INTRODUCTION
Digital regulation, otherwise called cybercrime regulation or web regulation, alludes to the legitimate structure that administers exercises led over the web and in the internet. It includes a large number of legitimate issues connected with advanced innovation, PC frameworks, organizations, and the web. Digital regulation is essential in keeping everything under control, safeguarding people and organizations, and guaranteeing that the advanced domain works inside lawful and moral limits.
In the present mechanically determined world, the vital pretended by the web and PCs couldn’t possibly be more significant. They smooth out our undertakings, from long-range informal communication to virtual gatherings and even cash moves. Be that as it may, this comfort comes at a precarious cost: our protection. In a time where practically every aspect of our lives is entwined with PCs and the web, the predominance of cybercrimes has flooded to disturbing levels.
Among the most considerable difficulties presented by this advanced age is the need to wrestle with violations committed thanks to the web and PCs. In contrast to customary violations, where an actual presence is much of the time an essential for the culprit, cybercrimes present a special obstacle. The denounced remains covered in namelessness, their actual personality clouded behind a PC screen. Laying out a substantial connection to the genuine transgressor is a burdensome undertaking.
To dissuade people from participating in such illegal exercises and to keep up with cautiousness, strong regulation is basic. Such regulations ought to force severe punishments, going about as an impediment against the commission of cybercrimes. The requirement for Digital Regulation isn’t simply squeezing; it is an outright need.
DEFINITIONS OF CYBER-CRIME
Cybercrime is defined by Dr. Debarati Halder and Dr. K. Jaishankar as: “Offences committed against individuals or groups of individuals with a criminal motive to intentionally harm the victim’s reputation or cause physical or mental harm, or loss, to the victim directly or indirectly, via modern telecommunication networks such as the Internet (Chat rooms, emails, notice boards, and groups) and mobile phones (SMS/MMS)”
Oxford Dictionary defines cybercrime as follows:
“Criminal activities committed via computers or the Internet.” “Cybercrime can be defined as those species whose genus is traditional crime and where the computer is either an object or a subject of the criminal conduct.”
Indian Definition
In India although the word “cybercrime” has not yet been defined in any act or statute approved by Indian Legislature, but it has occasionally been interpreted by Indian Courts.1
Cybercrime in India is mainly covered by the “Informational Technology Act 2000”. The act was introduced to regulate various aspects of electronic commerce and digital communication in India. The act was further amended in 2008 and 2009 to strengthen the provisions. The 2008 amendment was made to enhance provisions regarding cyber-crimes and electronic governance and the 2009 amendment was focused on data security and privacy.
CYBER LAWS IN INDIA2
Informational Technology Act, 2000
The IT Act which came into effect in 2000, mainly regulates cyber laws in India. The main objective of this act is to provide security to the people by making it simpler for the people to register co-existent records with the government. The scope of IT Act has been enlarged to include all modern communication devices.
i. Section 43 of the IT Act 2000: Penalty and compensation for damage to computer, computer system, etc.
ii. Section 66 of the IT Act 2000: Computer related offences.
iii. Section 66B of the IT Act 2000: Punishment for dishonestly receiving stolen computer resource or communication device.
iv. Section 66C of the IT Act 2000: Punishment for identity theft.
1 https://www.mondaq.com/india/it-and-internet/891738/cyber-crimes-under-the-ipc-and-it-act—an-uneasy-co existence
2Informational Technology Act, 2000
v. Section 66D of the IT Act 2000: Punishment for cheating by personation by using computer resources.
1. Indian Penal Code 1860
The IPC which came into effect in the year 1860, mainly provides provision for identity and other related cyber offences which are punishable under both IT Act 2000, and the IPC, 1860.
The American definition
The U.S. Department of Justice (DOJ) while defining cybercrime divided cybercrime into three categories; crimes in which the computing device is the target; crimes in which the computer is used as a weapon and crimes in which the computer is used as an accessory to a crime.
In United States cyber-crimes are dealt under two respective statutes namely; Computer Fraud and Abuse Act (CFAA) and Electronic Communications Privacy Act (ECPA).
