MODULE-5

CYBER LAW AND SECURITY

Cyber world refers to the world of online computers and communications which
implies today’s fast moving high technology world online. It is an online world
where users have the mechanisms to transact any business or personnel activity as
easily and freely as they can transact them in physical world.
Cyber law governs the legal issue of cyber space, it includes computers,
network, internet, data, software etc. It includes law relating to –
 Electronic and digital sign
 Computer crimes
 Intellectual apply
 Data protection and privacy
 Telecommunication law

CYBER WORLD AND INTERNET

Internet is a global connection of inter connected networks which can be accessed

by anyone throughout the world which makes the cyber world. Internet is the
world’s largest computer network. It is accessible to individual companies,
colleges, government agencies and other institutions all over the world. It links
1000s of smaller computer networks and millions of individual computer users
worldwide. At the basic level, internet can be used for e-mail and for research. At a
more internet can be used as a channel for felling products and services. To reach
iinternet, what you need is a personal computer, a telephone connection a modern and
the right to use the internet which id given by the people called ISP (Internet service
provider).
The world internet comes from 2 words (interconnection and
network). Thus, it may be defined as network or more precisely internetwork of a
number of connecting network consisting of different types of computers spread all
over the world which can share messages and info with each other.
 APPLICATIONS OF FUNCTIONS OF CYBER WORLD

In the modern world, the internet has become essential for working and easy
communication with people, whether in the next room or on the other side of the
world. Some important services provided by the internet have become very
common like e-mail, the WWW and instant access to internet. Following are the
important services of applications

 WWW- Many people use the terms internet and www interchange but the
2 terms are not synonymous. The internet is a massive network of
networks. It connects millions of computers together globally. The www,
simply web is a way of accessing info over the medium of internet. It is an
info sharing model, is built on top of the internet. It contains millions of
electronic documents called webpage. A webpage contains info in the form
of text and graphics.
 E-mail- Short of electronic mail is perhaps the most common computer-
based technology used for communication. It allows us to send and receive
messages and files specific address unique to the use, and keep records of
communication taking place. The messages are delivered instantly to
people anywhere in the world. E-mail is now an essential communication
tool in business.
 E-commerce – The ability to do business without the usual constraints of
time makes e- commerce one of the most important services provided by the
internet. With the single click of a mouse, online customers can purchase
almost anything day or night from the comfort of their own home.
 Video conferencing- It allows people in different locations to hold
interactive meetings. In this all the participants can see and hear each other
hence it provides the real feel of a conversation.
 Tel-net – It is an internet service for accessing remote computers. Through
telnet, a user can access someone else computer remotely to use telnet, the
user must know the internet add of the remote computer and should have a
valid username and password.
 Data transfer – File sharing using file transfer protocol (FTP) is
transferring large amount of data across the internet. A computer file can
be e-mailed to customers, colleges and friends as attachment. It can be
uploaded to a website/ FTP server for easy download by others
 BENEFITS IN A CYBER WORLD

Internet had become very popular and it has touched every aspect of our life.
It has changed the concept of communication and entertainment the uses of
internet are explained below.

 Getting information – Internet provide a large volume of info, any kind

of info on any topic under the sun is available on the internet, the search
engine on the internet can help to find data on any subject that you need.
 Communication – The foremost use of internet is the communication
facility that if offers. Using internet, individuals can communicate directly
in chat rooms, use video conferencing facility, e- mail etc.
  Entertainment – Internet provides an entertainment facility. Downloading
games, listening music, downloading movies are some of the entertainment
offered by the internet.
 E-commerce
 Medicines
 Education
 Online chat
 Searching for products

CYBERSPACE

This refers to the virtual computer world and more specifically is an electronic
medium used to form a global computer network to facilitate online
communication. This allows users to share info, interact, engaging discussions or
social form and conduct business among many other activities.
Cyber space represents the new medium of communication, e-communication
which is fast replacing traditional methods of communication the word cyber
space was coined by William Gibson, when he sorts a name to describe his
vision of a global computers network, linking all people, machines and sources
of into in the world.

