it. A DoS attack may do the following: 1.
Flood a network with traffic, thereby preventing legitimate network traffic. 2. Disrupt
connections between two systems, thereby preventing access to a service. 3. Prevent
a particular individual from accessing a service. 4. Disrupt service to a specifi c
system or person. 4. Virus attacks/dissemination of Viruses: Computer virus is a
program that can “infect” legitimate (valid) programs by modifying them to include a
possibly “evolved” copy of itself. Viruses spread themselves, without the knowledge
or permission of the users, to potentially large numbers of programs on many
machines. A computer virus passes from computer to computer in a similar manner
as a biological virus passes from person to person. Viruses may also contain malicious
instructions that may cause damage or annoyance; the combination of possibly
Malicious Code with the ability to spread is what makes Downloaded by Sriram
Kuriseti (sriramkuriseti@gmail.com) lOMoARcPSD|45814754 viruses a considerable
concern. Viruses can often spread without any readily visible symptoms. Viruses can
take some typical actions: 1. Display a message to prompt an action which may set of
the virus 2. Delete files inside the system into which viruses enter 3. Scramble data
on a hard disk 4. Cause erratic screen behavior 5. Halt the system (PC) 6. Just
replicate themselves to propagate further harm 5. E-Mail bombing/Mail bombs: E-
Mail bombing refers to sending a large number of E-Mails to the victim to crash
victim’s E-Mail account (in the case of an individual) or to make victim’s mail servers
crash (in the case of a company or an E-Mail service provider). Computer program
can be written to instruct a computer to do such tasks on a repeated basis. In recent
times, terrorism has hit the Internet in the form of mail bombings. By instructing a
computer to repeatedly send E-Mail to a specified person’s E-Mail address, the
cybercriminal can overwhelm the recipient’s personal account and potentially shut
down entire systems. This may or may not be illegal, but it is certainly disruptive. 6.
Salami Attack/Salami technique: These attacks are used for committing financial
crimes. The idea here is to make the alteration so insignificant that in a single case it
would go completely unnoticed; For example a bank employee inserts a program,
into the bank’s servers, that deducts a small amount of money (say Rs. 2/- or a few
cents in a month) from the account of every customer. No account holder will
probably notice this unauthorized debit, but the bank employee will make a sizable
amount every month. 7. Logic Bomb: A Logic Bomb is a piece of often-malicious code
that is intentionally inserted into software. It is activated upon the host network only
when certain conditions are met. Some viruses may be termed as logic bombs
because they lie dormant all through the year and become active only on a particular
date. 8. Trojan Horse: A Trojan Horse, Trojan for short, is a term used to describe
malware that appears, to the user, to perform a desirable function but, in fact,
facilitates unauthorized access to the user’s computer system. 9. Data Diddling: A
data diddling (data cheating) attack involves altering raw data just before it is
processed by a computer and then changing it back after the processing is
completed. Electricity Boards in India have been victims to data diddling programs
inserted when private parties computerize their systems. 10. Newsgroup
Spam/Crimes emanating from Usenet newsgroup: This is one form of spamming. The
word “Spam” was usually taken to mean Excessive Multiple Posting (EMP). The
advent of Google Groups, and its large Usenet archive, has made Usenet more
attractive to spammers than ever. Spamming of Usenet newsgroups actually predates
E-Mail Spam. 11.Industrial spying/Industrial espionage: Spying is not limited to
governments. Corporations, like governments, often spy on the enemy. The Internet
and privately networked systems provide new and better opportunities for
espionage. “Spies” can get Downloaded by Sriram Kuriseti
(sriramkuriseti@gmail.com) lOMoARcPSD|45814754 information about product
finances, research and development and marketing strategies, an activity known as
“industrial spying.” However, cyberspies rarely leave behind a trail. Industrial spying
is not new; in fact it is as old as industries themselves. The use of the Internet to
achieve this is probably as old as the Internet itself. Traditionally, this has been the
