LEGAL FRAMEWORK FOR INVESTIGATING AND PROSECUTING CYBER CRIMES

IN DEVELOPING AND DEVELOPED COUNTRIES

INTRODUCTION:

The concept of crime is not a modern one but it has been existing from time
immemorial. However, time to time, the concept and nature of crimes have changed. In
addition, the definition of crimes has been changed accordingly. In the era of 20 th
century and with the advent of computer, the criminals have changed the mode of
committing the crimes from conventional methods to computer based methods. The first
recorded cyber crime took place in the year 1820! That is not surprising considering the
fact that the abacus, which is thought to be the earliest form of a computer, has been
around since 3500 B.C. in India, China and Japan. Indian legal system is enacting the
law along with the changing situation. As Prof. Allen has rightly contented that, the law
is not only deals with command but is something more. This role of law is more relevant
in the present situation. The criminal law closely connected with the each member of the
society. In the age of information technology, cyber law is need of hours. The cyber law
means the law relating to the cyber crime.

WHAT IS CYBER CRIME AND CYBER LAW?

CYBER CRIME:

Cyber crime is not defined particularly anywhere, cyber crime in general does not differ
from crime in the conventional sense except the method adopted for commission of
crime. When internet was developed, the founding fathers of internet hardly had any
inclination that internet could also be misused for criminal activities.

Today, there are many disturbing things happening in cyberspace. Cybercrime refers to
all the activities done with criminal intent in cyberspace. These could be either the
criminal activities in the conventional sense or could be activities, newly evolved with the
growth of the new medium.

Because of the anonymous nature of the internet, it is possible to engage into a variety
of criminal activities with impunity and people with intelligence, have been grossly
misusing this aspect of the internet to perpetuate criminal activities in cyberspace. This
field of cybercrime is just emerging and new forms of criminal activities in cyberspace
are coming to the forefront with the passing of each fresh day.

DEFINITIONS:
The term “cyber-crimes” is not defined in any statute or rulebook. The word “cyber” is
slang for anything relating to computers, information technology, internet and virtual
reality. Therefore, it stands to reason that “cyber-crimes” are offences relating to
computers, information technology, internet and virtual reality.

One finds laws that penalize cyber-crimes in a number of statutes and even in
regulations framed by various regulators. The Information Technology 2000 and the
Indian Penal Code 1860 penalize a number of cyber-crimes and unsurprisingly, there are
many provisions in the IPC and the IT Act that overlap with each other.

CYBER LAW:

Cyber law, also known as cyber crime law, is legislation focused on the acceptable
behavioral use of technology including computer hardware and software, the internet
and networks. Cyber law helps to protect users from harm by enabling the investigation
and prosecution of online criminal activity. It applies to the actions of individuals,
groups, the public, government and private organizations.

WHAT IS CYBER LAW’S ROLE IN SOCIETY AND BUSINESS?

Cyber crimes include fraud, forgery, money laundering, theft and other illegal activities
performed via computer hardware and software, the internet and networks. Cyber law
investigates crime perpetrated in the physical world but enabled in cyberspace.

For example, organized crime syndicates using the internet to distribute illegal
substances may face prosecution under cyber laws. In business, cyber law protects
companies from unlawful access and theft of their intellectual property.

WHAT IS CYBER LAW IN DIFFERENT COUNTRIES?

While cyber crime impacts the global community, the adoption of cyber crime legislation
varies among countries. 72% of countries have cyber laws, 9% have draft
legislation and 18% have no cyber laws, according to 2019 data from the
United Nations.

Many states develop new cyber laws as addenda to their current codes. Some countries
amend their existing national codes with legislative language on cyber crime.

WHAT ARE THE TYPES OF CYBER CRIMES?

In order to protect oneself, one should know about different ways in which his/her
computer can be comprised and your privacy infringed. The few common tools and
techniques employed by the cyber criminals. The following list will give a comprehensive
idea of the loopholes in network and security systems, which can be exploited by
attackers and also their possible motives for doing so.

There are 12 ways in which the cybercrime can be perpetrated and they are:

1) HACKING:

In simple words, hacking is an act committed by an intruder by accessing your computer

system without your permission. Hackers are basically computer programmers, who
have an advanced understanding of computers and commonly misuse this knowledge for
devious reasons.

a) They are usually technology buffs who have expert-level skills in one
particular software program or language. As for motives, there could be
several, but the most common are pretty simple and can be explained by a
human tendency such as greed, fame, power etc,

b) Some people do it purely to show off their expertise-ranging from relatively harmless
activities such as modifying software to carry out tasks that are outside the creator’s
intent; others just want to cause destruction.

c) They also try and modify systems so that they can execute tasks at their whims;
hackers displaying such destructive conduct are also called “Crackers” at times.

d) They are also called as “black hat” hackers. On the other hand, there are those who
develop an interest in computer hacking just out of intellectual curiosity. Some
companies hire these computer enthusiasts to find flaws in their security systems and
help fix them. Referred to as “White hat” hackers, these guys are against the abuse of
computer systems.

e) They attempt to break into network systems purely to alert the owners of flaws. It’s
not always altruistic, though because many do this for fame as well, in order to land jobs
with top companies, or just to be termed as security experts. “Grey hat” is another
term used to refer to hacking activities that are a cross between white and black
hacking.

f) Some of the most famous computer geniuses were once hackers who went on to use
their skills for constructive technological development.

g) Dennis Ritchie and Ken Thompson, the creator of the UNIX operating system (LINUX’S
Predecessor), were two of them. Shawn Fanning, the developer of Napster, Mark
Zuckerberg of facebook fame, and many more are also examples.
SQL injections:

An SQL injection is a technique that allows hackers to play upon the security
vulnerabilities of the software that runs a website. It can be used to attack any type of
unprotected or improperly protected SQL database. This process involves entering
portions of SQL code into a web form entry field-most commonly usernames and
passwords to give the hacker further access to the site backend or to a particular user’s
account.

When you enter logon information into sign-in fields, this information is typically
converted to an SQL command. This command checks the data you’ve entered against
the relevant table in the database. If your input data matches the data in the table,
you’re granted access, if not; you get the kind of error you would have seen when you
put in a wrong password.

An SQL injection is usually an additional command that when inserted into the web form,
tries to change the content of the database to reflect a successful login. It can also be
used to retrieve information such as credit card numbers or passwords from unprotected
sites.

Theft of FTP Passwords:

This is another very common way to tamper with web sites. FTP password hacking takes
advantage of the fact that many webmasters store their website login information on
their poorly protected PCs.

The thief searches the victim’s system for FTP login details, and then relays them to his
own remote computer. He then logs into the website via the remote computer and
modifies the web pages as he or she pleases.

Cross-site scripting:

This is also known as XSS (formerly CSS, but renamed due to confusion with cascading
style sheets), is a very easy way of circumventing a security system. Cross-site scripting
is a hard-to-find loophole in a website, making it vulnerable to attack, the hacker
infections a web page with a malicious client-site scripting is a hard-to-find loophole in a
website, making it vulnerable to attack.