CYBER CRIMES

It is one of the fastest growing areas of crime, these includes attacks against
computer data and system, identify theft, distribution of child pornography,
internet fraud, deployment of virus etc. The global nature of the internet has
allowed criminals to commit almost any illegal activity anywhere in the world.
Computer crime/ cybercrime refers to any crime that involves a computer and a
network. This may be defined unlawful and where in the computer is either a tool
or target/ both. Cybercrime encompasses any criminal act dealing with computer
and network.
Types of Cyber Crimes
Hacking
This is a type of crime wherein a person's computer is broken into so that
personal or sensitive information can be accessed. In hacking, the criminal use
variety of software to enter a person's computer and the person may not be aware that
his computer is being accessed from a remote location. A simple definition of
hacking is gaining an unauthorised access to a computer system. Computer hacking
refers to finding out weaknesses in an established system and exploring them.
A Hacker is a person who commits the offence of exploring into other computer
without the knowledge of the other person Hackers may be motivated by variety of
reasons, Such as profit, curiosity, protest, or challenge.

A cracker is a technical person who is an expert in breaking into other systems

without the knowledge or consent of another person. His only intension is stealing
information such as passwords and credit card numbers for financial gain. A cracker
is also known as cyber burglar.

Phishing
Phishing is a type of online identity theft. It uses e-mail and fraudulent websites that
are designed to steal your personal data or information such as credit card numbers,
passwords, account data, or other information Mostly fraudsters send out legitimate
looming e-mail in an attempt to gather personal and financial information from
recipients.
E-mails that appear to have originated from one source while they are actually sent
from another source are termed as e-mail spoofing.
Phishers are constantly improving their technologies and this has resulted in the
appearance of a new trend pharming. It also targets on accessing confidential
information and unlike phishers pharmers obtains identities through official
websites.
Tricking the Shopper
Most common and most profitable attack is tricking the shopper, also known as
social engineering techniques. The target of this attack is the shoppers in online
shopping. These attacks involve surveillance of the shopper's behaviour and
gathering information to use against the shopper.
Another trick is creating sites similar to famous sites. For instance http/www
ibn.com/shop is registered by an attacker. Some shoppers may mistype or click that
site thinking that is ibm. com/shop.

Snooping the Shopper's Computer

Millions of computers are added to the internet every month. For easy
installation and use, many of the hardware and software vendors disable the
security features A non-technical user may not be aware of the security threats.
Sniffing the Network
In this scheme, the attacker monitors the data between the shopper's computer and
the server. He collects data about the shopper or steals personal information such as
credit card numbers
Guessing the password
Another common attack is to guess a user's password This style of attack is manual
or automated. Manual attacks are very tedious and it will success only if the attacker
knows something about the user (For example, name of children, date of birth, etc.)
Automated attacks become more significant as they use all the words in the
dictionary to test user ID/password combination, or that attack popular user
ID/password combination.

Denial of Service Attacks (DOS)

A denial of service (DOS) is one of the most common malicious attacks on

communication network This type of attack is designed to bring down a network by
flooding it with unnecessary traffic. Generally, DOS attacks work by exploiting the
limitations in the TCP/IP protocols.
Cyber Stalking
This is a kind of online harassment wherein the victim is subjected to a barrage of
online messages and e-mails. Typically, these stalkers know their victims and instead
of resorting to offline stalking, they use internet to stalk.
Identity Theft
This has become a major problem with people using the internet for cash
transactions and banking services. In this cybercrime, a criminal accesses data about
a person's bank account, credit cards, Social Security, debit card and other sensitive
information to siphon money or to buy things online in the victim’s name. It can
result in major financial losses for the victim and even spoil the victim’s credit.
 Malicious Software
These are internet-based software or programs that are used to disrupt a network.
Pornography
Pornography means "describing or showing sexual acts in order to cause sexual
excitement through books, films etc. It includes pornographic websites, pornographic
materials produced using computers and use of internet to download and transmit
pictures, pornographic videos, photos, etc

Cyber Warfare
It involves nations using information technology to penetrate into another nation’s
network, to cause damage or disruption. In the US and many other nations cyber
warfare has been acknowledged as the fifth domain of warfare. (Following land, sea,
air, and space)
Cyber Espionage
It is the use of information technology to obtain secret information without the
permission from its owners and holders. It is described as the stealing of secrets
stored in digital formats or on computers and in networks. Cyber espionage is most
often used to gain strategic, economic, political, or militant advantage.
Spam
Spam is the process of flooding the internet with so many copies of the sane
message. Most spam is commercial advertising, often for questionable products and
services. E mail spam is unwanted bulk e mail, junk mail or unwelcome commercial
e-mail. E-mail spamming is the practice of sending unwanted email messages,
frequently from an unidentified source.