reserved hunting field of a few hundreds of highly skilled hackers, contracted by high-
profile companies or certain governments via the means of registered organizations
(it is said that they get several hundreds of thousands of dollars, depending on the
“assignment”). With the growing public availability of Trojans and Spyware material,
even low-skilled individuals are now inclined to generate high volume profit out of
industrial spying. This is referred to as “Targeted Attacks” (which includes “Spear
Phishing”). 12. Computer network intrusions: “Crackers” who are often misnamed
“Hackers can break into computer systems from anywhere in the world and steal
data, plant viruses, create backdoors, insert Trojan Horses or change user names and
passwords. Network intrusions are illegal, but detection and enforcement are
difficult. Current laws are limited and many intrusions go undetected. The cracker
can bypass existing password protection by creating a program to capture logon IDs
and passwords. The practice of “strong password” is therefore important. 13.
Software piracy: This is a big challenge area indeed. Cybercrime investigation cell of
India defines “software piracy” as theft of software through the illegal copying of
genuine programs or the counterfeiting and distribution of products intended to pass
for the original. There are many examples of software piracy: 1. end-user copying:
friends loaning disks to each other, or organizations under reporting the number of
software installations they have made, or organizations not tracking their software
licenses; 2. hard disk loading with illicit means: hard disk vendors load pirated
software; 3. counterfeiting: large-scale duplication and distribution of illegally copied
software; 4. Illegal downloads from the Internet: by intrusion, by cracking serial
numbers, etc. Beware that those who buy pirated software have a lot to lose: getting
untested software that may have been copied thousands of times over,      the
software, if pirated, may potentially contain hard-drive-infecting viruses, there is no
technical support in the case of software failure, that is, lack of technical product
support available to properly licensed users, there is no warranty protection, there is
no legal right to use the product, etc. Cybercrime against Society 1. Forgery:
Counterfeit currency notes, postage and revenue stamps, marksheets, etc. can be
forged using sophisticated computers, printers and scanners. Outside many colleges
there are miscreants soliciting the sale of fake mark-sheets or even degree
certificates. These are made using computers and high quality scanners and printers.
In fact, this is becoming a booming business involving large monetary amount given
to student gangs in exchange for these bogus but authentic looking certificates.
Downloaded by Sriram Kuriseti (sriramkuriseti@gmail.com) lOMoARcPSD|45814754
2. Cyberterrorism: Cyberterrorism is a controversial term. Cyberterrorism is the use
of the Internet to conduct violent acts that result in, or threaten, loss of life or
significant bodily harm, in order to achieve political or ideological gains through
threat or intimidation. It is also sometimes considered an act of Internet terrorism
where terrorist activities, including acts of deliberate, large-scale disruption of
computer networks, especially of personal computers attached to the Internet by
means of tools such as computer viruses, computer worms, phishing, and other
malicious software and hardware methods and programming scripts. Web Jacking:
Web jacking occurs when someone forcefully takes control of a website (by cracking
the password and later changing it). Thus, the 昀椀 rst stage of this crime involves
“password sni 昀케 ng”. The actual owner of the website does not have any more
control over what appears on that website. Crimes emanating from Usenet
newsgroup: By its very nature, Usenet groups may carry very offensive, harmful,
inaccurate or otherwise inappropriate material, or in some cases, postings that have
been mislabelled or are deceptive in another way. Therefore, it is expected that you
will use caution and common sense and exercise proper judgment when using
Usenet, as well as use the service at your own risk. Usenet is a popular means of
sharing and distributing information on the Web with respect to specific topic or
subjects. Usenet is a mechanism that allows sharing information in a many to-many
manner. The newsgroups are spread across 30,000 different topics.

