Author: MAYANK JHA(Student B.B.A.,LL.B., V Year), FIMT School of Law (GGSIPU)
Digital security refers to various ways of protecting computer’s internet account and files from intrusion by an outside user.
Main objectives of digital security can be stated as follows-
· Availability Objective:
Information should be available and usable whenever it is needed. Interactions and transactions can run conveniently all the time.
· Confidentiality Objective:
This objective state that information should be available to only those who have the right to access it. We must keep things private or limit the data’s availability to certain, pre-specified people or organization.
· Integrity Objective:
As per this objective, information should be protected from unauthorized alteration and modification and misuse. We must be sure that the data we are trying to secure has not been modified or corrupted. We must also be sure about the source are we certain it originates from the right person, and is that person who they claim to be?
SECURITY THREATS IN INTERNET AND E-COMMERCE:
Information security aspects in the e-commerce environment will be an area of increasing concern to consumers, merchants, financial institutions and regulators. In this context, the term, “digital security” refers to efforts to protect electronic payment systems from the relevant threats. The main security threats in online payments system are the following.
1. That an individual will break into an electronic system in order to initiate unauthorized transactions on another individual’s legitimate account, thereby stealing money.
2. That an individual will steal customers personal data, enabling the wrongdoer to set up illegitimate credit card accounts, bank accounts and other accounts- this is called identity theft.
3. That an individual will attack or corrupt the data in the electronic system, either as vandalism or to extract money from the sponsoring financial institutions.
4. Internal fraud, that is, fraud committed by employees or other “insiders” in the organization.
5. Viruses: Self-replicating computer programs designed to perform unwanted events.
6. Worms: Special viruses that spread using direct internet connections.
7. Trojan Horses: Disguised as legitimate software and trick users into running the program security.
8. Masquerading or spoofing: Sending a message that appears to be from someone else.
9. Sniffers: Software that illegally access data traversing across the network.
10. Software and operating systems security holes.
11. Security (theft and fraud).
12. Theft of software via illegal copying from company’s servers.
13. Theft of hardware, specifically laptops.
What is computer virus:
Attached to a small pieces of computer code, software, or documents. A virus executes when the software is run on a computer. If the virus spreads to other computers. Those computers could continue to spread the virus.
A virus is transferred to another through e-mail, file transfer and instant messaging. A virus has a potential to corrupt or even delete files on your computer, use e-mail to spread itself to other computers, or even erase your hard drive.
What is worm:
It is a self-replicating program that is harmful to networks worm uses the network to duplicate its code to the hosts a network, often without any user intervention differ from the virus because the worm doesn’t need to attach to a program to infect the host.
It harms networks because it consumes.
What is trojan horse:
Technically it is a worm. Doesn’t need to attached to other software instead trojan threat is hidden in software that appears to do one thing, and get behind the scenes it does another.
The process of attempting to gain unauthorized access of computer resources is called hacking. Some of the examples of hacking are-
Website hacking, Network hacking, Ethical hacking, Email hacking, Password hacking.
It is like a spy; it secretly steals information are the program which are used to monitor/log the activity on the internet and transmits that information in the background to someone else. Can also gather information about e-mail addresses and even passwords and credit card no.
Phishing is a fake e-mail. It is an act of attempting to acquire information such as user names and passwords by misrepresenting as a trustworthy entity in an electronic communication.
Stories that are spread throughout the internet often through email, forums and blogs or showing images that are untrue or alterations of the truth. These types of hoaxes can be merely innocent stories spread in order to play on people’s inherent willingness to believe when presented in a realistic way or can be more malicious efforts to crash servers and spread viruses.
It is used as a term to refer to any software designed to cause damage to a single computer, server or computer network. Thus, malware is any program or file that is harmful to a computer user. Malware includes computer viruses, worms, trojan horses, and also spyware, programming that gathers information about a computer user without permission.
Irrelevant or unsolicited messages sent over the internet, typically to a large number of users, for the purposes of advertising, phishing, spreading malware, etc. Spam includes unwanted electronic communications, generally commercial in nature and likely to be a source of malware.
Antivirus software, or antivirus software, also known as anti-malware, is a computer program used to prevent, detect, and remove malware. Antivirus software was originally developed to detect and remove computer viruses, hence the name.
It is a system designed to prevent unauthorized access to or from a private network. You can implement a firewall in either hardware or software form, or a combination of both. Firewalls prevent unauthorized internet users from accessing private networks connected to the internet, especially internets.
Method of protecting information and communications through the use of codes, so that only those for whom the information is intended can read and process it.
Forms of cryptography-
· Secret or Symmetric Key Cryptography: It is an encryption system where the sender and receiver of message use a single common key to encrypt and decrypt messages. Symmetric key systems are faster and simpler but the problem is that sender and receiver have to somehow exchange key in a secure manner. The most popular symmetric key cryptography system is data encryption system.
· Public or Asymmetric Key Cryptography: Under this system a pair of keys is used to encrypt and decrypt information. A public key is used for decryption. Public key and private key are different. Even if the public key is known by everyone the intended receiver can only decode it because he alone knows the private key.
It is the process of encoding information. This converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can decipher a ciphertext back to plaintext an access the original information.
4. Secure Socket Layer (SSL):
SSL is a standard security technology for establishing an encrypted link between a server and a client typically a web server and a browser, or a mail server and a mail client.
