Rohas Nagpal Asian School of Cyber Laws - Department of ...

Evolution ofCyber CrimesRohas NagpalAsian School of Cyber Laws

About the authorRohas Nagpal is the founder President of Asian School ofCyber Laws.He advises Governments and corporates around the worldin cyber crime investigation and cyber law related issues.He has assisted the Government of India in drafting rulesand regulations under the Information Technology Act,2000.He has authored several books, papers and articles oncyber law, cyber terrorism, cyber crime investigation andfinancial law.Rohas lives in Pune (India) and blogs @ rohasnagpal.comSome of the papers authored by Rohas Nagpal1. Internet Time Theft & the Indian Law2. Legislative Approach to Digital Signatures3. Indian Legal position on Cyber Terrorism4. Defining Cyber Terrorism5. The mathematics of terror6. Cyber Terrorism in the context of Globalisation7. Biometric based Digital Signature SchemeSome of the books authored by Rohas Nagpal

Asian School of Cyber Laws1. EVOLUTION OF CYBER CRIME ........................................................................... 21.1 FINANCIAL CRIMES................................................................................................ 31.2 CYBER PORNOGRAPHY......................................................................................... 51.3 SALE OF ILLEGAL ARTICLES................................................................................. 61.4 ONLINE GAMBLING................................................................................................ 71.5 INTELLECTUAL PROPERTY CRIMES ...................................................................... 81.6 EMAIL SPOOFING................................................................................................... 91.7 FORGERY ............................................................................................................. 101.8 CYBER DEFAMATION........................................................................................... 111.9 CYBER STALKING................................................................................................ 121.10 WEB DEFACEMENT............................................................................................ 141.11 EMAIL BOMBING................................................................................................ 161.12 DATA DIDDLING................................................................................................. 171.13 SALAMI ATTACKS.............................................................................................. 181.14 DENIAL OF SERVICE ATTACK ........................................................................... 201.15 VIRUS / WORM ATTACKS .................................................................................. 211.16 TROJANS AND KEYLOGGERS............................................................................ 241.17 INTERNET TIME THEFT ...................................................................................... 251.18 WEB JACKING ................................................................................................... 261.19 EMAIL FRAUDS.................................................................................................. 291.20 CYBER TERRORISM........................................................................................... 321.21 USE OF ENCRYPTION BY TERRORISTS .............................................................. 36© 2008 Rohas Nagpal. All rights reserved. - 1 -

Asian School of Cyber Laws1. Evolution of cyber crimeThe first recorded cyber crime took place in the year 1820!That is not surprising considering the fact that the abacus, which isthought to be the earliest form of a computer, has been around since3500 B.C. in India, Japan and China. The era of modern computers,however, began with the analytical engine of Charles Babbage.In 1820, Joseph-Marie Jacquard, a textile manufacturer in France,produced the loom. This device allowed the repetition of a series of stepsin the weaving of special fabrics. This resulted in a fear amongstJacquard's employees that their traditional employment and livelihoodwere being threatened. They committed acts of sabotage to discourageJacquard from further use of the new technology. This is the firstrecorded cyber crime!Today, computers have come a long way with neural networks and nanocomputingpromising to turn every atom in a glass of water into acomputer capable of performing a billion operations per second.In a day and age when everything from microwave ovens andrefrigerators to nuclear power plants are being run on computers, cybercrime has assumed rather sinister implications.Cyber crime can involve criminal activities that are traditional in nature,such as theft, fraud, forgery, defamation and mischief. The abuse ofcomputers has also given birth to a gamut of new age crimes such ashacking, web defacement, cyber stalking, web jacking etc.A simple yet sturdy definition of cyber crime would be “unlawful actswherein the computer is either a tool or a target or both”.The term computer used in thisdefinition does not only mean theconventional desktop or laptopcomputer. It includes PersonalDigital Assistants (PDA), cellphones, sophisticated watches, carsand a host of gadgets.Recent global cyber crime incidents like the targeted denial of serviceattacks on Estonia have heightened fears. Intelligence agencies arepreparing against coordinated cyber attacks that could disrupt rail and airtraffic controls, electricity distribution networks, stock markets, bankingand insurance systems etc.Unfortunately, it is not possible to calculate the true social and financialimpact of cyber crime. This is because most crimes go unreported.- 2 - © 2008 Rohas Nagpal. All rights reserved.

Asian School of Cyber Laws1.1 Financial CrimesMoney is the most common motive behind all crime. The same is alsotrue for cyber crime. Globally it is being observed that more and morecyber crimes are being committed for financial motives rather than for“revenge” or for “fun”.With the tremendous increase in the use of internet and mobile banking,online share trading, dematerialization of shares and securities, this trendis likely to increase unabated.Financial crimes include cyber cheating, credit card frauds, moneylaundering, hacking into bank servers, computer manipulation,accounting scams etc.Illustration 1Punjab National Bank in India wascheated to the tune of Rs. 13.9million through false debits andcredits in computerized accounts.Illustration 2Rs. 2,50,000 were misappropriatedfrom Bank of Baroda in Indiathrough falsification of computerizedbank accounts.Illustration 3The Hyderabad police in Indiaarrested an unemployed computeroperator and his friend, a steward ina prominent five-star hotel, forstealing and misusing credit cardnumbers belonging to hotelcustomers.The steward noted down thevarious details of the credit cards,which were handed by clients of thehotel for paying their bills. Then, hepassed all the details to hiscomputer operator friend who usedthe details to make onlinepurchases on various websites.Illustration 4In 2004, the US Secret Serviceinvestigated and shut down anonline organization that trafficked inaround 1.7 million stolen creditcards and stolen identity informationand documents.© 2008 Rohas Nagpal. All rights reserved. - 3 -

Asian School of Cyber LawsThis high-profile case, known as“Operation Firewall,” focused on acriminal organization of some 4,000members whose Web sitefunctioned as a hub for identity theftactivity.Illustration 5In 2003, a hacker was convicted inthe USA for causing losses ofalmost $25 million. The defendantpleaded guilty to numerous chargesof conspiracy, computer intrusion,computer fraud, credit card fraud,wire fraud, and extortion.The hacker and his accomplicesfrom Russia had stolen usernames,passwords, credit card information,and other financial data by hackinginto computers of US citizens. Theywould then extort money from thosevictims with the threat of deletingtheir data and destroying theircomputer systems.- 4 - © 2008 Rohas Nagpal. All rights reserved.

