Description
covers what is cyber crime, who are cyber criminals, how can cyber crime be prevented, different types of email frauds and scams.
A REPORT ON CYBER FRAUD – EMAILS SUBMITTED TO
BY
1|Page
Contents
1. 2. 3. 4. 5. 6. 7. CYBER CRIME................................................................................................................................ 3 CYBER CRIMINALS ...................................................................................................................... 4 PREVENTION OF CYBER CRIME ............................................................................................... 5 E-MAIL RELATED CRIMES.......................................................................................................... 6 E-MAIL SCAMS ............................................................................................................................ 10 THE INFORMATION TECHNOLOGY ACT, 2000 ..................................................................... 11 CASE STUDIES ............................................................................................................................. 17 CASE 1: Email from Someone Stranded Abroad ................................................................................. 17 CASE 2: Job vacancies abroad ............................................................................................................. 20 CASE 3: Nigerian advance fee scheme ................................................................................................ 21 CASE 4: Obscenity in the form of Vulgar E-Mails, SMS’s Or MMS Clips ............................................. 24 CASE 5: LOVE BUG VIRUS .................................................................................................................... 26 CASE 6: The Melissa Supremacy ......................................................................................................... 28 8. LATEST DEVELOPMENTS ................................................................................................................. 30 CYBER CRIMES RATE 50 PERCENT JUMP IN INDIA .............................................................................. 30 PARLIAMENT APPROVES CYBER CRIME BILL ....................................................................................... 31 BLACKBERRY: GOVT TO SOON FIND A SOLUTION............................................................................... 32 GOVT MAY KEEP AN EYE ON EMAILS FROM ABROAD ........................................................................ 33 GOVT TO SNIFF YOUR EMAILS ............................................................................................................ 34 NEW COMPANY LAW TO POST EMAIL AS EVIDENCE .......................................................................... 35 9. CONCLUSION:.................................................................................................................................. 36
BIBLIOGRAPHY ........................................................................................................................................ 37
2|Page
INTRODUCTION
The term ?cyber crime‘ is a misnomer. This term has nowhere been defined in any statute /Act passed or enacted by the Indian Parliament. The concept of cyber crime is not radically different from the concept of conventional crime. Both include conduct whether act or omission, which cause breach of rules of law and counterbalanced by the sanction of the state. Before evaluating the concept of cyber crime it is obvious that the concept of conventional crime be discussed and the points of similarity and deviance between both these forms may be discussed.
1. CYBER CRIME
Cyber crime is the latest and perhaps the most complicated problem in the cyber world. ?Cyber crime may be said to be those species, of which, genus is the conventional crime, and where either the computer is an object or subject of the conduct constituting crime?. ?Any criminal activity that uses a computer either as an instrumentality, target or a means for perpetuating further crimes comes within the ambit of cyber crime”. A generalized definition of cyber crime may be ?unlawful acts wherein the computer is either a tool or target or both”. The computer may be used as a tool in the following kinds of activityfinancial crimes, sale of illegal articles, pornography, online gambling, intellectual property crime, e-mail spoofing, forgery, cyber defamation, cyber stalking. The computer may however be target for unlawful acts in the following cases- unauthorized access to computer/ computer system/ computer networks, theft of information contained in the electronic form, e-mail bombing, data didling, salami attacks, logic bombs, Trojan attacks, internet time thefts, web jacking, theft of computer system, physically damaging the computer system.
3|Page
2. CYBER CRIMINALS
The cyber criminals constitute of various groups / categories. This division may be justified on the basis of the object that they have in their mind. The following are the category of cyber criminals?
Children and adolescents between the age group of 6 – 18 years
The simple reason for this type of delinquent behaviour pattern in children is seen mostly due to the inquisitiveness to know and explore the things. Other cognate reason may be to prove that they are outstanding amongst other children in their group. Further the reasons may be psychological even. E.g. the Bal Bharati (Delhi) case was the outcome of harassment of the delinquent by his friends.
?
Organised hackers
These kinds of hackers are mostly organised together to fulfil certain objective. The reason may be to fulfil their political bias, fundamentalism, etc. The Pakistanis are said to be one of the best quality hackers in the world. They mainly target the Indian government sites with the purpose to fulfil their political objectives. Further the NASA as well as the Microsoft sites is always under attack by the hackers.
?
Professional hackers / crackers
Their work is motivated by the color of money. These kinds of hackers are mostly employed to hack the site of the rivals and get credible, reliable and valuable information. Further they are even employed to crack the system of the employer basically as a measure to make it safer by detecting the loopholes.
?
Discontented employees
This group include those people who have been either sacked by their employer or are dissatisfied with their employer. To avenge they normally hack the system of their employee.
4|Page
3. PREVENTION OF CYBER CRIME
Prevention is always better than cure. It is always better to take certain precaution while operating the net. As someone preaches the 3 words against cyber crime - Precaution, Prevention, Protection, Preservation and Perseverance. A netizen should keep in mind the following things: ? ? ? ? ? ? ? ? ? ? prevent cyber stalking avoid disclosing any information pertaining to oneself. This is as good as disclosing your identity to strangers in public place always avoid sending any photograph online particularly to strangers and chat friends as there have been incidents of misuse of the photographs always use latest and up date anti virus software to guard against virus attacks always keep back up volumes so that one may not suffer data loss in case of virus contamination never send your credit card number to any site that is not secured, to guard against frauds always keep a watch on the sites that your children are accessing to prevent any kind of harassment or depravation in children it is better to use a security programme that gives control over the cookies and send information back to the site as leaving the cookies unguarded might prove fatal website owners should watch traffic and check any irregularity on the site. Putting hostbased intrusion detection devices on servers may do this use of firewalls may be beneficial web servers running public sites must be physically separate protected from internal corporate network Adjudication of a Cyber Crime - On the directions of the Bombay High Court the Central Government has by a notification dated 25.03.03 has decided that the Secretary to the Information Technology Department in each state by designation would be appointed as the AO for each state.
5|Page
4. E-MAIL RELATED CRIMES
Email has fast emerged as the world's most preferred form of communication. Billions of email messages traverse the globe daily. Like any other form of communication, email is also misused by criminal elements. The ease, speed and relative anonymity of email has made it a powerful tool for criminals. Some of the major email related crimes are: ? ? ? ? ? ? Email spoofing Sending malicious codes through email Email bombing Sending threatening emails Defamatory emails Email frauds
Email spoofing
A spoofed email is one that appears to originate from one source but has actually emerged from another source. Falsifying the name and / or email address of the originator of the email usually does email spoofing to send an email the sender has to enter the following information:
? ?
email address of the receiver of the email email address(es) of the person(s) who will receive a copy of the email (referred to as CC for carbon copy)
?
email address(es) of the person(s) who will receive a copy of the email (referred to as CC for carbon copy, but whose identities will not be known to the other recipients of the email (known as BCC for blind carbon copy)
?
subject of the message (a short title / description of the message)
6|Page
Message
Certain web-based email services like www.SendFakeMail.com, offer a facility wherein in addition to the above, a sender can also enter the email address of the purported sender of the email. Consider Mr. Siddharth whose email address is [email protected]. His friend Golu's email address is [email protected]. Using SendFakeMail, Siddharth can send emails purporting to be sent from Golu's email account. All he has to do is enter [email protected] in the space provided for sender's email address. Golu's friends would trust such emails, as they would presume that they have come from Golu (whom they trust). Siddharth can use this misplaced trust to send viruses, Trojans, worms etc. to Golu's friends, who would unwittingly download them.
Spreading Trojans, viruses and worms
Emails are often the fastest and easiest ways to propagate malicious code over the Internet. The Love Bug virus, for instance, reached millions of computers within 36 hours of its release from the Philippines thanks to email. Hackers often bind Trojans, viruses, worms and other computer contaminants with e-greeting cards and then email them to unsuspecting persons. Such contaminants can also be bound with software that appears to be an anti-virus patch. E.g. a person receives an email from Compose From To CC BCC Subject
Message
[email protected] (this is a spoofed email but the victim does not know this). The email informs him that the attachment contained with the email is a security patch that must be downloaded to detect a certain new virus. Most unsuspecting users would succumb to such an email (if they are using a registered copy of the McAffee anti-virus software) and would download the attachment, which actually could be a Trojan or a virus itself!
Email bombing
Email bombing refers to sending a large amount of emails to the victim resulting in the victim's email account (in case of an individual) or servers (in case of a company or an email service provider) crashing. A simple way of achieving this would be to subscribe the victim's email
7|Page
address to a large number of mailing lists. Mailing lists are special interest groups that share and exchange information on a common topic of interest with one another via email. Mailing lists are very popular and can generate a lot of daily email traffic - depending upon the mailing list. Some generate only a few messages per day others generate hundreds. If a person has been unknowingly subscribed to hundreds of mailing lists, his incoming email traffic will be too large and his service provider will probably delete his account. The simplest email bomb is an ordinary email account. All that one has to do is compose a message, enter the email address of the victim multiple times in the "To" field, and press the "Send" button many times. Writing the email address 25 times and pressing the "Send" button just 50 times (it will take less than a minute) will send 1250 email messages to the victim! If a group of 10 people do this for an hour, the result would be 750,000 emails! There are several hacking tools available to automate the process of email bombing. These tools send multiple emails from many different email servers, which make it very difficult, for the victim to protect himself.
Threatening emails
Email is a useful tool for technology savvy criminals thanks to the relative anonymity offered by it. It becomes fairly easy for anyone with even a basic knowledge of computers to become a blackmailer by threatening someone via e-mail. In a recent case, Poorva received an e-mail message from someone who called him or herself 'your friend'. The attachment with the e-mail contained morphed pornographic photographs of Poorva. The mail message said that if Poorva were not to pay Rs. 10,000 at a specified place every month, the photographs would be uploaded to the Net and then a copy sent to her fiancé. Scared, Poorva at first complied with the wishes of the blackmailer and paid the first Rs. 10, 000. Next month, she knew she would have to approach her parents. Then, trusting the reasonableness of her fiancé she told him the truth. Together they approached the police. Investigation turned up the culprit - Poorva's supposed friend who wanted that Poorva and her fiancé should break up so that she would get her chance with him.
8|Page
Defamatory emails
As has been discussed earlier cyber-defamation or even cyber-slander as it is called can prove to be very harmful and even fatal to the people who have been made its victims.
Email Frauds
Email spoofing is very often used to commit financial crimes. It becomes a simple thing not just to assume someone else's identity but also to hide one's own. The person committing the crime understands that there is very little chance of his actually being identified. In a recently reported case, a Pune based businessman received an email from the Vice President of the Asia Development Bank (ADB) offering him a lucrative contract in return for Rs 10 lakh. The businessman verified the email address of the Vice President from the web site of the ADB and subsequently transferred the money to the bank account mentioned in the email. It later turned out that the email was a spoofed one and was actually sent by an Indian based in Nigeria. In another famous case, one Mr. Rao sent himself spoofed e-mails, which were supposedly from the Euro Lottery Company. These mails informed him that he had won the largest lottery. He also created a website in the name of the Euro Lottery Company, announced n it that he had won the Euro Lottery and uploaded it on to the Internet. He then approached the Income Tax authorities in India and procured a clearance certificate from them for receiving the lottery amount. In order to let people know about the lottery, he approached many newspapers and magazines. The media seeing this as a story that would interest a lot of readers hyped it up and played a vital role in spreading this misinformation. Mr. Rao then went to many banks and individuals and told them that having won such a large sum of money he was afraid for his safety. He also wanted to move into a better house. He wheedled money out of these institutions and people by telling them that since the lottery prize money would take some time to come to him, he would like to borrow money from them. He assured them that the loan amount would be returned as soon as the lottery money came into his possession. Lulled into believing him (all thanks to the Income Tax clearance) most of these people loaned large amounts of money to him. It was only when he did not pay back the loan amounts to the banks that they became suspicious. A countercheck by
9|Page
the authorities revealed the entire scheme. Mr. Rao was arrested. Later, it was found that some of the money had been donated for philanthropic causes and also to political parties!
5. E-MAIL SCAMS
?
Advance-fee fraud: Among the variations on this type of scam, are the Nigerian Letter also called the 419 frauds, Nigerian scam, Nigerian bank scam, or Nigerian money offer. The Nigerian Senate emblem is sometime used in this scam.
?
El Gordo de la Primitiva Lottery International Promotions Programmes: The intended victim is often told their name or email address was selected through a random computer ballot and sponsored by a marketing company. In order to claim their so-called winnings, the victim is asked to provide their bank account details and other personal information. The victim is asked to contact the claims agent or award department.
?
Word of Mouth: This e-mail spam state that an anonymous person posted a secret about the recipient and that he needs to pay a fee in order to see the message.
?