SSL is a protocol for web browsers and servers that allows for the authentication, encryption and decryption of data sent over the internet.
5. Secure Electronic Transactions (SET):
SET was an early communications protocol used by e-commerce websites to secure electronic debit and credit card payments. Secure electronic transaction was used to facilitate the secure transmission of consumer card information via electronic portals on the internet.
It is a way to measure a person’s physical characteristics to verify their identity. These can include physiological traits, such as fingerprints and eyes, or behavioral characteristics.
7. Digital Signatures:
A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents.
PRECAUTIONS WHILE USING INTERNET AND E-PAYMENTS:
A. Checking system security.
B. Acquisition of software from reliable sources.
C. Stop using pirated software.
D. Stop downloading everything.
E. Proper attention to the software installation process.
F. Use antivirus and antimalware software.
G. Use different passwords for different sites.
H. Always use two step authentications.
I. Use virtual keyboard for online shopping.
LEGAL PROVISIONS FOR DIGITAL SECURITY:
It is defined under the IT Act. It is the primary law in India dealing with cybercrime and e-commerce based on the United Nations Model on E-commerce 1996. In India the bill was finalized by group of officials headed by then minister of information technology Mr. Pramod Mahajan.
The bill was passed in the budget session of 2000 and signed by the President K.R. Narayanan on 9th May, 2000. It is applicable across India. Even the persons of other nationalities can also be indicted under the law, of the crime involves a computer or network located in India.
The Act also amended various sections of IPC, Cr PC, IEA, Banker’s Book Evidence Act, 1891 and RBI Act, 1934 to make them compatible with new technology.
· Sec. 65 of IT Act-Tampering with computer source documents
If a person knowingly or intentionally conceals, destroys or alter any computer source code used for a computer, computer programme, computer system or computer network, when the computer source code is required to be kept or maintained by law for the time being in force.
· Sec. 66 of IT Act-Hacking with computer system
If a person with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person destroys or deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means, commits hack.
· Sec. 66B of IT Act-Receiving stolen computer or communication device
A person receives or retains a computer resource or communication device which is known to be stolen or the person has reason to believe is stolen.
· Sec. 66C of IT Act-Using password of another person
A person fraudulently uses the password, digital signature or other unique identification of another person.
· Sec. 66D of IT Act-Cheating using computer resource
If a person cheats someone using a computer resource or communication.
· Sec. 66E of IT Act-Publishing private images of others
If a person captures, transmits of a person’s private parts without his/her consent or knowledge.
· Sec. 66F of IT Act-Acts of cyber terrorism
If a person denies access to authorized personnel to a computer resource, accesses a protected system or introduces contaminant into a system, with the intention of threatening the unity, integrity, sovereignty or security of India, then he commits cyberterrorism.
· Sec. 67 of IT Act-Publishing information which is obscene in electronic form
If a person publishes or transmits or causes to be published in the electronic form, any material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it.
· Sec. 67A of IT Act-Publishing images containing sexual acts
If a person publishes or transmits images containing a sexually explicit act or conduct.
· Sec. 67B of IT Act-Publishing child porn or predating children online
If a person captures, publishes or transmits images of a child in a sexually explicit act or conduct. If a person induces a child into a sexual act. A child is defined as anyone under 18.
· Sec. 67C of IT Act-Failure to maintain records
Person deemed as intermediary must maintain required records for stipulated time. Failure is an offence.
· Sec. 69 of IT Act-Failure/refusal to decrypt data
If the controller satisfied that it is necessary or expedient so to do in the interest of the sovereignty or integrity of India, the security of the state, friendly relations with foreign stales or public order or for preventing incitement to the commission of any cognizable offence, for reasons to be recorded in writing, by order, direct any agency of the government to intercept any information transmitted through any computer resource. The subscribe or any person in charge of the computer resource shall, when called upon by any agency which has been directed, must extend all facilities and technical assistance to decrypt the information. The subscriber or any person who fails to assist the agency referred is deemed to have committed a crime.
· Sec. 70 of IT Act-Securing access or attempting to secure access to a protected system
The appropriate government may, by notification in the official gazette, declare that any computer, computer system or computer network to be a protected system. The AG may, by order in writing, authorize the process who are authorized to access protected systems. If a person who secures access or attempts to secure access to a protected system, then he is committing an offence.
· Sec. 71 of IT Act-Misrepresentation
If anyone makes any misrepresentation to, or suppresses any material fact from, the controller or the certifying authority for obtaining any license or digital signature certificate.
HOW TO FILE A COMPLAINT IN CASE OF CYBER CRIME:
There are many cyber cells established in different cities of India. In any of the forms you may file a complaint either in offline or in online.
First of all, lodge a complaint against the crime.
You need to file a written complaint, in the cyber cell within your jurisdiction.
In the written complaint you have to provide all the necessary information’s which are associated with you like- Name, address, contact details, about crime, etc.
As per stated in the IT Act, cyber crime comes under the ambit of global jurisdiction, so we can file complaint of cybercrime in any cyber cell of India.
HOW TO LODGE AN FIR IN CASE OF CYBER CRIME:
In case if you don’t have the access of any of the cyber cells in India, then in such case you can approach for the alternative option that is FIR.