Computer Fraud and Abuse Act (CFAA): The act was primarily enacted in 1986 with the purpose to penalize cyber-crimes. However, since then the act has undergone several amendments to adapt to the ever-changing technology.
Major Provisions Related to statute
• 18 U.S.C. § 1030(a)(1)): Deals with unauthorised access to any computer with a view to obtain any digital financial record of the government or any information relating to any of the departments of the govt. or any information from any protected computer.
• (18 U.S.C. § 1030(a)(6)): Addresses the sale, transfer, or trafficking of passwords or other access credentials to protected computers.
Similarly, Electronic Communications Privacy Act (ECPA) was enacted in 1986 with a view to protect and maintain the privacy of electronic communications.
The act is focussed on several issues involving Protecting Privacy Rights, framework Regulating Government Access and providing Protecting Against Unauthorized Access.
TYPES OF CYBER CRIME
Broadly cybercrimes are divided into two categories:
Computer Fraud and Abuse act 1986
1. Crimes where a computer is used as a medium,
2. Crimes where a computer is used as a target.
The essential necessity to carry out a digital wrongdoing is by using a PC as a gadget or medium to execute the bad behaviour, in this class, hoodlums use methodologies like phishing, social planning, and online distortion to exploit individuals or affiliations. Additionally, in the last one PC itself is the goal, in this class, hooligans revolve around compromising or hurting PC structures, regularly through hacking, malware, or renouncing of-organization attacks.
Both kinds of digital wrongdoings are perpetrated with the reason to do information break bringing about unapproved admittance to delicate or private data put away on a PC framework, organization, or data set.
Information breaks can happen because of multiple factors, including burglary of individual data for fraud, monetary benefit, or reconnaissance. The taken information might be sold on the dark web or utilized for other malignant purposes.
A portion of the usually perpetrated digital violations incorporate following, phishing, hacking, digital tormenting, badgering and so forth.
TYPES OF CYBER CRIME4
CRIMES WHEREIN COMPUTER IS USED AS A TARGET:
1. Hacking
Hacking means gaining unauthorised access to any computer system, network or device with an intent to steal sensitive information, cause, disruptions or demonstrate vulnerabilities. The hackers may manipulate data and breach security protocols to get access.
Hacking is further divided into two parts, white hat and black hat.
White hat includes those ethical hackers who use their skill to get pre alerts and fix breaches and vulnerabilities. These are generally employed people in security assessment departments hacking devices which pose threat to the security. This type of hacking is done within the course of employment and is not punishable.
National Cyber Crime Reporting Portal available at :
(https://www.cybercrime.gov.in/Webform/CrimeCatDes.aspx)(last visited on 28th Sep; 2023).
Black hat hacking includes those hackers who exploit vulnerabilities for personal gain, often engaging in criminal activities like stealing data, distributing malware, or conducting fraud. Black hat hacking is a criminal offence under various statutes of different countries.
2. Malware
Malware” is a broad term encompassing various forms of malicious software. This includes viruses, worms, Trojans, spyware, and other software designed to compromise or damage computer systems. It is created with the intent to infect systems, steal data, or provide unauthorized access to cybercriminals.
These malwares appear to be genuine but infect the system secretly by compromising various personal data such as passwords, credit card credentials and personal data.
3. Ransomware
Ransomware is a specific type of malware that encrypts files on a victim’s system, making them inaccessible. The primary goal of ransomware attacks is financial gain. Victims are coerced into paying the ransom to regain access to their files.
This type of malware can be delivered through various means, including phishing emails, malicious attachments, infected websites, or exploiting software vulnerabilities. These have an advanced algorithm which locks the files and data and makes then inaccessible to the users. The attacker then demands ransom in exchange for decryption key. Even after paying the ransom amount there is no guarantee for the decryption key. The attacker might as well might not provide the key.
4. Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks
DoS and DDoS attacks include flooding the targeted device or network with an aim to disrupt a website, service, or network
In a DoS attack, a single source floods the target. And in a DDoS attack, multiple sources coordinate to flood the target.
