Cyber Crime is criminal activity involving the information technology infrastructure, including illegal access (unauthorized access), illegal interception (by technical means of non-public transmission of computer data to, from or within a computer system), data interference ( unauthorized damaging, deletion, deterioration, alteration or suppression of computer data) , systems interference ( interfering with the functioning of a computer system by in putting, transmitting, damaging , deleting, deteriorating, altering or suppressing computer data), misuse of devices , forgery (ID theft), and electronic fraud.
Cyber Crime is a term used broadly to describe criminal activity in which computers or computer networks are a tool, a target, or a place of criminal activity. These categories are not exclusive and many activities can be characterized as falling in one or more categories.
A wide spectrum of delinquencies come under the term ‘cyber crime’. However, it is mainly hacking (intentionally destroying or deleting or altering information residing in a computer), publishing obscene information in an electronic form and tampering with computer source documents are specifically mentioned in the Information Technology (IT) Act. While the Act does mention a few other offences, such as misrepresentation before the Controller of Certifying Authorities or his assistants, breach of confidentiality and privacy by a person who has had lawful access to an electronic record and publication of a false digital signature certificate, there is criticism that certain other direct computer-related crimes such as cyber-stalking, cyber-theft and cyber-defamation have not been covered by the IT Act.
Cyber Crimes under IT Act, 2000- The Information Technology Act, 2000, deals with the following cyber crimes along with others-
(1) Tampering with computer source documents
(3) Publishing of information, which is obscene in electronic form
(4) Child Pornography
(5) Accessing protected system
(6) Breach of confidentiality and privacy
Cyber Crimes not mentioned under the IT Act, 2000- There are also some other cyber crimes which have not been included in Information Technology Act, as briefed below-
- Unauthorized access to computer systems or networks-This activity is commonly referred to as hacking.
- Theft of information-This includes information stored in computer hard disks, removable storage media etc.
- Email Bombing-Email bombing refers to sending a large number of emails to the victim resulting in the victim’s email account or mail servers crashing.
- Data Diddling-This kind of attack involves altering raw data just before it is processed by a computer and then changing it back after the processing is completed. Electricity Boards in India have been victims to data diddling programs inserted when private parties were computerizing their systems.
- Salami Attacks-These attacks are used for the commission of financial crimes. The key here is to make the alteration so insignificant that in a single case it would go completely unnoticed, e.g. a bank employee inserts a program, into the bank’s servers, that deducts a small amount of money, say Rs. 10 a month, from the account of every customer. No account holder will probably notice this unauthorized debit, but the bank employee will make a sizable amount of money every month.
- Denial of Service (DoS) Attack-This involves flooding a computer resource with more requests than it can handle. This causes the resource, e.g. a web server, to crash thereby denying authorized users the service offered by the resource. Another variation to a typical Denial of Service attack is known as a Distributed Denial of Service (DDoS) attack wherein the perpetrators are many and are geographically widespread. It is very difficult to control such attacks. The attack is initiated by sending excessive demands to the victim’s computer, exceeding the limit that the victim’s servers can support and making the servers crash. Denial of Service attacks have had an impressive history having, in the past, brought down websites like Amazon, CNN, Yahoo and eBay.
- Virus/Worm Attacks-Viruses are programs that attach themselves to a computer or a file and then circulate themselves to other files and to other computers on a network. They usually affect the data on a computer, either by altering or deleting it. Worms, unlike viruses do not need the host to attach themselves to. They merely make functional copies of themselves and do this repeatedly till they eat up all the available space on a computer’s memory. The VBS_LOVELETTER virus, better known as the Love Bug or the ILOVEYOU virus, was reportedly written by a Filipino undergraduate. In May 2000, this deadly virus beat the Melissa virus hollow and became the world’s most prevalent virus. It struck one in every five personal computers in the world. When the virus was brought under check the true magnitude of the losses was incomprehensible. Losses incurred during this virus attack were pegged at US $ 10 billion.
- Logic Bombs-These are event dependent programs, created to do something only when a certain event, known as a trigger event, occurs. Even some viruses may be termed logic bombs because they lie dormant all through the year and become active only on a particular date.
- Trojan Attacks-A Trojan, as this program is aptly called, is an unauthorized program which functions from inside what seems to be an authorized program, thereby concealing what it is actually doing. This term has its origin in the word ‘Trojan Horse’. In software field, this means an unauthorized programme, which passively gains control over another’s system by representing itself as an authorised programme. The most common form of installing a Trojan is through email.
- Internet Time Theft-This connotes the usage by an unauthorized person of the Internet hours paid for by another person.
- Web Jacking-This occurs when someone forcefully takes control of a website by cracking the password and later changing it. The actual owner of the website does not have any more control over what appears on that website.
- Theft of Computer System-This type of offence involves the theft of a computer, some part of a computer or a peripheral attached to the computer.
- Physically Damaging a Computer System-This crime is committed by physically damaging a computer or its peripherals.
- Identity Theft-The United States Department of Justice describes identity theft and identity fraud as “terms used to refer to all types of crime in which someone wrongfully obtains and uses another person’s personal data in some way that involves fraud or deception, typically for economic gain.” Sensitive and personal data such as Social Security numbers, credit card numbers and bank account numbers can be used by unscrupulous people.