Chapter 1
INTRODUCTION
Information and communications technologies (ICT) are now part of everyday life
and now it‘s increasing in rapid growth of the internet and other social networks in
cyber space. Now ICT has become an essential function of commerce and
government. With the help of computers and the Internet, businesses are now able
to provide immediate services to their customers. It also plays a very important
role in education and entertainment also. But it has its negative side also. The
biggest threat of the internet is the security threat. The rapid evolution of the
computer networks that comprise the Internet from a government and research
focus to the e-commerce and domestic arena has provided a gateway for
offenders. The topic of cybercrime is discussed much more today than it was five
years ago. Computers have become integral parts of daily lives of citizens around
the world. The number of individuals who gain access to the World Wide Web,
both for legitimate and for illegitimate reasons, continues to increase every day.
Criminal activities involving computers and technology continue to be a problem
for the criminal justice system. It is worth noting that while crime numbers have
increased over the last five years, the criminal justice response has also increased.
Today there are more criminal justice agencies stuffing cybercrime-related
investigators. Additionally there is more computer forensics service available for
investigators. However there is still a continuing need to increase awareness and
understanding of cybercrime.1
1
Robert Moore, Cybercrime investigating high-technology computer crime. 2nd ed. (New York:
Routledge, 2015) p. ix.
1
1.1 What is Cybercrime?
Cybercrime, returning to a definition provided by Casey, refers to any crime that
involves a computer and a network, where a computer may or may not have
played an instrumental part in the commission of the crime. The term cybercrime
would be use to refer to a criminal act like that of identity theft, which involves
the theft of someone‘s personal information such as their credit card number or
social security number. When an individual commits the crime of identity theft,
there are several methods of obtaining the target‘s personal information. Many of
the techniques involve the use of a computer or a network, but many more
techniques have nothing to do with computers other then information stored in
text files on a computer hard drive.2
1.2 Why call it Cybercrime?
First coined by William Gibson (1982) and then popularized in his 1984 novel
Neuromancer, the term ―cyberspace‖ became a popular descriptor of the mentally
constructed virtual environment within which networked computer activity takes
place. ‗Cybercrime‘ broadly describes the crimes that take place within that space
and the term has come to symbolize insecurity and risk online. By itself
‗Cybercrime‘ is fairly meaningless because it tends to be used metaphorically and
emotively rather than scientifically or legally, usually to signify the occurrence of
harmful behavior that is somehow related to the misused of a networked computer
system. If we could turn the clock back in time then perhaps the term ‗cyberspace
crime‘ would have been more precise and accurate descriptor. However,
regardless of its merits and demerits, the term ‗cybercrime‘ has entered the public
parlance and we are stuck with it. It is argued here and elsewhere that the term has
a greater meaning if we construct it in the terms of the transformation of criminal
or harmful behavior by networked technology, rather than simply the behavior
itself. As stated earlier, cybercrimes are understood here to be criminal or harmful
activities that involve the acquisition or manipulation of information for gain.
2
ibid, p.4.
2
Not only has the term ‗cybercrime‘ acquired considerable linguistic agency, but
over the past decade ‗cybercrimes‘ have become firmly embedded in public crime
agendas as something that must be governed. This is an interesting happenstance
within the context of the transformation thesis, because although the
contemporary meaning of ‗cyber‘ is firmly linked to technological innovation, its
origins lie in the Greek kubernetes or steersman, which is also the root of the word
‗govern‘. See, for example the French usage of the term ‗cybernetique‘- the art of
governing. The word ‗cyber‘ entered the English language in ‗cybernetics‘, which
is the study of systems of control and communications (linked with computers).
More by coincidence than design, the words ‗cyber‘ and ‗crime‘ actually sit well
together linguistically. The linkage becomes more significant if we understand
cybercrimes as crimes which are mediated (governed if you like) by networked
technology and not just computer.3
1.3 Characteristics of Cyber Crime
Cyber crime may include broader terms like hacking, copying of copy righted
materials, child grooming, stealing and misuse of confidential or private
information of someone else, making a computer virus or a bug or a malware with
an intention to plot at someone‘s computer or a network in order to gain a benefit
or to take revenge or another cause which makes someone do such an act is a
cyber crime.4
Most of the cybercrimes are transnational in character; inconsistency of laws
and regulations across country borders makes it especially difficult for countries
to cooperate when investigating cross-border cyber crimes. As Katyal5 observed,
many countries will find it increasingly difficult to enforce their national laws
against activities which are considered offensive or harmful to local taste or
3
David wall, Cybercrime: The Transformation of Crime in the Information Age. (Cambridge:
Polity press, 2007) p. 10
4
[http://teletechblog.blogspot.com/2013/05/cyber-crime-cyber-security-and.html] last visited
February 20, 2016.
