MODULE 1

Introduction to Cybercrime
1. Introduction
• Everyone is aware of the phenomenal growth of the Internet.
• Given the unrestricted number of free websites, the Internet has undeniably opened a
new way of exploitation known as cybercrime.
• These activities involve the use of computers, the Internet, cyberspace.and the
worldwide web (WWW).
1.1 Cyberspace
• It is the place where users mentally travel through matrices of data.
• Conceptually, “cyberspace” is the “nebulous place” where humans interact over
computer networks.
• The term “cyberspace” is now used to describe the internet and other computer
networks.
• In terms of computer science, “cyberspace” is a worldwide network of computer
networks that uses the Transmission Control Protocol/Internet Protocol(TCP/IP) for
communication to facilitate transmission and exchange of data.
1.2 Cybersquatting
• “Squatting” is the act of occupying an abandoned/unoccupied space/building that the
squatter does not own, rent or otherwise have permission to use.
• Cybersquatting is the act of registering a popular internet address, usually a company
name, with the intent of selling it to its rightful owner.
• In India, “cybersquatting” is considered to be an “Intellectual Property Right” (IPR)
evil.
1.3 Cyberpunk
• The words “cyber” and “punk” emphasize the two basic aspects of cyberpunk:
“technology” and “individualism”.
• The idea behind calling it “cyberpunk” was to invent a new term that will express the
juxtaposition of punk attitudes and high technology.
1.4 Cyberwarfare
• Cyberwarfare means information warriors unleashing vicious attacks against an
unsuspecting opponent’s computer networks, wreaking havoc and paralyzing nations.
1.5 Cyberterrorism
• Cyberterrorism is the premeditated. politically motivated attack against information,
computer systems, computer programs and data which result in violence against
noncombatant targets by sub national groups or clandestine agents.
2. Cybercrime: Definition and Origins of the Word
• Initially, the computer crime can be defined as “ a crime conducted in which a
computer is directly and significantly instrumental”. This definition is not universally
accepted.
• It initiates further discussion to narrow the scope of the definition for “cybercrime”.
• For example, the following alternative definitions of computer crime are:
➢ Any illegal act where a special knowledge of computer technology is essential for its
perpetration, investigation or prosecution.
➢ Any traditional crime that has acquired a new dimension or order of magnitude
through the aid of a computer, and abuses that have come into being because of
computers.
➢ Any financial dishonesty that takes place in a computer environment.
➢ Any threats to the computer itself, such as theft of hardware or software, sabotage and
demands for ransom.
• So, the definition is “cybercrime (computer crime) is any illegal behavior, directed
by means of electronic operations, that targets the security of computer systemsand
the data processed by them.
• Computer-related crime, Computer crime, Internet crime, E-crime, High-tech crime,
etc. are the other synonymous terms.
• Cybercrime specifically can be defined in a number of ways:
➢ A crime committed using a computer and the Internet to steal a person’s identity
(identity theft) or sell contraband or stalk victims or disrupt operations with
malevolent programs.
➢ Crimes completed either on or with a computer.
➢ Any illegal activity done through the Internet or on the computer.
➢ All criminal activities done using the medium of computers, the Internet, cyberspace
and the WWW.
• Cybercrime is any criminal activity which uses network access to commit a criminal
act.
• Opportunities for the exploitation due to weaknesses in information security are
multiplying because of the exponential growth of Internet connection.
• Cybercrime may be internal or external in which internal cybercrime is easier to
perpetrate.
• “Cybercrime” refers to the act of performing a criminal act using cyberspace as the
communications vehicle.
• There are two types of attacks related to cybercrime:
➢ Techno-crime
A premeditated act against a system or systems, with the intent to copy, steal, prevent
access, corrupt or otherwise deface or damage parts of or the complete computer
system. The 24 x 7 connection to the Internet makes this type of cybercrime a real
possibility to engineer from anywhere in the world.
➢ Techno-vandalism
These acts of “brainless” defacement of websites and/or other activities, such as
copying files and publicizing their contents publicly, are usually opportunistic in
 nature. Tight internal security, allied to strong technical safeguards, should prevent the
vast majority of such incidents.
• Cyberterrorism is defined as “any person, group or organization who, with terrorist
intent, utilizes accesses or aids in accessing a computer or computer network or
electronic system or electronic device by any available means, and thereby knowingly
engages in or attempts to engage in a terrorist act commits the offence of
cyberterrorism.”
