cybersecurity

Navigating Cybercrimes in India: Role of the Information Technology Act

Information Technology Act:

Almost every day, a high-profile security breach is revealed in the media, revealing the newest distributed denial of service (DDoS), advanced persistent threat (APT), or whatever else has exposed the data of huge organizations’ consumers and employees.

But, aside from high-profile attacks on huge corporations, there are hundreds, if not thousands, of cyber-attacks, carried out every day that are not publicized by the media – or, in most cases, the victim.

Whether these attacks are launched out on businesses, public sector organizations, or entire nations for motives of activism, monetary gain, or warfare, the way they are combated needs to alter.

Successful attacks on some of the world’s largest and most resourceful organizations are leading an increasing number of businesses to the same harsh conclusion: no amount of funding for the latest and greatest cybersecurity technologies can keep them safe. For numerous years, hackers have continued to remain one point ahead of security firms and their solutions.

Types of Cyber Crime

Hacking:

Hacking is the act of an intruder gaining unauthorized access to your computer system. Hackers are essentially computer programmers who have a thorough knowledge of computers and frequently exploit this knowledge for malicious purposes.

They are typically technology enthusiasts with expert-level knowledge of a single software application or language.

There could be numerous causes, but the most prevalent are rather straightforward and can be described by a human inclination such as money, fame, power, and so on.

Some people do it merely to demonstrate their expertise—from relatively harmless actions such as changing software (and even hardware) to performing tasks that are not intended by the creator—to those who seek to inflict destruction.

1.2 Virus Attacks:

Viruses are computer programs that attach to or infect a computer or file and then spread to other machines on a network.

They interfere with computer functionality and have an impact on the data saved, either by changing it or removing it entirely. 

apart from viruses, Worms, do not require a host to attach to. They just proliferate until they have consumed all of the system’s available memory. The term “worm” can also refer to self-replicating “malware.”

They distribute themselves by masquerading as a real file, such as an email attachment from a putative buddy with a highly plausible name.

When browsing a website, playing online games, or using internet-driven programs, the user may unwittingly install a Trojan-infected program.

A Trojan horse, like other viruses, can inflict damage by stealing information or interfering with or disrupting the operation of computer systems.

1.3 Malware From the Internet:

Malware is accessed via the Internet by either downloading free programs (which many small-business owners do) or visiting the Web with a vulnerable machine.

Do you believe your computer is safe? If you haven’t updated Java in a long time, your machine is potentially exposed to cyber-attacks.

Once malware is downloaded onto your computer from one of these two sources, your computer may be controlled by a billion-dollar crime enterprise.

These criminal organizations sell access to your computer, and data obtained from it (credit cards, passwords, Social Security numbers, email addresses, specialized company information, addresses, bank account details, access your bank account, and so on), and they can even lock down your pc to ransom it.

They may end up leaving you completely helpless by securing the information or restricting access and demanding you pay hundreds of dollars using a MoneyPak card.

1.4 Malware From Email:

Crime groups purchase email lists and send emails that look to be from legal domains and businesses. Why is this type of attack so effective? Because you would expect an email from XYZ@flipkart.com if you received one from Flipkart or Amazon with the details of your tracking information or sent goods.

The phony emails appear to be sent from the Flipkart domain. Crime groups spoof the email to appear to be from a reputable domain.

Then they craft a well-written email with information on your item and urge you to open an attachment or click on a link (as companies often request via email).

Emails for this type of assault are difficult to block at the time and may appear from well-known firms, making you want to investigate further.

As a result, the only real defense against this type of clickbait is good password practices and healthy internet practices, which include never allowing any device to save your password, changing passwords frequently, doing minimal online transactions, and verifying each activity with a phone call or in-person meeting.

In effect, aggressively combating this malware is the only true safeguard against falling victim to it someday.

Punishment For Hacking And Damage:

According to Section 43 of the ‘Information Technology Act, 2000,’ whoever destroys, deletes, alters, disrupts, or causes disruption of any computer with the intent of damaging the entire data of the computer system without the permission of the computer’s owner, shall be liable to pay a fine of up to one crore to the person so affected as a remedy.

According to Section:43A of the ‘Information Technology (Amendment) Act, 2008,’ where a body corporate is maintaining and protecting the data of persons as provided by the central government, if there is any negligent act or failure in protecting the data/information, a body corporate shall be liable to pay compensation to the person so affected.

Section 66, on the other hand, deals with ‘hacking with computer systems’ and provides for imprisonment of up to three years or a fine of up to two years, or both.