Investment Schemes: Emails touting investments that promise high rates of return with little or no risk. One version seeks investors to help form an offshore bank. The Fifth Third Bank brand, name, and logo have been frequently exploited in this scam. The computer security company McAfee reports that, at the beginning of September 2006, over 33% of phishing scam emails being reported to McAfee were using Fifth Third Bank's brand.
?
Debt Relief: The intended victim is often told to consolidate bills into one monthly payment without borrowing.
?
Phishing: Typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.
10 | P a g e
?
FBI e-mail: Claim to be an ?official order? from the FBI‘s Anti-Terrorist and Monetary Crimes Division, from an alleged FBI unit in Nigeria, confirm an inheritance, or contain a lottery notification, all informing recipients they have been named the beneficiary of millions of dollars.
?
Romance scam: Occurs when strangers pretend romantic intentions, gain the affection of victims, and then use that goodwill to gain access to their victims' money, bank accounts, credit cards, passports, and/or national identification numbers or by getting the victims to commit financial fraud on their behalf.
6. THE INFORMATION TECHNOLOGY ACT, 2000
In the last week of December, 2008, the Parliament of India has passed the amendments to the Information Technology Act 2000, which is popularly known as Indian cyber law. The IT Amendment Act 2008 brings about various sweeping changes in the existing Cyber law. While the lawmakers have to be complemented for their appreciable work removing various deficiencies in the Indian Cyber law and making it technologically neutral, yet it appears that there has been a major mismatch between the expectation of the nation and the resultant effect of the amended legislation. The most bizarre and startling aspect of the new amendments is that these amendments seek to make the Indian cyber law a cyber crime friendly legislation; -- a legislation that goes extremely soft on cyber criminals, with a soft heart; a legislation that chooses to encourage cyber criminals by lessening the quantum of punishment accorded to them under the existing law; a legislation that chooses to give far more freedom to cyber criminals than the existing legislation envisages; a legislation which actually paves the way for cyber criminals to wipe out the electronic trails and electronic evidence by granting them bail as a matter of right; a legislation which makes a
11 | P a g e
majority of cybercrimes stipulated under the IT Act as bailable offences; a legislation that is likely to pave way for India to become the potential cyber crime capital of the world. A perusal of the said legislation shows that there is hardly any logical or rational reason for adopting such an approach. Currently, the IT Act, 2000, has provided for punishment for various cyber offences ranging from three years to ten years. These are non-bailable offences where the accused is not entitled to bail as a matter of right. However what amazes the lay reader is that the amendments to the IT Act have gone ahead and reduced the quantum of punishment. Taking a classical case of the offence of online obscenity, Section 67 has reduced the quantum of punishment on first conviction for publishing, transmitting or causing to be published any information in the electronic form, which is lascivious, from the existing five years to three years. Similarly, the amount of punishment for the offence of failure to comply with the directions of the Controller of Certifying Authorities is reduced from three years to two years. Further it is shocking to find that the offences of hacking, as defined under Section 66 of the existing Information Technology Act, 2000, has been completely deleted from the law book. In fact, the existing language of the under Section 66 as now been substituted by new language. Deleting hacking as a specific defined offence does not appeal to any logic. The cutting of certain elements of the effects of hacking under the existing Section 66 and putting the same under Section 43 make no legal or pragmatic sense. This is all the more so as no person would normally diminish the value and utility of any information residing in a computer resource or affect the same injuriously by any means, with
12 | P a g e
the permission of the owner or any such person who is in charge of the computer, computer system or computer network. At that time when the entire world is going hammer and tongs against cyber crimes and cyber criminals, here comes a contrary trend from the Indian legislature. Cyber criminals of the world targeting India or operating in India need not despair. The legislation has now stipulated that Cyber crimes punishable with imprisonment of three years shall be bailable offences. Since the majority of cyber crime offences defined under the amended IT Act are punishable with three years, the net effect of all amendments is that a majority of these cybercrimes shall be bailable. In common language, this means that the moment a cybercriminal will be arrested by the police, barring a few offences, in almost all other cyber crimes, he shall be released on bail as a matter of right, by the police, there and then. Keeping in account human behavior and psychology, it will be but natural to expect that the concerned cyber criminal, once released on bail, will immediately go and evaporate, destroy or delete all electronic traces and trails of his having committed any cyber crime, thus making the job of law enforcement agencies to have cyber crime convictions, a near impossibility. The fertile liberal treatment meted out to cyber criminals, by the new IT Act amendments, facilitating the environment where they can tamper with, destroy and delete electronic evidence, is likely to make a mockery of the process of law and would put the law enforcement agencies under extreme pressure. In the 14-odd years since internet has been commercially introduced in our country, India has got only three cyber crime convictions. If these new amendments come into force, India is likely to see a drought of cyber crime convictions.
13 | P a g e
Another major change that the new amendments have done is that cyber crimes in India shall now be investigated not by a deputy superintendent of police, as under the existing law, but shall now be done by a low level police inspector. So, all of us need to remember that henceforth, your local police inspector is going to be your next point of contact, the moment you are a victim of any cyber crime. The efficacy of such an approach is hardly likely to withstand the test of time, given the current non-exposure and lack of training of Inspector level police officers to cyber crimes, their detection, investigation and prosecution. Given this new development, it is probable that the concept of e-hafta (or electronic hafta) is likely to be far more reinforced and developed as an institutional practice. This is so as the law has now produced more powers to the inspector than ever before, regarding cybercrimes. The expectations of the nation for effectively tackling cyber crime and stringently punishing cyber criminals have all been let down by the extremely liberal amendments, given their soft corner and indulgence for cyber criminals. All in all, given the glaring loopholes as detailed above, the new IT Act Amendments are likely to adversely impact corporate India and all users of computers, computer systems and computer networks, as also data and information in the electronic form. Some Noteworthy Provisions Under The Information Technology Act, 2000.
Sec.43 Sec.66 Sec.67 Damage to Computer system etc. Hacking (with intent or knowledge) Publication of obscene material in e-form Compensation for Rupees 1crore. Fine of 2 lakh rupees, and imprisonment for 3 years. Fine of 1 lakh rupees, and imprisonment of 5years, and double conviction on second offence Fine upto 2 lakh and imprisonment of 3 years. Imprisonment upto 10 years.
Sec.68 Sec.70
Not complying with directions of controller attempting or securing access to computer
14 | P a g e
Sec.72
For breaking confidentiality of the information of computer Publishing false digital signatures, false in certain particulars Publication of Digital Signatures for fraudulent purpose.
Fine upto 1 lakh and imprisonment upto 2 years
Sec.73
Fine of 1 lakh, or imprisonment of 2 years or both. Imprisonment for the term of 2 years and fine for 1 lakh rupees.
Sec.74
Investigations and Search Procedures Section 75 of Information Technology Act, 2000 takes care of jurisdictional aspect of cyber crimes, and one would be punished irrespective of his nationality and place of commission of offence. Power of investigation is been given to police officer not below the rank of Deputy Superintendent of police or any officer of the Central Government or a State Government authorized by Central Government. He may enter any public place, conduct a search and arrest without warrant person who is reasonably expected to have committed an offence or about to commit computer related crime. Accused has to be produced before magistrate within 24 hours of arrest. Provisions of Criminal Procedure Code, 1973 regulate the procedure of entry, search and arrest of the accused. Problems Underlying Tracking of Offence Most of the times the offenders commit crime and their identity is hard to be identified. Tracking cyber criminals requires a proper law enforcing agency through cyber border co-operation of governments, businesses and institutions of other countries. Most of the countries lack skilled law enforcement personnel to deal with computer and even broader Information technology related crimes. Usually law enforcement agencies also don‘t take crimes serious, they have no importance of enforcement of cyber crimes, and even if they undertake to investigate they are posed with limitation of extra-territorial nature of crimes. How Efficient Is Information Technology Act 2000? It can‘t be disputed that Information Technology Act, 2000 though provides certain kinds of protections but doesn‘t cover all the spheres of the I.T where the protection must be provided.
15 | P a g e
Copyright and trade mark violations do occur on the net but Copy Right Act 1976, or Trade Mark Act 1994 are silent on that which specifically deals with the issue. Therefore have no enforcement machinery to ensure the protection of domain names on net. Transmission of e-cash and transactions online are not given protection under Negotiable Instrument Act, 1881. Online privacy is not protected only Section 43 (penalty for damage to computer or computer system) and 72 (Breach of confidentiality or privacy) talks about it in some extent but doesn‘t hinder the violations caused in the cyberspace. Even the Internet Service Providers (ISP) who transmits some third party information without human intervention is not made liable under the Information Technology Act, 2000. One can easily take shelter under the exemption clause, if he proves that it was committed without his knowledge or he exercised due diligence to prevent the offence. It‘s hard to prove the commission of offence as the terms ?due diligence? and ?lack of knowledge? have not been defined anywhere in the Act. And unfortunately the Act doesn‘t mention how the extra territoriality would be enforced. This aspect is completely ignored by the Act, where it had come into existence to look into cyber crime which is on the face of it an international problem with no territorial boundaries. What beyond the IT Act ? Legal standardization of harmful conduct involving computer, Internet ? Standardization of procedural obligations ? Capacity building ? Partnership with other agencies ? Monitoring agency on similar lines as ICAO and ITU agencies in civil aviation and telecommunications sectors
16 | P a g e
7. CASE STUDIES CASE 1: Email from Someone Stranded Abroad
Relatives and friends living overseas are likely to be among the most vulnerable in the latest email fraud, where a person‘s account is illegally accessed and mails are sent out seeking monetary help. An email arrives, pretending to be from a webmail service provider Like Microsoft, saying that there are problems with your email account and your username, password and country/territory are required to set matters straight Thinking the mail genuine, you forward your details. Sometimes, the scamster can get these details by simply hacking into your computer and/or email accounts) Soon, your friends receive emails from ?you‘ through your account. They are told that you‘re stranded in some foreign country after having lost your wallet and documents and need money to return home If you reply to the email, you are likely to be given a postal address in some foreign country to where money can be wired. Sometimes the original mail already has this address Your friends and relatives living abroad are the prime targets of this scam, as money can‘t be wired from India to a postal address abroad, only to a bank account. Bandra-based businessman Al-Naseer Zakaria approached the Mumbai police‘s cyber crime cell after an email from his account asked acquaintances for a ?soft loan‘ of 1,800 pounds (Rs 1.27 lakh) because he was supposedly stranded abroad. The police are also studying the case in which adman-turned-civic activist Gerson D‘Cunha‘s email was similarly hacked into and an appeal for money made.
17 | P a g e
?A relative of mine replied to the email, in a bid to find out how the fraud would be completed. He received another mail, again from my account, where the address of a residential locality in London was provided. He was told to send a money transfer,‘‘ D‘Cunha told TOI. ?There‘s a possibility that the accused has rented a temporary accommodation in London. Once he got the money, he would move out,‘‘ a police officer said. ?To send money overseas from any location in India, one needs to provide a bank account number of the receiver and the exact purpose. But from one western nation to another, money can be sent to a postal address. So, there‘s a strong possibility of relatives living abroad or travelling overseas getting duped .‘‘ After Zakaria contacted the cyber crime cell, the police sent an application to Microsoft to get his hotmail account blocked to prevent further misuse. ?We have also sent a request for Zakaria‘s important documents to be retrieved,‘‘ an investigating officer said. ?We are now trying to trace the IP address of the computer used to illegally access Zakaria‘s account and send the emails to his contacts.‘‘ Zakaria, who has studied and lived in the US, told TOI that he had received a mail few months back, asking for his username, password and home country. ?The mail had Microsoft‘s logo and their corporate address at Washington. I know exactly where their office is and have been operating a hotmail account since 1996. There was just no reason for to believe that the mail was a fake,‘‘ he said. Zakaria‘s woes started after he replied to the mail with his vital account information. ?I believe the accused studied the mails in my inbox and the kind of people I have been interacting with before sending help-seeking mails.‘‘ A Microsoft spokesperson said the company never asks for passwords. Cyber expert Sanjay Pandey said that while earlier email fraud was a nuisance, now money is the motive. ?Now, there are mails circulated with pictures. If you click on the picture, a virus is installed on your computer, locking all your files automatically. To unlock the files, you are told to pay up. Several people in India fall for such fraud because awareness on internet security is very low,‘‘ he said. ?People can visit www.microsoft.com/protect to get security help,‘‘ the Microsoft spokesperson said.