• Cybercrime has grown in number as the use of computer has become central to
commerce, entertainment and government, especially through the Internet.
• The term “cyber” has some interesting synonyms: fake, replicated, pretend, imitation,
virtual, computer-generated.
• Cyber means combining forms relating to Information Technology, the Internet and
Virtual Reality.
• People are curious to know how cybercrimes are planned and how they actually take
place.
• Worldwide, including India, cyberterrorists usually use computer as a tool, target or
both for their unlawful act to gain information which can result in heavy loss/damage
to the owner of that intangible sensitive information.
• Internet is one of the means by which the offenders can gain priced sensitive
information of companies, firms, individuals, banks and can lead to intellectual
property (IP) crimes, selling illegal articles, pornography/child pornography, etc.
• This is done using methods such as Phishing, Spoofing, Pharming, Internet Phishing,
wire transfer, etc. and use it to their own advantage without the consent of the
individual.
• “Phishing” refers to an attack using mail programs to deceive or coax Internet users
into disclosing confidential information that can be then exploited for illegal purposes.

3. Cybercrime and Information Security

• Lack of information security gives rise to cybercrimes.
• From an Indian perspective, the new version of the Act (referred to as ITA 2008)
provides a new focus on “Information Security in India”.
• “Cybersecurity” means protecting information, equipment, devices, computer,
computer resource, communication device and information stored therein from
unauthorized access, use, disclosure, disruption, modification or destruction.
• The term incorporates both the physical security of devices as well as the information
stored therein. It covers protection from unauthorized access, use, disclosure,
disruption, modification and destruction.
• Cybercrimes occupy an important space in information security domain because of
their impact.
• For anyone trying to compile data on business impact of cybercrime, there are number
of challenges.
• One of them comes from the fact that organizations do not explicitly incorporate the
cost of the vast majority of computer security incidents into their accounting as
opposed to accounting for the “shrinkage” of goods from retail stores.
• The other challenge comes from the difficulty in attaching a quantifiable monetary
value to the corporate data and yet corporate data get stolen/lost.
• Typical network misuses are for Internet radio/streaming audio, streaming video, file
sharing, instant messaging and online gaming such as online poker, online casinos,
online betting, etc. Online gambling is illegal in some countries, for example, in India.

4. Who are Cybercriminals?

• Cybercrime involves such activities as child pornography, credit card fraud,
cyberstalking, defaming another online, gaining unauthorized access to computer
systems, ignoring copyright, software licensing and trademark protection, overriding
encryption to make illegal copies, software piracy and stealing another’s identity
(known as identity theft) to perform criminal acts.
• Cybercriminals are those who conduct such acts.
• They can be categorized into three groups that reflect their motivation:
(i) Type I: Cybercriminals – hungry for recognition
➢ Hobby hackers
➢ IT professionals (social engineering is one of the biggest threat)
➢ Politically motivated hackers
➢ Terrorist organizations
(ii) Type II: Cybercriminals – not interested in recognition
➢ Psychological perverts
➢ Financially motivated hackers (corporate espionage)
➢ State-sponsored hacking (national espionage, sabotage)
➢ Organized criminals
(iii) Type III: Cybercriminals – the insiders
➢ Disgruntled or former employees seeking revenge
➢ Competing companies using employees to gain economic advantage through damage
and/or theft
• Thus, the typical “motives” behind cybercrime seem to be greed, desire to gain power
and/or publicity, desire for revenge, a sense of adventure, looking for thrill to access
forbidden information, destructive mindset and desire to sell network security
services.
• Cybercafes are known to play role in committing cybercrimes.
The Botnet Menace
• The term “Botnet” is used to refer to a group of compromised computers(zombie
computers, that is, personal computers secretly under the control of hackers) running
malwares under a common command and control infrastructure.
• Figure shows how a “zombie” works.
 How a zombie works
• A Botnet maker can control the group remotely for illegal purposes, the most common
being denial-of-service attack (DoS attack), Adware, Spyware, E-Mail Spam, Click
Fraud, theft of application serial numbers, login IDs and financial information such as
credit card numbers, etc.
• An attacker usually gains control by infecting the computers with a virus or other
Malicious Code.