In a typical XSS attack, the hacker infects a web page with a malicious client-side script
or program. When you visit this webpage, the script is automatically downloaded to your
browser and executed. Typically, attackers inject HTML, JavaScript, VBScript, ActiveX or
g
B
h
&
-
T
C
k
D
:
d
M
m
W
o
n
I
b
l
a
u
V
,
X
e
v
A
s
t
p
i
r
c
S
Flash into a vulnerable application to deceive the people and gather confidential
information.

If you want to protect your PC from malicious hackers, investing in a good firewall
should be first and foremost. Hacking is done through a network, so it’s very important
to stay safe while using the internet.

2) VIRUS DISSEMNINATION:

Viruses are computer programs that attach themselves to or infect a system or files, and
have tendency to circulate to other computers on a network. They disrupt the computer
operation and affect the data stored-either by modifying it or by deleting it altogether.
“Worms” unlike viruses don’t need a host to cling on to.

They merely replicate until they eat up all available memory in the system. The term
“worm” is sometimes used to mean self replicating “malware”. These terms are often
used interchangeably in the context of the hybrid viruses/worms that dominate the
current virus scenarios.

“Trojan horses” are different from viruses in their manner of propagation. They
masquerade as a legitimate file, such as an email attachment from a supposed friend
with a very believable name, and don’t disseminate themselves.

The user can also unknowingly install a Trojan-infected program via drive-by downloads
when visiting a website, playing online games or using internet-driven applications. A
Trojan horse can cause damage similar to other viruses, such as steal information or
hamper/disrupt the functioning of computer systems.

M
S

a
c
C
d

t
e
B
r
D
i
X
e
p
t
Wo r
d
o
i
V
I
s
,
p
i
p
i
s
n
s
r

m s
-
r
v
a
m
o
i
b
c
a
o
t
r
,
t
V
e
o
t
r
a
h
:A
s
u
t
T
e
i
m
g
a
o
u
n
s
m
D
a
s
a
r
s
r
i
c
s
i
n
e
n
u
n
i
a
s
l
o
e
c
e
s
i
c
s
p
e
a
m
l
s
k
t
d
e
a
l
&
s
n
s
v
i
s
t

t
,
e
t i
,
o

s
These usually travel by human, attached programs, Macros of MS Office by modes of
embedment or attachment or web page components and search replications.

HOW DOES THIS HAPPEN?

Well, the malicious code or virus is inserted into the chain of command so that when the
infected program is run, the viral code is also executed. Viruses are usually seen as
extraneous code attached to a host program, but this isn’t always the case. Sometimes,
the environment is manipulated so that calling a legitimate uninfected program calls viral
program.

The viral program may also be executed before any other program is run. This can
virtually infect every executable file on the computer, even though none of those files
code was actually tampered with. Viruses that follow this modus operandi include
“cluster” or “FAT” (File Allocation Table) viruses, which redirect system pointers to
infected files, associate viruses and viruses that modify the windows Registry directory
entries so that their own code is executed before any other legitimate program.

Computer viruses usually spread via removable media or the internet. A flash disk, CD-
ROM, magnetic tape or other storage device that has been in an infected computer
infects all future computers in which it’s used. Your computer can also contract viruses
from sinister email attachments, rogue web sites or infected software. And these
disseminate to every other computer on network.

All computer viruses cause direct or indirect economic damages. Based on this, there are
2 categories of viruses:

1) Those that only disseminate and don’t cause intentional damage.

2) Those which are programmed to cause damage.

However, even by disseminating, they take up plenty of memory space, and time and
resources that are spent on the clean-up job. Direct economic damages are caused when
viruses alter the information during digital transmission. Considerable expenses are
incurred by individuals, firms and authorities for developing and implementing the anti-
virus tools to protect computer systems.

3) LOGIC BOMBS:

A logic bomb, also known as “slag code”, is a malicious piece of code which is
intentionally inserted into software to execute a malicious task. When triggered by a
specific event, it’s not a virus although it usually behaves in a similar manner.
It is stealthy inserted into the program where it lies dormant until specified conditions
are met. Malicious software such as viruses and worms often contain logic bombs which
are triggered at a specific payload or at a predefined time.

The payload of a logic bomb is unknown to the user of the software, and the task that it
executes unwanted. Program codes that are scheduled to execute at a particular time
are known as “time-bombs”. For example, the infamous “Friday the 13 th” virus which
attacked the host systems only on specific dates, it “exploded” every Friday that
happened to the thirteenth of a month, thus causing system slowdowns.

Logic bombs are usually employed by disgruntled employees working in the IT sector.
You may have heard of “disgruntled employee syndrome” where in angry employees
who have been fired use logic bombs to delete the databases of their employers, stultify
the network for a while or even do insider trading.

Triggers associated with the execution of logic bombs can be a specific date and time, a
missing entry from a database or not putting in a command at the usual time, meaning
the person does not work there anymore.

Most logic bombs stay only in the network they are employed in. So in most cases,
they’re an insider job. This makes them easier to design and execute than a virus. It
doesn’t need to replicate; which is a more complex job. To keep your network protected
from the logic bombs, you need constant monitoring of the data and efficient anti-virus
software on each of the computers in the network.

There’s another use for the type of action carried out in a logic bomb “explosion”-to
make restricted software trials.

The embedded piece of code destroys the software after a defined period of time or
renders it unusable until the user pays for its further use. Although this piece of code
uses the same technique as a logic bomb, it has a non-destructive, non-malicious and
use-transparent use and is not typically referred to as one.

4) DENIAL OF SERVICE ATTACK:

A Denial-of-Service (DoS) attack is an explicit attempt by attackers to deny service to

intended users of that service. It involves flooding a computer resource with more
requests than it can handle consuming its available bandwidth which results in server
overload.

This causes the resource to crash or slow down significantly so that no one can access it.
Using this technique, the attacker can render a website inoperable by sending massive
amounts of traffic to the targeted site. A site may temporarily malfunction or crash
completely, in any case resulting in inability of the system to communicate adequately.
DOS attacks violate the acceptable use policies of virtually all internet service providers.

Another variation to a denial-of-service attack is known as a “Distributed Denial of

Service” (DDoS) attack wherein a number of geographical widespread perpetrators flood
the network traffic.

Denial-of-Service attacks typically target high profile web site servers belonging to banks
and credit card payment gateways. Websites of companies such as Amazon, CNN,
Yahoo, Twitter and eBay! Were also been affected.

5. PHISHING:

This is a technique of extracting confidential information such as credit card numbers

and username password combos by masquerading as a legitimate enterprise. Phishing is
typically carried out by email spoofing.

The malware would have installed itself on your computer and stolen private information.
Cyber-criminals use social engineering to trick you into downloading malware off the
internet or make people to fill in your personal information under false pretenses. A
phishing scam in an email message can be evaded by keeping certain things in mind.