5
Katyal, N. K., Digital architecture as crime control. (Yale Law Journal, 2003) p.180
3
culture. The harmonization of cyber-laws and regulations and the building of
cooperation and comity among nations are vitally important countermeasures
against cybercrime. The first step in that direction was the Convention on
Cybercrime proposed by the Council of Europe of 2001, which provided a
common legal framework on cybercrime.
Cyber crime refers to all activities done with criminal intent in cyberspace.
These fall into three slots6.
a) Against persons
b) Against Business and Non-business organizations
c) Crime targeting the government
Cyber crime is the unlawful act wherein the computer information technology
is used either as a tool or a target or both. Cyber crime covers many crimes. The
computer itself is a tool that may be used for an unlawful act. This kind of activity
usually involves modification of a conventional crime by using computers.
Objective of cyber crimes:
a) To identify certain cyber crime divisions.
b) To make misuse of data, systems and networks.
c) To make changes in the confidential/secret information
Now that we have a basic understanding of cybercrime, questions that remain
involve gaining a better understanding of high-technology crime and determining
whether such criminal behavior is a serious problem that truly warrants
examination and consideration.
6
[http://teletechblog.blogspot.com/2013/05/cyber-crime-cyber-security-and.html] last visited
February 20, 2016.
4
Chapter 2
KINDS OF CYBER CRIME
2.1 Ancient Cyber Crime
The first recorded cyber crime took place in the year 1820. That is not surprising
considering the fact that the abacus, which is thought to be the earliest form of a
computer, has been around since 3500 B.C. in India, Japan and China. The era of
modern computers, however, began with the analytical engine of Charles
Babbage.
In 1820, Joseph-Marie Jacquard, a textile manufacturer in France, produced
the loom. This device allowed the repetition of a series of steps in the weaving of
special fabrics. This resulted in a fear amongst Jacquard's employees that their
traditional employment and livelihood were being threatened. They committed
acts of sabotage to discourage Jacquard from further use of the new technology.
This is the first recorded cyber crime! Today, computers have come a long way
with neural networks and nano –computing promising to turn every atom in a
glass of water into a computer capable of performing a billion operations per
second. In a day and age when everything from microwave ovens and
refrigerators to nuclear power plants are being run on computers, cyber crime has
assumed rather sinister implications. Cyber crime can involve criminal activities
that are traditional in nature, such as theft, fraud, forgery, defamation and
mischief. The abuse of computers has also given birth to a gamut of new age
crimes such as hacking, web defacement, cyber stalking, web jacking etc.7
A simple yet sturdy definition of cyber crime would be ―unlawful acts wherein the
computer is either a tool or a target or both‖.
7
Prashant Mali, Text book of cyber crime and penalties. p.5
5
The term computer used in this definition does not only mean the conventional
desktop or laptop computer. It includes Personal Digital Assistants (PDA), cell
phones, sophisticated watches, cars and a host of gadgets.
Recent global cyber crime incidents like the targeted denial of service attacks
on Estonia have heightened fears. Intelligence agencies are preparing against
coordinated cyber attacks that could disrupt rail and air traffic controls, electricity
distribution networks, stock markets, banking and insurance systems etc.
Unfortunately, it is not possible to calculate the true social and financial impact of
cyber crime. This is because most crimes go unreported.
2.2 Child Pornography
In pre-Internet days, individuals who wished to view this kind of material would
need to seek it out, bring it into their home or have it delivered in physical form as
magazines, videos, photographs etc, risking discovery and embarrassment at every
stage. Now they are able to access it from their computers at home (or from their
place of work) with relative ease.
Perhaps the most tragic aspect of the Internet and the proliferation of digital
technology has been their ability to facilitate the production and distribution of
child pornography and other forms of child sexual abuse. Prior to the advent of
these technologies, such material was difficult to transport without detection,
production was hampered by the need to have film processed, and equipment was
costly and relatively difficult to use. As digital technology has become more
widely available, and the Internet more pervasive, there has been a corresponding
rise in the number of child-pornography prosecutions. While this is explained in
part by changing priorities of law enforcement agencies, this is itself undoubtedly
a response to the proliferation of child pornography on the Internet.8
The connection between digital technology and this type of offending is easily
understood. The technology is relatively cheap, easy to access, and portable. It
allows for storage of large amounts of material which would be conspicuous if
8
Jonathan Clough, Principles of cybercrime,(New York, Cambridge University Press, 2010) p.
