Page 1 :
Unit-V Cyber and IT Act- 2000, Information Technology Act, 2000, The Information Technology Act, 2000 or ITA, 2000 or IT Act, was notified on October 17, 2000. It is the law that deals with cybercrime and electronic commerce in ., Objectives of the Act, The Information Technology Act, 2000 provides legal recognition to the transaction done via electronic exchange of data and other electronic or electronic commerce transactions., The objectives of the Act are as follows:, Grant legal recognition to all transactions done via electronic exchange of data or other electronic means of communication or , in place of the earlier paper-based method of communication., Give legal recognition to digital signatures for the authentication of any information or matters requiring legal authentication, Facilitate the electronic filing of documents with Government agencies and also departments, Facilitate the electronic storage of data, Give legal sanction and also facilitate the electronic transfer of funds between and financial institutions, Grant legal recognition to bankers under the Evidence Act, 1891 and the of India Act, 1934, for keeping the books of accounts in electronic form., Features of the Information Technology Act, 2000, All electronic contracts made through secure electronic channels are legally valid., Legal recognition for digital signatures., Security measures for electronic records and also digital signatures are in place, A procedure for the appointment of adjudicating officers for holding inquiries under the Act is finalized, Provision for establishing a Cyber Regulatory Appellant Tribunal under the Act. Further, this tribunal will handle all appeals made against the order of the Controller or Adjudicating Officer., An appeal against the order of the Cyber Appellant Tribunal is possible only in the High Court, will use an asymmetric cryptosystem and also a hash function, What is cybercrime?, Cybercrime is criminal activity that either targets or uses a computer, a computer network or a networked devic, Most, but not all, cybercrime is committed by cybercriminals or hackers who want to make money. Cybercrime is carried out by individuals or organizations, Types of cybercrime, Here are some specific examples of the different types of cybercrime:, Email and internet fraud., Identity fraud (where personal information is stolen and used)., Theft of financial or card payment data., Theft and sale of corporate data., Cyberextortion (demanding money to prevent a threatened attack)., Ransomware attacks (a type of cyberextortion)., Cryptojacking (where hackers mine cryptocurrency using resources they do not own)., Cyberespionage (where hackers access government or company data)., Most cybercrime falls under two main categories:, Criminal activity that targets, Criminal activity that uses computers to commit other crimes., Cybercrime that targets computers often involves viruses and other types of malware., Cybercriminals may infect computers with viruses and malware to damage devices or stop them working. They may also use malware to delete or steal data., Cybercrime that stops users using a machine or network, or prevents a business providing a software service to its customers, is called a Denial-of-Service (DoS) attack., Cybercrime that uses computers to commit other crimes may involve using computers or networks to spread malware, illegal information or illegal images., Sometimes cybercriminals conduct both categories of cybercrime at once. They may target computers with viruses first. Then, use them to spread malware to other machines or throughout a network., Cybercriminals may also carry out what is known as a Distributed-Denial-of-Service (DDos) attack. This is similar to a DoS attack but cybercriminals use numerous compromised computers to carry it out., The US Department of Justice recognizes a third category of cybercrime which is where a computer is used as an accessory to crime. An example of this is using a computer to store stolen data., The US has signed the . The convention casts a wide net and there are numerous malicious computer-related crimes which it considers cybercrime. For example:, Illegally intercepting or stealing data., Interfering with systems in a way that compromises a network., Infringing copyright., Illegal gambling., Selling illegal items online., Examples of cybercrime, Malware attacks, A malware attack is where a computer system or network is infected with a computer virus or other type of malware., A computer compromised by malware could be used by cybercriminals for several purposes. These include stealing confidential data, using the computer to carry out other criminal acts, or causing damage to data., A famous example of a malware attack is the WannaCry ransomware attack, a global cybercrime committed in May 2017., Ransomware is a type of malware used to extort money by holding the victim’s data or device to ransom. WannaCry is type of ransomware which targeted a vulnerability in computers running Microsoft Windows., When the WannaCry ransomware attack hit, 230,000 computers were affected across 150 countries. Users were locked out of their files and sent a message demanding that they pay a BitCoin ransom to regain access., Worldwide, the WannaCry cybercrime is estimated to have caused $4 billion in financial losses., Phishing, A phishing campaign is when spam emails, or other forms of communication, are sent en masse, with the intention of tricking recipients into doing something that undermines their security or the security of the organization they work for., Phishing campaign messages may contain infected attachments or  links to malicious sites. Or they may ask the receiver to respond with confidential information, A famous example of a phishing scam from 2018 was one which took place over the World Cup. , the World Cup phishing scam involved emails that were sent to football fans., These spam emails tried to entice fans with fake free trips to Moscow, where the World Cup was being hosted. People who opened and clicked on the links contained in these emails had their personal data stolen., Another type of phishing campaign is known as spear-phishing. These are targeted phishing campaigns which try to trick specific individuals into jeopardizing the security of the organization they work for., Unlike mass phishing campaigns, which are very general in style, spear-phishing messages are typically crafted