18 | P a g e
Sample Emails:
Dear friend. Sorry I didn’t inform you about my traveling to UK for a program. I am currently stranded in London because I lost my wallet on my way to the hotel where my money and other valuable things were kept. I need you to help me. Please assist me with a soft loan urgently with the sum of 1,200 GB Pounds to sort out my hotel bills and get myself back home. I will appreciate whatever you can afford. I’ll pay you back as soon as I return. Please send the money to me through Western Union money transfer by the details below. Patrick Collingwood Address, 199 Marylebone High Street, London W1U 4RY After making the payment kindly get back to me with payment receipt details needed to collect the money here. Regards, Varun —Received by Mumbai post-graduate student Samiksha Sharma from the email account of her former colleague, Varun
I am sorry I didn’t inform you about my travelling to Malaysia for a program called ‘Empowering Youth to Fight Racism, HIV/AIDS, Poverty and Lack of Education.’ The present condition that I found myself (sic) is very hard for me to explain. I am really stranded in Malaysia because I forgot my little bag in the taxi where my money, passport, documents, cell phone... and other valuable things were kept.... I am now owing a hotel bill of $1,200.... I need you to help me with the hotel bill and I will also need $1,000 to feed and help myself back home. So please can you help me with a sum of $2,200 USD.... Please use the details of one of the hotel managers below to send the money to me through Western Union money transfer or money gram.... Natalie Dias 199 Marylebone High Street, London W1U 4RY
19 | P a g e
After making the payment kindly back to me with payment receipt details needed to collect the money here. Regards, Natalie Dias —Received by Mumbai PR executive Sylvester Fernandes from the email account of his sister’s friend, Natalie Dias
How are you doing? I am so sorry I didn’t inform you about my traveling to UK for a program. I am presently in London. I am stranded here because i (sic) misplaced my wallet on my way to the hotel where my money, and other valuable things were kept. I will like you to assist me with a soft loan urgently with the sum of 1,800 pounds to sort out my hotel bills and get myself back home. I will appreciate whatever you can afford, i’ll pay you back as soon as i return. Please reply. Thank you very much. Al-Naseer Zakaria. —Received by several people in the contacts list of Khar-based businessman Al-Naseer Zakaria
CASE 2: Job vacancies abroad
Juhu police arrested five Nigerian nationals for their alleged involvement in an inter-state job racket. The arrested have been identified as Vinset Mezek (26), Ogobol Tony (25), Kovhni Okosav (35), Charles Niogo (21) and Odirom Babatude (26). One person named Terri, who is a wanted in the case, is at large, say police. According to the police, the accused used to send mails to people about vacancies in hotels outside India. If anyone responded, they would ask him to deposit money in their bank accounts
20 | P a g e
in Mumbai. However, once they received the money, they would never contact the person. Although the accused have admitted to have duped only one person of Rs 1.2 lakh, the police say that they may have cheated many more in Mumbai and in other cities. The whole matter came to light after Prabhat Singh, a resident of Orrisa, lodged a complaint with the Juhu police. Singh had paid Rs 1.2 lakh to an unidentified person for a job in the UK. He was never contacted after that. ?During our course of investigation, we tracked the account numbers where the money was deposited. We also tracked down the e-mail ID and the mobile numbers from which the mails and messages were sent,? said PD Shinde, senior police inspector at Juhu police station.
CASE 3: Nigerian advance fee scheme
The Nigerian Advance Fee Scam has been around for quite awhile, but despite many warnings, continues to draw in many victims. In fact, the Police receive approximately 100 telephone calls from victims/ potential victims and 300-500 pieces of related correspondence per day about this scam! Indications are that the advance fee fraud grosses hundreds of millions of dollars annually and the losses are continuing to escalate. The Nigerian Advance Fee Scheme (also known internationally as "4-1-9" fraud after the section of the Nigerian penal code which addresses fraud schemes) is generally targeted at small and medium sized businesses, as well as charities. This global scam (recently seen in India, Russia, Southeast Asia, Australia, and New Zealand, as well as the US) involves the receipt of an unsolicited letter purporting to come from someone who claims to work for the Nigerian Central Bank or from the Nigerian government. (The Central Bank of Nigeria denies all connection to those who promote this scheme.) In the letter, a Nigerian claiming to be a senior civil servant will inform the recipient that he is seeking a reputable foreign company into whose account he can deposit funds ranging from $10$60 million which the Nigerian government overpaid on some procurement contract.
21 | P a g e
The goal of the scam artist is to delude the victim into thinking that he or she has been singled out to participate in a very lucrative—although questionable—arrangement. The intended victim is reassured of the authenticity of the arrangement by forged or false documents bearing apparently official Nigerian government letterhead, seals, as well as false letters of credit, payment schedules and bank drafts. The scam artist may even establish the credibility of his contacts, and thereby his influence, by arranging a meeting between the victim and "government officials" in real or fake government offices.
Once the victim becomes confident of the potential success of the deal, something goes wrong. The victim is then pressured or threatened to provide one or more large sums of money to save the venture. For example, an official will demand an up-front bribe or an unforeseen tax or fee to the Nigerian government will have to be paid before the money can be transferred. Each fee paid is described as the very last fee required. The scheme may be stretched out over many months. Sample Letter: Lagos, Nigeria. Attention: the President/CEO Dear Sir, Confidential business proposal Having consulted with my colleagues and based on the information gathered from the Nigerian chambers of commerce and industry, I have the privilege to request for your assistance to transfer the sum of $47,500,000.00 (forty seven million, five hundred thousand United States dollars) into your accounts. The above sum resulted from an over-invoiced contract, executed commissioned and paid for about five years (5) ago by a foreign contractor. This action was however intentional and since then the fund has been in a suspense account at the central bank of Nigeria apex bank.
22 | P a g e
We are now ready to transfer the fund overseas and that is where you come in. it is important to inform you that as civil servants, we are forbidden to operate a foreign account; that is why we require your assistance. the total sum will be shared as follows: 70% for us, 25% for you and 5% for local and international expenses incident to the transfer. The transfer is risk free on both sides. i am an accountant with the Nigerian national petroleum corporation (NNPC). If you find this proposal acceptable, we shall require the following documents:
(a) your banker’s name, telephone, account and fax numbers (b) your private telephone and fax numbers—for confidentiality and easy communication (c) your letter-headed paper stamped and signed Alternatively we will furnish you with the text of what to type into your letter-headed paper, along with a breakdown explaining, comprehensively what we require of you. The business will take us thirty (30) working days to accomplish.
Please reply urgently. Best regards
Be careful. This scam can be physically dangerous as well as dangerous to your finances. Victims are almost always requested to travel to Nigeria or a border country to complete a transaction. Victims are often told that a visa will not be necessary to enter the country. The Nigerian scam artists may then bribe airport officials to pass the victims through Immigration and Customs. Because it is a serious offense in Nigeria to enter without a valid visa, the victim‘s illegal entry may be used by the scam artists as leverage to coerce the victims into releasing funds. Violence and threats of physical harm may be employed to further pressure victims. In June of 1995, an American was murdered in Lagos, Nigeria, while pursuing a 4-1-9 scam, and numerous other foreign nationals have been reported as missing.
23 | P a g e
Avoid these scams like the plague! Don‘t let promises of large amounts of money impair your judgment? How does the fraud work? The bait is the fictional millions of dollars described in each one of these letters. The goal is to get you to come up with money for the "expenses" required to transfer those millions to you. The victim thinks, a few hundred or a few thousand dollars is trivial when $31 million is at stake. Each demand for more money is claimed to be the very last obstacle before the big money is released. Sometimes, the victim is lured to Nigeria, where even worse things happen. How did they get my email address? Exactly the same way all spammers get your email address. Spammers "harvest" email addresses mentioned on web sites. Others run "dictionary attacks" — programs which query mail servers if they have an address AAA100, AAA101, AAA102, etc. That‘s why you get tons of unsolicited commercial email even if you‘ve kept your email address a secret. And spammers sell each other CD‘s with millions of addresses. Remember that practically all spam email is fraudulent anyway Why is it called "Nigerian Fraud"? Regardless of the country or countries mentioned in the letter—even countries located outside of Africa—the fraudsters are usually Nigerian.
CASE 4: Obscenity in the form of Vulgar E-Mails, SMS’s Or MMS Clips
Beware! You may not be intending to harass someone, but that obscene SMS or e-mail you just sent could land you in a lot of trouble. In fact, just receiving it and not deleting it from your inbox could also get you arrested. Since it‘s a non-bailable, cognizable offence, be prepared to also spend at least a night in jail before the judge lets you out. In India, a person could be charged for simply possessing alleged obscene content due to the wide scope of the Information Technology (IT) Act. So if a friend sends a dirty MMS that the police find in your cell phone, you could be as liable as him for prosecution under the IT Act.
24 | P a g e
Any obscene or vulgar SMS, MMS, or even an audio clip from boyfriends, girlfriends, colleagues, spouses or acquaintances can prove costly for the sender and receiver. ?As far as an SMS is concerned, it too is an electronic record since a mobile phone is a ?computer‘ under Section 2 of the IT Act,‘‘ said Pavin Duggal, a leading cyber law expert in India. The IT Act dictates that an obscene SMS, which may cost the sender as little as 30 paise, should lead to a fine of Rs 1 lakh and up to five years in jail. A second-time offence can land the convict in prison for up to 10 years and a fine of up to Rs 2 lakh. ?Harassment is of no consequence. The fact that it is obscene content is enough for the law to apply,‘‘ noted Duggal. However, the harsher penalties are rarely handed out because of poor implementation of the law, Duggal said. First of all, few obscenity cases are filed in which no one is harassed. One such case involved an MMS clip showing two Delhi students having sex and which was put up for sale on a website. Secondly, even in the case of harassment, there is reluctance by victims to report offences to the police, much less take the matter to court. Interestingly, the fact that the state can act without an official complaint from a member of the public, including the harassment victim, has not aided prosecution. Duggal noted that Mumbai is an exception, where the police‘s cyber crime cell is active. But by and large across India the police are reluctant to register cyber crimes—obscenity via SMS is a concept they are still grappling with. In fact, since the inception of the seven year-old IT Act, there have hardly been any convictions for cyber crimes. Duggal said a 2003 on-line cheating case in Delhi is believed to be the first conviction under the Act. The first conviction for obscenity, under Section 67 of the IT Act, was last year in Tamil Nadu where a boy had morphed his girlfriend‘s face onto a nude body and sent it to their friends on the internet. The MMS student sex case is still pending in court. There are numerous cases involving obscene SMSes used to harass people, but most times people don‘t report the matter as this would mean more embarrassment and the hardship of proving the case in court. Duggal noted that it‘s not easy to get a conviction under Section 67, primarily because one has to prove that the obscene information is attributable to the accused. One has to prove the records of service providers, which are sometimes unavailable.
25 | P a g e
Forget prosecution, even investigation is a problem, said internet guru Vijay Mukhi. When sex siren Mallika Sherawat complained in 2005 that an obscene video-clip doing the rounds featured her look alike and not her, the police were faced with a difficult task. As it turned out, said her lawyer Vibhav Krishna, the MMS was found to feature a Brazilian girl and the probe ended there. Mukhi said, ?The problem is that the servers hosting the offensive content are usually located on foreign shores, and even if the origin is a local cyber cafe, the lack of records is a roadblock during a police probe.‘‘ An expert committee appointed a few years ago by the Bombay High Court said it was difficult to have system-based firewalls at cyber cafes to curb the presence of online pornography. Another IT law expert Amit Desai said the IT Act has some, but not all answers. There is no provision, for instance, for cyber stalking in the present law. This is a huge lacuna as most complaints relate to the harassment faced by a continuous inflow of non-obscene messages or mails, said lawyers. Nor is child pornography specifically dealt with under the Act. Recommendations to make child porn a serious and specific offence with enhanced punishment were made to the government last year by an expert committee. Counsel Rajiv Kumar said, ?In the last few years, technology has developed to such an extent that it is capable of being misused and abused. But there is no specific legislation to deal with doctored electronic data.‘‘ Privacy in the electronic age also remains a crucial issue. Any form of electronic communication which tends to ?outrage the modesty‘‘ of a person, or infringes on personal relationships, is an invasion of privacy. The virus spread at great speed around the world
CASE 5: LOVE BUG VIRUS
The virus arrived in e-mail boxes on May 4, 2000, with the simple subject of "ILOVEYOU" and an attachment "LOVE-LETTER-FOR-YOU.TXT.vbs".[1] Upon opening the attachment, the
26 | P a g e
virus sent a copy of itself to everyone in the user's address list, posing as the user. It also made a number of malicious changes to the user's system. Such propagation mechanism (though in IBM mainframe rather than MS Windows environment) has been well known and used already in the Christmas Tree EXEC of 1987, which brought down a large fraction of the world's mainframes at the time.[citation needed] Two aspects of the virus made it effective: ?
?
It relied on social engineering to entice users to open the attachment and ensure its continued propagation. It exploited the weakness of the email system design that an attached program could be run easily by simply opening the attachment; the underlying mechanism – VBScript – had not been exploited to such a degree previously to direct attention to its potential, thus the necessary layers of protection were not in place yet.