247
6
stored in hard copy. For example, in R v. Jones9 the defendant was found to be in
possession of more than 162,600 images of child pornography, although this is by
no means the greatest number. More typically, one US study found that 48 per
cent of offenders had more than 100 images, with 14 per cent having more than
1,000. The increasing availability of broadband further enables the downloading
of large amounts of material, including data-intensive video files.
The ability to produce child pornography is greatly enhanced by the fact that
digital images may be produced cheaply without the need for external processing,
and reproduced with no diminution of quality. Images of child abuse may also be
transmitted in real time through the use of webcams or instant messaging,
sometimes at the request and direction of paying customers. There is also the
potential to create ‗virtual‘ child pornography – that is, where imaging software is
used to create an image which appears to be of child pornography, but which does
not involve any actual children. For example, a UK man was convicted over
images of naked women which he manipulated using imaging software to reduce
the apparent size of the breasts, made them appear to be partially dressed in school
uniforms and apparently under the age of eighteen.
Cyber pornography is believed to be one of the largest businesses on the
Internet today. The millions of pornographic websites that flourish on the Internet
are testimony to this. While pornography per se is not illegal in many countries,
child pornography is strictly illegal in most nations today.
2.3 Cyber Bullying
With today‘s technology bullying has become easier than even the children and
youth of this generation do not even need to have personal confrontation. Cyber
bullying can be defined as any communication posted or sent by a minor online,
by instant messenger, e-mail, Social Networking Site, website, diary site, online
profile, interactive game, handheld device, cell phone or other interactive device
that is intended to frighten, embarrass, harass or otherwise target another minor.
Cyber bullying is disturbingly common among teens. ‗Cyber-Bullying: Our Kids‘
New Reality is a survey that was conducted from December 2006 – January 2007
7
by the members of Kids Help Phone that had over 2500 respondents. More than
70 per cent of respondents to the survey reported that they have been bullied
online, while 44 per cent said they have bullied someone online. At least 38
percent reported having experienced cyber-bullying within the last three months.
Of the methods used, 77 percent reported being bullied by instant messaging, 37
per cent by e-mail and 31 per cent on social networking sites, such as MySpace
and Facebook. When bullied online, 43 per cent said they did nothing, 32 per cent
confronted the person who bullied them, and 27 per cent told a friend. Although
most cyber bullying cases go unreported, police departments take action in trying
to prevent it. Because many people are afraid to come to the police about an
online problem, the police go to great lengths to find the problems themselves
online.9
The worst thing about social networking sites and messaging apps is that
anything nasty posted about you can be seen by lots of people and these posts can
go viral very fast and be shared by so many people within minutes in some cases.
From what we have heard from people who have been bullied online, the most
vicious gossip and rumors are often spread by people who were once your best
friends so it's best to keep secrets and personal information to yourself. Only tell
people things if it wouldn't embarrass you if other people found out about them.
Posting false and malicious things about people on the internet can be classed as
harassment.10
A large number of youth and their parents think that cyber bullying is not a big
enough deal to cause problems. However, it has been proven that a victim of this
type of bullying can be lead to serious disorders for the future including suicide.
When one becomes a victim of cyber bullying, they are a victim for life. Though
the bullying itself may go away, the fear, the hurt, and the memories scar the
victim forever.11
9
Prashant Mali, Text book of cyber crime and penalties. p.15
10
[http://www.bullying.co.uk/cyberbullying/what-is-cyberbullying] last visited March 27, 2016.
11
Prashant Mali, Text book of cyber crime and penalties. p.15
8
2.4 Identity theft:
"But he that filches from me my good name/Robs me of that which not enriches
him/and makes me poor indeed."
- Shakespeare, Othello, act iii. Sc. 3.
The short answer is that identity theft is a crime. Identity theft and identity
fraud are terms used to refer to all types of crime in which someone wrongfully
obtains and uses another person's personal data in some way that involves fraud or
deception, typically for economic gain. These Web pages are intended to explain
why you need to take precautions to protect yourself from identity theft. Unlike
your fingerprints, which are unique to you and cannot be given to someone else
for their use, your personal data - especially your Social Security number, your
bank account or credit card number, your telephone calling card number, and
other valuable identifying data - can be used, if they fall into the wrong hands, to
personally profit at your expense. In the United States and Canada, for example,
many people have reported that unauthorized persons have taken funds out of their
bank or financial accounts, or, in the worst cases, taken over their identities
altogether, running up vast debts and committing crimes while using the victim‘s
names. In many cases, a victim's losses may include not only out-of-pocket
financial losses, but substantial additional financial costs associated with trying to
restore his reputation in the community and correcting erroneous information for
which the criminal is responsible.12
In one notorious case of identity theft, the criminal, a convicted felon, not only
incurred more than $100,000 of credit card debt, obtained a federal home loan,
and bought homes, motorcycles, and handguns in the victim's name, but called his
victim to taunt him -- saying that he could continue to pose as the victim for as
long as he wanted because identity theft was not a federal crime at that time -before filing for bankruptcy, also in the victim's name. While the victim and his
wife spent more than four years and more than $15,000 of their own money to
restore their credit and reputation, the criminal served a brief sentence for making
12
[https://www.justice.gov/criminal-fraud/identity-theft/identity-theft-and-identity-fraud] last
visited March 27, 2016.