• The computer may continue to operate normally without the owner’s knowledge that
his computer has been compromised.
• The problem of Botnet is global in nature and India is also facing the same. India has
an average of 374 new Bot attacks per day and had more than 38000 distinct Bot-
infected computers in the first half of the year 2009.
• Small and medium businesses in the country are at greater risk, as they are highly
vulnerable to Bots, Phishing, Spam and Malicious Code attacks.

5. Classifications of Cybercrimes
• Crime is defined as “an act or the commission of an act that is forbidden, or the
omission of a duty that is commanded by a public law and that makes the offender
liable to punishment by that law.”
• Cybercrimes are classified as follows:
(i) Cybercrime against individual
➢ Electronic mail (E-Mail) Spoofing and other online frauds
➢ Phishing, Spear Phishing and its various other forms such as Vishing and Smishing
➢ Spamming
 ➢ Cyberdefamation
➢ Cyberstalking and harassment
➢ Computer sabotage
➢ Pornographic offenses
➢ Password sniffing: This also belongs to the category of cybercrimes against
organization because the use of password could be by an individual for his/her
personal work or the work he/she is doing using a computer that belongs to an
organization.
(ii) Cybercrime against property
➢ Credit card frauds
➢ Intellectual property (IP) crimes: Basically, IP crimes include software piracy,
copyright infringement, trademarks violations, theft of computer source code, etc.
➢ Internet time theft
(iii) Cybercrime against organization
➢ Unauthorized accessing of computer: Hacking is one method of doing this and
hacking is a punishable offense
➢ Password sniffing
➢ Denial-of-service attacks
➢ Virus attack/dissemination of viruses
➢ E-Mail bombing/mail bombs
➢ Salami attack/Salami technique
➢ Logic bomb
➢ Trojan Horse
➢ Data diddling
➢ Crimes emanating from Usenet newsgroup
➢ Industrial spying/industrial espionage
➢ Computer network intrusions
➢ Software piracy
(iv) Cybercrime against Society
➢ Forgery
➢ Cyberterrorism
➢ Web jacking
(v) Crimes emanating from Usenet newsgroup
➢ By its very nature, Usenet groups may carry very offensive, harmful, inaccurate or
otherwise inappropriate material, or in some cases, postings that have been mislabeled
or are deceptive in another way.
➢ Therefore, it is expected that we will use caution and common sense and exercise
proper judgement when using Usenet, as well as use the service at our own risk.
5.1 E-Mail Spoofing
• A spoofed E-Mail is one that appears to originate from one source but actually has
been sent from another source.
• For example, let us say, Roopa has an E-Mail address [email protected]. Let us
say her boyfriend Suresh and she happen to have a show down. Then Suresh, having
become her enemy, spoofs her E-Mail and sends obscene/vulgar messages to all her
 acquaintances. Since the E-Mails appear to have originated from Roopa, her friends
could take offense and relationships could be spoiled for life.
5.2 Spamming
• People who create electronic Spam are called spammers.
• Spam is the abuse of electronic messaging systems (including most broadcast media,
digital delivery systems) to send unsolicited bulk messages indiscriminately.
• The most widely recognized form of Spam is E-Mail Spam, the term is applied to
similar abuses in other media: instant messaging Spam, Usenet newsgroup Spam, web
search engine Spam, Spam in blogs, wiki Spams, online classified ads Spam, mobile
phone messaging Spam, Internet forum Spam, junk fax transmissions, social
networking Spam, file sharing network Spam, video sharing sites, etc.
• Spamming is difficult to control because it has economic viability – advertisers have
no operating costs beyond the management of their mailing lists, and it is difficult to
hold senders accountable for their mass mailings.
• Spammers are numerous, the volume of unsolicited mail has become very high
because the barrier to entry is low.
• Spamming is widely detested, and has been the subject of legislation in many
jurisdictions – for example, the CAN-SPAM Act of 2003.
• Another definition of spamming is in the context of “search engine spamming”. In
this context, spamming is alteration or creation of a document with the intent to
deceive an electronic catalog or a filing system.
• Those who continually attempt to subvert or Spam the search engines may be
permanently excluded from the search index.