CYBER LAW

It is a term that deals with the legal issues relating to the use of internet and
computers. It is the area of law that deals with internet relationship to technological
and electronic elements, including computers, software, hardware.

ADVANTAGES OF CYBER LAW

Cyber law is concerned with every individual these days. There are several
advertisements of cyber law to protect the individual from getting trapped in any
cyber violation. Its provision contains many positive aspects. Organizations are
now able to carry out e- commerce using the legal infrastructure provided by the
Act.
Under the IT Act 2000, it shall now be possible for corporates to have a statutory
remedy in case of anyone breaks into these computers system or network and cost
loss. E-mail would now be a value legal form of communication in our country, that
can be produced and approved in a court of law.

PROVISIONS UNDER IT ACT 2000

 Availability of legal remedy against cyber crime

 Fueling safety in the mind of people
 Enhancement of online trade

IT ACT 2000

The IT Act has 13 chapters and 94 sec. The primary source of cyber law in India is
the IT act 2000 which came into force on 17th October 2000. The primary purpose
of this act is to provide legal recognition to e-commerce and to facilities films of e-
records with the goal. The IT Act also penalizes various cybercrimes and provides
strict punishments.
The government of India enacted is IT Act 2000 with the objectives
 To provide legal recognition for transactions carried out by means of
electronic data interchange and other means of e- communications.
 To facilitate e-filling of documents with government agencies. The Act
provides for the legal treatment of users of e- communication and paper
based communication

AMENDMENT OF IT ACT 2008

Being the first legislation in the nature on technology, computers and e-commerce,
the Act was the subject of extreme debate, elaborate reviews and detailed criticism.
There were some missions in the Act. Thus, the need for an amendment- a detailed
one was felt for the IT Act almost from the year 2003 itself. IT Act amendment
was passed in Dec 2008. IT Amendment Act 2008 provide additional focus on
information security. It has added several new sections on offences including cyber
terrorism and data protection. In the 2008 session of the Act, these are 14 chapters
and 124 sessions.
The major provisions are,
1) Penalty for damage to computer
As per the sec 43 of the IT Act 2000, a person committed
a computer crime when he/ she does the following
a) Accesses or secures to such computer, computer system or computer
network without authorization
b) Download copies or extract any data/ info from a computer,
computer system any removable storage medium or computer
network without permission
c) Introduces any computer virus into computer, computer system or
computer network
d) Provide any assistance to any person to facilitate access to a
computer, computer system or computer network in
contravention of the provisions of this Act.
In the above circumstance, he or she shall be liable to pay damage by
way of compensation not exceeding 1cr Rs to the person so affected

2) Penalty for tempering, with computer’s source documents

Sec 65 of the IT Act 2000 deals with penalty
for tempering with computer source documents. If a person knowingly or
intentionally destroys or alter any computer source code used for a
computer, computer program, computer system, computer network, he is
doing a cybercrime. In the above circumstances he shall be punished with
3 years/ with fine which may extent up to 2,00,000/- or with both
3) Penalty for hacking computer system
Sec 66 of the IT Act 2000, who commits
hacking shall be punished with imprisonment up to 3 years/ with fine
which may extent up to 2,00,000/- or with both
4) Penalty for sending offensive message
Sec 66(a) of the IT Act 2000, sending offensive
messages through electronic-means is punishable with imprisonment up
to 3 years and with fine.
5) Penalty for identity theft
As per sec 66(c) of the IT Act 2000, identity theft like
using others password/ e-signature is punishable with 3years
imprisonment / fine of 1,00,000/-or both.
6) Penalty for cheating using computer resources
 Sec 66(d) cheating by using computer resources/
communication device shall be punished with imprisonment for a term
which extent to 3 years and shall also be liable to find which may
extent to 1,00,000/-
7) Penalty for privacy violation
Sec 66(e) -punishment- 3years imprisonment, 2,00,000/- fine or both

8) Penalty for cyber terrorism

Sec 66(f), cyber terrorism or denying access to any
person authorized to access the computer resources or attempting to
access a computer resource without authorization or act likely to cause
death/ injuries to person/ damage to apply are punishable with
imprisonment.