9
a false statement to procure a firearm, but made no restitution to his victim for any
of the harm he had caused. This case, and others like it, prompted Congress in
1998 to create a new federal offense of identity theft.
Many people do not realize how easily criminals can obtain our personal data
without having to break into our homes. In public places, for example, criminals
may engage in "shoulder surfing" Â- watching you from a nearby location as you
punch in your telephone calling card number or credit card number Â- or listen in
on your conversation if you give your credit-card number over the telephone to a
hotel or rental car company.
If you receive applications for "pre-approved" credit cards in the mail, but
discard them without tearing up the enclosed materials, criminals may retrieve
them and try to activate the cards for their use without your knowledge. (Some
credit card companies, when sending credit cards, have adopted security measures
that allow a card recipient to activate the card only from his or her home telephone
number but this is not yet a universal practice.) Also, if your mail is delivered to a
place where others have ready access to it, criminals may simply intercept and
redirect your mail to another location.
In recent years, the Internet has become an appealing place for criminals to
obtain identifying data, such as passwords or even banking information. In their
haste to explore the exciting features of the Internet, many people respond to
"spam" Â- unsolicited E-mail Â- that promises them some benefit but requests
identifying data, without realizing that in many cases, the requester has no
intention of keeping his promise. In some cases, criminals reportedly have used
computer technology to obtain large amounts of personal data. With enough
identifying information about an individual, a criminal can take over that
individual's identity to conduct a wide range of crimes: for example, false
applications for loans and credit cards, fraudulent withdrawals from bank
accounts, fraudulent use of telephone calling cards, or obtaining other goods or
privileges which the criminal might be denied if he were to use his real name. If
the criminal takes steps to ensure that bills for the falsely obtained credit cards, or
bank statements showing the unauthorized withdrawals, are sent to an address
10
other than the victim's, the victim may not become aware of what is happening
until the criminal has already inflicted substantial damage on the victim's assets,
credit, and reputation.
2.5 E-mail Spoofing:
Spam and e-mail-laden viruses can take a lot of the fun and utility out of
electronic communications, but at least you can trust e-mail that comes from
people you know – except when you can‘t. A favorite technique of spammers and
other ―bad guys‖ is to ―spoof‖ their return e-mail addresses, making it look as if
the mail came from someone else. In effect, this is a form of identity theft, as the
sender pretends to be someone else in order to persuade the recipient to do
something (from simply opening the message to sending money or revealing
personal information).13
If you receive a snail mail letter, you look to the return address in the top left
corner as an indicator of where it originated. However, the sender could write any
name and address there; you have no assurance that the letter really is from that
person and address. E-mail messages contain return addresses, too – but they can
likewise be deliberately misleading, or ―spoofed.‖ Senders do this for various
reasons, including:
a) The e-mail is spam and the sender doesn‘t want to be subjected to antispam laws
b) The e-mail constitutes a violation of some other law (for example, it is
threatening or harassing)
c) The e-mail contains a virus or Trojan and the sender believes you are more
likely to open it if it appears to be from someone you know
d) The e-mail requests information that you might be willing to give to the
person the sender is pretending to be (for example, a sender might pose as
your company‘s system administrator and ask for your network password),
as part of a ―social engineering‖ attack
13
[http://www.windowsecurity.com/articles-tutorials/content_security/Email-Spoofing.html] last
visited March 27, 2016.
11
e) The sender is attempting to cause trouble for someone by pretending to be
that person (for example, to make it look as though a political rival or
personal enemy said something he/she didn‘t in an e-mail message)
E-mail spoofing is a growing problem and has reached the point where you
cannot rely on the information displayed in your e-mail client to tell you who
really sent a message. Some jurisdictions have enacted laws against this form of
―e-mail identity theft,‖ but the more effective solution is apt to be a technological
one that makes it possible to authenticate the senders of e-mail messages.
