2012 1st International Conference on Emerging Technology Trends in Electronics, Communication and Networking

A STUDY OF INDIAN APPROACH TOWARDS CYBER SECURITY

M. Tariq Banday
Department of Electronics & Inst. Technology University of Kashmir, Srinagar, India
Abstract Cyberspace is a network of networks connecting billions of users round the globe with the help of networked gadgets that include computers, mobile phones, palmtops, iPods, etc. Internet, though offers great benefit to society, it also presents opportunities for criminals using new and highly sophisticated technology tools. It both poses and suffers from various security challenges as it is used to commit crime and is itself target of crime. It has unveiled many unique challenges like cyber espionage, cyber warfare, cyber terrorism that were not known previously in real space. The technology is constantly evolving which gives birth to a newer crime and a new generation of crimes has come on the horizon. It is in this backdrop that an attempt is made to analyze different facets of cybercrimes together with possible solutions offered by law and technology. Keywords- Cybercrime, Cyber Security, Cyber Terrorism, Indian initiatives to Cyber Security, Instances of Cybercrimes, Classification of Cybercrimes.

Farooq Ahmad Mir

Department of Law University of Kashmir, Srinagar, India attacks. It is also used to include traditional crimes in which computers or networks are used to enable the illicit activity. For a crime to be considered as cybercrime, the computer or network or gadget must have a central role in the crime i.e., as target or tool. Such an activity abuses security vulnerabilities of the devices or services used in cyberspace or exploit the underlying trust in the cyberspace. Cybercrime is also known by various other terms like computer crime, Internet crime, ecrime, digital crime, high-tech crime, online crime, etc. III. CYBERCRIMES: A PERSPECTIVE OF THEIR CLASSIFICATION

I.

INTRODUCTION

Cyberspace has created a virtual world with enormous potential to facilitate multifarious activities with great efficiency and flexibility. The transactions executed through cyberspace are economical, profitable, less time consuming and efficiently managed. It has proved a viable medium of communication which is evinced through by its popularity demonstrated by its increasing use. Cyberspace, inspite of its obvious advantages, is highly vulnerable to intrusion, data theft, hacking, and denial of services to name a few. It has proved, over the period of time, highly insecure and spawned a new generation of crimes, commonly known as cybercrime which do not respect political or geographical boundaries. Internet being essentially global in character therefore, these cybercrimes are no longer specific to any particular country but have global ramifications and have become worldwide phenomenon. The popularity of Internet and its applications to countless transactions have raised genuine threats of security, reliability and integrity of these transactions. The diverse applications of Internet cannot be put to use in an uncertain environment, these issues can be addressed by taking collaborative measure of law and technology. II. CYBERCRIME There is no definition of cybercrime. It is any human conduct or behavior that makes computer or network either target of crime or instrument of crime. Any such crime cannot be studied in isolation. It is intimately connect with technology. Any activity performed with criminal intent in the cyberspace accounts to cybercrime. Cybercrime is a term used broadly to describe criminal activity in which computers or computer networks are a tool, a target, or a place of criminal activity and include everything from electronic cracking to denial of service

