17 Jul 2019, 10:00 — 14 min read
Background: One of the perils of an increasingly digital business environment is the rise of cyber crimes. Advocate Madhur Vinod Kumar shares a detailed list of cyber threats. Read on to understand how to better safeguard your business.
We are in the digital era. The use of computers, software and digital information are intrinsic to our day to day life. Many transactions and businesses nowadays take place in the cyber realm. It has a wide scope and its purview increases with time. This calls for certain cyber laws in place to prevent mishaps.
Computer crime or an e-crime can be simply defined as a crime where a computer is the target of a crime or it is the means adopted to commit a crime. While some of the crimes may be new, the others are simply different ways to commit conventional crimes such as frauds, theft, blackmailing, forgery, and embezzlement, using the online medium often involving the use of the internet. What accelerates the growth of such crimes are typical characteristics of cyberspace interalia anonymity, speed, access, dependency, borderless space.
We are in the digital era. The use of computers, software and digital information are intrinsic to our day to day life. This calls for certain cyber laws in place to prevent mishaps.
Cyber crimes include virus attacks, salami attacks, e-mail bombing, DOS attacks, internet hacking or information offenses.
The nature and dimension of information technology leads to peculiar legal problems. The problem deserves special treatment, because of the environment in which they creep up, the nature of the machinery used, and the means employed for recording the information in question is atypical.
In all the other cases the documents are stored and transmitted through the use of visible and tangible letters, figures and marks. However, here the information which is stored and transmitted electronically has no visible shape or tangible form, and this peculiarity of the technology gives rise to a different kind of legal problems. Therefore, to overcome this legal problem the Information Technology Act, 2000 came into force in India on 17 October 2000. The Act applies to all of India. Sometimes it applies to outside India also by any person irrespective of his nationality, if such act involves a computer, computer system or network located in India.
Section 43 of the Act, which covers unauthorised access, downloading, introduction of a virus, denial of access and internet time theft committed by any person. It prescribes punishment by way of damages not exceeding INR 1 crore to the affected party.
Chapter XI of the IT Act discusses the cyber crimes and offences interalia, tampering with computer source documents (Sec. 65), Hacking (Sec.66), Publishing of obscene information (Sec.67), Unauthorised access to protected system (Sec.70), Breach of confidentiality (Sec.72), Publishing false digital signature certificate (Sec.73).
The meaning of computer
As per information technology Act ‘computer’ means any electronic, magnetic, optical or other high-speed data processing device or system which performs logical, arithmetic and memory functions by manipulations of electronic, magnetic or optical impulses, and includes all input, output, processing, storage, computer software, or communication facilities which are connected or related to the computer in a computer system or computer network.
Two categories of cyber crimes
Modes of cyber crimes
Unauthorised access and hacking
Access means gaining entry into, instructing or communicating with the logical, arithmetical, or memory function resources of a computer, computer system or computer network. Unauthorised access means any kind of access without the permission of either the rightful owner or the person in charge of a computer, computer system or computer network. Every act committed to breaking into a computer and/or network is hacking. Hackers write or use ready-made computer programmes to attack the target computer. They possess the desire to destruct and they get the kick out of such destruction. Some hackers hack for personal monetary gains, such as to steal the credit card information, transfer money from various bank accounts to their own account, etc.
Web hijacking is also a crime which means taking control of other websites.
Virus and Worm attack
A programme that has the capability to infect other programmes and make copies of itself and spread into other programmes is called a virus.
Programmes that multiply like viruses but spread from computer to computer are called worms.
E-mail & IRC related crimes
An email shown to have sent from one source, in fact, has been sent from a different source is called spoofing.
Sending email to thousands and thousands of users, similar to a chain letter, is called email spamming.
Emails are used to send viruses, Trojans, etc through emails as an attachment or by sending a link of the website which on visiting downloads malicious code.
Abusive identical messages sent repeatedly to a particular address is called emails bombing.
Trojan attack means that by representing as a useful link or a helper it causes harm to your programme. Trojans come in two parts, a Client part, and a Server part. When the victim (unknowingly) runs the server on its machine, the attacker will then use the Client to connect to the Server and start using the trojan.
Also read: Are you an insider threat?
Denial of service attacks
Flooding a computer resource with more requests than it can handle. This causes the resource to crash thereby denying access of service to authorised users. Attempts to ‘flood’ a network, thereby preventing legitimate network traffic, attempts to disrupt connections between two machines, thereby preventing access to a service, attempts to prevent a particular individual from accessing a service and attempts to disrupt service to a specific system or person are examples of Daniel Service Attacks.