to look like messages from a trusted source. For example, they are made to look like they have come from the CEO or the IT manager. They may not contain any visual clues that they are fake., How to protect yourself against cybercrime, So, now you understand the threat cybercrime represents, what are the best ways to protect your computer and your personal data? Here are our top tips:, Keep software and operating system updated, Keeping your software and operating system up to date ensures that you benefit from the latest security patches to protect your computer., Use anti-virus software and keep it updated, Using anti-virus or a comprehensive internet security solution like is a smart way to protect your system from attacks., Anti-virus software allows you to scan, detect and remove threats before they become a problem. Having this protection in place helps to protect your computer and your data from cybercrime, giving you piece of mind., If you use anti-virus software, make sure you keep it updated to get the best level of protection., Use strong passwords, Be sure to use strong passwords that people will not guess and do not record them anywhere. Or use a reputable password manager to generate strong passwords randomly to make this easier., Do not click on links in spam emails or untrusted websites, Another way people become victims of cybercrime is by clicking on links in spam emails or other messages, or unfamiliar websites. Avoid doing this to stay safe online., Do not give out personal information unless secure, Never give out personal data over the phone or via email unless you are completely sure the line or email is secure. Make certain that you are speaking to the person you think you are., Contact companies directly about suspicious requests, If you get asked for data from a company who has called you, hang up. Call them back using the number on their official website to ensure you are speaking to them and not a cybercriminal., Ideally, use a different phone because cybercriminals can hold the line open. When you think you’ve re-dialed, they can pretend to be from the bank or other organization that you think you’re speaking to., What is Cyber Fraud?, Cyber fraud is the crime committed via a computer with the intent to corrupt another individual’s personal and financial information stored online. Cyber fraud is the most common type of fraud and individuals and organisations need to be vigilant and protect their information from fraudsters., How can you protect against cyber fraud?, Cyber-crime and fraudsters normally try to hack into victims' personal and financial information online via phishing emails and viruses. If you receive an email with an attached link which either asks you to present your bank information or to confirm your bank account information, do not do so. The key to avoiding cyber-crime is to understand what your bank and related bodies would ask of you, and they would never email or call you asking for your bank information. Even if the email or the phone call sounds legitimate and honest, you should call the bank yourself and ask them if this email originated from them or not., Make sure you destroy all traces of your personal and financial information. If a bank has posted you information with your bank details on, ensure that you shred this information, as a fraudster could find this information in a bin and utilise it online to process a CNP payment., Furthermore, make sure you protect your computer with an anti-virus software to combat any contact made between the fraudster and your computer., If all of your preventive methods fail, you can always contact the relevant bodies which have been established to combat cyber fraud, such as Action Fraud, which is the UK's national fraud and cyber-crime reporting centre. Furthermore, the National Fraud Authority is an executive agency of the UK Home Office established to protect the UK economy from fraud. There is help out there for the victims of cyber fraud. It is now time for individuals to be vigilant in protecting their information to combat cyber fraud., CYBER CHEATING, In this type of scam, the sender, generally through an email, requests help in facilitating the transfer of a substantial sum of money. In return, the sender offers a commission, usually in the range of several million dollars. The scammers then request that money be sent to pay for some of the costs associated with the transfer. Once money is sent to the scammers, they will either disappear immediately or try to get more money with claims of continued problems with the transfer., In such matters the victims normally allege that they have received emails from unknown sources wherein they have been informed that:, • Either they have won a lottery worth millions of dollars; or, • Their help is required for transferring of illegal money from some African Country; or, • They have been selected for an overseas job, generally a hotel job in some European/American country; or, • Goods are offered at throwaway prices; or, • In some cases, the victim's address book in her emailing list is compromised and emails sent to all her contacts from her ID asking for money to bail out from a perilous situation;, The victims are trapped in a phased manner and are generally made to deposit a huge amount of money either as money transfer fee, payment of taxes or transportation cost., The victims apparently receive a spam email and respond to the same and ends up paying money to some unknown persons for a nonexistent purpose., Such crimes are generally carried out from foreign locations. Money is either deposited in offshore accounts or in some courier account in India., Preventive Measures/Precautions, 1. Do not chat with strangers over net. Fraudsters and scammers prowl on the internet looking for victims., 2. Never send money or give credit card details, online account details or copies of personal documents to anyone you don’t know or trust and never by email., 3. Avoid any arrangement with a stranger who asks for up-front payment via money order, wire transfer, international funds transfer, pre-loaded card or electronic currency. It is rare to recover money sent this way., 4. Do not agree to transfer money for any unknown person. Money laundering is a criminal offence., 5. Verify the identity of the contact by calling the relevant organization directly – find them through an independent source such as a phone book or