CoE Convention [1], UN manual on the prevention and control of computer-related crime [2], U.S. Department of Justice [3], UK Association of Chief Police Officers [4], Brenner [5], Symantec Corporation [6], Gordon and Ford [7], Sukhai [8], Kelly [9], and Australian Centre for Police Research [10] have classified cybercrime in multiple categories. Some studies Koenig [11], Furnell [12], Wilson [13], Lewis [14], and the Australian High Tech Crime Centre [15], Foreign Affairs and International Trade of Canada [16], Urbas and Choo [17] have classified cybercrime into two categories, namely crimes that are committed using computers and networks like hacking and computer viruses and traditional crimes that are facilitated through the use of computers like child pornography and online fraud. These studies do not cover crimes that make indirect use of computers by criminals like communication, document and data storage. Moreover, some studies Kanellis et al [18], Chakrabarti and Manimaran [19], Thomas [20], Krone [21], and Sukhai [22] have also included one or more other factors like threats, attacks, victims and attackers in their classification of cybercrime. Broadly, cybercrime can be classified into following two categories: i) Acts wherein a computer or a gadget is used as a tool for an unlawful act. These include cyber defamation, cyber terrorism, cyber-stalking, financial claims, cyber pornography, online ambling, intellectual property crimes, e-mail spoofing, spamming and forgery, and, ii) Acts wherein a computer or computer network or a gadget is the target of an unlawful act. These include denial of service, virus/worm, logic bombs, Trojan horse, internet time theft, physically damaging a computer system, theft of information, unauthorized access to computer system or network, e-mail bombing and data diddling. Alkaabi et al [23] have developed a comprehensive model to characterize cybercrime which is based upon the role of the computer and on the detailed nature of the crime, and contextual information surrounding the crime. Comprehensive lists of crimes which are generally regarded as cybercrime have also been classified in Type I and Type II classifications. A modified version of this classification is given in figure 1.

978-1-4673-1627-9/12/$31.00 2012 IEEE

2012 1st International Conference on Emerging Technology Trends in Electronics, Communication and Networking

Certain cybercrimes intended for political purposes e.g. cyber terrorism or cyber warfare and may involve offences of both

Type I and Type II.

Figure 1. Classification of Computer Crimes

IV.

EMERGING CYBERCRIMES

Table 1 gives a brief definition of some of the cybercrimes that have been reportedly committed in cyberspace.
TABLE I DEFINITIONS OF EMERGING CYBERCRIMES Cyber Crime Tampering with computer Source Documents Hacking Definition To knowingly or intentionally, conceal, destroy, alter or cause another to conceal, destroy, or alter any computer source code used for a computer, computer program, computer system or computer network, when the computer source code is required to be kept or maintained by law is called tampering with computer Source Documents. Hacking commonly means unauthorized access to a computer system and network. Hacking is any technical effort to manipulate the normal behavior of network connections and connected computer systems. Publishing or transmitting or causing to publish in the electronic form, any material which is lascivious, or if its effect is such as to tend to deprave and corrupt persons who are likely to read, see or hear the matter contained or embodied in it, is punishable under the IT Act. Child Pornography is a part of cyber pornography but due to its gravity and frequent recurrences it is now recognized as a separate offence. Securing unauthorized access or attempt to secure unauthorized access to a protected system is prohibited and liable to punishment with imprisonment and fine. Data Diddling is cybercrime which involves altering of raw data just before processing by computer and later changing it back after the processing is complete. Financial crimes are crime against property, involving the unlawful conversion of the ownership of property (belonging to one person) to one's own personal use and benefit.

Cyber Crime Breach of Confidentiality and Privacy

Cyber Stalking

Cyber Squatting

Publishing of Obscene Information in Electronic Form Child Pornography Accessing Protected System Data Diddling Financial Crimes

Cyber Defamation Trojan Attack

Forgery

Definition Securing access to any electronic record, book, correspondence, register, information, document or other material without the consent of the person concerned or disclosure of such material to any other person is breach of confidentiality and privacy. This is punishable in India under the IT Act. Cyber stalking in common parlance means a harassing behavior which an individual exhibits towards other. If an individual uses cyberspace for stalking, then it is called cyber stalking. Thus cyber stalking is an online course of conduct of a person by which the targeted person is terrorized, embarrassed, ashamed, molested, outraged. This term is used interchangeably with online harassment and online abuse. Cybersquatting involves registration of a trade name or trademark of any enterprise as a domain name with which cyber squatter is not in any way associated. The objective of such registration is to demand money from the real owner of the trade name or trademark owner of the domain in lieu of the return of this name. Any statement which lowers a person in the estimation of the right thinking members of the society is cyber defamation. Cyber defamation occurs when defamation takes place with the help of computers and/or the Internet. In computing terms, a Trojan horse refers to a malicious program that appears disguised as something harmless, such as a video or a music file. A Trojan horse attack is typically designed with intent to either have pecuniary gain or spread mayhem but can accomplish any number of goals. The use of sophisticated computers, printers and scanners to counterfeit currency notes, postage and revenue stamps, mark sheets etc. is forgery. These crimes are difficult to control owing to the development and easy availability of cutting edge computing technology.