Not all phishing is done via email or web sites. Vishing (voice phishing) involves calls to
victims using fake identity fooling you into considering the call to be from a trusted
organization. They may claim to be from a bank asking you to dial a number and enter
your account details. Once you do that your account security is compromised.

Treat all unsolicited phone calls with skepticism and never provide any personal
information. Many banks have issued preemptive warnings informing their users of
phishing scams and the do’s and don’ts regarding your account information.

Those of you reading Digit for long enough will remember that we successfully phished
hundreds of our readers by reporting a way to hack other people’s Gmail accounts by
sending an email to a made up account with your own username and password.

6. Email bombing and spamming:

Email bombing is characterized by an abuser sending huge volumes of email to a target

address resulting in victim’s email account or mail servers crashing. This message is
meaningless and excessively long in order to consume network resources. If multiple
accounts of a mail server are targeted, it may have a denial-of-service impact.

Such mail arriving frequently in your inbox can be easily detected by spam filters. Email
bombing is commonly carried out using botnets (private internet connected computers
whose security has been comprised by malware and under the attacker’s control) as a
DDoS attack.

This type of attack is more difficult to control due to multiple source addresses and the
bots which are programmed to send different messages to defeat spam filters.
“Spamming” is a variant of email bombing. Here unsolicited bulk messages are sent to a
large number of users, indiscriminately.

Opening links given in spam mails may lead you to phishing web sites hosting malware.
Spam mail may also have infected files as attachments. Email spamming worsens when
the recipient replies to the email causing all the original addressees to receive the reply.

Spammers collect email addresses from customer lists, newsgroups, chat-rooms, web
sites and viruses which harvest users address books and sell them to other spammers as
well. A large amount of spam is sent to invalid email addresses.

Sending spam violates the acceptable use policy (AUP) of almost all internet service
providers. If your system suddenly becomes sluggish (email loads slowly or doesn’t
appear to be sent or received), the reason may be that your mailer is processing a large
number of messages.

Unfortunately, at this time, there’s no way to completely prevent email bombing and
spam mails as it’s impossible to predict to origin of the next attack. However, what you
can do is identify the source of the spam mails and have your router configured to block
any incoming packets from that address.

7. WEB JACKING:

Web jacking derives its name from “hijacking”. Here, the hacker takes control of a web
site fraudulently. He may change the content of the original site or even redirect the
user to another fake similar looking page controlled by him.

The owner of the web site has no more control and the attacker may use the website for
his own selfish interests. Cases have been reported where the attacker has asked for
ransom, and even posted obscene material on the site.

The web jacking method attack may be used to create a clone of the web site, and
present the victim with the new link saying that the site has moved. Unlike usual
phishing methods, when you cover your cursor over the link provided, the URL presented
will be the original one, and not the attacker’s site. But when you click on the new link, it
opens and is quickly replaced with the malicious web server.

The name on the address bar will be slightly different from the original website that can
trick the user into thinking it’s a legitimate site. For example, “Gmail” may direct you to
“Gmail1”.

Web jacking can also be done by sending a counterfeit message to the registrar
controlling the domain name registration, under a false identity asking him to connect a
domain name to a website controlled by the webjacker.

The purpose of this attack is to try to harvest the credentials, usernames, passwords and
account numbers of users by using a fake web page with a valid link which opens when
the user is redirected to it after opening the legitimate site.

8. CYBER STALKING:

Cyber stalking is a new form of internet crime in our society when a person is pursued or
followed online. A cyber stalker doesn’t physically follow his victim; he does it virtually
by following his online activity to harvest information about the stalkee and harass him
or her and make threats using verbal intimidation. It’s an invasion of one’s online
privacy.

Cyber stalking uses the internet or any other electronic means and is different from
offline stalking, but is usually accompanied by it. Most victims of this crime are women
who are stalked by men and children who are stalked by adult predators and pedophiles
and men who were stalked by a money launding people.
Cyber Stalkers thrive on inexperienced web users who are not well aware of netiquette
and the rules of internet safety. A cyber stalker may be a stranger, but could just as
easily be someone you know.

Cyber Stalkers harass their victims via email, chat rooms, web sites, discussion forums
and open publishing web sites (e.g. blogs). The availability of free email/ web site space
and the anonymity provided by chat rooms and forums has contributed to the increase
of cyber stalking incidents.

Everyone has an online presence nowadays, and it’s really easy to do a Google search
and get one’s name, alias, contact number and address, contributing to the menace that
is cyber stalking. As the internet is increasingly becoming an integral part of our
personal and professional lives, stalkers can take advantage of the ease of
communications and the availability of personal information only a few mouse clicks
away.

In addition, the anonymous and non-confrontational nature of internet communications

further losses away any disincentives in the way of cyber stalking. Cyber stalking is done
in two primary ways:

INTERNET STALKING:

Here the stalker harasses the victim via the internet. Unsolicited email is the most
common way of threatening someone, and the stalker may even send obscene content
and viruses by email. However, viruses and unsolicited telemarketing email alone do not
constitute cyber stalking. But if email is sent repeatedly in an attempt to intimidate the
recipient, they may be considered as stalking.

Internet Stalking is not limited to email; stalkers can more comprehensively use the
internet to harass the victims. Any other cyber-crime that we’ve already read about, if
done with an intention to threaten, harass, or slander the victim may amount to cyber
stalking.

COMPUTER STALKING:

The more technologically advanced stalkers apply their computer skills to assist them
with the crime. They gain unauthorized control of the victim’s computer by exploiting the
working of the internet and the Windows operating system. Though this is usually done
by proficient and computer savvy stalkers, instructions on how to accomplish this are
easily available on the internet.
Cyber stalking has now spread its wings to social networking. With the increased use of
social media such as face book, Twitter, Flicker and you tube, your profile, photos and
status updates are up for the world to see. Your online presence provides enough
information for you to become a potential victim of stalking without even being aware of
the risk. With the “check-ins”, the “life-events”, apps which access your personal
information and the need to put up just about everything that you’re doing and where
you’re doing it, one doesn’t really leave anything for the stalkers to figure out for
themselves.

Social networking technology provides a social and collaborative platform for internet
users to interact, express their thoughts and share almost everything about their lives.
Though it promotes socialization amongst people, along the way it contributes to the rise
of internet violations.

9. DATA DIDDLING:

Data Diddling is unauthorized altering of data before or during entry into a computer
system, and then changing it back after processing is done. Using this technique, the
attacker may modify the expected output and is difficult to track.

In other words, the original information to be entered is changed, either by a person

typing in the data, a virus that’s programmed to change the data, the programmer of
the database or application, or anyone else involved in the process of creating,
recording, encoding, examining, checking, converting or transmitting data.