**Crimes Emanating from Usenet Newsgroups**

Usenet newsgroups, one of the oldest forms of online discussion, allow users to
share and distribute information on a wide range of topics. However, due to its
decentralized and unregulated nature, several risks and crimes are associated with
these groups:

### Key Issues:

1. **Offensive or Harmful Content**: Usenet groups may contain material that is
inappropriate, offensive, or harmful. This could include anything from hate speech,
violent content, and harmful misinformation to explicit material.

2. **Mislabelled or Deceptive Postings**: Some postings may be mislabeled or

deceptive in nature, leading users to engage with content they were not intending to
view. This could result in exposure to inappropriate or illegal material without the
user's knowledge.

3. **Inaccurate Information**: Given that Usenet groups often lack moderation,

there is a risk of encountering inaccurate or false information, which can be
 misleading and potentially harmful in certain contexts, especially regarding health or
financial advice.

4. **Risk of Spamming**: Usenet is also vulnerable to **spamming**, where

individuals post excessive, unwanted content or advertisements across multiple
newsgroups. This was one of the first forms of online spam and can still be an issue
today.

5. **Illegal Activities**: Due to the anonymity and ease of access, Usenet has
sometimes been used to distribute illegal materials, such as pirated software,
unauthorized media content, or even more nefarious content like hacked data or
malware.

### User Responsibility:

- **Caution and Judgment**: Because of these potential risks, users are encouraged
to exercise caution, use common sense, and verify the accuracy of information
before acting upon it.
- **Self-Regulation**: Since Usenet operates with little oversight, it becomes the
user’s responsibility to avoid harmful content and refrain from engaging in illegal or
inappropriate activities.

### Popularity and Reach:

Usenet remains a popular platform due to its ability to cover a vast range of topics
(around 30,000 different newsgroups). It operates in a many-to-many manner,
meaning that it allows for widespread distribution of information across a large
number of participants, which can be both a strength and a weakness, depending on
how the platform is used.

In summary, while Usenet is a powerful tool for information sharing, it comes with
inherent risks, and users need to be aware of potential dangers when engaging with
its content.
7. Cybercrime: The Legal Perspectives And Indian Perspective
8. Cybercrimes: Cybercrime and the Indian ITA 2000
### 7. **Cybercrime: The Legal Perspectives and Indian Perspective**

Cybercrime refers to illegal activities carried out using computers, digital devices, or
networks as the primary tools. These crimes can range from identity theft to hacking and
cyberterrorism. With the rapid digital transformation globally, cybercrimes have become
increasingly common and more complex, necessitating robust legal frameworks to combat
them. Below are key points on cybercrime from both global and Indian legal perspectives:
#### **Global Legal Perspectives on Cybercrime:**
- **Legal Frameworks**: Many countries have developed cybercrime laws to prosecute
offenders and safeguard citizens. The **Budapest Convention on Cybercrime** (2001), also
known as the Convention on Cybercrime, is one of the most important international legal
frameworks aimed at harmonizing cybercrime laws globally, fostering international
cooperation, and improving investigative techniques.
- **Common Types of Cybercrime**:
- **Hacking**: Unauthorized access to computer systems to steal or manipulate data.
- **Phishing and Identity Theft**: Fraudulent attempts to obtain sensitive information.
- **Cyber Espionage**: The act of stealing confidential or classified information from
individuals, governments, or corporations for political, financial, or strategic advantage.
- **Cyberterrorism**: The use of digital tools to carry out terrorist attacks, disrupt services,
or threaten national security.
- **Financial Crimes**: Online fraud, money laundering, and cryptocurrency-related
crimes.
- **Challenges**: The global nature of the internet complicates jurisdictional issues, and
cybercrimes often cross national borders. This makes international cooperation crucial for
enforcement and prosecution.

#### **Indian Perspective on Cybercrime:**

India has witnessed an increase in cybercrimes with the rapid growth of internet users,
making legal regulation and enforcement essential. The primary legal framework governing
cybercrime in India is the **Information Technology Act, 2000 (IT Act 2000)**.

- **Key Features of Indian IT Laws**:

- The **IT Act 2000** aims to address electronic commerce, digital signatures, and the
legal recognition of electronic records.
- The act includes provisions for punishing cybercrimes like hacking, data theft, digital
impersonation, and online fraud.
- The **Amendment of 2008** to the IT Act significantly strengthened the framework by
adding provisions to address new challenges such as phishing, child pornography, and cyber
terrorism.
- **Section 66** of the IT Act deals with cybercrimes related to hacking, theft of
information, and unauthorised use of data. It provides penalties ranging from fines to
imprisonment.
 - **Section 67** penalizes the publication or transmission of obscene material in electronic
form, including child pornography.
- **Section 69** gives the Indian government power to intercept, monitor, or decrypt any
information generated or transmitted through any computer resource in the interest of
national security.

- **Recent Developments**:
- India has also established **CERT-In (Indian Computer Emergency Response Team)** to
monitor and respond to cyber threats.
- With the rise of digital payments, there has been increased focus on strengthening
cybersecurity frameworks, including the introduction of guidelines by the **Reserve Bank of
India (RBI)** to protect banking infrastructure from cyber fraud.
- **Cybercrime Units**: Several states have dedicated cybercrime units to handle online
fraud, identity theft, and digital crime investigations.