A DOS attack is carried through various methods including;
-Bandwidth Attacks: These include flooding a target server or network with a massive volume of traffic, overwhelming its capacity to handle legitimate requests.
-Resource Depletion Attacks: These attacks aim to deplete system resources, such as CPU, memory, or disk space, making the system slow or unresponsive.
-Protocol Exploits: These target vulnerabilities in network protocols or services, causing them to become unresponsive or crash.
-Application-Layer Attacks: These attacks target specific applications or services, overwhelming them with a high number of requests.
The above-mentioned are the most common ways through which a DoS attack is carried out. The intention behind these attacks is to render the targeted service or website unavailable, causing financial losses or reputational damage.
CYBER-CRIMES WHEREIN COMPUTER IS USED AS A MEDIUM: 1. Phishing
Phishing involves sending fraudulent emails or messages that appears to be genuine and from reputable sources. These messages aim to trick individuals into revealing sensitive information like usernames, passwords, or credit card details. These e-mails generally have generic greetings or no personalized information and have an Urgent or threatening language to create a sense of urgency and fear in the mind of users.
These e-mails requests users to share sensitive information like passwords or credit card credentials. The primary intent of phishing is to steal valuable information for fraudulent purposes. Once such sensitive information is obtained it may be used for theft, blackmailing or further attacks. This can include unauthorized access to accounts, financial theft, or identity theft.
2. Social Engineering
Social engineering is a manipulation technique that deceives individuals or organizations into revealing or submitting confidential information or perform actions that compromise security.
The methods are lucrative and compel the user to submit the credentials. These include discount offers, free trips, lottery draws, quizzes and surveys.
Social Engineering may also be done through phone calls appearing from genuine sources. They constantly keep in touch with the targeted person offering them lucrative deals and offers. As a result, users are manipulated into submitting their personal information.
The intent or purpose of social engineering attacks can vary widely. It may be for financial gain resulting in identity theft or obtaining sensitive information resulting in blackmailing, gaining unauthorized access resulting in stalking or causing harm to an individual or organisations resulting in cyber-bullying.
3. Online Scams and Financial and Banking Fraud
Online scams and fraud encompass a wide range of deceptive schemes designed to trick individuals or organizations for financial gain. This can include lottery scams, investment fraud, and fake tech support calls in order to commit banking and financial frauds which involves illegally accessing or manipulating financial accounts, credit card fraud, and various forms of financial deception.
The main purpose of online scams and fraud is to deceive victims into providing money, personal information, or access to their financial accounts.
Online scams and frauds done by the way of lottery prizes, tech support scams and impersonation scams. These trick the users in believing that they are from reliable sources and are genuine and real. The scammers present themselves to be very polite and co-operative which tricks the users into believing in the truthfulness of their statements.
The target victims are generally old and illiterate people who do not possess the required knowledge of technology and get easily influenced.
4. Intellectual Property Theft
Intellectual property theft involves unauthorized reproduction, distribution, or use of copyrighted materials, patents, trademarks, or trade secrets. It includes Unauthorized copying, distribution, or use of copyrighted works, use of trademarks or logos.
Unauthorized use, manufacture, or sale of a patented invention without the patent holder’s permission and unauthorized access or disclosure of confidential information or trade secrets that provide a competitive advantage to a business are also involved in this category.
The purpose of intellectual property theft is to profit from the unauthorized use or distribution of valuable intellectual assets. It involves selling counterfeit goods, replicating patented technologies, or distributing copyrighted materials without proper authorization.
OTHER TYPES OF CYBER CRIME
Extortion
This is the most commonly committed cybercrime. No technological expertise is required by the attacker to commit this type of offence. It involves coercing an individual or organization by threatening to reveal damaging information or commit harmful acts. In the digital realm, extortion often takes the form of cybercriminals demanding payment or other concessions to prevent the release of sensitive information or to prevent a cyberattack.