Its massive spread moved westward as workers arrived at their offices and encountered messages generated by people from the East. Because the virus used mailing lists as its source of targets, the messages often appeared to come from an acquaintance and so might it be considered "safe", providing further incentive to open them. All it took was a few users at each site to access the VBS attachment to generate the thousands and thousands of e-mails that would cripple e-mail systems under their weight, not to mention overwrite thousands of files on workstations and accessible servers. The virus began in the Philippines on May 4, 2000, and spread across the world in one day (traveling from Hong-Kong to Europe to the United States), infecting 10 percent of all computers connected to the Internet and causing about $5.5 billion in damage. Most of the "damage" was the labor of getting rid of the virus. The Pentagon, CIA, and the British Parliament had to shut down their e-mail systems to get rid of the virus, as did most large corporations. This particular malware caused widespread outrage, making it the most damaging virus ever. The virus overwrote important files, as well as music, multimedia and more, with a copy of
27 | P a g e
itself. It also sent the virus to everyone on a user's contact list. Because it was written in Visual Basic Script, this particular virus only affected computers running the Microsoft Windows operating system. While any computer accessing e-mail could receive an "ILOVEYOU" e-mail, only Microsoft Windows systems would be infected. The alleged authors of the virus, include Irene de Guzman from Manila, Philippines, her brother Onel de Guzman and her boyfriend Reomel Lamores who was briefly held in May 2000 in connection with the virus outbreak. He denied writing the virus, later he claimed the release of the code had been accidental. As there were no laws in the Philippines against virus-writing at the time, he was released and in August the prosecutors dropped all charges against Irene De Guzman, her boyfriend and owner of the PC which was the source of the infection. The original charges brought up against her dealt with the illegal use of passwords for credit card and bank transactions.
CASE 6: The Melissa Supremacy
The Melissa worm, also known as "Mailissa", "Simpsons", "Kwyjibo", or "Kwejeebo", was a mass-mailing macro virus, hence leading some to classify it as a computer worm. Melissa was written by David L. Smith in Aberdeen Township, New Jersey. Smith called himself Kwyjibo. It is also known to damage documents by putting in the text, ?twenty-two, plus triple-word score, plus fifty points for using all my letters. Game‘s over. I‘m outta here?, a reference to The Simpsons episode Bart the Genius, from where the name 'kwyjibo' also originates. First found on March 26, 1999, Melissa shut down Internet mail systems that got clogged with infected e-mails propagating from the worm. Melissa was not originally designed for harm, but it overflowed servers and caused unplanned problems. If a Word document containing the virus, either LIST.DOC or another infected file, was downloaded and opened, then the macro in the document ran and attempted to mass mail itself. When the macro mass-mailed, it collected the first 50 entries from the alias list or address book, and sent it to the e-mail addresses of those names. Companies such as Microsoft, Intel, Lockheed Martin, and Lucent Technologies were
28 | P a g e
forced to shut down their e-mail gateways due to the vast amount of e-mail the virus was generating. The Melissa virus was the most costly computer outbreak to date, causing more than $80 million in damages to North American businesses. In December of the same year, Smith pleaded guilty to creating and releasing the virus. He was one of the first people to ever be prosecuted for writing a virus. The sentence, originally ten years (of a maximum forty year sentence) in a United States federal prison, was reduced to twenty months and a $5,000 fine when Smith began working undercover with the FBI shortly after his capture. Initially only working eighteen hours per week, Smith was soon bumped up to a forty hour work week. He was tasked with gaining connections among authors of new viruses, keeping an ear to the ground for software vulnerabilities, mitigating damage caused by these nefarious activities, and contributing to the capture of the perpetrators. Mr Smith said in a statement: "I did not expect or anticipate the amount of damage that took place ... I had no idea there would be such profound consequences to others. In fact, I included features designed to prevent substantial damage." High score If the user launched the document, their computer became infected, although the worst thing that could happen apparently was if it was launched when the day equaled the minute value ... such as 29 minutes past on the 29th, the following message appeared: "Twenty-two points, plus triple-word-score, plus 50 points for using all my letters. Game's over. I'm outta here." The quote was from Bart of The Simpsons cartoon show, who invented the word Kwyjibo to describe a North American ape or his father Homer in a Scrabble-playing episode. It has been estimated that the virus infected more than a million computers.
29 | P a g e
8. LATEST DEVELOPMENTS
CYBER CRIMES RATE 50 PERCENT JUMP IN INDIA With India being home to the fourth highest number of internet users in the world, cyber crimes under the the Information Technology (IT) Act recorded a whopping 50 percent jump in 2007 over the previous year. What's more, the majority of offenders were under 30 years of age. The maximum cyber crime cases, about 46 percent, were related to incidents of cyber pornography, followed by hacking. In over 60 percent of these cases, offenders were between
30 | P a g e
18 and 30, according to the "Crime in 2007" report of the National Crime Record Bureau (NCRB). Cyber crimes are punishable under two categories - the IT Act 2000 and the Indian Penal Code (IPC). The report says that 217 cases of cyber crime were registered under the IT Act in 2007 compared to 142 in 2006 - an increase of 50 percent. Under the IPC too, 339 cases were recorded in 2007 compared to 311 cases in 2006. "Seventeen out of 35 mega cities have reported nearly 300 cases of cyber crimes under both categories, thereby recording an increase of 32.6 percent in a year," the report says. The report indicates that cyber crimes are no longer limited to metro cities. PARLIAMENT APPROVES CYBER CRIME BILL Parliament has passed the Information Technology (Amendment) Bill that provides for imprisonment, which could extend to life term, for those indulging in cyber terrorism and a jail term of up to five years for publishing or transmitting obscene material in electronic form. The Bill, which was earlier passed by the Lok Sabha and cleared by the Rajya Sabha on Tuesday, prescribes stiff punishment for offences related to misuse of computers and communication equipment. It seeks addition of provisions to deal with cyber crimes such as transmitting sexually explicit materials in electronic form, video voyeurism, breach of confidentiality, leakage of data by intermediary and e-commerce frauds. It treats cases related to dishonestly receiving stolen computer resource, identity theft, cheating by impersonation using computer resource and violation of privacy very seriously. For those indulging in cyber terrorism with the intent of threatening the unity, integrity, security or sovereignty of the country or striking terror in the people, the Bill stipulates life imprisonment. Transmitting material containing sexually explicit acts in electronic form would be punishable by imprisonment of up to five years along with a fine of up to Rs.10 lakh.
31 | P a g e
Similarly, publishing or transmitting of material depicting children in sexually explicit acts in electronic form will also invite a punishment of up to five years and a fine of up to Rs.10 lakh. BLACKBERRY: GOVT TO SOON FIND A SOLUTION The BlackBerry issue came into the open earlier this year when DoT refused permission to Tata Teleservices to launch this service on the grounds that Indian security agencies did not have a system in place to monitor data and email sent between BlackBerry users. BlackBerry services provided by other operators, too, came under the scanner after IB and other security agencies informed DoT that emails and data sent between BlackBerry users in India bypass the networks of telcos providing these services here and directly hit RIM‘s servers in Canada. After many rounds of talks between intelligence agencies and RIM, DoT proposed an interim solution where all data between BlackBerry users are stored on the servers of the telcos for a year. The department has asked RIM to use this 12-month period to move some of its servers to India, which will then enable the country‘s security agencies to monitor the BlackBerry traffic.
The government may soon find a solution to the BlackBerry security issue. San Jose-based Cain Technologies and SS8 Networks will be demonstrating their interception equipment to the Department of Telecom (DoT) and Intelligence Bureau (IB) . DoT sources said if the demonstrations are successful, the government will direct Canada‘s RIM (the maker of BlackBerry smartphones) to install the interception solution on Indian mobile networks expeditiously.
32 | P a g e
GOVT MAY KEEP AN EYE ON EMAILS FROM ABROAD
Worried over large-scale hacking of government websites by foreign-located servers, the department of information technology (DIT) is planning to set up a surveillance mechanism for all mails coming from overseas Recently hackers have found safe havens in China and the UK for executing their malicious activities. US security agency, US-CERT, has also initiated a similar move against such web intrusions. The US government has accused Chinese hackers of intruding into government‘s official documents. In fact, in the wake of large-scale defacement of important government websites, the Centre has decided to make an exclusive foolproof network of critical infrastructure and highly-vulnerable government departments. This is in addition to an innovative advance- warning systems, which is being deployed to warn about virus attacks. The cyber security wing of DIT would prepare the new software to issue advance warnings of any lurking danger on these websites. In the US, two Congressmen have accused China of hacking into their office computers to possibly compromise sensitive information on Chinese dissidents.
Frank Wolf, a Republican from Virginia had reportedly said that at least four of his office computers had been infiltrated in August 2006 and that he was told by the FBI and other officials that the source of the attack appeared to be from China. The CBI has also earmarked e-security as the prime concern and is in the process of setting up new mechanism to tackle the menace.
33 | P a g e
GOVT TO SNIFF YOUR EMAILS
Here's how the Indian government plans to track suspected terror emails in real time: It's going to sniff or read your messages. Sniffing, in technical terms, means capturing data being transmitted on a network to identify its origin and destination and, if needed, see its contents. Sniffer programmes are commonly used by internet service providers (ISPs) to detect bottlenecks and problems for regulating internet traffic. Email tracking is the buzz word in cyber intelligence circles. "We have unofficial estimates that everyday nearly 25,000 new email IDs are created by users accessing only one of the major email networks. We also suspect that terror IDs are created specifically for sending out an email. In this context, sniffing mail servers can help us track down these suspected IDs even as they are being created," said an official familiar with the government's policy on cyber terrorism. The intelligence agencies have been monitoring the international internet traffic emanating and ending in India for the last two years. The security agencies have installed hardware at three major international gateways that sniff the internet traffic leaving India and coming into the country. However, with more and more evidence of home-grown terrorists using domestic networks for communication, the intelligence community has been making noises about deploying the sniffing technology at the local ISP level. "The technology is controversial because while it helps monitor traffic for national security purposes, it also gives a lot of power to the ISP to analyse its internet traffic and give priority to one kind of data transfer over others. For instance, if an ISP discovers using deep packet inspection that during the day most of the data packets passing through its networks are videos and audio files due to which its own corporate customers' traffic is getting slowed down, the ISP may slow down the video and audio traffic to give priority to the data of its prime customers," the official said.
34 | P a g e
"The technology is not all that new and is widely available. Many Intellectual Property Rights sensitive industries like automobile design houses and pharma companies are the traditional consumers of such technology," he said.
NEW COMPANY LAW TO POST EMAIL AS EVIDENCE
The new company law, being drafted by the government, is likely recognizing email as a valid piece of evidence. With corporate relying on emails for bulk of their communication, the ministry of corporate affairs is planning to recognize electronic communication by corporate as evidence during company law prosecutions.
Regulatory changes in this regard would clear the air on the evidentiary value of electronic communication, including email. With the law yet to gain clarity on the subject, it is felt the move would tighten the noose around companies who bank on regulatory loopholes for selfdefense.
Officials say the new company law, expected to be introduced in Parliament soon, would provide for necessary changes to this effect. The changes are likely to assist prosecuting agencies in their crackdown on infringement of company law provisions.
Today, there is no specific recognition of email as evidence. Officials point out the lack of clarity has often been exploited by companies facing prosecution. The inception of the ministry‘s e-governance project has prepared the groundwork for initiating the move, point out officials. The project, MCA-21, has enabled computerization of documents and records filed by companies.
The new company law has accorded substantial importance to both means to check corporate frauds as well as ways to crack them. The government feels the companies should not be let off due to lack of evidence. It is also learnt that the government at various levels is trying to harmonize related legislation such as Information Technology Act and Evidence Act on the
35 | P a g e
subject to avoid regulatory overlaps.
Even as the company law awaits amendments to this effect, the Competition Commission of India (CCI) feels corporate emails could be crucial evidence in cartel investigations. CCI recommends enterprises to maintain a check on electronic correspondence of its marketing personnel and distributing agents to ensure they do not engage themselves in anti-competition activities.
9. CONCLUSION:
Capacity of human mind is unfathomable. It is not possible to eliminate cyber crime from the cyber space. It is quite possible to check them. History is the witness that no legislation has succeeded in totally eliminating crime from the globe. The only possible step is to make people aware of their rights and duties (to report crime as a collective duty towards the society) and further making the application of the laws more stringent to check crime. Undoubtedly the Act is a historical step in the cyber world. Further I all together do not deny that there is a need to bring changes in the Information Technology Act to make it more effective to combat cyber crime. It should be kept in mind that the provisions of the cyber law are not made so stringent that it may retard the growth of the industry and prove to be counter-productive.
36 | P a g e
BIBLIOGRAPHY
1. www.cbsnews.com 2. www.cyberforensic.co.cc 3. www.cybercrime.planetindia.net 4. www.naavi.org 5. www.usdoj.gov 6. www.cybercrime.in 7. www.cyberlaws.net 8. www.merinews.com
37 | P a g e
doc_931307054.docx
covers what is cyber crime, who are cyber criminals, how can cyber crime be prevented, different types of email frauds and scams.