This is one of the simplest methods of committing a computer-related crime, because

even a computer amateur can do it. Despite this being an effortless task, it can have
detrimental effects. For example, a person responsible for accounting may change data
about themselves or a friend or relative showing that they’re paid in full.

By altering or failing to enter the information, they’re able to steal from the enterprise.
Other examples include forging or counterfeiting documents and exchanging valid
computer tapes or cards with prepared replacements. Electricity boards in India have
been victims of data diddling by computer criminals when private parties were
computerizing their systems.

10. IDENTITY THEFT AND CREDIT CARD FRAUD:

Identity theft occurs when someone steals your identity and pretends to be you to
access resources such as credit cards, bank accounts and other benefits in your name.
The impostor may also use your identity to commit other crimes. “Credit card fraud” is a
wide ranging term for crimes involving identity theft where the criminal uses your credit
card to fund his transactions. Credit card fraud is identity theft in its simplest form. The
most common case of credit card fraud is your pre-approved card falling into someone
else’s hands.

He can use it to buy anything until you report to the authorities and get your card
blocked. The only security measure on credit card purchases is the signature on the
receipt but that can very easily be forged. However, in some countries the merchant
may even ask you for an ID or a PIN. Some credit card companies have software to
estimate the probability of fraud. If an unusually large transaction is made, the issuer
may even call you to verify.

Often people forget to collect their copy of the credit card receipt after eating at
restaurants or elsewhere when they pay by credit card. These receipts have your credit
card number and your signature for anyone to see and use. With only this information,
someone can make purchases online or by phone. You won’t notice it until you get your
monthly statement, which is why you should carefully study your statements.

Make sure the website is trustworthy and secure when shopping online. Some hackers
may get a hold of your credit card number by employing phishing techniques.
Sometimes a tiny padlock icon appears on the left screen corner of the address bar on
your browser which provides a higher level of security for data transmission. If you click
on it, it will also tell you the encryption software it uses.

A more serious concern is the use of your personal information with the help of stolen or
fake documents to open accounts to take a loan in your name. These unscrupulous
people can collect your personal details from your mailbox or trash can. Think of all the
important details printed on those receipts, pay stubs and other documents.

You won’t know a thing until the credit card people track you down and tail you until you
clear all your dues. Then for months and months you’ll be fighting to get your credit
restored and your name cleared.

With rising cases of credit card fraud, many financial institutions have stepped in with
software solutions to monitor your credit and guard your identity. ID theft insurance can
be taken to recover lost wages and restore your credit. But before you spend a fortune
on these services, apply the no-cost, common sense measures to avert such a crime.

11. SALAMI SLICING ATTACK:

“Salami slicing attack” or “salami fraud” is a technique by which cyber-criminals steal

money or resources a bit at a time so that there’s no noticeable difference in overall size.
The perpetrator gets away with these little pieces from a large number of resources and
thus accumulates a considerable amount over a period of time. The essence of this
method is the failure to detect the misappropriation. The most classic approach is called
“collect-the –round off” technique.

Most calculations are carried out in a particular currency are rounded off up to the
nearest number about half the time and down the rest of the time. If a programmer
decides to collect these excess fractions of rupees to a separate account, no net loss to
the system seems apparent. This is done by carefully transferring the funds into the
perpetrator’s account.

Attackers insert a program into the system to automatically carry out the task. Logic
bombs may also be employed by unsatisfied greedy employees who exploit their know-
how of the network and/or privileged access to the system. In this technique, the
criminal programs the arithmetic calculators to automatically modify data, such as in
interest calculations.

Stealing money electronically is the most common use of the salami slicing technique,
but it’s not restricted to money laundering. The salami technique can also be applied to
gather little bits of information over a period of time to deduce an overall picture of an
organization. This act of distributed information gathering may be against an individual
or an organization.

Data can be collected from web sites, advertisements, documents collected from trash
cans and the like, gradually building up a whole database of factual. Since, the amount
of misappropriation is just below the threshold of perception; we need to be more
vigilant.

Careful examination of our assets, transactions and every other dealing including sharing
of confidential information with others might help reduce the chances of an attack by this
method.

12. SOFTWARE PIRACY:

Internet piracy is an integral part of our lives which knowingly or unknowingly we all
contribute to. This way, the profits of the resource developers are being cut down. It’s
not just about using someone else’s intellectual property illegally but also passing it on
to your friends further reducing the revenue they deserve.

Software piracy is the unauthorized use and distribution of computer software. Software
developers work hard to develop these programs and piracy curbs their ability to
generate enough revenue to sustain development. This affects the whole global economy
as funds the following constitute software piracy:
 1. Loading unlicensed software on your PC
2. Using single-licensed software on multiple computers
3. Using a key generator to circumvent copy protection
4. Distributing a licensed or unlicensed (“cracked”) version of software over the
internet and offline.

“Cloning” is another threat. It happens when someone copies the idea behind your
software and writes his own code. Since ideas are not copy protected across borders all
the time, this isn’t strictly illegal. A software “crack” is an illegally obtained version of the
software which works its way around the encoded copy prevention. Users of pirated
software may use a key generator to generate a “serial” number which unlocks an
evaluation version of the software, thus defeating the copy protection. Software cracking
and using unauthorized keys are illegal acts of copyright infringement.

Using pirated material comes with its own risks. The pirated software may contain
Trojans, viruses, worms and other malware, since pirates will often infect software with
malicious code. Users of pirated software may use a key generator to generate a “serial”
number which unlocks an evaluation version of the software, thus defeating the copy
protection. Software cracking and using unauthorized keys are illegal acts of copyright
infringement.

Using pirated material comes with its own risks. The pirated software may contain
Trojans, viruses, worms and other malware, since pirates will often infect software with
malicious code. Users of pirated software may use a key generator to generate a “serial”
number which unlocks an evaluation version of the software, thus defeating the copy
protection. Software cracking and using unauthorized keys are illegal acts of copyright
infringement.

Using pirated material comes with its own risks. The pirated software may contain
Trojans, viruses, worms and other malware, since pirates will often infect software with
malicious code. Users of pirated software may be punished by the law for illegal use of
copyrighted material. Plus you won’t get the software support that is provided by the
developers.

To protect your software from piracy if you are a developer, you should apply strong
safeguards. Some websites sell software with a “digital fingerprint” that helps in tracing
back the pirated copies to the source. Another common method is hardware locking.
Using this, the software license is locked to specific computer hardware, such that it runs
only on that computer. Unfortunately, hackers continue to find their way around these
measures.
13. OTHERS:

So far we have discussed the dedicated methods of committing cyber crimes.

In a nutshell, any offence committed using electronic means such as net
extortion, cyber bullying, child pornography and internet fraud is termed as
cyber crime. The internet is a huge breeding ground for pornography, which
has often been subject to censorship on grounds of obscenity. But what may be
considered obscene in India, might not be considered so in other countries

Since every country has a different legal stand on this subject matter,
pornography is rampant online. However, according to the Indian Constitution,
largely, pornography falls under the category of obscenity and is punishable by
law. Child pornography is a serious offence and can attract the harshest
punishments provided for by law.