Asian School of Cyber Laws1.2 Cyber PornographyCyber pornography is believed to be one of the largest businesses on theInternet today. The millions of pornographic websites that flourish on theInternet are testimony to this. While pornography per se is not illegal inmany countries, child pornography is strictly illegal in most nations today.Cyber pornography covers pornographic websites, pornographicmagazines produced using computers (to publish and print the material)and the Internet (to download and transmit pornographic pictures,photos, writings etc).Illustration 1A school student from Delhi (India),who was regularly teased for havinga pockmarked face, used a freehosting provider to createwww.amazing-gents.8m.net.He regularly uploaded “morphed”photographs of teachers and girlsfrom his school onto the website.He was arrested when the father ofone of the victims reported the caseto the police.Illustration 2The CEO of online auction websitebazee.com (a part of the ebaygroup) was arrested by the Delhipolice for violating India’s strict lawson cyber pornography. Anengineering student was using thebazee website to sell a videodepicting two school studentshaving sexual intercourse.Bazee.com was held liable fordistributing porn and hence theCEO was arrested.Illustration 3The CEO of a software company inPune (India) was arrested forsending highly obscene emails to aformer employee.© 2008 Rohas Nagpal. All rights reserved. - 5 -

Asian School of Cyber Laws1.3 Sale of Illegal ArticlesIt is becoming increasingly common to find cases where sale of illegalarticles such as narcotics drugs, weapons, wildlife etc. is being facilitatedby the Internet. Information about the availability of the products for saleis being posted on auction websites, bulletin boards etc.It is practically impossible to controlor prevent a criminal from setting upa website to transact in illegalarticles. Additionally, there areseveral online payment gatewaysthat can transfer money around theworld at the click of a button.The Internet has also created a marketplace for the sale of unapproveddrugs, prescription drugs dispensed without a valid prescription, orproducts marketed with fraudulent health claims.Many sites focus on sellingprescription drugs and are referredto by some as “Internetpharmacies.” These sites offer forsale either approved prescriptiondrug products, or in some cases,unapproved, illegal versions ofprescription drugs. This poses aserious potential threat to the healthand safety of patients.The broad reach, relativeanonymity, and ease of creatingnew or removing old websites,poses great challenges for lawenforcement officials.IllustrationIn March 2007, the Pune ruralpolice cracked down on an illegalrave party and arrested hundreds ofillegal drug users. The socialnetworking site Orkut.com isbelieved to be one of the modes ofcommunication for gathering peoplefor the illegal “drug” party.- 6 - © 2008 Rohas Nagpal. All rights reserved.

Asian School of Cyber Laws1.4 Online GamblingThere are thousands of websites that offer online gambling. The specialissue with online gambling is that it is legalised in several countries. Solegally the owners of these websites are safe in their home countries.The legal issues arise when a person residing in a foreign country likeIndia (where such websites are illegal) gambles on such a website.IllustrationThe website ladbrokes.compermits users to gamble on avariety of sports such as cricket,football, tennis, golf, motor racing,ice hockey, basketball, baseball,darts, snooker, boxing, athletics,rugby, volleyball, motor cycling etc.Additionally it also features anonline casino. The website has notechnical measures in place toprohibit residents of certaincountries (where online gambling isillegal) from betting at their website.© 2008 Rohas Nagpal. All rights reserved. - 7 -

Asian School of Cyber Laws1.5 Intellectual Property CrimesThese include software piracy, copyright infringement, trademarksviolations, theft of computer source code etc.Illustration 1A software professional fromBangalore (India) was booked forstealing the source code of aproduct being developed by hisemployers. He started his owncompany and allegedly used thestolen source code to launch a newsoftware product.Illustration 2In 2003, a computer user in Chinaobtained the source code of apopular game - LineageII from anunprotected website. Thisproprietary code was then sold toseveral people in 2004. One ofthose people set up a website,www.l2extreme.com, to offer the“Lineage” game at a discount.Despite legal warnings from theSouth Korean company that ownedthe Lineage source code, thesuspect did not shut down the site.He rented powerful servers -enough to accommodate 4,000simultaneous gamers - and soliciteddonations from users to help defraythe costs.The loss in potential revenues forthe South Korean company wasestimated at $750,000 a month. TheUS FBI arrested the suspect andthe website was shut down.- 8 - © 2008 Rohas Nagpal. All rights reserved.

Asian School of Cyber Laws1.6 Email SpoofingA spoofed email is one that appears to originate from one source butactually has been sent from another source e.g Pooja has an e-mailaddress pooja@asianlaws.org.Her ex-boyfriend, Sameer spoofs her e-mail and sends obscenemessages to all her acquaintances. Since the e-mails appear to haveoriginated from Pooja, her friends may take offence and relationshipsmay be spoiled for life.Illustration 1In an American case, a teenagermade millions of dollars byspreading false information aboutcertain companies whose shares hehad short sold.This misinformation was spread bysending spoofed emails, purportedlyfrom news agencies like Reuters, toshare brokers and investors whowere informed that the companieswere doing very badly.Even after the truth came out thevalues of the shares did not go backto the earlier levels and thousandsof investors lost a lot of money.Illustration 2A branch of the erstwhile GlobalTrust Bank in India experienced arun on the bank. Numerouscustomers decided to withdraw alltheir money and close theiraccounts.An investigation revealed thatsomeone had sent out spoofedemails to many of the bank’scustomers stating that the bank wasin very bad shape financially andcould close operations at any time.The spoofed email appeared tohave originated from the bank itself.© 2008 Rohas Nagpal. All rights reserved. - 9 -

Asian School of Cyber Laws1.7 ForgeryCounterfeit currency notes, postage and revenue stamps, mark sheets,academic certificates etc are made by criminals using sophisticatedcomputers, printers and scanners.Illustration 1In October 1995, EconomicOffences Wing of Crime Branch,Mumbai (India), seized over 22,000counterfeit share certificates of eightreputed companies worth Rs. 34.47crores. These were allegedlyprepared using Desk TopPublishing Systems.Illustration 2Abdul Kareem Telgi, along withseveral others, was convicted inIndia on several counts ofcounterfeiting stamp papers andpostage stamps totalling severalbillion rupees.- 10 - © 2008 Rohas Nagpal. All rights reserved.