A REPORT ON CYBER FRAUD – EMAILS SUBMITTED TO
BY
1|Page
Contents
1. 2. 3. 4. 5. 6. 7. CYBER CRIME................................................................................................................................ 3 CYBER CRIMINALS ...................................................................................................................... 4 PREVENTION OF CYBER CRIME ............................................................................................... 5 E-MAIL RELATED CRIMES.......................................................................................................... 6 E-MAIL SCAMS ............................................................................................................................ 10 THE INFORMATION TECHNOLOGY ACT, 2000 ..................................................................... 11 CASE STUDIES ............................................................................................................................. 17 CASE 1: Email from Someone Stranded Abroad ................................................................................. 17 CASE 2: Job vacancies abroad ............................................................................................................. 20 CASE 3: Nigerian advance fee scheme ................................................................................................ 21 CASE 4: Obscenity in the form of Vulgar E-Mails, SMS’s Or MMS Clips ............................................. 24 CASE 5: LOVE BUG VIRUS .................................................................................................................... 26 CASE 6: The Melissa Supremacy ......................................................................................................... 28 8. LATEST DEVELOPMENTS ................................................................................................................. 30 CYBER CRIMES RATE 50 PERCENT JUMP IN INDIA .............................................................................. 30 PARLIAMENT APPROVES CYBER CRIME BILL ....................................................................................... 31 BLACKBERRY: GOVT TO SOON FIND A SOLUTION............................................................................... 32 GOVT MAY KEEP AN EYE ON EMAILS FROM ABROAD ........................................................................ 33 GOVT TO SNIFF YOUR EMAILS ............................................................................................................ 34 NEW COMPANY LAW TO POST EMAIL AS EVIDENCE .......................................................................... 35 9. CONCLUSION:.................................................................................................................................. 36
BIBLIOGRAPHY ........................................................................................................................................ 37
2|Page
INTRODUCTION
The term ?cyber crime‘ is a misnomer. This term has nowhere been defined in any statute /Act passed or enacted by the Indian Parliament. The concept of cyber crime is not radically different from the concept of conventional crime. Both include conduct whether act or omission, which cause breach of rules of law and counterbalanced by the sanction of the state. Before evaluating the concept of cyber crime it is obvious that the concept of conventional crime be discussed and the points of similarity and deviance between both these forms may be discussed.
1. CYBER CRIME
Cyber crime is the latest and perhaps the most complicated problem in the cyber world. ?Cyber crime may be said to be those species, of which, genus is the conventional crime, and where either the computer is an object or subject of the conduct constituting crime?. ?Any criminal activity that uses a computer either as an instrumentality, target or a means for perpetuating further crimes comes within the ambit of cyber crime”. A generalized definition of cyber crime may be ?unlawful acts wherein the computer is either a tool or target or both”. The computer may be used as a tool in the following kinds of activityfinancial crimes, sale of illegal articles, pornography, online gambling, intellectual property crime, e-mail spoofing, forgery, cyber defamation, cyber stalking. The computer may however be target for unlawful acts in the following cases- unauthorized access to computer/ computer system/ computer networks, theft of information contained in the electronic form, e-mail bombing, data didling, salami attacks, logic bombs, Trojan attacks, internet time thefts, web jacking, theft of computer system, physically damaging the computer system.
3|Page
2. CYBER CRIMINALS
The cyber criminals constitute of various groups / categories. This division may be justified on the basis of the object that they have in their mind. The following are the category of cyber criminals?
Children and adolescents between the age group of 6 – 18 years
The simple reason for this type of delinquent behaviour pattern in children is seen mostly due to the inquisitiveness to know and explore the things. Other cognate reason may be to prove that they are outstanding amongst other children in their group. Further the reasons may be psychological even. E.g. the Bal Bharati (Delhi) case was the outcome of harassment of the delinquent by his friends.
?
Organised hackers
These kinds of hackers are mostly organised together to fulfil certain objective. The reason may be to fulfil their political bias, fundamentalism, etc. The Pakistanis are said to be one of the best quality hackers in the world. They mainly target the Indian government sites with the purpose to fulfil their political objectives. Further the NASA as well as the Microsoft sites is always under attack by the hackers.
?
Professional hackers / crackers
Their work is motivated by the color of money. These kinds of hackers are mostly employed to hack the site of the rivals and get credible, reliable and valuable information. Further they are even employed to crack the system of the employer basically as a measure to make it safer by detecting the loopholes.
?
Discontented employees
This group include those people who have been either sacked by their employer or are dissatisfied with their employer. To avenge they normally hack the system of their employee.
4|Page
3. PREVENTION OF CYBER CRIME
Prevention is always better than cure. It is always better to take certain precaution while operating the net. As someone preaches the 3 words against cyber crime - Precaution, Prevention, Protection, Preservation and Perseverance. A netizen should keep in mind the following things: ? ? ? ? ? ? ? ? ? ? prevent cyber stalking avoid disclosing any information pertaining to oneself. This is as good as disclosing your identity to strangers in public place always avoid sending any photograph online particularly to strangers and chat friends as there have been incidents of misuse of the photographs always use latest and up date anti virus software to guard against virus attacks always keep back up volumes so that one may not suffer data loss in case of virus contamination never send your credit card number to any site that is not secured, to guard against frauds always keep a watch on the sites that your children are accessing to prevent any kind of harassment or depravation in children it is better to use a security programme that gives control over the cookies and send information back to the site as leaving the cookies unguarded might prove fatal website owners should watch traffic and check any irregularity on the site. Putting hostbased intrusion detection devices on servers may do this use of firewalls may be beneficial web servers running public sites must be physically separate protected from internal corporate network Adjudication of a Cyber Crime - On the directions of the Bombay High Court the Central Government has by a notification dated 25.03.03 has decided that the Secretary to the Information Technology Department in each state by designation would be appointed as the AO for each state.
5|Page
4. E-MAIL RELATED CRIMES
Email has fast emerged as the world's most preferred form of communication. Billions of email messages traverse the globe daily. Like any other form of communication, email is also misused by criminal elements. The ease, speed and relative anonymity of email has made it a powerful tool for criminals. Some of the major email related crimes are: ? ? ? ? ? ? Email spoofing Sending malicious codes through email Email bombing Sending threatening emails Defamatory emails Email frauds
Email spoofing
A spoofed email is one that appears to originate from one source but has actually emerged from another source. Falsifying the name and / or email address of the originator of the email usually does email spoofing to send an email the sender has to enter the following information:
? ?
email address of the receiver of the email email address(es) of the person(s) who will receive a copy of the email (referred to as CC for carbon copy)
?
email address(es) of the person(s) who will receive a copy of the email (referred to as CC for carbon copy, but whose identities will not be known to the other recipients of the email (known as BCC for blind carbon copy)
?
subject of the message (a short title / description of the message)
6|Page
Message
Certain web-based email services like www.SendFakeMail.com, offer a facility wherein in addition to the above, a sender can also enter the email address of the purported sender of the email. Consider Mr. Siddharth whose email address is [email protected]. His friend Golu's email address is [email protected]. Using SendFakeMail, Siddharth can send emails purporting to be sent from Golu's email account. All he has to do is enter [email protected] in the space provided for sender's email address. Golu's friends would trust such emails, as they would presume that they have come from Golu (whom they trust). Siddharth can use this misplaced trust to send viruses, Trojans, worms etc. to Golu's friends, who would unwittingly download them.
Spreading Trojans, viruses and worms
Emails are often the fastest and easiest ways to propagate malicious code over the Internet. The Love Bug virus, for instance, reached millions of computers within 36 hours of its release from the Philippines thanks to email. Hackers often bind Trojans, viruses, worms and other computer contaminants with e-greeting cards and then email them to unsuspecting persons. Such contaminants can also be bound with software that appears to be an anti-virus patch. E.g. a person receives an email from Compose From To CC BCC Subject
Message
[email protected] (this is a spoofed email but the victim does not know this). The email informs him that the attachment contained with the email is a security patch that must be downloaded to detect a certain new virus. Most unsuspecting users would succumb to such an email (if they are using a registered copy of the McAffee anti-virus software) and would download the attachment, which actually could be a Trojan or a virus itself!
Email bombing
Email bombing refers to sending a large amount of emails to the victim resulting in the victim's email account (in case of an individual) or servers (in case of a company or an email service provider) crashing. A simple way of achieving this would be to subscribe the victim's email
7|Page
address to a large number of mailing lists. Mailing lists are special interest groups that share and exchange information on a common topic of interest with one another via email. Mailing lists are very popular and can generate a lot of daily email traffic - depending upon the mailing list. Some generate only a few messages per day others generate hundreds. If a person has been unknowingly subscribed to hundreds of mailing lists, his incoming email traffic will be too large and his service provider will probably delete his account. The simplest email bomb is an ordinary email account. All that one has to do is compose a message, enter the email address of the victim multiple times in the "To" field, and press the "Send" button many times. Writing the email address 25 times and pressing the "Send" button just 50 times (it will take less than a minute) will send 1250 email messages to the victim! If a group of 10 people do this for an hour, the result would be 750,000 emails! There are several hacking tools available to automate the process of email bombing. These tools send multiple emails from many different email servers, which make it very difficult, for the victim to protect himself.
Threatening emails
Email is a useful tool for technology savvy criminals thanks to the relative anonymity offered by it. It becomes fairly easy for anyone with even a basic knowledge of computers to become a blackmailer by threatening someone via e-mail. In a recent case, Poorva received an e-mail message from someone who called him or herself 'your friend'. The attachment with the e-mail contained morphed pornographic photographs of Poorva. The mail message said that if Poorva were not to pay Rs. 10,000 at a specified place every month, the photographs would be uploaded to the Net and then a copy sent to her fiancé. Scared, Poorva at first complied with the wishes of the blackmailer and paid the first Rs. 10, 000. Next month, she knew she would have to approach her parents. Then, trusting the reasonableness of her fiancé she told him the truth. Together they approached the police. Investigation turned up the culprit - Poorva's supposed friend who wanted that Poorva and her fiancé should break up so that she would get her chance with him.
8|Page
Defamatory emails
As has been discussed earlier cyber-defamation or even cyber-slander as it is called can prove to be very harmful and even fatal to the people who have been made its victims.
Email Frauds
Email spoofing is very often used to commit financial crimes. It becomes a simple thing not just to assume someone else's identity but also to hide one's own. The person committing the crime understands that there is very little chance of his actually being identified. In a recently reported case, a Pune based businessman received an email from the Vice President of the Asia Development Bank (ADB) offering him a lucrative contract in return for Rs 10 lakh. The businessman verified the email address of the Vice President from the web site of the ADB and subsequently transferred the money to the bank account mentioned in the email. It later turned out that the email was a spoofed one and was actually sent by an Indian based in Nigeria. In another famous case, one Mr. Rao sent himself spoofed e-mails, which were supposedly from the Euro Lottery Company. These mails informed him that he had won the largest lottery. He also created a website in the name of the Euro Lottery Company, announced n it that he had won the Euro Lottery and uploaded it on to the Internet. He then approached the Income Tax authorities in India and procured a clearance certificate from them for receiving the lottery amount. In order to let people know about the lottery, he approached many newspapers and magazines. The media seeing this as a story that would interest a lot of readers hyped it up and played a vital role in spreading this misinformation. Mr. Rao then went to many banks and individuals and told them that having won such a large sum of money he was afraid for his safety. He also wanted to move into a better house. He wheedled money out of these institutions and people by telling them that since the lottery prize money would take some time to come to him, he would like to borrow money from them. He assured them that the loan amount would be returned as soon as the lottery money came into his possession. Lulled into believing him (all thanks to the Income Tax clearance) most of these people loaned large amounts of money to him. It was only when he did not pay back the loan amounts to the banks that they became suspicious. A countercheck by
9|Page
the authorities revealed the entire scheme. Mr. Rao was arrested. Later, it was found that some of the money had been donated for philanthropic causes and also to political parties!
5. E-MAIL SCAMS
?
Advance-fee fraud: Among the variations on this type of scam, are the Nigerian Letter also called the 419 frauds, Nigerian scam, Nigerian bank scam, or Nigerian money offer. The Nigerian Senate emblem is sometime used in this scam.
?
El Gordo de la Primitiva Lottery International Promotions Programmes: The intended victim is often told their name or email address was selected through a random computer ballot and sponsored by a marketing company. In order to claim their so-called winnings, the victim is asked to provide their bank account details and other personal information. The victim is asked to contact the claims agent or award department.
?
Word of Mouth: This e-mail spam state that an anonymous person posted a secret about the recipient and that he needs to pay a fee in order to see the message.
?
