Considering that cyber crimes are becoming more of financial frauds, they are increasingly targeted toward corporates as opposed to earlier focus on individuals. Duggal feels that over 77% of the cyber crimes today are targeted at corporates. The sophisticated crimes that can be expected in the banking and financial sector involve tampering of software to siphon off money from "Expenses Account" in the form of "Salaami Attacks". In the e-Governance sector where tax collections could be misappropriated. In fact, web threats are more pervasive and one of the fastest growing threat vectors.

Turning Professional
As the face of cyber crime is changing, so is the hand behind it. Findings from the McAfee Virtual Criminology Report 2006 reveal how organized crime is grooming a new generation of high-flying cyber criminals using tactics akin to those employed by the KGB to recruit operatives at the height of the cold war. The second annual McAfee report into organized crime and the Internet, with input from Europe's leading hi-tech crime units and the FBI, suggests crime gangs are targeting top students from leading academic institutions to provide them with the skills they need to commit hi-tech crime on a mass scale.

Kartik Shahani, director, Sales, India and Saarc, McAfee points out the trend of the emergence of cyber crime activities by internal employees and ex-employees. "We have been seeing external entities hacking into the system, namely intrusion and stealing critical data. However, now a lot of the cyber crime activities are happening from inside, namely extrusion," he explains.

Riding on Web 2.0
Web 2.0 is bringing in more interactivity and collaboration on the Internet and it's the users who are increasingly driving the content. Social networking sites and blogging have been some of the key fall-outs of that.

With the quantum of exposure and reach that it can provide, Web 2.0 is becoming a fertile ground for cyber crimes, which are slowly graduating to the Web 2.0 era and beginning to pervade its applications. "The Web 2.0 cyber crimes are a notch above the existing cyber crimes and further refined," explains Duggal.

Gearing Up Legally
Indian law for cyber crimes is embodied in ITA-2000 (Information Technology Act-2000). The Act is weak in the sense that it does not cover the entire gamut of cyber crimes. However, its flexible enough to make any offence in any other statute such as IPC to be also recognized if the offence is committed with the use of electronic documents. The law is therefore as strong as any other law in India. Delving on her experience with the cases that she's been handling, Seth points out that for crimes which can't be covered under the IT Act, cyber lawyers can resort to the IPC, CrPC, Evidence Act and can find some provision to resort to as most of the cyber crimes are online and electronic manifestations, and counterparts of crimes in the offline word.

While there have been amendments proposed and is currently pending before the parliament, experts are not much satisfied with them. According to Naavi, "What we need to take note of is that even where the IT Act-2000 was strong, the proposed amendments will make it weaker. It is unfortunate that MCIT is trying to create a false impression that the amendments are meant to strengthen the law while it is in fact having an opposite effect," he adds.

For instance, Section 66 of ITA 2000 is a comprehensive clause which makes "Diminishing of value of information residing inside a comp uter" by any means, by any person is an offence, with three years imprisonment. The offence is recognized even when the offender is having no "intention" but is "negligent". The section, therefore, had the potential of goading IT workers into being more "responsible".

However, now the proposed amendments besides reducing the imprisonment to two years and making it "Non Cognizable" and "Compoundable" also introduce the condition that the offence will be recognized only if it is committed "dishonestly" and "fraudulently". This will give a huge escape route for any criminal who can plan his cyber attacks with some finesse.

Similarly, the ITA-2000 recognized the importance of intermediaries to act responsibly if cyber crimes are to be controlled. Hence, it had made "intermediaries" liable unless they exercise due diligence". "Due Diligence" would be a concept, which would again promote voluntary cyber law compliance and adoption of information security practices. The proposed amendments however state that "Intermediaries shall not be liable under any law (including IPC), unless they have conspired and abetted or fails to remove an offending information after receiving a notice from an appropriate government agency.

According to Seth, the proposed amendments were prepared at a time when the MMS scandal, etc were ripe and hence they've been prepared in the context of the scenario at that time. Duggal suggests that the IT Act needs to incorporate some very general terms and provisions so that new instances can be easily covered under the broad umbrella.

While the legal framework will take its own time to strengthen, the focus should be currently on strengthening the enforcement of the law. According to Captain Raman, it's the implementation and not the law, which is the major issue. This becomes even more critical as cyber crime threatens to assume huge economic proportions.

Shipra Malhotra
shipram@cybermedia.co.in

Page(s)   1  2