• Therefore, the following web publishing techniques should be avoided:
(i) Repeating keywords
(ii) Use of keywords that do not relate to the content on the site
(iii) Use of fast meta refresh
(iv) Redirection
(v) IP Cloaking
(vi) Use of colored text on the same color background
(vii) Tiny text usage
(viii) Duplication of pages with different URLs
(ix) Hidden links
(x) Use of different pages that bridge to the same URL (gateway pages)
5.3 Cyberdefamation
• Cyberdefamation is a cognizable offense.
• “Cyberdefamation” occurs when defamation takes place with the help of computers
and/or the Internet.
• For example, someone publishes defamatory matter about someone on a website or
sends an E-Mail containing defamatory information to all friends of that person.
5.4 Internet Time Theft
• Such a theft occurs when an unauthorized person uses the Internet hours paid for by
another person.
• Basically, Internet time theft comes under hacking because the person who gets access
to someone else’s ISP user ID and password, either by hacking or by gaining access to
it by illegal means, uses it to access the Internet without the other person’s knowledge.
• The issue of Internet time theft is related to the crimes conducted through “identity
theft”.
5.5 Salami Attack/Salami Technique
• These attacks are used for committing financial crimes.
• The idea here is to make the alteration so insignificant that in a single case it would go
completely unnoticed, for example a bank employee inserts a program, into the bank’s
servers, that deducts a small amount of money from the account of every customer.
• No account holder will probably notice this unauthorized debit, but the bank
employee will make a sizable amount every month.
5.6 Data Diddling
• A data diddling attack involves altering raw data just before it is processed by a
computer and then changing it back after the processing is completed.
• Electricity Boards in India have been victims to data diddling programs inserted when
private parties computerize their systems.
5.7 Forgery
• Counterfeit currency notes, postage and revenue stamps, marksheets, etc. can be
forged using sophisticated computers, printers and scanners.
• Outside many colleges there are miscreants soliciting the sale of fake marksheets or
even degree certificates.
• These are made using computers and high quality scanners and printers.
• This is becoming business involving large monetary amount given to student gangs in
exchange for these bogus but authentic looking certificates.
5.8 Web Jacking
• Web jacking occurs when someone forcefully takes control of a website (by cracking
the password and later changing it).
• Thus, the first stage of this crime involves “password sniffing”.
• The actual owner of the website does not have any more control over what appears on
that website.
5.9 Newsgroup Spam/Crimes Emanating from Usenet Newsgroup
• This is one form of spamming.
• The advent of Google Groups, and its large Usenet archive, has made Usenet more
attractive to spammers than ever.
• Spamming of Usenet newsgroups actually predates E-Mail Spam.
 • The first widely recognized Usenet Spam titled “Global Alert for All: Jesus is Coming
Soon” was posted on 18 January 1994 by Clarence L. Thomas IV, a sysadmin at
Andrews University.
5.10 Industrial Spying/Industrial Espionage
• Corporations spy on the enemy.
• The Internet and privately networked systems provide new and better opportunities
for espionage.
• “Spies” can get information about product finances, research and development and
marketing strategies, an activity known as “industrial spying”.
• With the growing public availability of Trojans and Spyware material, even low-
skilled individuals are now inclined to generate high volume profit out of industrial
spying. This is referred to as “Targeted Attacks”.
• Organizations subject to online extortion tend to keep quiet about it to avoid negative
publicity about them. This also applies to organizations that are victim of focused
attacks aiming at stealing corporate data.
• One interesting case is the famous Israeli Trojan story, where a software engineer in
London created a Trojan Horse program specifically designed to extract critical data
gathered from machines infected by his program.
5.11 Hacking
• The main purposes of hacking are as follows:
(i) Greed
(ii) Power
(iii) Publicity
(iv) Revenge
(v) Adventure
(vi) Desire to access forbidden information
(vii) Destructive mindset
• Every act committed toward breaking into a computer and/or network is hacking and
it is an offense.
• Hackers write or use ready-made computer programs to attack the target computer.
They possess the desire to destruct and they get enjoyment out of such destruction.
• Some hackers hack for personal monetary gains, such as stealing credit card
information, transferring money from various bank accounts to their own account
followed by withdrawal of money. They extort money from some corporate giant
threatening him to publish the stolen information that is critical nature.
• Government websites are target for hackers and attacks on Government websites
receive wide press coverage.
• For example, according to the story posted on December 2009, the NASA site was
hacked via SQL Injection.