Pedophilips lurk in chat room to lure children. The internet allows long-term
victimization of such children, because the pictures once put up, spread like
wild-fire, and may never get taken down completely. Internet crimes against
children are a matter of grave concern, and are being addressed by the
authorities, but this problem has no easy solution.

INDIAN CYBER CRIME LAWS:

How is cybercrime policed in the Indian context and what laws govern Indian
cyberspace?

When your spreadsheet software continues to crash throughout the day, regardless of
the file you open, the setting you tweaked, or the programs you closed to free up
memory, do you ever think about asking the software company for a refund? What
causes this distinction between our experiences with offline and online products and
services?

You would have noticed, as you try to install any software that it asks you to read its
“Terms and Conditions” and indicate that you accept them by clicking on check box. You
simply cannot install the software without accepting the T&C. But how many of us even
view the T&C policy, leave along actually the words?

One prime difference lies in the fact that we have seen stuff like home appliances and
electronic goods for the past five decades, while the computer and internet have been
with us only since the last 20 years, whereas cyber laws are older enough as I said in
introduction part.
INTERNET:

The fact that the internet pervades most aspects of our lives today, means that an
increasing number of people have a parallel electronic existence. With millions of
individuals interacting with each other, consuming online services, performing monetary
transactions and building viewpoints through cyberspace, monitoring, controlling
and policing the internet has become one of the prime concerns of almost all
governments worldwide. The anonymous, decentralized and instantly “live”
nature of the internet makes it that much tougher to assign responsibility,
draw up jurisdictions and effectively resolve genuine grievances. Increasing
cases of criminal activities being conducted through this medium have been a
growing concern and need to be tackled efficiently if we are ever to harness the
true potential of the internet and convince even the most reluctant individuals
in being connected to it.

A LAW BEHIND EVERY MOVE WE MAKE:

Every activity in the real world (e.g. buying ticket, paying for groceries, signing an
employment contract, etc) has a legal underpinning. We rarely, if ever, consider the
legal ramifications of our offline activities, because we are seldom the victims of a crime
of fraud and resort to using the legal infrastructure (police, lawyers, courts) to resolve
our grievances.

The sample applies to any online activity. The underlying thought behind every email we
reply to, every twitter post we re-tweet, every net-banking transaction we perform, or
every news article we read is that it is “legal” to do so. So what happens when someone
does something illegal online? But even prior to that, how do we know whether
something is really illegal.

Cyber laws pertain to diverse aspects of the electronic world such as:

1. Software licences, copyright and fair use.

2. Unauthorized access, data privacy and spamming.
3. Export of hardware and software.
4. Censorship
5. Computerized voting

IT Act, 2000 and ITS Amendment Act 2008,

These two pieces of legislation are from the bedrock of cyber law infrastructure in India.
The Information Technology Act, 2000 was passed by the Indian parliament in May 2000
and came into force in October of the same year. Its prime purpose is to provide the
legal infrastructure for e-commerce in India. It was the first legal instrument to provide
legal sanctity to electronic records and contracts expressed through electronic means of
communication.

The act later amended in December 2008 through the IT (Amendment) Act, 2008. Some
of their salient points are:

DIGITAL SIGNATURES:

Electronic records may be authenticated by a subscriber by affixing digital signatures;

further, the signature may be verified using the public key provided by the subscriber.

CERTIFYING AUTHORITIES:

Domestic and foreign certifying authorities (which provide digital signature certificates)
are recognized by the law; a “Controller of Certifying Authorities” shall supervise them.

ELECTRONIC GOVERNANCE:

Documents required as per law by any arm of the government may be supplied in
electronic form, and such documents are to be treated the same as handwritten,
typewritten or printed documents.

OFFENCES AND PENALTIES:

An adjudicating officer shall judge whether a person has committed an offence in

contravention of any provision of the IT Act, 2000; the maximum penalty for any
damage to computers or computer systems is a fine up to 1 crore.

APPELLLATE TRIBUNALS:

A cyber regulations Appellate Tribunal shall be formed which shall hear appeals
against orders passed by the Adjudicating Officers.

INVESTIGATION:

Offences shall only be investigated by a police officer of the rank of the Deputy
Superintendent of Police or above (amended to the rank “inspector” or above
by IT Amendment Act 2008)

AMENDMENT TO OTHER LAWS:

Other acts such as the Indian Penal Code 1860, The Indian Evidence Act, 1872, the
banker’s Books of Evidence Act 1891, The Reserve Bank of India Act 1934 were to be
amended to align them with the IT Act.
NETWORK SERVICE PROVIDERS:

Intermediaries in the data transmission process, such as Internet Service Providers, are
not liable in certain cases, so long as the intermediary expeditiously acts prevent the
cybercrime on getting such instruction from the government or its agency.

WHAT OFFENCES ARE COVERED UNDER THESE LAWS?

One important view has been considered when drafting the IT Amendment Act, 2008
was that it should be a comprehensive piece of legislation with minimal dependence on
other penal laws. Although this recommendation seems to have been overlooked,
several new offences have been defined in the 2008 version. The two IT Acts together
define the below offences and also recommend punishments for each of them:

Hacking: It is not defined in either of the IT acts, which in itself may have
considerably weakened the cybercrime legislation in India.

Data Theft: This offence is defined as copying or extracting information from a

computer system without the owners, including computer theft and theft of
digital signals during transmission.

Identity Theft: As per the IT Act 2008, this offence is defined as fraudulently or
dishonestly making use of the electronic signature, password or any other
unique identification feature of a person.

E-mail spoofing: This is commonly used by hackers to hide the actual email
address from which phishing and spam message are sent. It may also be used
in conjunction with other fraudulent methods to trick users into providing
personal/ confidential information.

Sending offensive messages: the IT Act defines this offense as sending

offensive or false information for the purpose of causing hatred, ill will etc.

Voyeurism: This is defined as publishing/transmitting of “compromising”

images/videos of a person without his/her consent.

Child pornography: This covers offences against all individuals who have not
completed 18 years of age. Despite being one of the most serious offences, it
does not attract any severe punishment.

Cyber terrorism: The addition of this offence was a major difference between
the two IT acts. Cyber terrorism is described in fair detail as denying access to
a computer, attempting to access a computer resource without authorization,
or contaminating a computer system.

Punishment: While all other offences are punishable by imprisonment up to 3-5

years and/or a fine of up to 3-5 Lakh, an individual convicted of cyber terrorism
is punishable by imprisonment for life.

Who enforces the law? Where do I file complaint?