Investment Schemes: Emails touting investments that promise high rates of return with little or no risk. One version seeks investors to help form an offshore bank. The Fifth Third Bank brand, name, and logo have been frequently exploited in this scam. The computer security company McAfee reports that, at the beginning of September 2006, over 33% of phishing scam emails being reported to McAfee were using Fifth Third Bank's brand.
?
Debt Relief: The intended victim is often told to consolidate bills into one monthly payment without borrowing.
?
Phishing: Typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.
10 | P a g e
?
FBI e-mail: Claim to be an ?official order? from the FBI‘s Anti-Terrorist and Monetary Crimes Division, from an alleged FBI unit in Nigeria, confirm an inheritance, or contain a lottery notification, all informing recipients they have been named the beneficiary of millions of dollars.
?
Romance scam: Occurs when strangers pretend romantic intentions, gain the affection of victims, and then use that goodwill to gain access to their victims' money, bank accounts, credit cards, passports, and/or national identification numbers or by getting the victims to commit financial fraud on their behalf.
6. THE INFORMATION TECHNOLOGY ACT, 2000
In the last week of December, 2008, the Parliament of India has passed the amendments to the Information Technology Act 2000, which is popularly known as Indian cyber law. The IT Amendment Act 2008 brings about various sweeping changes in the existing Cyber law. While the lawmakers have to be complemented for their appreciable work removing various deficiencies in the Indian Cyber law and making it technologically neutral, yet it appears that there has been a major mismatch between the expectation of the nation and the resultant effect of the amended legislation. The most bizarre and startling aspect of the new amendments is that these amendments seek to make the Indian cyber law a cyber crime friendly legislation; -- a legislation that goes extremely soft on cyber criminals, with a soft heart; a legislation that chooses to encourage cyber criminals by lessening the quantum of punishment accorded to them under the existing law; a legislation that chooses to give far more freedom to cyber criminals than the existing legislation envisages; a legislation which actually paves the way for cyber criminals to wipe out the electronic trails and electronic evidence by granting them bail as a matter of right; a legislation which makes a
11 | P a g e
majority of cybercrimes stipulated under the IT Act as bailable offences; a legislation that is likely to pave way for India to become the potential cyber crime capital of the world. A perusal of the said legislation shows that there is hardly any logical or rational reason for adopting such an approach. Currently, the IT Act, 2000, has provided for punishment for various cyber offences ranging from three years to ten years. These are non-bailable offences where the accused is not entitled to bail as a matter of right. However what amazes the lay reader is that the amendments to the IT Act have gone ahead and reduced the quantum of punishment. Taking a classical case of the offence of online obscenity, Section 67 has reduced the quantum of punishment on first conviction for publishing, transmitting or causing to be published any information in the electronic form, which is lascivious, from the existing five years to three years. Similarly, the amount of punishment for the offence of failure to comply with the directions of the Controller of Certifying Authorities is reduced from three years to two years. Further it is shocking to find that the offences of hacking, as defined under Section 66 of the existing Information Technology Act, 2000, has been completely deleted from the law book. In fact, the existing language of the under Section 66 as now been substituted by new language. Deleting hacking as a specific defined offence does not appeal to any logic. The cutting of certain elements of the effects of hacking under the existing Section 66 and putting the same under Section 43 make no legal or pragmatic sense. This is all the more so as no person would normally diminish the value and utility of any information residing in a computer resource or affect the same injuriously by any means, with
12 | P a g e
the permission of the owner or any such person who is in charge of the computer, computer system or computer network. At that time when the entire world is going hammer and tongs against cyber crimes and cyber criminals, here comes a contrary trend from the Indian legislature. Cyber criminals of the world targeting India or operating in India need not despair. The legislation has now stipulated that Cyber crimes punishable with imprisonment of three years shall be bailable offences. Since the majority of cyber crime offences defined under the amended IT Act are punishable with three years, the net effect of all amendments is that a majority of these cybercrimes shall be bailable. In common language, this means that the moment a cybercriminal will be arrested by the police, barring a few offences, in almost all other cyber crimes, he shall be released on bail as a matter of right, by the police, there and then. Keeping in account human behavior and psychology, it will be but natural to expect that the concerned cyber criminal, once released on bail, will immediately go and evaporate, destroy or delete all electronic traces and trails of his having committed any cyber crime, thus making the job of law enforcement agencies to have cyber crime convictions, a near impossibility. The fertile liberal treatment meted out to cyber criminals, by the new IT Act amendments, facilitating the environment where they can tamper with, destroy and delete electronic evidence, is likely to make a mockery of the process of law and would put the law enforcement agencies under extreme pressure. In the 14-odd years since internet has been commercially introduced in our country, India has got only three cyber crime convictions. If these new amendments come into force, India is likely to see a drought of cyber crime convictions.
13 | P a g e
Another major change that the new amendments have done is that cyber crimes in India shall now be investigated not by a deputy superintendent of police, as under the existing law, but shall now be done by a low level police inspector. So, all of us need to remember that henceforth, your local police inspector is going to be your next point of contact, the moment you are a victim of any cyber crime. The efficacy of such an approach is hardly likely to withstand the test of time, given the current non-exposure and lack of training of Inspector level police officers to cyber crimes, their detection, investigation and prosecution. Given this new development, it is probable that the concept of e-hafta (or electronic hafta) is likely to be far more reinforced and developed as an institutional practice. This is so as the law has now produced more powers to the inspector than ever before, regarding cybercrimes. The expectations of the nation for effectively tackling cyber crime and stringently punishing cyber criminals have all been let down by the extremely liberal amendments, given their soft corner and indulgence for cyber criminals. All in all, given the glaring loopholes as detailed above, the new IT Act Amendments are likely to adversely impact corporate India and all users of computers, computer systems and computer networks, as also data and information in the electronic form. Some Noteworthy Provisions Under The Information Technology Act, 2000.
Sec.43 Sec.66 Sec.67 Damage to Computer system etc. Hacking (with intent or knowledge) Publication of obscene material in e-form Compensation for Rupees 1crore. Fine of 2 lakh rupees, and imprisonment for 3 years. Fine of 1 lakh rupees, and imprisonment of 5years, and double conviction on second offence Fine upto 2 lakh and imprisonment of 3 years. Imprisonment upto 10 years.
Sec.68 Sec.70
Not complying with directions of controller attempting or securing access to computer
14 | P a g e
Sec.72
For breaking confidentiality of the information of computer Publishing false digital signatures, false in certain particulars Publication of Digital Signatures for fraudulent purpose.
Fine upto 1 lakh and imprisonment upto 2 years
Sec.73
Fine of 1 lakh, or imprisonment of 2 years or both. Imprisonment for the term of 2 years and fine for 1 lakh rupees.
Sec.74
Investigations and Search Procedures Section 75 of Information Technology Act, 2000 takes care of jurisdictional aspect of cyber crimes, and one would be punished irrespective of his nationality and place of commission of offence. Power of investigation is been given to police officer not below the rank of Deputy Superintendent of police or any officer of the Central Government or a State Government authorized by Central Government. He may enter any public place, conduct a search and arrest without warrant person who is reasonably expected to have committed an offence or about to commit computer related crime. Accused has to be produced before magistrate within 24 hours of arrest. Provisions of Criminal Procedure Code, 1973 regulate the procedure of entry, search and arrest of the accused. Problems Underlying Tracking of Offence Most of the times the offenders commit crime and their identity is hard to be identified. Tracking cyber criminals requires a proper law enforcing agency through cyber border co-operation of governments, businesses and institutions of other countries. Most of the countries lack skilled law enforcement personnel to deal with computer and even broader Information technology related crimes. Usually law enforcement agencies also don‘t take crimes serious, they have no importance of enforcement of cyber crimes, and even if they undertake to investigate they are posed with limitation of extra-territorial nature of crimes. How Efficient Is Information Technology Act 2000? It can‘t be disputed that Information Technology Act, 2000 though provides certain kinds of protections but doesn‘t cover all the spheres of the I.T where the protection must be provided.
15 | P a g e
Copyright and trade mark violations do occur on the net but Copy Right Act 1976, or Trade Mark Act 1994 are silent on that which specifically deals with the issue. Therefore have no enforcement machinery to ensure the protection of domain names on net. Transmission of e-cash and transactions online are not given protection under Negotiable Instrument Act, 1881. Online privacy is not protected only Section 43 (penalty for damage to computer or computer system) and 72 (Breach of confidentiality or privacy) talks about it in some extent but doesn‘t hinder the violations caused in the cyberspace. Even the Internet Service Providers (ISP) who transmits some third party information without human intervention is not made liable under the Information Technology Act, 2000. One can easily take shelter under the exemption clause, if he proves that it was committed without his knowledge or he exercised due diligence to prevent the offence. It‘s hard to prove the commission of offence as the terms ?due diligence? and ?lack of knowledge? have not been defined anywhere in the Act. And unfortunately the Act doesn‘t mention how the extra territoriality would be enforced. This aspect is completely ignored by the Act, where it had come into existence to look into cyber crime which is on the face of it an international problem with no territorial boundaries. What beyond the IT Act ? Legal standardization of harmful conduct involving computer, Internet ? Standardization of procedural obligations ? Capacity building ? Partnership with other agencies ? Monitoring agency on similar lines as ICAO and ITU agencies in civil aviation and telecommunications sectors
16 | P a g e
7. CASE STUDIES CASE 1: Email from Someone Stranded Abroad
Relatives and friends living overseas are likely to be among the most vulnerable in the latest email fraud, where a person‘s account is illegally accessed and mails are sent out seeking monetary help. An email arrives, pretending to be from a webmail service provider Like Microsoft, saying that there are problems with your email account and your username, password and country/territory are required to set matters straight Thinking the mail genuine, you forward your details. Sometimes, the scamster can get these details by simply hacking into your computer and/or email accounts) Soon, your friends receive emails from ?you‘ through your account. They are told that you‘re stranded in some foreign country after having lost your wallet and documents and need money to return home If you reply to the email, you are likely to be given a postal address in some foreign country to where money can be wired. Sometimes the original mail already has this address Your friends and relatives living abroad are the prime targets of this scam, as money can‘t be wired from India to a postal address abroad, only to a bank account. Bandra-based businessman Al-Naseer Zakaria approached the Mumbai police‘s cyber crime cell after an email from his account asked acquaintances for a ?soft loan‘ of 1,800 pounds (Rs 1.27 lakh) because he was supposedly stranded abroad. The police are also studying the case in which adman-turned-civic activist Gerson D‘Cunha‘s email was similarly hacked into and an appeal for money made.
17 | P a g e
?A relative of mine replied to the email, in a bid to find out how the fraud would be completed. He received another mail, again from my account, where the address of a residential locality in London was provided. He was told to send a money transfer,‘‘ D‘Cunha told TOI. ?There‘s a possibility that the accused has rented a temporary accommodation in London. Once he got the money, he would move out,‘‘ a police officer said. ?To send money overseas from any location in India, one needs to provide a bank account number of the receiver and the exact purpose. But from one western nation to another, money can be sent to a postal address. So, there‘s a strong possibility of relatives living abroad or travelling overseas getting duped .‘‘ After Zakaria contacted the cyber crime cell, the police sent an application to Microsoft to get his hotmail account blocked to prevent further misuse. ?We have also sent a request for Zakaria‘s important documents to be retrieved,‘‘ an investigating officer said. ?We are now trying to trace the IP address of the computer used to illegally access Zakaria‘s account and send the emails to his contacts.‘‘ Zakaria, who has studied and lived in the US, told TOI that he had received a mail few months back, asking for his username, password and home country. ?The mail had Microsoft‘s logo and their corporate address at Washington. I know exactly where their office is and have been operating a hotmail account since 1996. There was just no reason for to believe that the mail was a fake,‘‘ he said. Zakaria‘s woes started after he replied to the mail with his vital account information. ?I believe the accused studied the mails in my inbox and the kind of people I have been interacting with before sending help-seeking mails.‘‘ A Microsoft spokesperson said the company never asks for passwords. Cyber expert Sanjay Pandey said that while earlier email fraud was a nuisance, now money is the motive. ?Now, there are mails circulated with pictures. If you click on the picture, a virus is installed on your computer, locking all your files automatically. To unlock the files, you are told to pay up. Several people in India fall for such fraud because awareness on internet security is very low,‘‘ he said. ?People can visit www.microsoft.com/protect to get security help,‘‘ the Microsoft spokesperson said.