Asian School of Cyber Laws1.8 Cyber DefamationThis occurs when defamation takes place with the help of computers and/ or the Internet. e.g. Sameer publishes defamatory matter about Poojaon a website or sends e-mails containing defamatory information toPooja’s friends.Illustration 1Abhishek, a teenaged student wasarrested by the Thane police inIndia following a girl’s complaintabout tarnishing her image in thesocial networking site Orkut.Abhishek had allegedly created afake account in the name of the girlwith her mobile number posted onthe profile.The profile had been sketched insuch a way that it drew lewdcomments from many who visitedher profile. The Thane Cyber Celltracked down Abhishek from thefalse e-mail id that he had createdto open up the account.Illustration 2The Aurangabad bench of theBombay high court issued a noticeto Google.com following a publicinterest litigation initiated by ayoung lawyer.The lawyer took exception to acommunity called ‘We hate India’,owned by someone who identifiedhimself as Miroslav Stankovic. Thecommunity featured a picture of theIndian flag being burnt.Illustration 3Unidentified persons postedobscene photographs and contactdetails of a Delhi school girl.Suggestive names like ’sex teacher’were posted on the profile.The matter came to light after thegirl’s family started receiving vulgarcalls referring to Orkut.© 2008 Rohas Nagpal. All rights reserved. - 11 -

Asian School of Cyber Laws1.9 Cyber StalkingCyber stalking refers to the use of the Internet, e-mail, or other electroniccommunications devices to stalk another person.Stalking generally involves harassing or threatening behaviour that anindividual engages in repeatedly, such as following a person, appearingat a person's home or place of business, making harassing phone calls,leaving written messages or objects, or vandalizing a person's property.Most stalking laws require that the perpetrator make a credible threat ofviolence against the victim; others include threats against the victim'simmediate family.Illustration 1In the first successful prosecutionunder the California (USA) cyberstalking law, prosecutors obtained aguilty plea from a 50-year-oldformer security guard who used theInternet to solicit the rape of awoman who rejected his romanticadvances.He terrorized the 28-year-old victimby impersonating her in variousInternet chat rooms and onlinebulletin boards, where he posted,along with her telephone numberand address, messages that shefantasized about being raped.On at least six occasions,sometimes in the middle of thenight, men knocked on the woman'sdoor saying they wanted to rapeher.Illustration 2An honours graduate from theUniversity of San Diego in USAterrorized five female universitystudents over the Internet for morethan a year.The victims received hundreds ofviolent and threatening e-mails,sometimes receiving four or fivemessages a day.The student, who pleaded guilty,told the police that he had- 12 - © 2008 Rohas Nagpal. All rights reserved.

Asian School of Cyber Lawscommitted the crimes because hethought the women were laughingat him and causing others to ridiculehim. In reality, the victims had nevermet him.Illustration 3In 2005, a minor fromMassachusetts (USA) wasconvicted in connection withapproximately $1 million in victimdamages.Over a 15-month period, he hadhacked into Internet and telephoneservice providers, stolen anindividual’s personal informationand posted it on the Internet, andmade bomb threats to many highschools.© 2008 Rohas Nagpal. All rights reserved. - 13 -

Asian School of Cyber Laws1.10 Web defacementWebsite defacement is usually the substitution of the original home pageof a website with another page (usually pornographic or defamatory innature) by a hacker.Religious and government sites are regularly targeted by hackers inorder to display political or religious beliefs. Disturbing images andoffensive phrases might be displayed in the process, as well as asignature of sorts, to show who was responsible for the defacement.Websites are not only defaced for political reasons, many defacers do itjust for the thrill. For example, there are online contests in which hackersare awarded points for defacing the largest number of web sites in aspecified amount of time. Corporations are also targeted more often thanother sites on the Internet and they often seek to take measures toprotect themselves from defacement or hacking in general.Web sites represent the image of a company or organisation and theseare therefore especially vulnerable to defacement. Visitors may lose faithin sites that cannot promise security and will become wary of performingonline transactions. After defacement, sites have to be shut down forrepairs, sometimes for an extended period of time, causing expensesand loss of profit.Illustration 1Mahesh Mhatre and Anand Khare(alias Dr Neukar) were arrested in2002 for allegedly defacing thewebsite of the Mumbai Cyber CrimeCell.They had allegedly used passwordcracking software to crack the FTPpassword for the police website.They then replaced the homepageof the website with pornographiccontent. The duo was also chargedwith credit card fraud for using 225credit card numbers, mostlybelonging to American citizens.Illustration 2In 2001, over 200 Indian websiteswere hacked into and defaced. Thehackers put in words like bugz,death symbol, Paki-king andallahhuakbar.In the case of 123medicinindia.com,a message was left behind whichsaid – “Catch me if uuu can my- 14 - © 2008 Rohas Nagpal. All rights reserved.