978-1-4673-1627-9/12/$31.00 2012 IEEE

2012 1st International Conference on Emerging Technology Trends in Electronics, Communication and Networking
Cyber Crime Internet Time Theft Definition It is the usage of Internet by some unauthorized person who steals Internet hours from another person who has paid for its usage. This kind of cybercrime was unheard until the victim reported it. In India this offence is usually covered under IPC and the Indian Telegraph Act. Viruses and worms are malicious programs that can cause damage to a computer system with a difference that a virus attaches itself to a program or file enabling it to spread from one computer to another, leaving infections as it travels. A virus can range in severity; some may cause only mildly annoying effects while others can damage hardware, software or files. It is forgery of some header of an e-mail message so that the message appears to have originated from someone or somewhere other than the actual source. Distributors of spam often use spoofing in an attempt to get recipients to open, and possibly even respond to their solicitations. Email bombing involves repeatedly sending email messages to a particular address on an e-mail server. The messages may be large and constituting meaningless data in an effort to consume additional system and network resources. Multiple accounts at the target site may be abused, increasing the denial of service impact. With this attack cyber criminals steal insignificant money or resources at a time. The key here is to make the alteration so insignificant that in a single case it would go completely unnoticed. This term has been taken from the word hijacking. Once a website is web jacked the owner of the site loses all control over it. The person gaining such kind of an access is called a hacker who may even alter or destroy any information on the site. Sexting is defined as the act of sending of sexually explicit texts and pictures by cell phone. Some define it as sharing of sexually explicit photos, videos, e-mail, text, through chat on cell phone, or on-line. The terms sexting and selfproduced child pornography may be overlapping, but they are not synonymous. Misuse of the Internet by terrorist organizations to steal corporation secrets and stockpile information to affects the world in three levels, individual, citizens and companies, the national governments, and international community. There has been an unexpected upsurge of threats and events of cyber terrorism.

Virus/worm Attack

E-mail spoofing

Email Bombing

Salami Attack

Web Jacking

Sexting

Cyber Terrorism

V.

