Cyber Law
[ From chapter-23 of the book "Information Technology in Banking" written by Abul Kashem Md. Shirin and Nusrat Tamanna Prianka and published by Institute of Bankers, Bangladesh (IBB) ]
In
Simple way we can say that cyber crime is unlawful acts wherein the computer is
either a tool or a target or both
Cyber crimes can involve criminal activities that
are traditional in nature, such as theft, fraud, forgery, defamation and
mischief, all of which are subject to the Bangladesh Penal Code. The abuse of
computers has also given birth to a gamut of new age crimes that are addressed
by the Information and Communication Technology Act, 2006 (ICT Act-2006).
2. Cyber Crime Categories:
We can categorize Cyber crimes in two ways:
a) The
Computer as a Target: using a computer to attack other computers e.g. Hacking,
Virus/Worm attacks, DOS attack etc.
b) The
computer as a weapon: using a computer to commit real world crimes e.g. Cyber
Terrorism, IPR violations, Credit card frauds, EFT frauds, Pornography etc.
Cyber Crime regulated by Cyber Laws or Internet Laws.
Cyber Crime regulated by Cyber Laws or Internet Laws.
3. Cyber Crimes Activities:
Technological
advancements have created new possibilities for criminal activity, in
particular the criminal misuse of information technologies for conducting cyber
crimes such as:
3.1. Unauthorized access
& Hacking:
Access
means gaining entry into, instructing or communicating with the logical,
arithmetical, or memory function resources of a computer, computer system or
computer network.
Unauthorized
access would therefore mean any kind of access without the permission of either
the rightful owner or the person in charge of a computer, computer system or
computer network.
Every
act committed towards breaking into a computer and/or network is hacking.
Hackers write or use ready-made computer programs to attack the target
computer. They possess the desire to destruct and they get the kick out of such
destruction. Some hackers hack for personal monetary gains, such as to stealing
the credit card information, transferring money from various bank accounts to
their own account followed by withdrawal of money.
By
hacking web server taking control on another persons website called as web
hijacking
3.2. Trojan Attack:
The
program that acts like something useful but do the things that are quiet
damping. The programs of this kind are called as Trojans. The name Trojan Horse
is a popular.
Trojans
come in two parts, a Client part and a Server part. When the victim
(unknowingly) runs the server on its machine, the attacker will then use the
Client to connect to the Server and start using the trojan.
TCP/IP
protocol is the usual protocol type used for communications, but some functions
of the trojans use the UDP protocol as well.
3.3. Virus and Worm attack:
A
program that has capability to infect other programs and make copies of itself
and spread into other programs is called virus.
Programs
that multiply like viruses but spread from computer to computer are called as
worms.
3.4. E-mail related crimes:
a. Email spoofing
Email
spoofing refers to email that appears to have been originated from one source
when it was actually sent from another source.
b. Email Spamming
Email
"spamming" refers to sending email to thousands and thousands of
users - similar to a chain letter.
c.
Sending malicious codes through email
E-mails
are used to send viruses, Trojans etc through emails as an attachment or by
sending a link of website which on visiting downloads malicious code.
d. Email bombing
E-mail
"bombing" is characterized by abusers repeatedly sending an identical
email message to a particular address.
e.
Sending threatening emails
f.
Defamatory emails
g.
Email frauds
3.5. Denial of Service (DoS)
attacks:
Flooding
a computer resource with more requests than it can handle. This causes the
resource to crash thereby denying access of service to authorized users.
3.6. Pornography:
This
would include pornographic websites; pornographic material produced using
computers and use of internet to download and transmit pornographic videos,
pictures, photos, writings etc.
Adult
entertainment is largest industry on internet. There are more than 420 million
individual pornographic webpages today.
3.7. Forgery:
Counterfeit
currency notes, postage and revenue stamps, mark sheets etc can be forged using
sophisticated computers, printers and scanners.
Also
impersonate another person is considered forgery.
3.8. IPR Violations:
These
include software piracy, copyright infringement, trademarks violations, theft
of computer source code, patent violations etc.
Domain
names are also trademarks and protected by ICANN’s domain dispute resolution
policy and also under trademark laws.
Cyber
Squatters registers domain name identical to popular service provider’s domain
so as to attract their users and get benefit from it.
3.9. Cyber Terrorism:
Targeted
attacks on military installations, power plants, air traffic control, banks,
trail traffic control, telecommunication networks are the most likely targets.