18 | P a g e
Sample Emails:
Dear friend. Sorry I didn’t inform you about my traveling to UK for a program. I am currently stranded in London because I lost my wallet on my way to the hotel where my money and other valuable things were kept. I need you to help me. Please assist me with a soft loan urgently with the sum of 1,200 GB Pounds to sort out my hotel bills and get myself back home. I will appreciate whatever you can afford. I’ll pay you back as soon as I return. Please send the money to me through Western Union money transfer by the details below. Patrick Collingwood Address, 199 Marylebone High Street, London W1U 4RY After making the payment kindly get back to me with payment receipt details needed to collect the money here. Regards, Varun —Received by Mumbai post-graduate student Samiksha Sharma from the email account of her former colleague, Varun
I am sorry I didn’t inform you about my travelling to Malaysia for a program called ‘Empowering Youth to Fight Racism, HIV/AIDS, Poverty and Lack of Education.’ The present condition that I found myself (sic) is very hard for me to explain. I am really stranded in Malaysia because I forgot my little bag in the taxi where my money, passport, documents, cell phone... and other valuable things were kept.... I am now owing a hotel bill of $1,200.... I need you to help me with the hotel bill and I will also need $1,000 to feed and help myself back home. So please can you help me with a sum of $2,200 USD.... Please use the details of one of the hotel managers below to send the money to me through Western Union money transfer or money gram.... Natalie Dias 199 Marylebone High Street, London W1U 4RY
19 | P a g e
After making the payment kindly back to me with payment receipt details needed to collect the money here. Regards, Natalie Dias —Received by Mumbai PR executive Sylvester Fernandes from the email account of his sister’s friend, Natalie Dias
How are you doing? I am so sorry I didn’t inform you about my traveling to UK for a program. I am presently in London. I am stranded here because i (sic) misplaced my wallet on my way to the hotel where my money, and other valuable things were kept. I will like you to assist me with a soft loan urgently with the sum of 1,800 pounds to sort out my hotel bills and get myself back home. I will appreciate whatever you can afford, i’ll pay you back as soon as i return. Please reply. Thank you very much. Al-Naseer Zakaria. —Received by several people in the contacts list of Khar-based businessman Al-Naseer Zakaria
CASE 2: Job vacancies abroad
Juhu police arrested five Nigerian nationals for their alleged involvement in an inter-state job racket. The arrested have been identified as Vinset Mezek (26), Ogobol Tony (25), Kovhni Okosav (35), Charles Niogo (21) and Odirom Babatude (26). One person named Terri, who is a wanted in the case, is at large, say police. According to the police, the accused used to send mails to people about vacancies in hotels outside India. If anyone responded, they would ask him to deposit money in their bank accounts
20 | P a g e
in Mumbai. However, once they received the money, they would never contact the person. Although the accused have admitted to have duped only one person of Rs 1.2 lakh, the police say that they may have cheated many more in Mumbai and in other cities. The whole matter came to light after Prabhat Singh, a resident of Orrisa, lodged a complaint with the Juhu police. Singh had paid Rs 1.2 lakh to an unidentified person for a job in the UK. He was never contacted after that. ?During our course of investigation, we tracked the account numbers where the money was deposited. We also tracked down the e-mail ID and the mobile numbers from which the mails and messages were sent,? said PD Shinde, senior police inspector at Juhu police station.
CASE 3: Nigerian advance fee scheme
The Nigerian Advance Fee Scam has been around for quite awhile, but despite many warnings, continues to draw in many victims. In fact, the Police receive approximately 100 telephone calls from victims/ potential victims and 300-500 pieces of related correspondence per day about this scam! Indications are that the advance fee fraud grosses hundreds of millions of dollars annually and the losses are continuing to escalate. The Nigerian Advance Fee Scheme (also known internationally as "4-1-9" fraud after the section of the Nigerian penal code which addresses fraud schemes) is generally targeted at small and medium sized businesses, as well as charities. This global scam (recently seen in India, Russia, Southeast Asia, Australia, and New Zealand, as well as the US) involves the receipt of an unsolicited letter purporting to come from someone who claims to work for the Nigerian Central Bank or from the Nigerian government. (The Central Bank of Nigeria denies all connection to those who promote this scheme.) In the letter, a Nigerian claiming to be a senior civil servant will inform the recipient that he is seeking a reputable foreign company into whose account he can deposit funds ranging from $10$60 million which the Nigerian government overpaid on some procurement contract.
21 | P a g e
The goal of the scam artist is to delude the victim into thinking that he or she has been singled out to participate in a very lucrative—although questionable—arrangement. The intended victim is reassured of the authenticity of the arrangement by forged or false documents bearing apparently official Nigerian government letterhead, seals, as well as false letters of credit, payment schedules and bank drafts. The scam artist may even establish the credibility of his contacts, and thereby his influence, by arranging a meeting between the victim and "government officials" in real or fake government offices.
Once the victim becomes confident of the potential success of the deal, something goes wrong. The victim is then pressured or threatened to provide one or more large sums of money to save the venture. For example, an official will demand an up-front bribe or an unforeseen tax or fee to the Nigerian government will have to be paid before the money can be transferred. Each fee paid is described as the very last fee required. The scheme may be stretched out over many months. Sample Letter: Lagos, Nigeria. Attention: the President/CEO Dear Sir, Confidential business proposal Having consulted with my colleagues and based on the information gathered from the Nigerian chambers of commerce and industry, I have the privilege to request for your assistance to transfer the sum of $47,500,000.00 (forty seven million, five hundred thousand United States dollars) into your accounts. The above sum resulted from an over-invoiced contract, executed commissioned and paid for about five years (5) ago by a foreign contractor. This action was however intentional and since then the fund has been in a suspense account at the central bank of Nigeria apex bank.
22 | P a g e
We are now ready to transfer the fund overseas and that is where you come in. it is important to inform you that as civil servants, we are forbidden to operate a foreign account; that is why we require your assistance. the total sum will be shared as follows: 70% for us, 25% for you and 5% for local and international expenses incident to the transfer. The transfer is risk free on both sides. i am an accountant with the Nigerian national petroleum corporation (NNPC). If you find this proposal acceptable, we shall require the following documents:
(a) your banker’s name, telephone, account and fax numbers (b) your private telephone and fax numbers—for confidentiality and easy communication (c) your letter-headed paper stamped and signed Alternatively we will furnish you with the text of what to type into your letter-headed paper, along with a breakdown explaining, comprehensively what we require of you. The business will take us thirty (30) working days to accomplish.
Please reply urgently. Best regards
Be careful. This scam can be physically dangerous as well as dangerous to your finances. Victims are almost always requested to travel to Nigeria or a border country to complete a transaction. Victims are often told that a visa will not be necessary to enter the country. The Nigerian scam artists may then bribe airport officials to pass the victims through Immigration and Customs. Because it is a serious offense in Nigeria to enter without a valid visa, the victim‘s illegal entry may be used by the scam artists as leverage to coerce the victims into releasing funds. Violence and threats of physical harm may be employed to further pressure victims. In June of 1995, an American was murdered in Lagos, Nigeria, while pursuing a 4-1-9 scam, and numerous other foreign nationals have been reported as missing.
23 | P a g e
Avoid these scams like the plague! Don‘t let promises of large amounts of money impair your judgment? How does the fraud work? The bait is the fictional millions of dollars described in each one of these letters. The goal is to get you to come up with money for the "expenses" required to transfer those millions to you. The victim thinks, a few hundred or a few thousand dollars is trivial when $31 million is at stake. Each demand for more money is claimed to be the very last obstacle before the big money is released. Sometimes, the victim is lured to Nigeria, where even worse things happen. How did they get my email address? Exactly the same way all spammers get your email address. Spammers "harvest" email addresses mentioned on web sites. Others run "dictionary attacks" — programs which query mail servers if they have an address AAA100, AAA101, AAA102, etc. That‘s why you get tons of unsolicited commercial email even if you‘ve kept your email address a secret. And spammers sell each other CD‘s with millions of addresses. Remember that practically all spam email is fraudulent anyway Why is it called "Nigerian Fraud"? Regardless of the country or countries mentioned in the letter—even countries located outside of Africa—the fraudsters are usually Nigerian.
CASE 4: Obscenity in the form of Vulgar E-Mails, SMS’s Or MMS Clips
Beware! You may not be intending to harass someone, but that obscene SMS or e-mail you just sent could land you in a lot of trouble. In fact, just receiving it and not deleting it from your inbox could also get you arrested. Since it‘s a non-bailable, cognizable offence, be prepared to also spend at least a night in jail before the judge lets you out. In India, a person could be charged for simply possessing alleged obscene content due to the wide scope of the Information Technology (IT) Act. So if a friend sends a dirty MMS that the police find in your cell phone, you could be as liable as him for prosecution under the IT Act.
24 | P a g e
Any obscene or vulgar SMS, MMS, or even an audio clip from boyfriends, girlfriends, colleagues, spouses or acquaintances can prove costly for the sender and receiver. ?As far as an SMS is concerned, it too is an electronic record since a mobile phone is a ?computer‘ under Section 2 of the IT Act,‘‘ said Pavin Duggal, a leading cyber law expert in India. The IT Act dictates that an obscene SMS, which may cost the sender as little as 30 paise, should lead to a fine of Rs 1 lakh and up to five years in jail. A second-time offence can land the convict in prison for up to 10 years and a fine of up to Rs 2 lakh. ?Harassment is of no consequence. The fact that it is obscene content is enough for the law to apply,‘‘ noted Duggal. However, the harsher penalties are rarely handed out because of poor implementation of the law, Duggal said. First of all, few obscenity cases are filed in which no one is harassed. One such case involved an MMS clip showing two Delhi students having sex and which was put up for sale on a website. Secondly, even in the case of harassment, there is reluctance by victims to report offences to the police, much less take the matter to court. Interestingly, the fact that the state can act without an official complaint from a member of the public, including the harassment victim, has not aided prosecution. Duggal noted that Mumbai is an exception, where the police‘s cyber crime cell is active. But by and large across India the police are reluctant to register cyber crimes—obscenity via SMS is a concept they are still grappling with. In fact, since the inception of the seven year-old IT Act, there have hardly been any convictions for cyber crimes. Duggal said a 2003 on-line cheating case in Delhi is believed to be the first conviction under the Act. The first conviction for obscenity, under Section 67 of the IT Act, was last year in Tamil Nadu where a boy had morphed his girlfriend‘s face onto a nude body and sent it to their friends on the internet. The MMS student sex case is still pending in court. There are numerous cases involving obscene SMSes used to harass people, but most times people don‘t report the matter as this would mean more embarrassment and the hardship of proving the case in court. Duggal noted that it‘s not easy to get a conviction under Section 67, primarily because one has to prove that the obscene information is attributable to the accused. One has to prove the records of service providers, which are sometimes unavailable.
25 | P a g e
Forget prosecution, even investigation is a problem, said internet guru Vijay Mukhi. When sex siren Mallika Sherawat complained in 2005 that an obscene video-clip doing the rounds featured her look alike and not her, the police were faced with a difficult task. As it turned out, said her lawyer Vibhav Krishna, the MMS was found to feature a Brazilian girl and the probe ended there. Mukhi said, ?The problem is that the servers hosting the offensive content are usually located on foreign shores, and even if the origin is a local cyber cafe, the lack of records is a roadblock during a police probe.‘‘ An expert committee appointed a few years ago by the Bombay High Court said it was difficult to have system-based firewalls at cyber cafes to curb the presence of online pornography. Another IT law expert Amit Desai said the IT Act has some, but not all answers. There is no provision, for instance, for cyber stalking in the present law. This is a huge lacuna as most complaints relate to the harassment faced by a continuous inflow of non-obscene messages or mails, said lawyers. Nor is child pornography specifically dealt with under the Act. Recommendations to make child porn a serious and specific offence with enhanced punishment were made to the government last year by an expert committee. Counsel Rajiv Kumar said, ?In the last few years, technology has developed to such an extent that it is capable of being misused and abused. But there is no specific legislation to deal with doctored electronic data.‘‘ Privacy in the electronic age also remains a crucial issue. Any form of electronic communication which tends to ?outrage the modesty‘‘ of a person, or infringes on personal relationships, is an invasion of privacy. The virus spread at great speed around the world
CASE 5: LOVE BUG VIRUS
The virus arrived in e-mail boxes on May 4, 2000, with the simple subject of "ILOVEYOU" and an attachment "LOVE-LETTER-FOR-YOU.TXT.vbs".[1] Upon opening the attachment, the
26 | P a g e
virus sent a copy of itself to everyone in the user's address list, posing as the user. It also made a number of malicious changes to the user's system. Such propagation mechanism (though in IBM mainframe rather than MS Windows environment) has been well known and used already in the Christmas Tree EXEC of 1987, which brought down a large fraction of the world's mainframes at the time.[citation needed] Two aspects of the virus made it effective: ?
?
It relied on social engineering to entice users to open the attachment and ensure its continued propagation. It exploited the weakness of the email system design that an attached program could be run easily by simply opening the attachment; the underlying mechanism – VBScript – had not been exploited to such a degree previously to direct attention to its potential, thus the necessary layers of protection were not in place yet.