CYBERCRIMES GLOBAL PERSPECTIVE

complainants. This underscores the national and global nature of Internet crime and the need for multi-jurisdictional cooperation to combat it. Further, during 2010, the nondelivery of payment or merchandise was the most reported offense, followed by FBI-related scams and identity theft. The statistics regarding various aspects of cybercrime in India and its comparison to that of 24 other nations (Global) retrieved from the Norton Cybercrime Report [25] reveal that cybercrime are on increase in India as compared to other 24 countries. The cybercrimes like computer viruses, online scams and phishing have recurrence much higher in comparison to that of the Global scale. Not only more adults from India have witnessed cybercrimes but also have been its victims. The number of adults who have experienced cybercrimes in their lifetime and those who have experienced these crimes in past 12 months is also much higher (80%) as against other 24 countries (global) (60%). Thus the incidences of cybercrimes in India are higher than some of the developed countries where Internet use is much more than India. To add to worries, it takes more time (15 days) to resolve complaints in India than in other countries (10 days). In most cases, damage has been limited to computer stations, websites, software, and email communications. Most attacks perpetrated by state and nonstate actors lack the capability to cause harm to a person, or to damage property, or to incite fear in the general population. Websites of various government organizations throughout the World are being hacked daily. After hacking of 133 Indian government websites during January to March 2012, India Lok Sabha was informed that government had taken various measures to tackle cybercrimes by setting up of early warning and response to cyber security incidents through the CERT-In and collaboration at national and international levels for information sharing and mitigation of cyber-attacks. In the years 2009, 2020 and 2011 as many as 92204248 government websites were hacked. Not all cyber-attacks are limited to denial of service attacks or incidents resulting in short term impacts like e-mail bombing or defacing of public domain websites. As many as 2232 Internet fraud cases involving Rs.1234.94 lakh were registered with RBI in the year 2010 and CBI registered two cybercrime cases involving Rs.17 lakh during 2010. VI. TECHNOLOGICAL SOLUTIONS Cyber security is defined by Cyber Security Information Act 2000 of the US as "the vulnerability of any computing system, software program, or critical infrastructure to, or their ability to resist, intentional interference, compromise, or incapacitation through the misuse of, or by unauthorized means of the Internet, public or private telecommunications systems, or other similar conduct that violates federal, state, or international law, that harms interstate commerce of the US, or that threatens public health or safety. Cyber security covers physical protection (both hardware and software) of personal information and technology resources from unauthorized access gained via technological means. The field of cyber security research is wide and multi-disciplinary. Technological solutions to cyber security aim to devise schemes, protocols and standards for addressing vulnerabilities in software, protocols or systems. Various security goals and cyber technologies as enumerated by ITU [26] for attaining these goals are shown in figure 2.

Cybercrimes have international character and are not country specific and thus have a global ramification. These crimes make network either tool or target of crime. Many western countries may be at the forefront of computer crime forensics and investigations, but other nations may not, and cooperation with them is a critical and on-going challenge. Investigating and prosecuting cybercrime is unique because the victim and perpetrator may be in two different countries or continents separated by thousands of miles. Successful investigations often require the cooperation of multiple agencies to resolve cases. According to 2010 Annual Internet Crime Report [24] of Internet Crime Control Centre, released on 24 Feb 2011 the most common victim complaints in 2010 were non-delivery of payment/merchandise, scams impersonating the FBI and identity theft. Victims of these crimes reported losing hundreds of millions of dollars. The origins of perpetrators reflect the graveness of geographic challenges related to its investigation. The report also finds that a minority of perpetrators reside in the same state as the

978-1-4673-1627-9/12/$31.00 2012 IEEE

2012 1st International Conference on Emerging Technology Trends in Electronics, Communication and Networking

modification, destruction and corruption by malicious software (malware) that includes viruses, Trojan horses, worms, spyware, adware and worms. Antivirus and integrity checkers help maintain system integrity by identifying, blocking and eliminating malware. Antivirus or anti-spyware software can reside on computers or gateways to detect incoming malware eliminate resident malware and repair damaged files. Integrity checkers also help fight unauthorized tampering with information and assets. Integrity checkers are security tools that monitor and alert on specific file changes on a range of systems. C. Cryptography Confidentiality, integrity, authentication and nonrepudiation which are essential for e-commerce are supported by Symmetric and Asymmetric cryptography. Cryptography can secure both online and off line date. Public Key Infrastructure (PKI) is used for large scale cyber systems owing to its low infrastructure overload. Digital Signatures and Certificates are used for implementation of PKI. Virtual Private Network (VPN) that includes IPsec, Secure Sockets Layer (SSL) or Transport Layer Security (TLS) and Point-to-Point Tunneling Protocol (PPTP) are other cryptographic protocols to secure communicating over public networks. VPN is used by governments and large corporate organizations to extend private networks to several physical locations by using a public network like Internet. VPN enable segregation of a physical network in several virtual networks. D. Audit and Monitoring These systems record user and system activities for monitoring incident response and investigations for evaluating the security status of devices, perform investigations during and after attacks and identify on-going attacks. Intrusion Detection System (IDS), Intrusion Prevention System (IPS), Security Event Correlation Tools and Computer Forensics Tools are various types of Audit and Monitoring systems. Network Intrusion Detection System (NIDS) and Host-based Intrusion Detection System (HIDS) are two types of ID systems which detect inappropriate or irregular activities that have potential to affect a systems confidentiality, integrity and availability status. NIDS monitor network traffic by comparing the traffic with a signature file that provides a list of potentially malicious activities with an aim of detecting potentially malicious activity such as denial of service attacks, port scans or attempts to infiltrate computers. NIDS normally obtains the original signature file from a vendor. It is critical to keep the signature file updated as this helps keep track of new malicious activities or attacks. Newer NIDSs use behavior-based threat detection methods instead of signatures. The behavior-based threat detection technology makes it easier to identify the socalled zero-day attacks for which no signatures exist. HIDS monitor potentially malicious dynamic activity on specific components of a computer system or networks e.g. stored data, system logs and configuration files and check whether they appear as expected. The HIDS comparison database requires strong protection to prevent attackers modifying entries and enabling their attacks to go undetected. An IPS monitors network and/or system activities for malicious or unwanted behavior and can react, in real-time, to block or prevent intrusions. IPSs drop offending packets on detecting a