Others like police, medical, fire and rescue systems etc.
Cyber
terrorism is an attractive option for modern terrorists for several reasons.
1. It is
cheaper than traditional terrorist methods.
2. Cyber terrorism
is more anonymous than traditional terrorist methods.
3. The variety
and number of targets are enormous.
4. Cyber terrorism
can be conducted remotely, a feature that is especially appealing to
terrorists.
5. Cyber terrorism
has the potential to affect directly a larger number of people.
3.10. Banking/Credit card
Related crimes:-
In
the corporate world, Internet hackers are continually looking for opportunities
to compromise a company’s security in order to gain access to confidential
banking and financial information.
Use
of stolen card information or fake credit/debit cards is common.
Bank
employee can grab money using programs to deduct small amount of money from all
customer accounts and adding it to own account also called as salami.
3.11. E-commerce/ Investment
Frauds:
Sales
and Investment frauds is an offering that uses false or fraudulent claims to
solicit investments or loans, or that provides for the purchase, use, or trade
of forged or counterfeit securities.
Merchandise
or services that were purchased or contracted by individuals online are never
delivered.
The
fraud attributable to the misrepresentation of a product advertised for sale
through an Internet auction site or the non-delivery of products purchased
through an Internet auction site.
Investors
are enticed to invest in this fraudulent scheme by the promises of abnormally
high profits.
3.12. Sale of illegal articles:
This
would include trade of narcotics, weapons and wildlife etc., by posting
information on websites, auction websites, and bulletin boards or simply by
using email communication.
3.13. Online gambling:
There
are millions of websites hosted on servers abroad, that offer online gambling.
In fact, it is believed that many of these websites are actually fronts for
money laundering.
3.14. Defamation:
Defamation
can be understood as the intentional infringement of another person's right to
his good name.
Cyber
Defamation occurs when defamation takes place with the help of computers and /
or the Internet. E.g. someone publishes defamatory matter about someone on a
website or sends e-mails containing defamatory information to all of that
person's friends. Information posted to a bulletin board can be accessed by
anyone. Cyber defamation is also called as Cyber smearing.
3.15. Identity Theft:
Identity theft is the fastest growing crime in countries like America.
Identity
theft occurs when someone appropriates another's personal information without
their knowledge to commit theft or fraud.
Identity
theft is a vehicle for perpetrating other types of fraud schemes.
3.16. Data diddling:
Data
diddling involves changing data prior or during input into a computer.
In
other words, information is changed from the way it should be entered by a
person typing in the data, a virus that changes data, the programmer of the
database or application, or anyone else involved in the process of having
information stored in a computer file.
It
also includes automatic changing the financial information for some time before
processing and then restoring original information.
3.17. Theft of Internet Hours:
Unauthorized
use of Internet hours paid for by another person.
By
gaining access to an organization’s telephone switchboard (PBX) individuals or
criminal organizations can obtain access to dial-in/dial-out circuits and then
make their own calls or sell call time to third parties.
Additional
forms of service theft include capturing 'calling card' details and on-selling
calls charged to the calling card account, and counterfeiting or illicit
reprogramming of stored value telephone cards.
3.18. Theft of computer system
(Hardware):
This
type of offence involves the theft of a computer, some part(s) of a computer or
a peripheral attached to the computer.
3.19. Physically damaging a
computer system:
Physically
damaging a computer or its peripherals either by shock, fire or excess electric
supply etc.
3.20. Breach of Privacy and
Confidentiality
Privacy
Privacy
refers to the right of an individual/s to determine when, how and to what
extent his or her personal data will be shared with others.
Breach
of privacy means unauthorized use or distribution or disclosure of personal
information like medical records, sexual preferences, financial status etc.
Confidentiality
It
means non disclosure of information to unauthorized or unwanted persons.
In
addition to Personal information some other type of information which useful
for business and leakage of such information to other persons may cause damage
to business or person, such information should be protected.
Generally
for protecting secrecy of such information, parties while sharing information
forms an agreement about he procedure of handling of information and to not to
disclose such information to third parties or use it in such a way that it will
be disclosed to third parties.
Many
times party or their employees leak such valuable information for monitory
gains and causes breach of contract of confidentiality.
Special
techniques such as Social Engineering are commonly used to obtain confidential
information.
