Considering that cyber crimes are becoming more of financial
frauds, they are increasingly targeted toward corporates as opposed to earlier
focus on individuals. Duggal feels that over 77% of the cyber crimes today are
targeted at corporates. The sophisticated crimes that can be expected in the
banking and financial sector involve tampering of software to siphon off money
from "Expenses Account" in the form of "Salaami Attacks". In
the e-Governance sector where tax collections could be misappropriated. In fact,
web threats are more pervasive and one of the fastest growing threat vectors.
Turning Professional
As the face of cyber crime is changing, so is the hand behind it. Findings
from the McAfee Virtual Criminology Report 2006 reveal how organized crime is
grooming a new generation of high-flying cyber criminals using tactics akin to
those employed by the KGB to recruit operatives at the height of the cold war.
The second annual McAfee report into organized crime and the Internet, with
input from Europe's leading hi-tech crime units and the FBI, suggests crime
gangs are targeting top students from leading academic institutions to provide
them with the skills they need to commit hi-tech crime on a mass scale.
|
|
|
"One perceptible trend
that can be observed is that cyber crimes are moving from 'Personal
Victimization' to 'Economic Offences'" |
|
-Na Vijayashankar,
Cyber law expert |
Kartik Shahani, director, Sales, India and Saarc, McAfee points
out the trend of the emergence of cyber crime activities by internal employees
and ex-employees. "We have been seeing external entities hacking into the
system, namely intrusion and stealing critical data. However, now a lot of the
cyber crime activities are happening from inside, namely extrusion," he
explains.
Riding on Web 2.0
Web 2.0 is bringing in more interactivity and collaboration on the Internet
and it's the users who are increasingly driving the content. Social networking
sites and blogging have been some of the key fall-outs of that.
With the quantum of exposure and reach that it can provide, Web
2.0 is becoming a fertile ground for cyber crimes, which are slowly graduating
to the Web 2.0 era and beginning to pervade its applications. "The Web 2.0
cyber crimes are a notch above the existing cyber crimes and further
refined," explains Duggal.
Gearing Up Legally
Indian law for cyber crimes is embodied in ITA-2000 (Information Technology
Act-2000). The Act is weak in the sense that it does not cover the entire gamut
of cyber crimes. However, its flexible enough to make any offence in any other
statute such as IPC to be also recognized if the offence is committed with the
use of electronic documents. The law is therefore as strong as any other law in
India. Delving on her experience with the cases that she's been handling, Seth
points out that for crimes which can't be covered under the IT Act, cyber
lawyers can resort to the IPC, CrPC, Evidence Act and can find some provision to
resort to as most of the cyber crimes are online and electronic manifestations,
and counterparts of crimes in the offline word.
While there have been amendments proposed and is currently
pending before the parliament, experts are not much satisfied with them.
According to Naavi, "What we need to take note of is that even where the IT
Act-2000 was strong, the proposed amendments will make it weaker. It is
unfortunate that MCIT is trying to create a false impression that the amendments
are meant to strengthen the law while it is in fact having an opposite
effect," he adds.
|
|
|
"Almost over 77% of the
cyber crimes today are targeted at the corporates" |
|
-Pavan Duggal,
advocate, Supreme Court of India |
For instance, Section 66 of ITA 2000 is a comprehensive clause
which makes "Diminishing of value of information residing inside a comp
uter" by any means, by any person is an offence, with three years
imprisonment. The offence is recognized even when the offender is having no
"intention" but is "negligent". The section, therefore, had
the potential of goading IT workers into being more "responsible".
However, now the proposed amendments besides reducing the
imprisonment to two years and making it "Non Cognizable" and
"Compoundable" also introduce the condition that the offence will be
recognized only if it is committed "dishonestly" and
"fraudulently". This will give a huge escape route for any criminal
who can plan his cyber attacks with some finesse.
Similarly, the ITA-2000 recognized the importance of
intermediaries to act responsibly if cyber crimes are to be controlled. Hence,
it had made "intermediaries" liable unless they exercise due
diligence". "Due Diligence" would be a concept, which would again
promote voluntary cyber law compliance and adoption of information security
practices. The proposed amendments however state that "Intermediaries shall
not be liable under any law (including IPC), unless they have conspired and
abetted or fails to remove an offending information after receiving a notice
from an appropriate government agency.
According to Seth, the proposed amendments were prepared at a
time when the MMS scandal, etc were ripe and hence they've been prepared in
the context of the scenario at that time. Duggal suggests that the IT Act needs
to incorporate some very general terms and provisions so that new instances can
be easily covered under the broad umbrella.
While the legal framework will take its own time to strengthen,
the focus should be currently on strengthening the enforcement of the law.
According to Captain Raman, it's the implementation and not the law, which is
the major issue. This becomes even more critical as cyber crime threatens to
assume huge economic proportions.
Shipra Malhotra
shipram@cybermedia.co.in Page(s) 1 2
| 