Figure 2. Cyber Security Goals and Technologies [26]

A. Access Control Technologies Boundary Protection, Authentication and Authorization are three common access control technologies which prevent unauthorized parties from accessing, viewing or modifying sensitive information. Boundary technologies enforce sufficient separation between networks handling data of different protective marking levels by creating logical or physical boundaries between protected information and untrusted users and networks. Such zones are called Demilitarized Zone (DMZ). Network or host-based firewalls preventing unauthorized access to or from a private network and Content management systems monitoring web, messaging and other traffic for inappropriate content such as spam, banned file types and sensitive or classified information perform the roles of boundary technologies. Authentication technologies tie an individual to an identity. Identification is through three means namely: what someone knows (e.g. password), what someone has (e.g. devices such as smart cards with integrated circuit chips (ICC) to store and process authentication detail) and what someone is (e.g. biometric data from human body parts such as fingerprints, iris and voice). Secure systems often combine two methods to create twofactor authentication. Authorization systems determine User Rights and Privilege whether to grant or deny a user access to particular information or resources. Authorization modules enforce principles such as least privilege, separation of duties and legitimate use and rely on organizational rules and/or roles to manage access. Usernames and passwords are the most popular authentication techniques. B. System Integrity It ensures reliability of information and checks the malicious code menace. Antivirus and Anti-spyware systems and Integrity Checkers serve as technical solutions that support the control of malicious code. Antivirus and Anti-spyware systems protect systems and data therein against unauthorized

978-1-4673-1627-9/12/$31.00 2012 IEEE

2012 1st International Conference on Emerging Technology Trends in Electronics, Communication and Networking