What should you do if the password to your email account is stolen? Or if everyone on
your face book friends list are receiving spam messages from your account? You may
start by filing a complaint with the local police station. A major importance of the IT
amendment Act 2008 over the original IT Act, 2000 was that police officers of the rank
of “Inspector” or above were empowered to investigate cyber crimes, as against the rank
of “Deputy Superintendent of Police” or above required by the original Act. This would
have, at least theoretically, considerably increased the bandwidth of enforcement
agencies in handling cybercrimes. However, try not to cross any fingers or toes hoping
that you’d get your email account back, as you shall see in the next section.

Here are some examples of cybercrime-fighting infrastructure set up in different parts of

India:

1. India’s first exclusive cyber crime enforcement setup was the Cyber crime police
station set up in Bangalore.
2. This was followed up by a similar police station in Andhra Pradesh, which
functions from Hyderabad city and has statewide jurisdiction.
3. Cyber Crime Investigations Cells have also been set up by police departments of
Mumbai, Kolkatta and Tamil Nadu.

PROMINENT CYBERCRIME CASES:

1. First conviction for a cybercrime in India:

A call centre employee at Noida had gained access to an American citizen’s credit card
information and used the same to purchase a color television and a cordless phone
through a Sony Entertainment website catering to NRIs. A month after the items were
delivered to the individual, Sony Entertainment was informed by the credit card agency
that the card owner had denied making the purchase. Luckily, digital photographs taken
at the time of delivery were evidence enough for the CBI to convict the individual under
several sections of the Indian Penal Code.
2. FIRST CONVICTION UNDER THE IT ACT, 2000

Obscene and defamatory messages regarding a divorced woman were posted on a Yahoo
message group, which resulted in phone calls to the woman in the belief that she was
soliciting. Investigating based on a complaint made by the victim in February 2004; the
police traced the source of the message to a Mumbai resident who was a family friend of
the victim. He had resorted to harassing the victim as she had rejected his marriage
offer. The accused’s lawyers argued that the offending messages might have been sent
by either the victim’s ex-husband or by the victim herself in order to implicate the
accused, and that the documentary evidence was not sustainable under the Indian
evidence Act. However, the court found the accused guilty based on the statements by
the cyber café owner where the messages originated as well as expert witness provided
by Naavi. The accused was sentenced to rigorous imprisonment for 2years and fine
Rs.5000.

3. HACKERS DEFACE THE OFFICIAL WEBSITE OF THE MAHARASHTRA

GOVERNMENT:

The website http://www.maharashtragovernment.in, which contains details about

government departments, circulars, reports, and several other topics, was hacked on
September 2007. Sources believed the hackers to be from Washington, USA, although
the hackers identified as “Hackers Cool Al-Jazeera” and claimed they were based in
Saudi Arabia, which authorities believe might be a red herring to throw investigators off
their trail. Deputy Chief Minister and Home Minister R.R. Patil stated that, if needed the
government would seek help to Private IT experts to find the hackers.

4. ONLINE CREDIT CARD SCAM SOLVED; THREE HELD GUILTY

A bank employee who had access to credit card details of the banks customers used
them along with two other individuals to book tickets online and sell them to third
parties. According to the information provided by the police, the scam was detected
when one of the customers received an SMS alert for purchasing an airline ticket even
though he had the card on him and had not used it.

The alert customer immediately informed the bank who then involved the police. Eight
days investigation by Cyber Cell head DCP Sunil Pulhari, PI Mohan Mohadikar and A.P.I.
Kate resulted in the arrests of the three involved.

5. MURDER SOLVED WITH AID FROM MY SPACE:

The murder of a high school football player was solved when police found the prime
suspect in a picture posted on a street gang’s my space page.
Whose Law Applies?

A hacker sitting in Iceland may use a proxy in Thailand to hack into servers of the
London Stock Exchange. Which country’s cyber laws apply in this instance? The
decentralized nature of the crime makes it that much tougher to demarcate jurisdiction,
further compounded by that fact that cyber laws are not consistent across nations (what
may be a cyber crime in India may be perfectly legal in Sri Lanka). For instance, the
provisions of the Indian IT Act 2000 applies not only to the whole of India, but also to
offences committed outside Indian territory, provided the offence involved a computer,
computer system or computer network located in India.

Where do we go from here?

Given the extreme pace at which internet users are increasing, the potential for
cybercrime expands daily. Hence there can never be a perfect IT Act or cyber crime law
which will cover all possible offences. IT laws need to be updated frequently, with more
creative and inventive responses from the organizations under threat.

The laws and enforcement infrastructure also made aware to the general public. This
also called for international co-ordination between enforcement agencies and shared
jurisdictions wherever required. Piecemeal security solutions designed for individual
threats are giving way to strategically deployed systems aimed to counter multiple
threats.

Organizations should also consolidate their security mechanisms into a commonly

managed appliance, instead of installing and maintaining disparate devices. These
measures combined with greater user education are the best safeguard against the
future of cyber-criminal activities.

ANALYSING DIGITAL VULNERABILITIES IN DEVELOPING COUNTRIES:

The International Telecommunication Union (ITU) estimated that more than half of the
global populations were online at the end of 2018. And in the last 15 years, the
demography of internet users has changed dramatically in 2000, developed countries
(17% of the world population) represented 82% of the world’s internet users by 2017,
developing countries were the biggest group of internet users (73%) and the majority of
the world’s population (84%). While developed countries are still over-represented
among internet users. The gap is closing very fast (World Bank 2019).

Internet penetration in developing countries is still relatively low (amounting to 45.3% at

the end of 2018), it faces various obstacles (kshetri 2010, p. 1058), and is unevenly
distributed (pathways for Prosperity Commission 2018). However, it is growing at a
rampant rate (ITU 2018). Other regions are also experiencing growth. In the Common
wealth of Independent States (CIS), 71.3% of the population uses the internet, while in
the Arab States it is 54.7% and in the Asia-Pacific region, 47%.

Developing countries are also characterized by the significant growth of the number of
mobile broadband subscriptions. Which is likely to accelerate further? The largest
expansion of broadband subscriptions has been observed in the Asia-Pacific region, the
Arab States and Africa. Notably, countries of the Global South often bypassed fixed-
phone infrastructure and invested directly in wireless technology. Dominant mobile
digital infrastructure brings specific issues that influence security conditions.

Much has been written about the positive aspects of digitalization. Indeed, as a
precondition of economic well-being. It is an underlying factor for attaining the UN’s
Sustainable Development Goals. Globally, political and business leaders strive to create
favorable conditions to make sure that the related benefits, especially in the economic
arena, will materialize. National, regional and international mechanisms have sprung up
to facilitate the process, due to the widely accepted presumption that only through
digitalization will the global economy be able to achieve its full potential. The Digital
African market was set up with the main goal of unleashing entrepreneurial energy,
innovation and economic capabilities of the continent.

Along with digital transformation, developing countries have been facing various cyber
threats that may endanger their economic development and also perturb the global
financial system. Even though most developing countries are at the beginning of their
digital journey, significant security problems already exist. And these are only likely to
increase. For instance, more malicious activities tend to be observed when a country’s
internet penetration is above a threshold of 10-15%. Developing countries have crossed
that threshold and so have become an important element of the global cyber security
landscape.