Asian School of Cyber Lawsderaz lazy adminzzz” – challengingthe system administrators to tracethe miscreants.The offenders were allegedly agroup of hackers who go by thename of ‘Pakistani Cyber Warriors’.Illustration 3In 2006, a Turkish hacker using thehandle iSKORPiTX was able tobreach the security of a group ofweb servers, containing more than38,500 web sites in less than a day!Illustration 4The first Defacers Challenge tookplace on Sunday, July 6, 2003.There was a special prize for thefirst contestant to deface 6,000 websites.The contest was conducted over asix-hour period. Points wereawarded based on the server’soperating system.Windows: 1 point,Linux: 2 points,BSD: 2 points,AIX: 3 points,HP-UX: 5 pointsMacintosh: 5 points© 2008 Rohas Nagpal. All rights reserved. - 15 -

Asian School of Cyber Laws1.11 Email BombingEmail bombing refers to sending a large number of emails to the victimresulting in the victim’s email account (in case of an individual) or mailservers (in case of a company or an email service provider) crashing.Email bombing is a type of denial-of-service attack. A denial-of-serviceattack is one in which a flood of information requests is sent to a server,bringing the system to its knees and making the server difficult to access.Illustration 1A British teenager was cleared oflaunching a denial-of-service attackagainst his former employer, in aruling under the UK ComputerMisuse Act.The teenager was accused ofsending 5 million e-mail messagesto his ex-employer that caused thecompany's e-mail server to crash.The judge held that the UKComputer Misuse Act does notspecifically include a denial-ofserviceattack as a criminal offence.Illustration 2In one case, a foreigner who hadbeen residing in Simla, India foralmost 30 years wanted to avail of ascheme introduced by the SimlaHousing Board to buy land at lowerrates. When he made an applicationit was rejected on the grounds thatthe scheme was available only forcitizens of India.He decided to take his revenge.Consequently, he sent thousands ofmails to the Simla Housing Boardand repeatedly kept sending e-mailstill their servers crashed.- 16 - © 2008 Rohas Nagpal. All rights reserved.

Asian School of Cyber Laws1.12 Data DiddlingOne of the most common forms of computer crime is data diddling -illegal or unauthorized data alteration. These changes can occur beforeand during data input or before output. Data diddling cases have affectedbanks, payrolls, inventory records, credit records, school transcripts andvirtually all other forms of data processing known.Illustration 1The NDMC Electricity Billing FraudCase that took place in 1996 is atypical example. The computernetwork was used for receipt andaccounting of electricity bills by theNew Delhi Municipal Council.Collection of money, computerizedaccounting, record maintenanceand remittance in the bank wereexclusively left to a privatecontractor who was a computerprofessional.He misappropriated huge amount offunds by manipulating data files toshow less receipt and bankremittance.Illustration 2A keyboard operator processingorders at an Oakland USAdepartment store changed somedelivery addresses and divertedseveral thousand dollars worth ofstore goods into the hands ofaccomplices.Illustration 3A ticket clerk at the ArizonaVeterans' Memorial Coliseum inUSA issued full-price basketballtickets, sold them and then, tappingout codes on her computerkeyboard, recorded the transactionsas half-price sales.© 2008 Rohas Nagpal. All rights reserved. - 17 -

Asian School of Cyber Laws1.13 Salami AttacksThese attacks are used for committing financial crimes. The key here isto make the alteration so insignificant that in a single case it would gocompletely unnoticed.For instance, a bank employee inserts a program, into the bank’sservers, that deducts a small amount of money (say Rs. 2 a month) fromthe account of every customer. No account holder will probably noticethis unauthorized debit, but the bank employee will make a sizeableamount of money every month.The attack is called “salami attack” as it is analogous to slicing the datathinly, like a salami.Illustration 1Four executives of a rental-carfranchise in Florida USA defraudedat least 47,000 customers using asalami technique.They modified a computer billingprogram to add five extra gallons tothe actual gas tank capacity of theirvehicles.From 1988 through 1991, everycustomer who returned a carwithout topping it off ended uppaying inflated rates for an inflatedtotal of gasoline.The thefts ranged from $2 to $15per customer - difficult for thevictims to detect.Illustration 2In January 1997, Willis Robinson ofMaryland USA, was sentenced to10 years in prison for “havingreprogrammed his Taco Bell driveup-windowcash register - causing itto ring up each $2.99 item internallyas a 1-cent item, so that he couldpocket $2.98 each time”.The management assumed theerror was hardware or software andonly caught the perpetrator when hebragged about his crime to coworkers.- 18 - © 2008 Rohas Nagpal. All rights reserved.

Asian School of Cyber LawsIllustration 3In Los Angeles USA four men werecharged with fraud for allegedlyinstalling computer chips in gasolinepumps that cheated consumers byoverstating the amounts pumped.The problem came to light when anincreasing number of consumersclaimed that they had been soldmore gasoline than the capacity oftheir gas tanks!However, the fraud was difficult toprove initially because theperpetrators programmed the chipsto deliver exactly the right amount ofgasoline when asked for five- and10-gallon amounts (precisely theamounts typically used byinspectors).© 2008 Rohas Nagpal. All rights reserved. - 19 -

Asian School of Cyber Laws1.14 Denial of Service AttackDenial of Service attacks (DOS attacks) involve flooding a computer withmore requests than it can handle. This causes the computer (e.g. a webserver) to crash and results in authorized users being unable to accessthe service offered by the computer.Another variation to a typical denial of service attack is known as aDistributed Denial of Service (DDoS) attack wherein the perpetrators aremany and are geographically widespread.Illustration 1A series of distributed denial ofservice attacks in February 2000crippled many popular websitesincluding yahoo.com, amazon.comand cnn.comIllustration 2A series of more than 125 separatebut coordinated denial of serviceattacks hit the cyber infrastructureof Estonia in early 2007.The attacks were apparentlyconnected with protests against theEstonian government's decision toremove a Soviet-era war memorialfrom the capital city.It is suspected that the attacks werecarried out by Russian hackers. Theattack lasted several days.- 20 - © 2008 Rohas Nagpal. All rights reserved.