online search. Do not use the contact details provided in the message sent to you., What is Copyright?, Copyright is a type of intellectual property that protects original works of authorship as soon as an author fixes the work in a tangible form of expression. In copyright law, there are a lot of different types of works, including paintings, photographs, illustrations, musical compositions, sound recordings, computer programs, books, poems, blog posts, movies, architectural works, plays, and so much more!, Key notes:-, Copyright law protects creators of original material from unauthorized duplication or use., For an original work to be protected by copyright laws, it has to be in tangible form., In the U.S., the work of creators is protected by copyright laws until 70 years after their death., Who is a copyright owner?, Everyone is a copyright owner. Once you create an original work and fix it, like taking a photograph, writing a poem or blog, or recording a new song, you are the author and the owner., Companies, organizations, and other people besides the work’s creator can also be copyright owners. Copyright law allows ownership through “works made for hire,” which establishes that works created by an employee within the scope of employment are owned by the employer. The work made for hire doctrine also applies to certain independent contractor relationships, for certain types of commissioned works., Copyright ownership can also come from contracts like assignments or from other types of transfers like wills and bequests., What rights does copyright provide?, U.S. copyright law provides copyright owners with the following exclusive rights:, Reproduce the work in copies or ., Prepare derivative works based upon the work., Distribute copies or phonorecords of the work to the public by sale or other transfer of ownership or by rental, lease, or lending., Perform the work publicly if it is a literary, musical, dramatic, or choreographic work; a ; or a motion picture or other audiovisual work., Display the work publicly if it is a literary, musical, dramatic, or choreographic work; a pantomime; or a pictorial, graphic, or sculptural work. This right also applies to the individual images of a motion picture or other audiovisual work., Perform the work publicly by means of a digital audio transmission if the work is a sound recording., Introduction of digital signature, A digital signature is exactly what it sounds like a modern alternative to signing documents with paper and pen., It uses an advanced mathematical technique to check the authenticity and integrity of digital messages and documents. It guarantees that the contents of a message are not altered in transit and helps us overcome the problem of impersonation and tampering in digital communications., also provide additional information such as the origin of the message, status, and consent by the signer., The role of digital signatures, In many regions, including parts of North America, the European Union, and APAC, digital signatures are considered binding and hold the same value as traditional document signatures., In addition to , they are also used for financial transactions, email service providers, and software distribution, areas where the authenticity and integrity of digital communications are crucial., Industry-standard technology called public key infrastructure ensures a digital signature's data authenticity and integrity., Importance of Digital Signature, Out of all cryptographic primitives, the digital signature using public key cryptography is considered as very important and useful tool to achieve information security., Apart from ability to provide non-repudiation of message, the digital signature also provides message authentication and data integrity. Let us briefly see how this is achieved by the digital signature −, Message authentication − When the verifier validates the digital signature using public key of a sender, he is assured that signature has been created only by sender who possess the corresponding secret private key and no one else., Data Integrity − In case an attacker has access to the data and modifies it, the digital signature verification at receiver end fails. The hash of modified data and the output provided by the verification algorithm will not match. Hence, receiver can safely deny the message assuming that data integrity has been breached., Non-repudiation − Since it is assumed that only the signer has the knowledge of the signature key, he can only create unique signature on a given data. Thus the receiver can present data and the digital signature to a third party as evidence if any dispute arises in the future., By adding public-key encryption to digital signature scheme, we can create a cryptosystem that can provide the four essential elements of security namely − Privacy, Authentication, Integrity, and Non-repudiation., How do digital signatures work?, Using a mathematical algorithm, providers such as Zoho Sign will generate two keys: a public key and a private key. When a signer digitally signs a document, a cryptographic hash is generated for the document., That cryptographic hash is then encrypted using the sender's private key, which is stored in a secure HSM box. It is then appended to the document and sent to the recipients along with the sender's public key., The recipient can decrypt the encrypted hash with the sender's public key certificate. A cryptographic hash is again generated on the recipient's end., Both cryptographic hashes are compared to check its authenticity. If they match, the document hasn't been tampered with and is considered valid., Other Uses for Digital Signature, Sometimes you need proof that the document came from you and no one has tampered with it since you sent it. Digital Signature with your SSL Certificate fills the bill., On the other hand, sometimes you need to prove that a document came from someone else and has not been altered along the way. In legal matters, for example, you may need to prove that a contract has not been altered since someone sent it as an email., Because the computer tenaciously pairs the Digital Signature to one saved version of the document, it is nearly impossible to repudiate a digitally signed document., Or, if you are a developer distributing software online, you may need to reassure your customers that your executables really are from you. Put a Code Signing Certificate in your toolkit.