5.12 Online Frauds
• There are a few major types of crimes under the category of hacking: Spoofing
website and E-Mail security alerts, hoax mails about virus threats, lottery frauds and
Spoofing.
• In Spoofing websites and E-Mail security threats, fraudsters create authentic looking
websites that are actually a spoof.
• The purpose of these websites is to make the user enter personal information which is
then used to access business and bank accounts.
• Fraudsters are increasingly turning to E-Mail to generate traffic to these websites.
This kind of online fraud is common in banking and financial sector.
• There is a rise in the number of financial institutions’ customers who receive such E-
Mails which usually contain a link to a spoof website and mislead users to enter user
ids and passwords on the pretence that security details can be updated or passwords
changed.
• It is wise to be alert and careful about E-Mails containing an embedded link, with a
request for us to enter secret details. It is strongly recommended not to input any
sensitive information that might help criminals to gain access to sensitive information,
such as bank account details, even if the page appears legitimate.
• In virus hoax E-Mails, the warnings may be genuine, so there is always a dilemma
whether to take them lightly or seriously. A wise action is to first confirm by visiting
an antivirus site such as McAfee, Sophos or Symantec before taking any action, such
as forwarding them to friends and colleagues.
• Lottery frauds are typically letters or E-Mails that inform the recipient that he/she has
won a prize in a lottery. To get the money, the recipient has to reply, after which
another mail is received asking for bank details so that the money can be directly
transferred.
• The E-Mail also asks for a processing fee/handling fee. Of course, the money is never
transferred in this case, the processing fee is swindled and the banking details are used
for other frauds and scams.
• “Spoofing” means illegal intrusion, posing as a genuine user. A hacker logs-in to a
computer illegally, using a different identity than his own.
• He is able to do this by having previously obtained the actual password. He creates a
new identity by fooling the computer into thinking that the hacker is the genuine
system operator and then hacker then takes control of the system. He can commit
innumerable number of frauds using this false identity.
5.13 Pornographic Offenses
• “Child pornography” means any visual deception, including
(i) Any pornographic that can be considered obscene and/or unsuitable for the age of
child viewer
(ii) Film,video,picture
(iii) Computer-generated image or picture of sexually explicit conduct where the
production of such visual depiction involves the use of a minor engaging in
sexually explicit conduct
 • Child pornography is considered an offense. The Internet is being highly used by its
abusers to reach and abuse children sexually, worldwide.
• In India too, the Internet has become a household commodity in the urban areas of the
nation. Its explosion has made the children a viable victim to the cybercrime.
• As the broad-band connections get into the reach of more and more homes, larger
child population will be using the Internet and therefore greater would be the chances
of falling victim to the aggression of pedophiles.
• “Pedophiles” are people who physically or psychologically coerce minors to engage
in sexual activities.
• Pedophiles operate in the following steps:
(i) Pedophiles use a false identity to trap the children/teenagers (using “false identity”
which in itself is another crime called “identity theft”).
(ii) They seek children/teens in the kids/areas on the services, such as the Teens BB,
Games BB or chat areas where the children gather.
(iii) They befriend children/teens.
(iv) They extract personal information from the child/teen by winning his/her
confidence.
(v) Pedophiles get E-Mail address of the child/teen and start making contacts on the
victim’s E-Mail address as well. Sometimes, these E-Mails contain sexually
explicit language.
(vi) They start sending pornographic images/text to the victim including child
pornographic images in order to help child/teen shed his/her inhibitions so that a
feeling is created in the mind of the victim that what is being fed to him is normal
and that everybody does it.
(vii) At the end of it, the pedophiles set up a meeting with the child/teen out of the
house and then drag him/her into the net to further sexually assault him/her or to
use him/her as a sex object.
• Legal remedies exist only to some extent. For example, Children’s Online Privacy
Protection Act or COPPA is a way of preventing online pornography.
5.14 Software Piracy
• “Software Piracy” is defined as “theft of software through the illegal copying of
genuine programs or the counterfeiting and distribution of products intended to pass
for the original.”
• There are many examples of software piracy:
➢ End-user copying - friends loaning disks to each other, or organizations under-
reporting the number of software installations they have made, or organizations not
tracking their software licenses.