The problem here is that, while certain viruses create momentary disruption by displaying messages on the user’s screen, they are not technically punished under the Information Technology Act of 2000 because they do not cause concrete damage. However, it must be made punitive because it falls under the category of ‘unauthorized access’ even though it causes no harm.

Harmless viruses would also fall under the phrase “to ensure the regular operation of the computer, system, or network.” This ambiguity should be reconsidered.

Denial-of-Service attack:

A Denial-of-Service (DoS) attack is an intentional attempt by attackers to deny service to intended users. Flooding a computer resource with more requests than it can process consumes its available bandwidth, resulting in server overload.

This causes the resource (for example, a web server) to crash or drastically slow down, preventing anyone from accessing it. The attacker can render a website unworkable by sending enormous quantities of traffic to the targeted site using this technique.

Phishing:

This is a method of obtaining confidential information such as credit card details and username/password combinations by impersonating a reputable business.

Email spoofing is commonly used in phishing. You’ve most likely received an email with links to legitimate-looking websites.

You probably considered it strange and did not visit the site. The software would have infiltrated your machine and taken your personal information.

Phishing fraud is a cyber fraud in which the scammer disguises themselves and uses phony and misleading websites of banks and other financial organizations, and URL Links to trick people into providing valuable personal data, which is then used to steal money from the victim’s account.

Thus, it is fundamentally a cybercrime, and it is subject to several penal sections of the Information Technology Act of 2000, as revised in 2008, which added certain additional laws to deal with phishing behavior. Sections of the Information Technology Act of 2000 that apply to Phishing Activity are as follows:

Section 66: The phisher compromises the victim’s account, which is not conceivable unless and until the fraudster fraudulently makes any modifications by way of deletion or alteration of information/data electronically in the victim’s account located on the bank server. As a result, this crime is fully covered and penalized under Section 66 of the IT Act.

Section 66A: A disguised email including a bogus link to a bank or institution is used to deceive or mislead the receiver about the origin of such email, and so plainly attracts the provisions of Section 66A of the Information Technology Act of 2000.

Section 66C: In the phishing email, the fraudster disguises himself as a legitimate banker and utilizes the bank’s or organization’s distinctive identifying feature, such as a logo or trademark, and so clearly attracts the provision of Section 66C IT Act, 2000.

Section 66D: When criminals employ a phishing email that contains a link to a phony website of a bank or organization to defraud innocent people, the crime under Section 66D is also attracted.

Email bombing and spamming:

Email bombing is defined as an abuser sending massive amounts of email to a target address, causing the victim’s email account or mail servers to crash.

To waste network resources, the message is worthless and unnecessarily long. If numerous mail server accounts are targeted, a denial-of-service attack may occur. Spam filters can readily recognize such messages appearing regularly in your inbox.

Cyberstalking:

In the current age, cyberstalking is a new type of digital crime in which a person is stalked or tracked online.

A cyber stalker does not physically follow his victim; instead, he follows his online activities to gather information about the stalker and harass and threaten him or her verbally. It is a violation of someone’s digital privacy.

Internet stalking occurs when the stalker harasses the victim through the internet. The most typical method of threatening someone is by unsolicited email, and the stalker may even send vulgar information and malware via email.

However, viruses and unsolicited telemarketing emails do not constitute cyberstalking in and of itself. However, if an email is sent repeatedly in order to scare the receiver, it may be deemed stalking. Internet stalking is not restricted to email; stalkers can use the internet to harass victims in a variety of ways.

Computer Stalking: More technologically advanced stalkers use their computer skills to aid them in their criminal activities.

They obtain unauthorized access to the victim’s machine by taking advantage of the way the internet and the Windows operating system work.

Though this is primarily done by skilled and computer-savvy stalkers, guidelines for doing so are readily available on the internet.

Identity Theft and Credit Card Fraud:

Identity theft is when someone steals your identity and impersonates you in order to gain access to resources such as credit cards, bank accounts, and other benefits under your name. The imposter may exploit your identity to perpetrate more crimes.

In its most basic form, credit card fraud is identity theft. The most prevalent type of credit card fraud involves your pre-approved card coming into the hands of someone else.

Software Piracy:

Almost any movie, program, or song from any origin may be found for free thanks to the internet and torrents.

Internet piracy is an unavoidable aspect of our lives, to which we all contribute, intentionally or unknowingly.

The earnings of resource developers are reduced in this manner. It is not only illegal to use someone else’s intellectual property, but it is also criminal to pass it on to your friends, further decreasing the revenue they receive.

This has an impact on the entire global economy because funds are being transferred from other industries, resulting in decreased investment in marketing and research.