malicious activity but allow all other traffic to pass through. Modern IPSs have firewall, intrusion detection, antivirus and vulnerability assessment capabilities. IPS may act as intelligent firewalls as they can base access control decisions on content rather than IP address or ports only as older firewalls. IPSs use destination ports as their signature format. IPSs are also Hostbased IPS (HIPS) or Network-based IPS (NIPS). Correlation tools analyses the logs in real time collected by them, establish whether an attack has occurred, respond passively or actively or alert an incident response module or team. The logs are collected from Security Enforcing Functions in operating systems, firewalls, applications, IDSs, IPSs and network devices. Forensic tools are helpful in Identifying, preserving and disseminating computer-based evidence. The automatically can identify data modification, file deletions, link a computer crime to an offender and individuate attack methods. E. Configuration Management and Assurance Tools These tools enable to create, view or modify security settings on computer systems and devices as well as to confirm whether the implemented settings are correct or not. Policy Enforcement Tools, Network Management Tools, Continuity of Operations Tools, Scanners and Patch management are various tools under this group. Policy Enforcement Tools are tools for defining and enforcing compliance with set rules and configurations such as password policy and maintenance of server and desktop builds e.g. user and computer accounts on a computer. Network management tools utilize Simple Network Management Protocol (SNMP) to monitor network-attached devices and flag problems to system administrators. it provides information on issues such as memory usage and the number of running processes. SNMP also allows active management tasks such as modifying and applying new configurations. Tools for Continuity of Operations are backup tools to restore system functionality and data in the event of a computer failure due to power outage or cyber-attack or after a natural disaster. Continuity of operations tools includes high-availability systems, journaling file systems and RAID. Vulnerability scanners identify, analyze and report on security vulnerabilities and help conduct network reconnaissance to identify gaps in system configuration that may enable an unauthorized intrusion. Patch management tools permit tests and apply updates and bug fixes to firmware and software applications to ensure that cyber attackers do not thrive to the system. VII. INDIAN NETWORK SECURITY POLICY A. National Cyber Security Policy The draft on National Cyber Security Policy for secure computing environment and adequate trust & confidence in electronic transactions made available for public comment till 15 May 2011 lays stress on the following key considerations: i) The security of cyber space is sine quo non. It cannot be left at the discretion of the stake holders. To begin with, it is required for the survival of the cyberspace; it is equally required for the security, sovereignty, integrity and defense of India and public safety and economic wellbeing of the country. ii) The issues of cyber security cannot be addressed by taking resort to traditional technological measures like antivirus and fire wall. The technological solutions have to be flexible and sufficiently equipped to detect, stop and prevent attacks. iii) Like

intelligence agencies in real space meant to thwart any possible attack, there is a need to establish Cyber security intelligence that should be able to anticipate attacks, adopt suitable counter measures and attribute the attacks for possible counter action. iv) There is a need for effective correlation of information received from different sources and real-time monitoring of assets that need protection and put in place across management team. v) There is a need to focus on having a suitable security posture and adopt counter measures on the basis of hierarchy of priority and understanding of the inter dependencies, rather than attempting to defend against all intrusions and attacks. vi) There is a clear need for focusing on people and processes while attempting to use the best available technological solutions, which otherwise could prove ineffective. vii) Security needs to be built-in from the conceptual design stage itself when it comes to developing and deploying critical information infrastructure, as opposed to having security as an afterthought. Security measures must be inbuilt right from the conceptual design stage which must be constantly updated and should be always ahead of the possible hackers. The technology cannot work unless it is manned by people with sufficient expertize. These persons have to be rewarded by suitable incentives for better results. B. India Legal Approach Indian parliament has adopted a twofold strategy to control cybercrimes. It has amended the Indian Penal Code to cover Cybercrimes expressly and has provided provisions in the Act, which was basically enacted to facilitate e-commerce in India, to deal with computer related crimes. The schemes of offences and punishment provided under IT Act are given in Table 2.
TABLE 2 OFFENCES AND THE PUNISHMENT UNDER IT ACT Section Offences 43 Damage to Computer System. Punishment: Compensation to the affected person. 65 Tempering with computer source document. Punishment: Up to 3 years imprisonment or fine up to 2 lakhs or both. 66 Fraudulently does any act referred to under section 43. Punishment: Up to 3 years imprisonment or fine up to 3lakhs or both. 66-A Sending any offensive message through communication service. Punishment: 3years imprisonment and fine. 66-B Dishonestly receiving stolen computer or communication device Punishment: 3 years imprisonment or fine of Rs. 1lakh or both 66-C Punishment for Identity theft Punishment: 3 years imprisonment and fine up to Rs. 1 lakh 66-D Punishment for cheating by impersonation Punishment: 3 years imprisonment and fine up to Rs. 1 lakh 66-E Punishment for violation of privacy Punishment: : 3 years imprisonment and fine up to 2 lakhs 66-F Punishment for cyber terrorism Punishment: Imprisonment for life 67 Punishment for publishing or transmitting obscene material in electronic form. Punishment: 5 years imprisonment and fine up to 10 lakhs. 67-B Child pornography Punishment: First conviction 5 years imprisonment and fine up to 10 lakhs. For second or subsequent conviction 7 years imprisonment and fine up to 10 lakhs. 70 Any person who secures access or attempts to secures access to