A distributed denial of service (DoS) attack is accomplished by using the Internet to break into computers and using them to attack a network. Hundreds or thousands of computer systems across the Internet can be turned into ‘zombies’ and used to attack another system or website.
Types of DOS
There are three basic types of attack:
Counterfeit currency notes, postage and revenue stamps, mark sheets, etc can be forged using sophisticated computers, printers, and scanners. Also, impersonating another person is considered forgery.
IPR (Intellectual Property Rights) violations
Cyber Squatting - Domain names are also trademarks and protected by ICANN's (Internet Corporation for Assigned Names and Numbers) domain dispute resolution policy and also under trademark laws. Cyber Squatters register a domain name identical to a popular service provider's domain to attract their users and get benefit from it.
Targeted attacks on military installations, power plants, air traffic control, banks, trail traffic control, telecommunication networks are the most likely targets. Others like police, medical, fire, and rescue systems, etc.
Cyber terrorism is an attractive option for modern terrorists for several reasons.
1. It is cheaper than the traditional terrorist methods.
2. Cyber terrorism is more anonymous than traditional terrorist methods.
3. The variety and number of targets are enormous.
4. Cyber terrorism can be conducted remotely, a feature that especially appealing to terrorists.
5. Cyber terrorism has the potential to affect directly a larger number of people.
Banking/Credit card related crimes
In the corporate world, internet hackers are continually looking for opportunities to compromise a company's security in order to gain access to confidential banking and financial information. Use of stolen card information or fake credit/debit cards is common. Bank employee can grab money using programs to deduce a small amount of money from all customer accounts and adding it to own account also known as ‘salami’.
These include sales and investment frauds. False or fraudulent advertisements claims to solicit investments or loans, or that provides for the purchase, use, or trade of forged or counterfeit securities. Merchandise or services that were purchased or contracted by individuals online remains undelivered. In this, the investors are enticed to invest in this fraudulent scheme by the promises of seemingly high profits.
Sale of illegal articles
This would include the trade of narcotics, weapons, and wildlife, etc., by posting information on websites, auction websites, and bulletin boards or simply by using email communication. This kind of business is increasing by the day.
Online anti-social game
Anti-social game activities done through fake websites are called an online anti-social game which is an offense if it is a game of chance.
Defamation can be understood as tarnishing the image, respect or dignity of any person in front of right-thinking members of the society.
A matter defaming a person is sent to the said person directly is not defamation however if the said mail is sent through CC or BCC to third parties and if the contents tarnish the image of the recipient it is defamation. Cyber defamation occurs when defamation takes place with the help of computers and/or the Internet. Publication of defamatory articles and matter on a website are defamation. Cyber defamation is also called cyber smearing.
Cyber stalking involves following a person's movements across the Internet by posting messages (sometimes threatening) on the bulletin boards frequented by the victim, entering the chatrooms frequented by the victim, constantly bombarding the victim with emails, etc.
In general, the harasser intends to cause emotional distress and has no legitimate purpose to his communications.
Appropriation of others personal information without their knowledge in order to commit theft or fraud is called as identify theft. Identity theft is a vehicle for perpetrating other types of fraud schemes.
Changing data prior to or during input into a computer is called data diddling. It also includes automatic changing the financial information for some time before processing and then restoring original information.
Theft of internet hours
Unauthorised use of internet hours paid for by another person.
By gaining access to an organisation's telephone switchboard (PBX) individuals or criminal organisations can obtain access to dial-in/dial-out circuits and then make their own calls or sell call time to third parties. Additional forms of service theft include capturing 'calling card' details and on-selling calls charged to the calling card account and counterfeiting or illicit reprogramming of stored value telephone cards.
It means disclosure of information to unauthorised or unwanted persons. In addition to Personal Information, some other type of information which useful for business and leakage of such information to other persons may cause damage to business or person, such information should be protected. Generally, for protecting the secrecy of such information, parties while sharing information form an agreement about the procedure of handling of information and to not to disclose such information to third parties or use it in such a way that it will be disclosed to third parties.
The scope of cyber crimes is immense and businesses must therefore focus on cyber security to safeguard their business interests.
Image courtesy: freepik.com
To explore business opportunities, link with me by clicking on the 'Connect' button on my eBiz Card.
Posted byMadhur Vinod Kumar
I am practicing as an advocate in Bangalore since the past 20 years. I am also the senior central Govt. Panel Counsel for High Court of Karnataka