The attackers first gather sensitive information through use of unfair means and then blackmail the users to release that sensitive information on different social platforms if the demanded money is not aid. The information includes personal chats, photos and videos.
The purpose of extortion is to obtain money, property, or services from the victim through threats, often leveraging sensitive or damaging information
Child Exploitation, Cyberbullying and Online Extremism and Hate Crimes
In the modern world social media holds a very powerful place. It can be used as a weapon if given in wrong hands. The attackers usually use social media and other platforms to harass, intimidate or harm individuals. It also involves using online platforms to spread hate speech, promote violence, or engage in extremist ideologies.
The purpose behind such crimes is to promote extremist ideologies, incite violence, or target individuals or groups based on race, religion, nationality, or other characteristics or to cause emotional distress, fear in the mind of victim, or harm to the victim, often driven by personal animosity, prejudice, or a desire for power over the victim.
Cyber bullying and hate speech also include child exploitation which involves the production, distribution, or possession of explicit materials involving minors, as well as online solicitation of minors.
The attackers of such offences are generally driver by a desire to take revenge of some past activity by the victim or the guardians of the victim. The intent behind such crimes is to exploit and abuse minors for sexual purposes, as well as to distribute explicit materials involving minors.
Terrorist Activities
Terrorist activities in cybercrime refer to the use of digital tools, technologies, and platforms to plan, coordinate, or promote acts of terrorism. Cybercrime has become an integral
component of terrorist tactics, allowing the attackers to exploit the internet for recruitment, communication, fundraising, and even launching cyber-attacks against critical infrastructure and alien countries.
Internet is used as a medium to spread anti propagandas and to incite people to join the unlawful activities. It includes social media and other online platforms to radicalize and recruit people.
Apart from that cyber- attacks targeting the protected computers systems are also included in this category. The planning and execution of a physical attack can also be coordinated through use of computers.
The purpose of such extreme activities is to further ideological, political, or religious goals through the planning, coordination, or promotion of acts of terrorism.
PREVENTIVE MEASURES TO AVOID BEING A VICTIM OF CYBERCRIME:
1. Use Strong and Unique Passwords:
Create passwords that are complex and known only to you. Avoid using easily guessable information like birthdays or common words.
2. Enable Multi-Factor Authentication (MFA):
Activate MFA wherever possible. This adds an extra layer of security by requiring a second form of authentication, like a temporary code sent to your phone. 3. Keep Software and Devices Updated:
Regularly update your operating system, applications, and antivirus software to patch security vulnerabilities.
4. Install Antivirus Software:
Install reputable antivirus and anti-malware software on your computer and keep it up to date to protect against known threats.
5. Use the Internet and Online Services Vigilantly:
Be cautious with unsolicited emails or messages asking for personal information. Verify the sender’s identity and avoid clicking on suspicious links or downloading attachments.
6. Use Secure Connections:
Make sure websites use encryption (look for “https://” in the URL) before sharing sensitive information.
7. Monitor All Accounts, Including Bank Accounts:
The user must regularly review their bank accounts, credit reports, and online transactions for any suspicious activity.
CONCLUSION
Taking everything into account, as our dependence on computerized innovation keeps on developing, the significance of network safety couldn’t possibly be more significant. Preventive estimates assume a significant part in shielding people and associations from succumbing to cybercrimes. Whether it’s major areas of strength for executing, routinely refreshing programming, or instructing oneself about phishing and social designing strategies, proactive advances can altogether diminish weaknesses.
Cybercrimes manifest in two primary forms: those where computers serve as the medium and those where computers are the target. Understanding these distinctions is vital in crafting effective defence strategies. As technology evolves, so do the methods employed by cybercriminals, making it imperative that we keep pace and adapt.
The requirement for thorough digital regulations turns out to be progressively obvious in this computerized age. Such regulations can give the legitimate system important to arraign cybercriminals and safeguard the freedoms of casualties. As we push ahead, cooperative exertion between people, organizations, and states is fundamental to make a more secure and safer the internet for all.
This article has been written and presented by Vaidehi Sharma and Sriganesh Ji.