Asian School of Cyber Laws1.15 Virus / Worm AttacksComputer viruses are small software programs that are designed tospread from one computer to another and to interfere with computeroperation. A virus might corrupt or delete data on the victim’s computer,use the victim’s e-mail program to spread itself to other computers, oreven erase everything on the victim’s hard disk.Viruses are most easily spread by attachments in e-mail messages orinstant messaging messages. Viruses can be disguised as attachmentsof funny images, greeting cards, or audio and video files. Viruses canalso spread through downloads on the Internet. They can be hidden inillicit software or other files or programs.Worms, unlike viruses do not need the host to attach themselves to.They merely make functional copies of themselves and do thisrepeatedly till they eat up all the available space on a computer’smemory.Brain (in its first incarnation written in January 1986) is considered to bethe first computer virus for the PC. The virus is also known as Lahore,Pakistani, Pakistani Brain, Brain-A and UIUC. The virus was written bytwo brothers, Basit and Amjad Farooq Alvi, who lived in Lahore,Pakistan. The brothers told TIME magazine they had written it to protecttheir medical software from piracy and was supposed to target copyrightinfringers only.The virus came complete with the brothers' address and three phonenumbers, and a message that told the user that their machine wasinfected and for inoculation the user should call them.When the brothers began to receive a large number of phone calls frompeople in USA, Britain, and elsewhere, demanding them to disinfect theirmachines, the brothers were stunned and tried to explain to the outragedcallers that their motivation had not been malicious.They ended up having to get their phone lines cut off and regretted thatthey had revealed their contact details in the first place. The brothers arestill in business in Pakistan as internet service providers in their companycalled Brain Limited.Illustration 1The VBS_LOVELETTER virus(better known as the Love Bug orthe ILOVEYOU virus) wasreportedly written by a Filipinoundergraduate. In May 2000, thisdeadly virus became the world’smost prevalent virus. Lossesincurred during this virus attackwere pegged at US $ 10 billion.© 2008 Rohas Nagpal. All rights reserved. - 21 -

Asian School of Cyber LawsVBS_LOVELETTER utilized theaddresses in Microsoft Outlook ande-mailed itself to those addresses.The e-mail, which was sent out, had“ILOVEYOU” in its subject line. Theattachment file was named “LOVE-LETTER-FOR-YOU.TXT.vbs”.People wary of opening e-mailattachments were conquered by thesubject line and those who hadsome knowledge of viruses, did notnotice the tiny .vbs extension andbelieved the file to be a text file. Themessage in the e-mail was “kindlycheck the attached LOVELETTERcoming from me”.Illustration 2Probably the world’s most famousworm was the Internet worm letloose on the Internet by RobertMorris sometime in 1988. TheInternet was, then, still in itsdeveloping years and this worm,which affected thousands ofcomputers, almost brought itsdevelopment to a complete halt. Ittook a team of experts almost threedays to get rid of the worm and inthe meantime many of thecomputers had to be disconnectedfrom the network.Illustration 3In 2002, the creator of the Melissacomputer virus was convicted. Thevirus had spread in 1999 andcaused more than $80 million indamage by disrupting personalcomputers, business andgovernment computer networks.Illustration 4In 2006, a US citizen was convictedfor conspiracy to intentionally causedamage to protected computers andcommit computer fraud.- 22 - © 2008 Rohas Nagpal. All rights reserved.

Asian School of Cyber LawsBetween 2004 and 2005, hecreated and operated a malicioussoftware to constantly scan for andinfect new computers.It damaged hundreds of USDepartment of Defence computersin USA, Germany and Italy. Thesoftware compromised computersystems at a Seattle hospital,including patient systems, anddamaged more than 1,000computers in a California schooldistrict.Illustration 5Logic bombs are event dependentprograms. This implies that theseprograms are created to dosomething only when a certainevent (known as a trigger event)occurs. e.g. even some viruses maybe termed logic bombs becausethey lie dormant all through the yearand become active only on aparticular date (like the Chernobylvirus).© 2008 Rohas Nagpal. All rights reserved. - 23 -

Asian School of Cyber Laws1.16 Trojans and KeyloggersA Trojan, as this program is aptly called, is an unauthorized programwhich functions from inside what seems to be an authorized program,thereby concealing what it is actually doing.Keyloggers are regularly used were to log all the strokes a victim makeson the keyboard. This assumes sinister proportions, if a key logger isinstalled on a computer which is regularly used for online banking andother financial transactions. Key-loggers are most commonly found inpublic computers such as those in cyber cafes, hotels etc. Unsuspectingvictims also end up downloading spyware when they click on “friendly”offers for free software.Illustration 1A young lady reporter was workingon an article about onlinerelationships. The article focused onhow people can easily findfriendship and even love on theInternet. During the course of herresearch she made a lot of onlinefriends. One of these ‘friends’managed to infect her computerwith a Trojan.This young lady stayed in a smallone bedroom apartment and hercomputer was located in one cornerof her bedroom. Unknown to her,the Trojan would activate her webcamera and microphone even whenthe Internet was switched off. Ayear later she realized thathundreds of her pictures wereposted on pornographic sitesaround the world!Illustration 2The network administrator in aglobal bank received a beautifullypacked CD ROM containing“security updates” from thecompany that developed theoperating system that ran his bank’sservers.He installed the “updates” which inreality was Trojanized software. 3years later, the effects were stillbeing felt in the bank’s system!- 24 - © 2008 Rohas Nagpal. All rights reserved.

Asian School of Cyber Laws1.17 Internet Time TheftThis connotes the usage by an unauthorized person of the Internet hourspaid for by another person.IllustrationIn May 2000, the Delhi policearrested an engineer who hadmisused the login name andpassword of a customer whoseInternet connection he had set up.The case was filed under the IndianPenal Code and the IndianTelegraph Act.© 2008 Rohas Nagpal. All rights reserved. - 25 -

Asian School of Cyber Laws1.18 Web JackingJust as conventional hijacking of an airplane is done by using force,similarly web jacking means forcefully taking over control of a website.The motive is usually the same as hijacking – ransom. The perpetratorshave either a monetary or political purpose which they try to satiate byholding the owners of the website to ransom.This occurs when someone forcefully takes control of a website (bycracking the password and later changing it). The actual owner of thewebsite does not have any more control over what appears on thatwebsite.How does web jacking takeplace?The administrator of any websitehas a password and a usernamethat only he (or someone authorizedby him) may use to upload files fromhis computer on the web server(simply put, a server is a powerfulcomputer) where his website ishosted.Ideally, this password remainssecret with the administrator. If ahacker gets hold of this usernameand password, then he can pretendto be the administrator.Computers don’t recognize people –only usernames and passwords.The web server will grant control ofthe website to whoever enters thecorrect password and usernamecombination.There are many ways in which ahacker may get to know apassword, the most common beingpassword cracking wherein a“cracking software” is used to guessa password. Password crackingattacks are most commonly of twotypes.The first one is known as thedictionary attack. In this type ofattack the software will attempt allthe words contained in a predefineddictionary of words.- 26 - © 2008 Rohas Nagpal. All rights reserved.