978-1-4673-1627-9/12/$31.00 2012 IEEE

2012 1st International Conference on Emerging Technology Trends in Electronics, Communication and Networking
Section Offences a protected system in contravention to the provisions. Punishment: Ten years Imprisonment and fine. 70 Penalty for Misrepresentation. Punishment: 2 years imprisonment or fine to the extent of 1 lakh or both. 73 Penalty for breach of confidentiality and Privacy. Punishment: 2 years imprisonment or fine up to 1 lakh or both. 73 Punishment for disclosure of information in contravention in breach of lawful contract. Punishment: 3 years imprisonment or fine up to 5 lakh or both. 76 Any computer, computer system. Floppies, compact disks, tape drives or any other accessories related thereto used for contravention of the IT, rules, orders or regulation made there under Punishment: Liable for confiscation. [2] [3] [4] [5] [6] [7] [8] United Nations (UN). International Review of Criminal Policy - United Nations manual on the prevention and control of computer-related crime. 1999, http://www.uncjin.org/8th.pdf. Computer Crime and Intellectual Property Section Criminal Division at U.S. Department of Justice, Prosecuting computer crimes. 2007. UK Metropolitan Police Service (MPS). Progress of MPS E-crime Strategy. 2007, http://www.mpa.gov.uk/print/ committees/mpa/2007/0 70125/10.htm. Brenner, S.W., U.S. Cybercrime Law: Defining offences. Information Systems Frontiers, 2004. 6(2): p. 115-132. Symantec Corporation. What is Cybercrime? 2007, http://www.symantec.com/avcenter/cybercrime/index_page2.html. Gordon, S. and R. Ford, On the Definition and Classification of Cybercrime. Journal of Computer Virology, 2006. 2(1): p. 13-20. Sukhai, N.B., Hacking and Cybercrime, in Proceedings of the 1st Annual Conference on Information Security Curriculum Development, I.s.c. development, Editor. 2004, ACM Press.: Kennesaw, Georgia. p. 128-132. Kelly, J.X. Cybercrime High tech crime. 2002, http://www.jisclegal.ac.uk/cybercrime/Archived_cybercrime.htm. Secretariat of the Parliamentary Joint Committee on the Australian Crime Commission. Cybercrime. 2004, http://www.aph.gov.au/senate/ committee/acc_ctte/completed_inquiries/200204/cybercrime/report/report.pdf. Koenig, D. Investigation of Cybercrime and Technology-related Crime. 2002, http://www.neiassociates.org/cybercrime.htm. Furnell, S.M., The Problem of Categorising Cybercrime and Cybercriminals, in 2nd Australian Information Warfare and Security Conference. 2001: Perth, Australia. p. 29-36. Wilson, C. Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and policy issues for congress. 2008 http://fas.org/sgp/ crs/terror/RL32114.pdf. Lewis, B.C. Preventing of Computer Crime Amidst International Anarchy. 2004, http://goliath.ecnext.com/coms2/summary_01993456285_ITM. Australian High Tech Crime Centre (AHTCC), Fighting the Invisible. Platypus Magazine: Journal of the Australian Federal Police, 2003. 80: p. 4-6. http://www.afp.gov.au/~/media/afp/pdf/f/fighting-the-invis ible.ashx. Foreign Affairs and International Trade Canada. Cyber Crime. 2004 16 August 2004, http://www.dfaitmaeci.gc.ca /internationalcrime/ cybercrime-en.asp. Urbas, G. and K.-K.R. Choo. Resources Materials on Technologyenabled Crime. 2008, http://www.aic.gov.au/ publications/ tbp/tbp028/tbp028.pdf. Kanellis, P., et al., eds. Digital Crime and Forensic Science in Cyberspace. 2006, Idea Group Inc: London. Chakrabarti, A. and G. Manimaran, Internet Infrastructure Security: A taxonomy. IEEE Network, 2002. 16(6): p. 13- 21. Thomas, D., An Uncertain World. The British Computer Society, 2006. 48(5): p. 12-13. Krone, T. High Tech Crime Brief: Hacking motives. 2005, http://www.aic.gov.au/publications/htcb/htcb006.html. Sukhai, N.B., Hacking and Cybercrime, in Proceedings of the 1st Annual Conference on Information Security Curriculum Development, I.s.c. development, Editor. 2004, ACM Press. Kennesaw, Georgia. p. 128-132. Alkaabi, Ali and Mohay,George M. and McCullagh, Adrian J. and Chantlet, Alan N. (2010), Dealing with the problem of cybercrime, In: Conference Proceedings of 2nd International ICST Conference on Digital Forensics and Cyber Crime, 4-6 October 2010, Abu Dhabi. Annual Internet Crime Report, 2010, Internet Crime Control Center, released on 24 Feb 2011, http://www.ic3. gov/media/annualreport/2010_IC3Report.pdf Cybercrime Report 2011, Symentac, Norton http://www.symantec.com/content/en/us/home_homeoffice/html/ncr/. ITU National Cyber security Strategy Guide, September, 2011, http://www.itu.int/ITU-D/cyb/cybersecurity/docs/itu-national-cybersecu r ity- guide.pdf.