➢ Hard disk loading with illicit means – hard disk vendors load pirated software
➢ Counterfeiting – large-scale duplication and distribution of illegally copied software
➢ Illegal downloads from the Internet – by intrusion, by cracking serial numbers, etc.
• Those who buy pirated software have to suffer the following:
(a) Getting untested software that may have been copied thousands of times over
(b) The software, if pirated, may potentially contain hard-drive-infecting viruses
(c) There is no technical support in the case of software failure, that is, lack of technical
product support available to properly licensed users
 (d) There is no warranty protection
(e) There is no legal right to use the product
• The Global Software Piracy Study mentioned covers all packaged software that runs
on personal computers, including desktops, laptops and ultraportables. The study
includes operating systems, systems software such as databases and security
packages, business applications and consumer applications such as PC games,
personal finance and reference software.
5.15 Computer Sabotage
• The use of the Internet to hinder the normal functioning of a computer system through
the introduction of worms, viruses or logic bombs, is referred to as computer
sabotage.
• It can be used to gain economic advantage over a competitor, to promote the illegal
activities of terrorists or to steal data or programs for extortion purposes.
• Logic bombs are event-dependent programs created to do something only when a
certain event (known as a trigger event) occurs.
• Some viruses may be termed as logic bombs because they lie dormant all through the
year and become active only on a particular date (e.g., the Chernobyl virus and Y2K
viruses).
5.16 E-Mail Bombing/Mail Bombs
• E-Mail bombing refers to sending a large number of E-Mails to the victim to crash
victim’s E-Mail account (in the case of an individual) or to make victim’s mail servers
crash (in the case of a company or an E-Mail service provider).
• Computer program can be written to instruct a computer to do such tasks on a
repeated basis. In recent times, terrorism has hit the Internet in the form of mail
bombings.
• By instructing a computer to repeatedly send E-Mail to a specified person’s E-Mail
address, the cybercriminal can overwhelm the recipient’s personal account and
potentially shut down entire systems. This may or may not be illegal, but it is
certainly disruptive.
5.17 Usenet Newsgroup as the Source of Cybercrimes
• Usenet is a popular means of sharing and distributing information on the Web with
respect to specific topic or subjects. Usenet is a mechanism that allows sharing
information in a many-to-many manner.
• The newsgroups are spread across 30000 different topics. In principle, it is possible to
prevent the distribution of specific newsgroup. In reality, there is no technical method
available for controlling the contents of any newsgroup.
• It is feasible to block specific newsgroups but this cannot be considered as a definitive
solution to illegal or harmful content.
• It is possible to put Usenet to following criminal use:
(i) Distribution/sale of pornographic material
(ii) Distribution/sale of pirated software packages
(iii) Distribution of hacking software
(iv) Sale of stolen credit card numbers
 (v) Sale of stolen data/stolen property
5.18 Computer Network Intrusions
• Computer Networks pose a problem by way of security threat because people can get
into them from anywhere.
• “Crackers”/“Hackers” can break into computer systems from anywhere in the world
and steal data, plant viruses, create backdoors, insert Trojan Horses or change user
names and passwords.
• Network intrusions are illegal, but detection and enforcement are difficult. Current
laws are limited and many intrusions go undetected.
• The cracker can bypass existing password protection by creating a program to capture
login IDs and passwords. So, it’s important to have the practice of “strong
passwords”.
5.19 Password Sniffing
• Password Sniffers are programs that monitor and record the name and password of
network users as they login, jeopardizing security at a site.
• Whoever installs the Sniffer can then impersonate an authorized user and login to
access restricted documents.
• Laws are not yet set up to adequately prosecute a person for impersonating another
person online.
• Laws designed to prevent unauthorized access to information may be effective in
apprehending crackers using Sniffer programs.
5.20 Credit Card Frauds
• Information security requirements for anyone handling credit cards have been
increased dramatically recently.
• Millions of dollars may be lost annually by consumers who have credit card and
calling card numbers stolen from online databases.
• Security measures are improving, and traditional methods of law enforcement seem
to be sufficient for prosecuting the thieves of such information.
• Bulletin boards and other online services are frequent targets for hackers who want to
access large databases of credit card information.
• Such attacks usually result in the implementation of stronger security systems.
5.21 Identity Theft
• Identity theft is a fraud involving another person’s identity for an illicit purpose.