Asian School of Cyber LawsFor example, it may try Rahim,Rahul, Rakesh, Ram, Reema,Reena … in a predefined dictionaryof Indian names. These types ofdictionaries are readily available onthe Internet.The other form of passwordcracking is by using ‘brute force’. Inthis kind of attack the software triesto guess the password by trying outall possible combinations ofnumbers, symbols, letters till thecorrect password is found. Forexample, it may try out passwordcombinations like abc123,acbd5679, sdj#%^, weuf*(-)*.Some software, available forpassword cracking using the bruteforce technique, can check a hugenumber of password combinationsper second.When compared with a dictionaryattack, a brute force attack takesmore time, but it is definitely moresuccessful.IllustrationIn an incident reported in the USA,the owner of a hobby website forchildren received an e-mailinforming her that a group ofhackers had gained control over herwebsite. They demanded a ransomof 1 million dollars from her.The owner, a schoolteacher, did nottake the threat seriously. She feltthat it was just a scare tactic andignored the e-mail.It was three days later that shecame to know, following manytelephone calls from all over thecountry, that the hackers had webjacked her website. Subsequently,they had altered a portion of the© 2008 Rohas Nagpal. All rights reserved. - 27 -

Asian School of Cyber Lawswebsite which was entitled ‘How tohave fun with goldfish’.In all the places where it had beenmentioned, they had replaced theword ‘goldfish’ with the word‘piranhas’.Piranhas are tiny but extremelydangerous flesh-eating fish. Manychildren had visited the popularwebsite and had believed what thecontents of the website suggested.These unfortunate children followedthe instructions, tried to play withpiranhas, which they bought frompet shops, and were very seriouslyinjured!- 28 - © 2008 Rohas Nagpal. All rights reserved.

Asian School of Cyber Laws1.19 Email FraudsDear Mr. Justin Williams, I'm Vikas Manjit Singh fromPunjab (India). I belong to a city named Ludhiana.Mr. Williams, I am having a brother in Canada who is alsonamed Justin Williams. He was adopted from my parentsby some Mr. William Ram of Welland. Me and my mumcame over to Canada to leave Justin to his new family(William Ram's Family). It happened in June 1985.So Mr. Justin Williams, if you are the same person I'mtalking about. Then please give me some time so that Ican let you know the realities.Imagine the thoughts going through Mr. Justin William’s head afterreading this email. Is he really adopted? Where are his birth parents? Isthis email from his birth brother?In reality, this is a scam email originating from a college in Sangroor(India)! Canadian citizens are targeted with these emails. If the targetsstart believing the sender to be their brother, they are asked to sendmoney so that their “brother” can travel to Canada with the proof of thevictim’s adoption!This is just one of the hundreds of email scams being perpetrated on theInternet. These scams are commonly referred to as Nigerian 419 scams.These scam emails are believed to originate from Nigeria and section419 of the Nigerian Penal Code relates to cheating (like the famoussection 420 of the Indian Penal Code).The 419 letter scams originated in the early 1980s as the oil-basedeconomy of Nigeria went downhill. In the 1990s, letter scams gave wayto email scams.In 2007, Asian School of Cyber Laws conducted a 3 month intensiveinvestigation of hundreds of scam emails. The results were verysurprising to say the least. Less than 10% of these emails had actuallyoriginated from Nigeria!A majority of these emails (more than 60%) have originated from Israel,followed by the Netherlands, UK and other European countries. The“birth brother” email was the only one originating from India.Most of these scam emails promise the receiver millions (or sometimesbillions) of dollars. Most commonly the email says that some rich Africanbureaucrat or businessman or politician has died and left behind a lot ofmoney.© 2008 Rohas Nagpal. All rights reserved. - 29 -

Asian School of Cyber LawsThe scamster states that the Government is going to confiscate themoney. The only way out is to transfer the money to the bank account ofthe email recipient. All that the email recipient has to do is send his bankaccount details. For this a generous fee of a few million dollars will bepaid!If someone actually falls for this scam and provides the bank details, heis sent some official looking documents relating to the bank transfer of ahuge sum of money. Once the victim is convinced of the “genuineness”of the transaction, something appears to go wrong.The victim is informed that a small amount of money (ranging from US$100 to 2500) is needed for bank charges or other paper work. Thismoney is the motive behind the elaborate scam. Once the victim paysthis money, the scamster disappears from the scene.The lottery scam emails inform the recipient that he has won a milliondollar lottery run by Microsoft, Yahoo or some other well known globalcompany. The winner is asked to provide his bank details and pay asmall sum for bank charges and other processing fees.Another scam email begins with “This is to inform you that we are inpossession of a consignment, deposited by British National Lottery whichis to be couriered to you”. The email asks for 470 pounds to be sent tothe courier company so that the cheque for the lottery prize can be sent.Another scam email comes with the subject line “Blessed is the hand thatgiveth”. The sender claims to be a widow on her deathbed. She wants todonate her wealth to someone who will pray for her.Another scam email comes from an “employee of the Euro Lottery”. The“employee” claims to be in a position to carry out a lottery fraud and iswilling to share the money with the email recipient.What is common in all these scams is that scanned versions of officialdocuments are emailed to potential victims. Once the victim is convincedof the genuineness of the transaction, a small fee is requested formeeting bank charges / legal fees / courier charges etc. It is this smallfee that is the motive behind the scam.It is believed that thousands of people are defrauded of billions of dollarsevery year through these scams.Illustration 1In 2005, an Indian businessmanreceived an email from the VicePresident of a major African bankoffering him a lucrative contract inreturn for a kickback of Rs 1 million.- 30 - © 2008 Rohas Nagpal. All rights reserved.