THE PERILS FACED BY DEVELOPING COUNTRIES IN CYBER CRIME:

Structural factors in developing countries strongly influence their cybercrime position.

During the initial phase of digitalization, nations experience a phenomenon known as
“hollow diffusion”. Digitalization often outpaces the establishment and implementation
of cyber security technical controls and often primarily govern framework.

Existing weaknesses are exploited by cyber criminals who target victims in developing
countries and also take advantage of the digital infrastructures of those countries to
carry out attacks on other territories, including developed states. This trend is expected
to increase and developing countries must act against it. To better understand this
complex issue, it is important to analyze common denominators that typify the
cybercrime scene in developing countries.

According to the Global Software Survey, approximately 57% of software used in Africa
and the Middle East is unlicensed, which means that upgrades and security patches will
not be installed. Entities and individuals from emerging economies often simply cannot
afford the latest software and hardware versions and cannot invest in cyber security
solutions, making them very susceptible to attacks.

This problem has an additional dimension, in that ICT vendors tend to adapt to the
market demand by adjusting their offer to match client’s capacities or expectations. For
many developing countries, high-security products are unaffordable; therefore instead,
manufacturers provide low-cost, consequently less secure versions of their products.
Such outdated or unprotected systems are easy prey for cybercriminals serving as
targets that can be either directly exploited or weaponized to enable further crimes.

Technology-related problems in developing countries are an important reason why

cybercrime is flourishing. The issue can be limited by governance interventions that may,
for instance, be focused on enforcing security standards in the critical sectors.
Governments can also build a dialogue with technology vendors, so they can provide
more secure products and services. (These issues are described in section.34). Some of
the important issues faced by developing countries in the form of perils in cyber security
are as follows:

Human factor- the centerpiece of cyber security

Insufficient strategic solutions and imperfect legal frameworks.

Digitalization of financial services

Digital infrastructure

Illicit financial flows and cyber crime

DEVELOPMENT BY DIGITAL PRAGMATISM:

FROM DIGITAL OPTIMISM TO PRAGMATIC ACTIONS:

Cyber security must be treated as a precondition for digital revolution; this is far easier
said than done. Security measures, in their broader sense, include not just technical. But
also organizational and regulatory efforts. Establishing optimal cyber security is a multi
stakeholder task, but strong governmental harmonization of cyber security approaches
and co-ordinate actions. If developing countries want to avoid the mistakes made by
earlier technology adopters, they need to implement a wide range of actions from the
outset.

After a period of “digital optimism” in developed countries during the first decades of
internet uptake, many moved towards “digital realism” defined by increased interest in
cyber security needs and solutions at a national and international level. While many
digital realist endeavors have been successful, others were contaminated with errors and
imperfections.

Because developing countries often have very limited resources, cyber security initiatives
must be as efficient and cost-effective as possible. These countries have a lack of funds
for programmes to cover fundamental cyber security capabilities. Also, businesses show
a limited interest in investing in and implementing cyber security measures. Security is
often not the first choice for expense allocation. Therefore, decisions must be thought
out carefully and focus on priority areas. Developing countries cannot afford to waste
resources on mechanisms that are inefficient or ineffective, as often observed in
developed countries processes. This is one reason why developing countries should not
simply transplant approaches that exist in Western Countries. But instead work to tailor
solutions to their needs.

An important feature of digital optimism was the almost unlimited trust in the
opportunities brought by digital technologies. Digital realism, on the other hand is much
more skeptical and distrustful. Which often leads to overly pessimistic assessments? In
the long term, this may slow down digital development and economic growth.

In contrast, the proposal of “digital pragmatism”, which promotes a rational awareness

of both the opportunities and threats stemming from cyber space and judicious usage of
new technologies, which can strongly enhance the cyber security landscape. All states,
societies and economies must make the most of existing and emerging technologies.
This can be done if a cyber security by design approach is applied by all relevant
stakeholders both at the national and international level.

WHAT ARE THE STRATEGIES FOLLOWED BY DEVELOPED NATIONS?

The developed countries had build their cyber security ecosystem and governance
structures on the basis of effective national strategies. These strategies put the cyber
crime counter measures at the top of the agenda. The development of their strategy
should be accelerated and formulated on the basis of the best practices and existing
guidelines.
A national strategy had provided a broad framework for a cyber security ecosystem
including governance structures. It should therefore be followed by concrete legal
actions and capacity building initiatives that will lead to actual changes. Legal measures
should be established and implemented across criminalization, procedural powers,
jurisdiction, and international co-operation of personal data protection. These must be
treated as a priority by developing country governments.

In recent years, numerous national and international legal mechanisms have

been developed, which can operate at a global scale. There are 5 major legal
frameworks to facilitate international co-operation in developed countries.

1. Council of Europe Convention on Cybercrime (The Budapest Convention on

Cybercrime)

2. Common wealth of Independent States agreement on co-operation in

combating offences related to computer information.

3. African Union Convention on Cyber security and Personal data.

4. League of Arab States Convention on Combating Information Technology

Offences.

5. Shanghai Cooperation Organization Agreement on Cooperation in the field of

International information Security.

While making international cyber security efforts. It will also be important to

focus on small steps and agree on common points of interest. All inclusive
international agreements will be hard to achieve. So separating the issues into
smaller elements may bring better results at least in the short term.

This approach can be applied, in developing countries for instance, to achieve

consensus on norms of responsible state behavior in cyber space. Currently
being discussed at the UN. Agreeing on basic common denominators can be
good starting point for other decisions. Basic ‘islands of consensus’ can serve
as starting point for further successful achievements. That may sound less
ambitious than aiming at a holistic solution right from the beginning but in
reality it is more feasible and thus more likely to yield better results.

Developing countries must put human rights at the heart of the process of
creating legislative measures. Aside from the obvious ethical reasons,
respecting human rights is also in a country’s interest for pragmatic reasons
because developing countries must create a favorable environment for
international businesses and investors, as well as a good public image. Solid
legal safeguards must be built in at various levels. Explicitly in relation to the
private sector and most notably internet service providers. Building
transparent trust-based and trust inducing collaboration mechanisms is key.

BUILDING RESILIENCE:

To build resilience and thereby diminish the consequences of cybercrime, a

legal framework should go beyond the creation of substantive and procedural
legal provisions. Countries should focus on ensuring that the vital elements of
their functioning are well protected against hostile cyber incidents, including
cyber crime.

A good practice here is to focus on critical sectors- identifying the most

valuable entities that provide critical services or functions and making sure
that these entities are implementing appropriate cyber security measures.
According to international standards, this model is currently implemented in
the European Union. The NIS directive requires member states to identify
operators of essential services. Who are obliged to introduce cyber security
measures according to the outcome of the risk assessment process? The main
rationale behind those actions is to make sure that at least the most valuable
entities are protecting themselves from cyber threats. This usually gives public
actors corrective instruments that can be used if the operator of the services is
not complaint. This approach can be considered by developing countries.