Its massive spread moved westward as workers arrived at their offices and encountered messages generated by people from the East. Because the virus used mailing lists as its source of targets, the messages often appeared to come from an acquaintance and so might it be considered "safe", providing further incentive to open them. All it took was a few users at each site to access the VBS attachment to generate the thousands and thousands of e-mails that would cripple e-mail systems under their weight, not to mention overwrite thousands of files on workstations and accessible servers. The virus began in the Philippines on May 4, 2000, and spread across the world in one day (traveling from Hong-Kong to Europe to the United States), infecting 10 percent of all computers connected to the Internet and causing about $5.5 billion in damage. Most of the "damage" was the labor of getting rid of the virus. The Pentagon, CIA, and the British Parliament had to shut down their e-mail systems to get rid of the virus, as did most large corporations. This particular malware caused widespread outrage, making it the most damaging virus ever. The virus overwrote important files, as well as music, multimedia and more, with a copy of
27 | P a g e
itself. It also sent the virus to everyone on a user's contact list. Because it was written in Visual Basic Script, this particular virus only affected computers running the Microsoft Windows operating system. While any computer accessing e-mail could receive an "ILOVEYOU" e-mail, only Microsoft Windows systems would be infected. The alleged authors of the virus, include Irene de Guzman from Manila, Philippines, her brother Onel de Guzman and her boyfriend Reomel Lamores who was briefly held in May 2000 in connection with the virus outbreak. He denied writing the virus, later he claimed the release of the code had been accidental. As there were no laws in the Philippines against virus-writing at the time, he was released and in August the prosecutors dropped all charges against Irene De Guzman, her boyfriend and owner of the PC which was the source of the infection. The original charges brought up against her dealt with the illegal use of passwords for credit card and bank transactions.
CASE 6: The Melissa Supremacy
The Melissa worm, also known as "Mailissa", "Simpsons", "Kwyjibo", or "Kwejeebo", was a mass-mailing macro virus, hence leading some to classify it as a computer worm. Melissa was written by David L. Smith in Aberdeen Township, New Jersey. Smith called himself Kwyjibo. It is also known to damage documents by putting in the text, ?twenty-two, plus triple-word score, plus fifty points for using all my letters. Game‘s over. I‘m outta here?, a reference to The Simpsons episode Bart the Genius, from where the name 'kwyjibo' also originates. First found on March 26, 1999, Melissa shut down Internet mail systems that got clogged with infected e-mails propagating from the worm. Melissa was not originally designed for harm, but it overflowed servers and caused unplanned problems. If a Word document containing the virus, either LIST.DOC or another infected file, was downloaded and opened, then the macro in the document ran and attempted to mass mail itself. When the macro mass-mailed, it collected the first 50 entries from the alias list or address book, and sent it to the e-mail addresses of those names. Companies such as Microsoft, Intel, Lockheed Martin, and Lucent Technologies were
28 | P a g e
forced to shut down their e-mail gateways due to the vast amount of e-mail the virus was generating. The Melissa virus was the most costly computer outbreak to date, causing more than $80 million in damages to North American businesses. In December of the same year, Smith pleaded guilty to creating and releasing the virus. He was one of the first people to ever be prosecuted for writing a virus. The sentence, originally ten years (of a maximum forty year sentence) in a United States federal prison, was reduced to twenty months and a $5,000 fine when Smith began working undercover with the FBI shortly after his capture. Initially only working eighteen hours per week, Smith was soon bumped up to a forty hour work week. He was tasked with gaining connections among authors of new viruses, keeping an ear to the ground for software vulnerabilities, mitigating damage caused by these nefarious activities, and contributing to the capture of the perpetrators. Mr Smith said in a statement: "I did not expect or anticipate the amount of damage that took place ... I had no idea there would be such profound consequences to others. In fact, I included features designed to prevent substantial damage." High score If the user launched the document, their computer became infected, although the worst thing that could happen apparently was if it was launched when the day equaled the minute value ... such as 29 minutes past on the 29th, the following message appeared: "Twenty-two points, plus triple-word-score, plus 50 points for using all my letters. Game's over. I'm outta here." The quote was from Bart of The Simpsons cartoon show, who invented the word Kwyjibo to describe a North American ape or his father Homer in a Scrabble-playing episode. It has been estimated that the virus infected more than a million computers.
29 | P a g e
8. LATEST DEVELOPMENTS
CYBER CRIMES RATE 50 PERCENT JUMP IN INDIA With India being home to the fourth highest number of internet users in the world, cyber crimes under the the Information Technology (IT) Act recorded a whopping 50 percent jump in 2007 over the previous year. What's more, the majority of offenders were under 30 years of age. The maximum cyber crime cases, about 46 percent, were related to incidents of cyber pornography, followed by hacking. In over 60 percent of these cases, offenders were between
30 | P a g e
18 and 30, according to the "Crime in 2007" report of the National Crime Record Bureau (NCRB). Cyber crimes are punishable under two categories - the IT Act 2000 and the Indian Penal Code (IPC). The report says that 217 cases of cyber crime were registered under the IT Act in 2007 compared to 142 in 2006 - an increase of 50 percent. Under the IPC too, 339 cases were recorded in 2007 compared to 311 cases in 2006. "Seventeen out of 35 mega cities have reported nearly 300 cases of cyber crimes under both categories, thereby recording an increase of 32.6 percent in a year," the report says. The report indicates that cyber crimes are no longer limited to metro cities. PARLIAMENT APPROVES CYBER CRIME BILL Parliament has passed the Information Technology (Amendment) Bill that provides for imprisonment, which could extend to life term, for those indulging in cyber terrorism and a jail term of up to five years for publishing or transmitting obscene material in electronic form. The Bill, which was earlier passed by the Lok Sabha and cleared by the Rajya Sabha on Tuesday, prescribes stiff punishment for offences related to misuse of computers and communication equipment. It seeks addition of provisions to deal with cyber crimes such as transmitting sexually explicit materials in electronic form, video voyeurism, breach of confidentiality, leakage of data by intermediary and e-commerce frauds. It treats cases related to dishonestly receiving stolen computer resource, identity theft, cheating by impersonation using computer resource and violation of privacy very seriously. For those indulging in cyber terrorism with the intent of threatening the unity, integrity, security or sovereignty of the country or striking terror in the people, the Bill stipulates life imprisonment. Transmitting material containing sexually explicit acts in electronic form would be punishable by imprisonment of up to five years along with a fine of up to Rs.10 lakh.
31 | P a g e
Similarly, publishing or transmitting of material depicting children in sexually explicit acts in electronic form will also invite a punishment of up to five years and a fine of up to Rs.10 lakh. BLACKBERRY: GOVT TO SOON FIND A SOLUTION The BlackBerry issue came into the open earlier this year when DoT refused permission to Tata Teleservices to launch this service on the grounds that Indian security agencies did not have a system in place to monitor data and email sent between BlackBerry users. BlackBerry services provided by other operators, too, came under the scanner after IB and other security agencies informed DoT that emails and data sent between BlackBerry users in India bypass the networks of telcos providing these services here and directly hit RIM‘s servers in Canada. After many rounds of talks between intelligence agencies and RIM, DoT proposed an interim solution where all data between BlackBerry users are stored on the servers of the telcos for a year. The department has asked RIM to use this 12-month period to move some of its servers to India, which will then enable the country‘s security agencies to monitor the BlackBerry traffic.
The government may soon find a solution to the BlackBerry security issue. San Jose-based Cain Technologies and SS8 Networks will be demonstrating their interception equipment to the Department of Telecom (DoT) and Intelligence Bureau (IB) . DoT sources said if the demonstrations are successful, the government will direct Canada‘s RIM (the maker of BlackBerry smartphones) to install the interception solution on Indian mobile networks expeditiously.
32 | P a g e
GOVT MAY KEEP AN EYE ON EMAILS FROM ABROAD
Worried over large-scale hacking of government websites by foreign-located servers, the department of information technology (DIT) is planning to set up a surveillance mechanism for all mails coming from overseas Recently hackers have found safe havens in China and the UK for executing their malicious activities. US security agency, US-CERT, has also initiated a similar move against such web intrusions. The US government has accused Chinese hackers of intruding into government‘s official documents. In fact, in the wake of large-scale defacement of important government websites, the Centre has decided to make an exclusive foolproof network of critical infrastructure and highly-vulnerable government departments. This is in addition to an innovative advance- warning systems, which is being deployed to warn about virus attacks. The cyber security wing of DIT would prepare the new software to issue advance warnings of any lurking danger on these websites. In the US, two Congressmen have accused China of hacking into their office computers to possibly compromise sensitive information on Chinese dissidents.
Frank Wolf, a Republican from Virginia had reportedly said that at least four of his office computers had been infiltrated in August 2006 and that he was told by the FBI and other officials that the source of the attack appeared to be from China. The CBI has also earmarked e-security as the prime concern and is in the process of setting up new mechanism to tackle the menace.
33 | P a g e
GOVT TO SNIFF YOUR EMAILS
Here's how the Indian government plans to track suspected terror emails in real time: It's going to sniff or read your messages. Sniffing, in technical terms, means capturing data being transmitted on a network to identify its origin and destination and, if needed, see its contents. Sniffer programmes are commonly used by internet service providers (ISPs) to detect bottlenecks and problems for regulating internet traffic. Email tracking is the buzz word in cyber intelligence circles. "We have unofficial estimates that everyday nearly 25,000 new email IDs are created by users accessing only one of the major email networks. We also suspect that terror IDs are created specifically for sending out an email. In this context, sniffing mail servers can help us track down these suspected IDs even as they are being created," said an official familiar with the government's policy on cyber terrorism. The intelligence agencies have been monitoring the international internet traffic emanating and ending in India for the last two years. The security agencies have installed hardware at three major international gateways that sniff the internet traffic leaving India and coming into the country. However, with more and more evidence of home-grown terrorists using domestic networks for communication, the intelligence community has been making noises about deploying the sniffing technology at the local ISP level. "The technology is controversial because while it helps monitor traffic for national security purposes, it also gives a lot of power to the ISP to analyse its internet traffic and give priority to one kind of data transfer over others. For instance, if an ISP discovers using deep packet inspection that during the day most of the data packets passing through its networks are videos and audio files due to which its own corporate customers' traffic is getting slowed down, the ISP may slow down the video and audio traffic to give priority to the data of its prime customers," the official said.
34 | P a g e
"The technology is not all that new and is widely available. Many Intellectual Property Rights sensitive industries like automobile design houses and pharma companies are the traditional consumers of such technology," he said.
NEW COMPANY LAW TO POST EMAIL AS EVIDENCE
The new company law, being drafted by the government, is likely recognizing email as a valid piece of evidence. With corporate relying on emails for bulk of their communication, the ministry of corporate affairs is planning to recognize electronic communication by corporate as evidence during company law prosecutions.
Regulatory changes in this regard would clear the air on the evidentiary value of electronic communication, including email. With the law yet to gain clarity on the subject, it is felt the move would tighten the noose around companies who bank on regulatory loopholes for selfdefense.
Officials say the new company law, expected to be introduced in Parliament soon, would provide for necessary changes to this effect. The changes are likely to assist prosecuting agencies in their crackdown on infringement of company law provisions.
Today, there is no specific recognition of email as evidence. Officials point out the lack of clarity has often been exploited by companies facing prosecution. The inception of the ministry‘s e-governance project has prepared the groundwork for initiating the move, point out officials. The project, MCA-21, has enabled computerization of documents and records filed by companies.
The new company law has accorded substantial importance to both means to check corporate frauds as well as ways to crack them. The government feels the companies should not be let off due to lack of evidence. It is also learnt that the government at various levels is trying to harmonize related legislation such as Information Technology Act and Evidence Act on the
35 | P a g e
subject to avoid regulatory overlaps.
Even as the company law awaits amendments to this effect, the Competition Commission of India (CCI) feels corporate emails could be crucial evidence in cartel investigations. CCI recommends enterprises to maintain a check on electronic correspondence of its marketing personnel and distributing agents to ensure they do not engage themselves in anti-competition activities.
9. CONCLUSION:
Capacity of human mind is unfathomable. It is not possible to eliminate cyber crime from the cyber space. It is quite possible to check them. History is the witness that no legislation has succeeded in totally eliminating crime from the globe. The only possible step is to make people aware of their rights and duties (to report crime as a collective duty towards the society) and further making the application of the laws more stringent to check crime. Undoubtedly the Act is a historical step in the cyber world. Further I all together do not deny that there is a need to bring changes in the Information Technology Act to make it more effective to combat cyber crime. It should be kept in mind that the provisions of the cyber law are not made so stringent that it may retard the growth of the industry and prove to be counter-productive.
36 | P a g e
BIBLIOGRAPHY
1. www.cbsnews.com 2. www.cyberforensic.co.cc 3. www.cybercrime.planetindia.net 4. www.naavi.org 5. www.usdoj.gov 6. www.cybercrime.in 7. www.cyberlaws.net 8. www.merinews.com
37 | P a g e
doc_931307054.docx