CYBER THREATS
Cyber threat refers to the possibility of a malicious attempt to damage or disrupt a
computer network or system. They are potential cyber events that may cause
unwanted outcomes. Threats may originate to externally or internally and may
originate from individuals or organization.
A cyber threat can be unintentional or intentional, targeted or non-targeted, and can
come from a variety of sources, including foreign nations engaged in espionage and
information warfare, criminals, hackers, virus writers, and disgruntled employees
and contractors working within an organization. Unintentional threats can be caused
by inattentive or untrained employees,
software upgrades, maintenance procedures and equipment failures that inadvertently
disrupt computer systems or corrupt data. Intentional threats include both targeted
and non-targeted attacks. A targeted attack is when a group or individual specifically
attacks a critical infrastructure System. A non-targeted attack occurs when the
intended target of the attack is
uncertain, such as when a virus, worm, or malware is released on the internet with no
specific target.
Passive Threats
The monitoring and recording of data while the data are being transmitted over a
communication network, by an unauthorized user is a passive threat. The goal of the
attacker is to obtain information that is being transmitted by other people Two types
of passive threats are there (a) Release of message contents and (b) traffic analysis
Active Threats
Active threat involves the alteration of digital data or generation of spurious data by
an attacker.

PRIVACY ISSUES
The internet has brought new concerns about privacy in an age where computer can
permanently store records of everything. Internet privacy and
security level of personal data published through internet. Your privacy on the
internet depends on your ability to control both the amount of personal information
that you provide and who has access to that information. Internet privacy is also
known as online privacy.
The following guidelines are helpful in protecting your privacy, online.
1. Do not post anything online that you would not want made public
2.Minimize details that identify you or your whereabouts.
3.Keep your account numbers, user names, and passwords secret
4 Enter only required information often marked with an asterisk -on
registration and other forms

You can greatly reduce your risk of online identity theft by taking these four steps to
protect your computer
1. Use an internet firewall
2. Get security updates automatically
3. Subscribe to antivirus software and keep it current
4 Create strong passwords

INTELLECTUAL PROPERTY RIGHT (IPR)

Intellectual Property Rights or IPR, are a series of rights that protects intangible
(intellectual) works of human creation. IPR can be defined as rights acquired over a
property created with the intellectual effort of an individual. IPR refers to the
creations of mind, inventions, literacy, artistic works, and symbols, names and
images and designs used in commerce

IPR was divided into 7 main branches under the TRIPS agreement (Trade
Related Aspects of Intellectual Property Rights). These branches are:

1.Patents
2.Copy rights
3.trade mark
4.Geographical indications
5. Designs
6. Integrated Circuits and Design Layouts
7. Confidential Information
Encryption
Encryption is a way of scrambling data so that only authorized parties can
understand the information. In technical terms, it is the process of converting human-
readable plaintext to incomprehensible text, also known as ciphertext. In simpler
terms, encryption takes readable data and alters it so that it appears random.
Encryption requires the use of a cryptographic key: a set of mathematical values that
both the sender and the recipient of an encrypted message agree on.

Decryption
Decryption is a process that transforms encrypted information into its original
format.

firewall

A firewall is a network security device that monitors incoming and outgoing network
traffic and decides whether to allow or block specific traffic based on a defined set of
security rules.
Firewalls have been a first line of defense in network security for over 25 years.
They establish a barrier between secured and controlled internal networks that can be
trusted and untrusted outside networks, such as the Internet.

Cryptography

Cryptography is the process of hiding or coding information so that only the person a
message was intended for can read it. The art of cryptography has been used to code
messages for thousands of years and continues to be used in bank cards, computer
passwords, and ecommerce.