- **Challenges in India**:
- **Jurisdictional Issues**: Since cybercrimes can be committed from anywhere in the
world, determining jurisdiction is challenging.
- **Lack of Awareness**: Many citizens are not aware of their rights or the legal remedies
available to them in case of cybercrime.
- **Low Conviction Rates**: Despite growing cybercrime rates, conviction rates remain low
due to the technical complexity of investigations and evidence gathering.

---

### 8. **Cybercrimes: Cybercrime and the Indian ITA 2000**

The **Information Technology Act, 2000 (ITA 2000)** is the cornerstone legislation
governing cybercrime and electronic commerce in India. It was enacted to provide legal
recognition to electronic transactions, digital signatures, and protect data privacy. Over time,
it has evolved to cover a wide range of cybercrimes as the digital landscape and threat
vectors expanded.

#### **Cybercrimes Addressed under the ITA 2000**:

1. **Hacking**:
- Defined under **Section 66** of the IT Act, hacking refers to the unauthorised access to
a computer or network to damage, steal, or manipulate data. Penalties include
imprisonment of up to 3 years or fines.

2. **Data Theft and Unauthorised Access**:

- Stealing data from systems, including personal, financial, or intellectual property, is
punishable under **Section 43** and **Section 66** of the IT Act.

3. **Digital Impersonation and Identity Theft**:

- Impersonating another person online to gain financial or personal benefits, such as
obtaining a loan using someone else’s credentials, is covered under **Section 66C**.
Penalties include imprisonment of up to 3 years.

4. **Cyberstalking and Harassment**:

- **Section 66A** was initially intended to curb offensive online behavior such as
harassment or cyberstalking, but it was struck down by the Supreme Court of India in 2015
due to concerns over its misuse and the vagueness of its language.

5. **Cyberterrorism**:
- **Section 66F** addresses acts of cyber terrorism, such as hacking into government
systems or spreading fear and chaos through cyber means. Cyberterrorism is punishable by
life imprisonment.

6. **Child Pornography**:
- **Section 67B** makes it illegal to publish, share, or transmit child pornography
electronically. Offenders can face imprisonment up to 5 years for the first conviction and 7
years for subsequent convictions.

7. **Phishing and Online Fraud**:

- Fraudulent practices aimed at obtaining sensitive information (such as bank account
numbers, credit card details) through deceptive online practices fall under **Section 66D**,
with penalties including imprisonment up to 3 years.
#### **Amendments to the IT Act**:

- **2008 Amendment**: This significantly enhanced the scope of the IT Act, covering newer
forms of cybercrimes like identity theft, cyber terrorism, and phishing. The amendment also
lowered penalties for some offenses and introduced safeguards for intermediaries, including
internet service providers (ISPs).

#### **Indian Judiciary and Enforcement**:

- In India, cybercrime cases are handled by the **Cybercrime Cells** established in major
cities. These cells assist in filing complaints, investigating digital crimes, and collecting digital
evidence.
- In recent years, several high-profile cybercrime cases have been successfully prosecuted
under the IT Act, establishing a precedent for future cases. However, cybercrime is evolving
rapidly, and continuous updates to the legal framework are necessary.

---

The Indian ITA 2000 continues to be a crucial tool in combating cybercrime, but there is an
ongoing need to adapt to new cyber threats through legal amendments and improved cyber
literacy among law enforcement and the public.