Publishing Pornographic Material:

Section 67 of the Information Technology Act of 2000, which parallels Section 292 of the Indian Penal Code of 1860, makes publication and transmission of any material in electronic form that is lascivious or appeals to the prurient interest a crime punishable by imprisonment for up to five years and a fine of one lakh rupees, and a subsequent offense punishable by imprisonment for up to ten years and a fine of two lakh rupees.

Various tests were gradually established over time to determine the actual offense in cases of obscene material published electronically on the internet.

In the case of Regina v. Hicklin, it was determined that “if the material has the propensity to deprave and corrupt people whose minds are prone to such immoral influences, and into whose hands a This type of publication may fail.” In Ranjeet D.’s case. Udeshi v. State of Maharashtra, the Supreme Court agreed that the Indian Penal Code does not define obscenity, despite the fact that it punishes the publication of obscene matter.

There is a very fine line between what is considered obscene and what is considered appropriate.

The following constitutes software piracy:

  • Installing unauthorized software on your computer
  • Using a single-licensed piece of software across several machines
  • Using a key generator to bypass copy protection
  • Investigations And Search Procedures In Cybercrime

Section 75 of the Information Technology Act of 2000 addresses the jurisdictional issue of cybercrime, and a person will be penalized regardless of country or site of commission of the offense.

Police officials with the level of Deputy Superintendent of Police or any officer of the Central Government or a State Government recognized by the Central Government have been given the authority to conduct investigations.

He may enter any public area and perform a warrantless search and arrest of anyone who is reasonably expected to have committed or is about to commit a computer-related offense.

The accused must be brought before a Magistrate within 24 hours of being arrested. The provisions of the Criminal Procedure Code of 1973 govern the entering procedure. search and arrest of the accused.

Personal safeguards that every individual must take to protect themselves from cybercrime

Actively safeguard all of your personal information:

When sharing personal information online, such as your name, home address, phone number, and email address, use caution. Many online sites will want you to supply personal information in order to manage invoicing and shipping of purchased goods.

Because it is rarely possible to avoid disclosing personal information, the following list offers tips on how to disclose personal information safely online:
Keep an eye out for phony email messages—misspellings, poor language, unusual phrasings, Web site addresses with peculiar extensions, Web site addresses that are wholly digits where there are normal words, and therefore anything else out of the ordinary is all red flags.

Furthermore, phishing messages will frequently convince you that you must respond swiftly in order to keep your account open, upgrade your security, or supply information promptly, or else something horrible will happen. Don’t fall for the bait.

Do not respond to email communications requesting personal information- Legitimate businesses will not request personal information via email. When in doubt, call the company or enter the company’s Web address into your browser. Clicking on the links in these messages may direct you to a false or harmful Web site.

Avoid bogus Web sites that steal personal information- Instead of following a link in an email or instant message, type the address (URL) directly into the Web browser when accessing a website. Fraudsters frequently create these links in order to appear credible.

Retail, banking or other Web site that contains sensitive information should have an “S” after the letters “HTTP” (i.e. https://www.yourbank.com rather than http://www.yourbank.com)/. The “s” stands for secure and should show whenever you are asked to log in or provide sensitive data. The small lock icon at the bottom of your web browser is another indication that you have a secure connection (usually in the right-hand corner).

Take note of privacy regulations on websites and in applications. Before you provide your personal information to a company, you should understand how they will collect and utilize it.

Spammers and phishers will occasionally send millions of messages to email addresses that may or may not exist in the hopes of identifying a possible victim.

Responding to these communications or even downloading photographs means that you will be included in their lists in the future for more of the same messages. Also, exercise caution when posting your email address in newsgroups, blogs, or online communities.

Strong Passwords- utilize a combination of letters, numbers, and special characters to generate an easy-to-remember mental image or acronym. Create a unique password for each key account and change passwords on a regular basis.

Learn More About Cybersecurity Laws That Minimize Risk

Brief Guide to Online Protection software-

Firewalls and antivirus software are crucial pieces of security software. A firewall is typically your computer’s first line of defence, regulating who and what can communicate with your computer over the internet.

Firewall functions as a sort of “policeman” on the Internet, monitoring all data attempting to flow in and out of your computer, permitting communications that it knows are safe while stopping “bad” traffic such as attacks from ever reaching your machine.

Your antivirus software, which monitors all online activity such as email messages and Web browsing and protects you from viruses, worms, Trojan horses, and other forms of harmful programs, is often the next line of defence.

More current antivirus systems, like Norton Antivirus, also guard against spyware and potentially unwanted programs like adware.

It is critical to have security software that provides you control over applications you may not want and protects you from online risks. Your antivirus and antispyware software should be set to update automatically whenever you access to the Internet.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button