Asian School of Cyber LawsThe businessman had manytelephonic conversations with thesender of the email. He also verifiedthe email address of the ‘VicePresident’ from the website of thebank and subsequently transferredthe money to the bank accountmentioned in the email. It laterturned out that the email was aspoofed one and was actually sentby an Indian based in Nigeria.Illustration 2A new type of scam e-mailthreatens to kill recipients if they donot pay thousands of dollars to thesender, who purports to be a hiredassassin.Replying to the e-mails just sends asignal to senders that they’vereached a live account. It alsoescalates the intimidation.In one case, a recipient threatenedto call authorities. The scammer,who was demanding $20,000,reiterated the threat and sent somepersonal details about therecipient—address, daughter’s fullname etc. He gave an ultimatum:“TELL ME NOW ARE YOU READYTO DO WHAT I SAID OR DO YOUWANT ME TO PROCEED WITHMY JOB? ANSWER YES/NO ANDDON’T ASK ANY QUESTIONS!!!”Some emails claim to be from theFBI in London and inform recipientsthat an arrest was made in thecase.The e-mail says the recipient’sinformation was found with thesuspect and that they should replyto assist in the investigation. Theseemails are part of the scam!© 2008 Rohas Nagpal. All rights reserved. - 31 -

Asian School of Cyber Laws1.20 Cyber TerrorismComputer crime has hit mankind with unbelievable severity. Computerviruses, worms, Trojans, denial of service attacks, spoofing attacks ande-frauds have taken the real and virtual worlds by storm.However, all these pale in the face of the most dreaded threat – that ofcyber terrorism.Asian School of Cyber Laws has defined cyber terrorism as:Cyber terrorism is the premeditated use of disruptiveactivities, or the threat thereof, in cyber space, with theintention to further social, ideological, religious, political orsimilar objectives, or to intimidate any person in furtheranceof such objectives.Illustration 1In 1996, a computer hackerallegedly associated with the WhiteSupremacist movement temporarilydisabled a US based InternetService Provider (ISP) anddamaged part of its record keepingsystem.The ISP had attempted to stop thehacker from sending out worldwideracist messages under the ISP'sname. The hacker signed off withthe threat, "you have yet to see trueelectronic terrorism. This is apromise."Illustration 2In 1998, Spanish protestorsbombarded the Institute for GlobalCommunications (IGC) withthousands of bogus e-mailmessages. E-mail was tied up andundeliverable to the ISP's users,and support lines were tied up withpeople who couldn't get their mail.The protestors also spammed IGCstaff and member accounts,clogged their Web page with boguscredit card orders, and threatenedto employ the same tactics againstorganizations using IGC services.- 32 - © 2008 Rohas Nagpal. All rights reserved.

Asian School of Cyber LawsThey demanded that IGC stophosting the website for the EuskalHerria Journal, a New York-basedpublication supporting Basqueindependence.Protestors said IGC supportedterrorism because a section on theWeb pages contained materials onthe terrorist group ETA, whichclaimed responsibility forassassinations of Spanish politicaland security officials, and attacks onmilitary installations. IGC finallyrelented and pulled the site becauseof the "mail bombings."Illustration 3In 1998, a 12-year-old boysuccessfully hacked into thecontrols for the huge RooseveltDam on the Salt River in Arizona,USA.He might have released floodwatersthat would have inundated Mesaand Tempe, endangering at least 1million people.Illustration 4In 2005, US security consultantsreported that hackers were targetingthe U.S. electric power grid and hadgained access to U.S. utilities’electronic control systems.Illustration 5In 1998, ethnic Tamil guerrillasswamped Sri Lankan embassieswith 800 e-mails a day over a twoweekperiod.The messages read "We are theInternet Black Tigers and we'redoing this to disrupt yourcommunications." Intelligenceauthorities characterized it as thefirst known attack by terroristsagainst a country's computersystems.© 2008 Rohas Nagpal. All rights reserved. - 33 -

Asian School of Cyber LawsIllustration 6During the Kosovo conflict in 1999,NATO computers were blasted withe-mail bombs and hit with denial-ofserviceattacks by hacktivistsprotesting the NATO bombings.In addition, businesses, publicorganizations, and academicinstitutes received highly politicizedvirus-laden e-mails from a range ofEastern European countries,according to reports. Webdefacements were also common.Illustration 7Since December 1997, theElectronic Disturbance Theater(EDT) has been conducting Websit-ins against various sites insupport of the Mexican Zapatistas.At a designated time, thousands ofprotestors point their browsers to atarget site using software that floodsthe target with rapid and repeateddownload requests.EDT's software has also been usedby animal rights groups againstorganizations said to abuseanimals.Electrohippies, another group ofhacktivists, conducted Web sit-insagainst the WTO when they met inSeattle in late 1999.Illustration 8In 1994, a 16-year-old English boytook down some 100 U.S. defensesystems.Illustration 9In 1997, 35 computer specialistsused hacking tools freely availableon 1,900 web sites to shut downlarge segments of the US powergrid. They also silenced thecommand and control system of thePacific Command in Honolulu.- 34 - © 2008 Rohas Nagpal. All rights reserved.