• This occurs when a criminal uses someone else’s identity for his/her own illegal
purposes.
• Phishing and identity theft are related offenses.
• Examples include fraudulently obtaining credit, stealing money from the victim’s
bank accounts, using the victim’s credit card number, establishing accounts with
utility companies, renting an apartment or even filing bankruptcy using the victim’s
name.
• The cyberimpersonator can steal unlimited funds in the victim’s name without the
victim even knowing about it for months or years.
• In most cybercrime forms, computers and/or other digital devices end up getting used
as one or a combination of the following:
(i) As the tool for committing cybercrime
(ii) Crime involving attack against the computer
(iii) Use for storing information related to cybercrime/information useful for
committing cybercrime

6. Cybercrimes: An Indian Perspective

• India has the fourth highest number of Internet users in the world.
• According to the statistics, there are 45 million Internet users in India.
• 37% of all Internet accesses happen from cybercafes and 57% of Indian Internet users
are between 18 and 35 years. The population of educated youth is high in India.
• The majority of offenders are under 30 years. The maximum cybercrime cases is
about 46% which are related to incidents of cyberpornography followed by hacking.
• The Indian Government is doing its best to control cybercrimes.
• For examples, Delhi Police have now trained 100 of its officers in handling
cybercrime and placed them in its Economic Offences Wing. The officers are trained
for 6 weeks in computer hardware and software, computer networks comprising data
communication networks, network protocols, wireless networks and network security.

7. Cybercrime and the Indian ITA 2000

• In India, the ITA 2000 was enacted after the United Nation General Assembly
Resolution A/RES/51/162 in January 30,1997 by adopting the Model Law on
Electronic Commerce adopted by the United Nations Commission on International
Trade Law.
7.1 Hacking and the Indian Law(s)
• Cybercrimes are punishable under two categories: the ITA 2000 and the IPC.
• A total of 207 cases of cybercrime were registered under the IT Act. Under the IPC
too, 339 cases are recorded.

8. A Global Perspective on Cybercrimes

• In Australia, cybercrime has a narrow statutory meaning is used in the Cyber Crime
Act 2001, which details offenses against computer data and systems.
• In the Council of Europe’s (CoE’s) Cyber Crime Treaty, cybercrime is used as an
umbrella term to refer to an array of criminal activity including offenses against
computer data and systems, computer-related offenses, content offenses and copyright
offenses.
• About 30 countries have enacted some form of anti-Spam legislation. There are also
technical solutions by ISPs and end-users.
• The growing phenomenon is the use of Spam to support fraudulent and criminal
activities including attempts to capture financial information by masquerading
 messages as originating from trusted companies and as a vehicle to spread viruses and
worms.
• On mobile networks, sending of bulk unsolicited text messages aimed at generating
traffic to premium-rate numbers.
• As there are no national “boundaries” to such crimes under cybercrime realm, it
requires international cooperation between those who seek to enforce anti-Spam laws.
• Thus, there is a need to build confidence and security in the use of ICTs and moving
toward international cooperation agenda. There is a growing dependency on ICTs that
span the globe.
• The role of business/private sector is takes up measures to prevent cybercrime and
toward responsibilities and role related to the ownership of information and
communication infrastructures.
• Effective security requires an in-depth understanding of the various aspects of
information and communication networks.
• Therefore, private sector’s expertise should be increasingly involved in the
development and implementation of a country’s cybersecurity strategy.
8.1 Cybercrime and the Extended Enterprise
• “Extended Enterprise” represents the concept that a company is made up of its
employees, its board members and executives, its business partners, its suppliers and
its customers.
• The extended enterprise can only be successful if all of the component groups and
individuals have the information they need in order to do business effectively.
• An extended enterprise is a “loosely coupled, self-organizing network” of firms that
combine their economic output to provide “products and services” offerings to the
market.
• Firms in the extended enterprise may operate independently, for example, through
market mechanisms or cooperatively through agreements and contracts.
• Given the promises and challenges in the extended enterprise scenario, organizations
in the international community have a special role in sharing information on good
practices, and creating open and accessible enterprise information flow channels for
exchanging of ideas in a collaborative manner.
• International cooperation at the levels of government, industry, consumer, business
and technical groups to allow a global and coordinated approach to achieving global
cybersecurity is the key.
Extended enterprise