C. Establishment of Cyber Appellate Tribunal Cyber Appellate Tribunal (CAT) has been established under IT Act to deal exclusively with the cybercriminals and other allied issues. The central government has shown resolve to provide strong legal regime to deal with cybercrimes. The tribunal has only Appellate jurisdiction. The complaint shall initially be before adjudication officer who is also appointee of the central government. The jurisdiction of civil court is barred. The Cyber Appellate Tribunal has powers to regulate its own procedure including the place at which it has its sittings. Every proceeding before the Cyber Appellate Tribunal shall be deemed as judicial proceeding within the meaning of sections 193 and 228, and for the purposes of section 196 of the Indian Penal Code and the Cyber Appellate Tribunal shall be deemed as a civil court for the purposes of section 195 and Chapter XXVI of the Code of Criminal Procedure, 1973. D. Establishment of CERT-In The Indian Computer Emergency Response Team operates under the auspices of and with authority delegated by the Department of Information Technology, Ministry of Communications and Information Technology, Government of India. It is the National Incident Response Centre for major computer security incidents in Indian Cyber community. Its primary goal is to raise security awareness among Indian cyber community and to provide technical assistance and advise them to help recover from computer security incidents. CONCLUSION Cybercrimes have posed serious threat to the security of the Internet infrastructure which may be local in origin but global in ramifications. These crimes are making either network target of crime or instrument of crime. The nature of these crimes is diverse as they are intimately associated with the technology which is constantly evolving that provides added opportunities to the cyber criminals to find new ways of the commission of the crime. India is showing alarming increase in the incidence of some of the cyber-crimes and it takes more time to resolve complaint involving cybercrime. Cybercrimes can be controlled only if there is a global resolve to curb them together with strong techno-legal measures that are to be put in place at the national level. REFERENCES
[1] Council of Europe. Convention on Cybercrime. http://conventions.coe.int/Treaty/EN/Treaties/Html/185.htm 2001,

[9] [10]

[11] [12] [13] [14] [15]

[16] [17] [18] [19] [20] [21] [22]

[23]

[24] [25] [26]

978-1-4673-1627-9/12/$31.00 2012 IEEE