Asian School of Cyber LawsIllustration 10In 2000, Asian School of CyberLaws was regularly attacked byDistributed Denial of Service attacksby “hactivists” propagating the “rightto pornography”. Asian School ofCyber Laws has spearheaded aninternational campaign againstpornography on the Internet.Illustration 11In 2001, in the backdrop of thedownturn in US-China relationships,the Chinese hackers released theCode Red virus into the wild. Thisvirus infected millions of computersaround the world and then usedthese computers to launch denial ofservice attacks on US web sites,prominently the web site of theWhite House.Illustration 12In 2001, hackers broke into the U.S.Justice Department's web site andreplaced the department's seal witha swastika, dubbed the agency the"United States Department ofInjustice" and filled the page withobscene pictures.© 2008 Rohas Nagpal. All rights reserved. - 35 -

Asian School of Cyber Laws1.21 Use of encryption by terroristsA disturbing trend that is emerging nowadays is the increasing use ofencryption, high-frequency encrypted voice/data links, encryptionsoftware like Pretty Good Privacy (PGP) etc by terrorists and members oforganized crime cartels.Strong encryption is the criminal’s best friend and the policeman’s worstenemy.Illustration 1Leary, who was sentenced to 94years in prison for setting off firebombs in the New York (USA)subway system in 1995, haddeveloped his own algorithm forencrypting the files on his computer.Illustration 2The Cali cartel is reputed to beusing• sophisticated encryption toconceal their telephonecommunications,• radios that distort voices,• video phones which providevisual authentication of thecaller's identity, and• instruments for scramblingtransmissions fromcomputer modems.Illustration 3The Italian mafia is believed to usePGP (Pretty Good Privacy) softwarefor symmetric as well as asymmetricencryption.Illustration 4On March 20, 1995, the AumSupreme Truth cult dropped bags ofsarin nerve gas in the Tokyosubway, killing 12 people andinjuring 6,000 more.Members of the cult had developedmany chemical and biologicalweapons, including Sarin, VX,Mustard gas, Cyanide, botulism,anthrax and Q fever.- 36 - © 2008 Rohas Nagpal. All rights reserved.

Asian School of Cyber LawsIt is believed that preparations wereunderway to develop nuclearcapability. The cult was alsobelieved to be developing a "deathray" that could destroy all life!The records of the cult had beenstored in encrypted form (using theRSA algorithm) on computers.The enforcement authorities wereable to decrypt the information asthe relevant private key was foundin a floppy disk seized from thecult’s premises. The encryptedinformation related to plans of thecult to cause mass deaths in Japanand USA.Illustration 5In 1997, a Bolivian terroristorganization had assassinated fourU.S. army personnel.A raid on one of the hideouts of theterrorists yielded informationencrypted using symmetricencryption.A 12-hour brute force attackresulted in the decryption of theinformation and subsequently led toone of the largest drug busts inBolivian history and the arrest of theterrorists.Illustration 6James Bell was arrested forviolating internal revenue laws ofthe USA. He did this by:• collecting the names andhome addresses of agentsand employees of theInternal Revenue Service(IRS) of the USA in order tointimidate them• soliciting people to join in ascheme known as"Assassination Politics".© 2008 Rohas Nagpal. All rights reserved. - 37 -

Asian School of Cyber LawsUnder this scheme thosewho killed selectedgovernment employees,including tax collectors,would be rewarded;• using false Social SecurityNumbers to hide his assetsand avoid taxes;• contaminating an areaoutside IRS premises inmany states of the USA withMercaptan (a stink gas).Investigators found on his computerdocuments relating to a plan todestroy electronic equipment withnickel-plated carbon fiber.They also found an invoice for thepurchase of the fiber at hisresidence, and a bundle of thematerial at the residence of hisassociate, Robert East. Bell hadexchanged PGP-encrypted e-mailmessages with some of hisassociates.As part of his plea bargain, heturned over the passphrase to hisprivate key. This allowedinvestigators to decrypt messagesthat he had received.Illustration 7Dutch organized crime syndicatesuse PGP and PGPfone to encrypttheir communications. They alsouse palmtop computers installedwith Secure Device, a Dutchsoftware product for encrypting datawith International Data EncryptionAlgorithm (IDEA).In 1995, the Amsterdam Policecaptured a PC in possession of oneorganized crime member. The PCcontained an encrypted partition,which they were able to recoveronly in 1997.- 38 - © 2008 Rohas Nagpal. All rights reserved.

Asian School of Cyber LawsIllustration 8An encryption case occurring inVilseck, West Germany involvedtheft, fraud, and embezzlement ofU.S. defense contractor and U.S.government funds from 1986 to1988.The accused had stored financialrecords relating to the crimes on apersonal computer, the hard disk ofwhich had been passwordprotected.The police used hacking software todefeat the password protection, onlyto find that some of the files listed inthe directory had been encrypted.They then found the encryptionprogram on the hard disk and usedbrute force tools to decrypt the files.Illustration 9The Dallas Police Department in theUSA encountered encryption in theinvestigation of a drug ring, whichwas operating in several states ofthe USA and dealing in Ecstasy.A member of the ring, residingwithin their jurisdiction, hadencrypted his address book. Heturned over the password, enablingthe police to decrypt the file.Meanwhile, however, the accusedwas out on bail and alerted hisassociates, so the decryptedinformation was not as useful as itmight have been.The police noted that Ecstasydealers were more knowledgeableabout computers when comparedwith other types of drug dealers,most likely because they wereyounger and better educated.© 2008 Rohas Nagpal. All rights reserved. - 39 -

Asian School of Cyber LawsIllustration 10Kevin Poulson was a skilled hackerwho rigged radio contests andburglarized telephone-switchingoffices and hacked into thetelephone network in order todetermine whose phone was beingtapped and to install his own phonetapping devices.Poulson had encrypted filesdocumenting everything from thephone tapping he had discovered tothe dossiers he had compiled abouthis enemies. The files had beenencrypted several times using theData Encryption Standard.A US Department of Energysupercomputer took several monthsto find the key, at a cost of millionsof dollars. The result yielded nearlyten thousand pages of evidence.Illustration 11The mother of a 15-year old boyfiled a complaint against an adultwho had sold her son US $ 1000worth of hardware and software forone dollar.The man had also given the boylewd pictures on floppy disks.The man subsequently mailed theboy pornographic material on floppydisks and sent pornographic filesover the Internet.When the accused was arrested itwas found out that he hadencrypted a directory on the systemusing PGP. The police were neverable to decrypt the files.- 40 - © 2008 Rohas Nagpal. All rights reserved.

Head Office6th Floor, Pride Senate,Opp International Convention Center,Senapati Bapat Road,Pune - 411016.IndiaContact Numbers+91-20-25667148+91-20-40033365+91-20-65206029+91-20-6400 0000+91-20-6400 6464Fax: +91-20-25884192Email: info@asianlaws.orgURL: www.asianlaws.org