9. A Global Perspective on Cybercrimes

Cybercrime: Australian and Global Perspectives
Australian Cybercrime Framework:
In Australia, the Cybercrime Act 2001 defines cybercrime in a narrow statutory
context, focusing specifically on offenses related to computer data and systems. This
legislation encompasses crimes such as unauthorized access, modification, or
impairment of data and systems. The Act criminalizes activities like hacking,
distributing malware, and system tampering. The Australian Federal Police (AFP) are
responsible for investigating and prosecuting cyber offenses within this framework.
While Australia's approach to cybercrime focuses on direct offenses involving data
manipulation and system attacks, it also recognizes the need to address broader
issues. Australia works with international partners to combat threats like cyber
terrorism, online fraud, and digital intellectual property violations.
International Perspective on Cybercrime:
 At an international level, the concept of cybercrime is broader. The Council of
Europe's (CoE) Cybercrime Treaty, also known as the Budapest Convention on
Cybercrime, provides a more expansive definition. It covers not only offenses directly
involving computer systems but also computer-related crimes such as fraud,
copyright infringements, and the distribution of illicit content (e.g., child
pornography, racist material). This wider view categorizes cybercrime into four key
areas:
1. Offenses against the confidentiality, integrity, and availability of computer data and
systems.
2. Computer-related offenses, such as forgery and fraud.
3. Content-related offenses, which include illegal content like child exploitation or hate
speech.
4. Copyright-related offenses, such as digital piracy.
This broad international definition highlights the challenges posed by cybercrime in
today's interconnected world. While Australia’s laws focus on the immediate impacts
of attacks on data and systems, globally cybercrime encompasses a range of criminal
activities facilitated by the internet.
Significant Developments in Global Cybercrime Law:
1. U.S. Senate Ratification of the Budapest Convention (August 4, 2006):
o The U.S. ratified the Council of Europe Convention on Cybercrime, which
targets a wide array of crimes such as hacking, virus distribution, child
exploitation, and cyberterrorism. This treaty improves international
cooperation in prosecuting cross-border cyber offenses.
2. EU's Anti-Terrorism Web Blocking Plan (August 18, 2006):
o The European Union proposed measures to block websites that incite
terrorism as part of a broader strategy to combat cyber terrorism. The plan
focused on compelling Internet Service Providers (ISPs) to monitor suspicious
content and enforce blocking mechanisms.
3. CoE Cybercrime Convention (1997–2001):
o The first international treaty on cybercrime, the Budapest Convention,
harmonizes national laws and facilitates collaboration among countries to
investigate and prosecute cyber offenses. Over 40 countries have ratified the
treaty, making it a key framework for global efforts against cybercrime.
Cybercrime and the Extended Enterprise:
One of the primary challenges facing businesses today is the extended enterprise.
This concept refers to a company’s ecosystem, which includes not just its employees
but also its suppliers, business partners, and customers. In a highly connected world,
the flow of information between these entities becomes crucial for decision-making
and overall operational efficiency.
Cybersecurity threats, if not properly managed, can compromise this
interconnectedness. Cybercrime can disrupt business operations, jeopardize
sensitive data, and lead to financial loss. Many companies are not fully prepared to
protect themselves and their extended enterprise from cyber threats due to a lack of
awareness or education among users. As the extended enterprise relies on shared
 networks and systems, the weakest link—whether it be an employee or a business
partner—can compromise the entire system.

10. Cybercrime Era: Survival Mantra for the Netizens

CYBERCRIME ERA: SURVIVAL MANTRA FOR THE NETIZENS The term “Netizen” was
coined by Michael Hauben. Quite simply, “Netizens” are the Internet users. Therefore, by
corollary, “Netizen” is someone who spends considerable time online and also has a
considerable presence online (through websites about the person, through his/her active
blog contribution and/or also his/her participation in the online chat rooms).

The 5P Netizen mantra for online security is: a. Precaution b. Prevention c. Protection d.
Preservation e. Perseverance

For ensuring cyber safety, the motto for the “Netizen” should be “Stranger is Danger!” If
you protect your customer’s data, your employee’s privacy and your own company, then
you are doing your job in the grander scheme of things to regulate and enforce rules on
the Net through our community. NASSCOM urges that cybercrime awareness is
important, and any matter should be reported at once. This is the reason they have
established cyberlabs across major cities in India More importantly, users must try and
save any electronic information trail on their computers. That is all one can do until laws
become more stringent or technology more advanced. Some agencies have been
advocating for the need to address protection of the Rights of Netizens. There are
agencies that are trying to provide guidance to innocent victims of cybercrimes.
However, these NGO like efforts cannot provide complete support to the victims of
cybercrimes and are unable to get the necessary support from the Police. There are also
a few incidents where Police have pursued false cases on innocent IT professionals. The
need for a statutorily empowered agency to protect abuse of ITA 2000 in India was,
therefore, a felt need for quite some time.