COMBATTING CYBERCRIME WITH COUNTERMEASURES AND NEW

TECHNOLOGIES:

Effective anti-cybercrime actions can be significantly better enforced when accompanied

by the use of new technologies. The digital pragmatism recommended in this paper
promotes the use of smart tactics, targeted at the most pressing problems. To increase
the effectiveness of the fight against cybercrime. As we have noted, cybercrime currently
facilitates a whole criminal ecosystem, with organized criminal groups and IFFs at its
core. This complex environment consists of actors, relations, services, mechanisms, tools
and markets that interact and influence each other. Some of the important way to deal
with cyber crime is to focus on preventive measures such as:
STRENGTHENING THE HUMAN FACTOR IN CYBERCRIME PREVENTION:

Many problems that foster criminal activities such as social engineering can be
eliminated with human centric efforts. The human factor is a key element of this strategy
and requires the implementation of various educational efforts organized mainly at a
governmental level.

Two approaches are particularly relevant for developing countries:

Protect cyber crime targets by enhancing their security level through

knowledge and skills and government must establish cyber security related
programmes as well as weave cyber security aspects into the educational
system.

Eliminate the problem by preventing potential offenders from committing cyber

crime.

EDUCATION:

It is a widely held conviction that cyber security should be mainstreamed into general
educational programs. This must be treated as a key task for governmental bodies
responsible for setting up educational frameworks. Creating cyber security curricula
based on well functioning. Globally recognized standards would be a good start for
developing countries.

The international community and especially developed countries with a wealth of

experience should actively support such endeavors. While international expertise will be
crucial; these programmes must be tailored to local contexts and language
environments. For instance, since Africa has the lowest average access to higher
education, its cyber security programmes should be targeted at primary and secondary
level. It should be governments’ responsibility to build tailored educational proposals to
tackle these priority areas.

SECURE BY DESIGNS AND DEFAULT:

National and international bodies must strongly call on the industry to make a much
greater effort to bring secure products to the market. There is also room for other
actors. For instance, universities may strongly contribute to development of new, secure
by design technologies by specially funded research and development programmes.

Various instruments such as EU cyber security Act deserves special attention as it

establishes a voluntary EU certification framework for ICT digital products, services and
processes, with the potential to increase transparency among customers. It also
encourages vendors to provide more secure solutions. As of now many industrial leading
efforts and numerous international initiatives have been developed including the charter
of Trust and the Cyber security Tech Accord.

Developing countries may actively contribute to these projects but they can
influence their ecosystem by simply demanding and choosing secure solutions
from their vendors which need to be provided at affordable prices. Technology
providers should be chosen according to their security standards. As many
developing countries are at the start of building technological foundations, they
can build digital infrastructure with more secure solutions from the start.

For example, while encryption may hamper law enforcement efforts. It can
upgrade cyber security for legitimate users. Increasing the confidentiality of
valuable personal and business data, Encryption protocols may be included as
obligatory standards during the upcoming 5G standardization process. For
developing countries, these issues can bring opportunities. When building and
developing telecommunication infrastructure, they can choose solutions with a
higher level of security embedded helping to eliminate various security
problems from the outset. This opportunity was not at the disposal of
developed countries some years ago. It will however require decisive
governance actions at both national and international levels.

Understanding the cybercrime a guidelines been drafted by the International

Telecommunication Union for developing countries. This guide assists countries
in understanding the legal aspects of cyber security and to help harmonize
legal frameworks. In its approach the guide focuses on the demands of
developing countries. Due to the transnational dimension of cybercrime, the
legal instruments are the same for developing and developed countries. The
understanding of Cyber crime addresses the 7 strategic goals of the cyber
crime legislation.

The developed countries had developed automatic cybercrime detective

software. New Jersey government sponsored a new anti-hacker project and
funded some 2.6 million USD. There are some examples of serious cyber crime
fighting. A structure division of Europol. That entity should become the main
instrument of cyber crime fighting in the EU.
CONCLUSION:

Effectively fighting cybercrime in developing countries is a global, shared responsibility

for political, governmental and business leaders. Civil Society as well as NGOs. It
requires bold, pragmatic, multidimensional decisions and strategic innovative actions. It
is crucial to understand that it is not only the security and well being of developing
countries that is at stake. Cyber security is a global issue.

Political leaders in developing countries and world-wide must create thriving cyber
security ecosystems that will enable the efficient prevention and combating of cyber
crime. Secure, inclusive and accessible cyber space serves as a very important
ingredient for the achievement of the SDGs. Women into the fabric of developing
countries digital future. Cyber Security must be seen as a precondition of economic
success as well.

Developing countries will continue their digital journey and they will rightly do so
according to their own designs and trajectories. Yet, building cyber security will be a co-
ordinate effort and partnerships will be necessary. Therefore, it is the Global North’s
responsibility to support developing countries in their efforts. All development assistance
programmes that include digital aspects need to have firmly embedded cyber security
elements. Moreover, projects directly targeted at cyber security must be reinforced. To
significantly help to overcome skill shortages in developing countries. These could
include cyber security training, educational programmes, best practice transfer,
technological aid and other initiatives. Those in the Global North should not
underestimate the importance of such projects the security of the developing world is a
pre-requisite for the security of the developed world.

The days when security was solely a responsibility of the public sector are long gone.
Today, multi stakeholder efforts are indispensable and private companies, especially ICT
vendors, have an essential role to play. As they provide the backbone infrastructure,
products and services. The strength of cyber security foundations increasingly depends
on them. Their engagement and ‘secure-by-design’ approach is central to the challenge
of enhancing cyber security in the contemporary world.

Abraham Lincoln once said “you cannot escape the responsibility of tomorrow by evading
it today”. Humankind reaps enormous dividends from digital development and the
potential for future benefits is limitless. But to make it last, pragmatic cyber security
responsibility must be taken today.
REFERENCES:

1. https://www.infosecawareness.in/cyber-laws-of-india#:~:text=Cyber
%20crimes%20can%20involve%20criminal,the%20Information
%20Technology%20Act%2C%202000.
2. http://www.helplinelaw.com/employment-criminal-and-
labour/CCII/cyber-crimes-in-india-what-is-types-web-hijacking-cyber-
stalking.html
3. https://www.lexology.com/library/detail.aspx?g=4cd0bdb1-da7d-4a04-
bd9c-30881dd3eadf
4. https://shodhganga.inflibnet.ac.in/bitstream/10603/203654/8/08_cha
pter%203.pdf
5. https://indiaforensic.com/compcrime.htm
6. https://www.insightssuccess.in/cyber-law-beyond-international-case-
studies-perspective/
7. https://www.emerald.com/insight/content/doi/10.1108/JMLC-02-
2019-0019/full/html?skipTracking=true