2.6 Intellectual Property Crime:
Intellectual property (IP) theft is defined as theft of material that is copyrighted,
the theft of trade secrets, and trademark violations. A copyright is the legal right
of an author, publisher, composer, or other person who creates a work to
exclusively print, publish, distribute, or perform the work in public. The United
States leads the world in the creation and selling of IP products to buyers
nationwide and internationally. Examples of copyrighted material commonly
stolen online are computer software, recorded music, movies, and electronic
games.14
Theft of trade secrets means the theft of ideas, plans, methods, technologies, or
any sensitive information from all types of industries including manufacturers,
financial service institutions, and the computer industry. Trade secrets are plans
for a higher speed computer, designs for a highly fuel-efficient car, a company's
manufacturing procedures, or the recipe for a popular salad dressing, cookie mix,
or barbeque sauce. These secrets are owned by the company and give it a
competitive edge. Theft of trade secrets damages the competitive edge and
therefore the economic base of a business.
A trademark is the registered name or identifying symbol of a product that can
be used only by the product's owner. A trademark violation involves
counterfeiting or copying brand name products such as well-known types of
14
[http://law.jrank.org/pages/11992/Cyber-Crime-Intellectual-property-theft.html] last visited
March 31, 2016.
12
shoes, clothing, and electronics equipment and selling them as the genuine or
original product.
The two forms of IP most frequently involved in cyber crime are copyrighted
material and trade secrets. Piracy is a term used to describe IP theft—piracy of
software, piracy of music, etc. Theft of IP affects the entire U.S. economy.
Billions of dollars are lost every year to IP pirates. For example, thieves sell
pirated computer software for games or programs to millions of Internet users.
The company that actually produced the real product loses these sales and
royalties rightfully due to the original creator.
Historically, when there were no computers, IP crimes involved a lot of time
and labor. Movie or music tapes had to be copied, physically produced, and
transported for sale. An individual had to make the sale in person. To steal a trade
secret, actual paper plans, files, or blueprints would have to be physically taken
from a company's building and likewise sold in person.
In the twenty-first century software, music, and trade secret pirates operate
through the Internet. Anything that can be digitized—reduced to a series of zeroes
and ones—can be transmitted rapidly from one computer to another. There is no
reduction of quality in second, third, or fourth generation copies. Pirated digital
copies of copyrighted work transmitted over the Internet are known as "warez."
Warez groups are responsible for illegally copying and distributing hundreds of
millions of dollars of copyrighted material. Pirated trade secrets are sold to other
companies or illegal groups. Trade secrets no longer have to be physically stolen
from a company. Instead, corporate plans and secrets are downloaded by pirates
onto a computer disc. The stolen information can be transmitted worldwide in
minutes. Trade secret pirates find pathways into a company's computer systems
and download the items to be copied. Companies keep almost everything in their
computer files. Pirated copies are sold over the Internet to customers who provide
their credit card numbers then download the copy.
13
2.7 Cyber Crime Related to Finance
There are various types of Cyber Crimes which are directly related to financial or
monetary gains by illegal means, to achieve this end, the persons in the cyber
world who could be suitably called as fraudsters uses different techniques and
schemes to be fooled other peoples on the internet. Online fraud and cheating is
one of the most lucrative businesses that are growing today in the cyber space. It
may assume different forms. Some of the cases of online fraud and cheating that
have come to light are those pertaining to credit card crimes, contractual crimes,
online auction frauds, online investment schemes, offering jobs, etc.15
2.8 Cyber Crime with Mobile & Wireless Technology
At present the mobile is so developed that its becomes somewhat equivalent to
personal computer, as we can do a lot of work on our mobile phones which were
earlier possible on the computers only, such as surfing, sending e-mails etc. There
is also increase in the services which were available on the mobile phones such as
Mobile Banking which is also prone to cyber crimes on the mobile as it is on the
Internet. Due to the development in the mobile and wireless technology day by
day, the day is not far away when the commission of cyber crimes on the mobile
will become a major threat along with other cyber crimes on the net.16
2.9 Phishing
In computing, phishing is a form of social engineering, characterized by attempts
to fraudulently acquire sensitive information, such as passwords and credit card
details, by masquerading as a trustworthy person or business in an apparently
official electronic communication, such as an e-mail or an instant message. The
term phishing arises from the use of increasingly sophisticated lures to fish for
users, financial information and passwords. He act of sending an e-mail to a user
falsely claiming to be an established legitimate enterprise in an attempt to scam
15
Zulfiquar Ahmed, A Text Book on Cyber Law in Bangladesh, 1st ed., (Dhaka: National Law
Book Company, 2009), p.145.
16
Ibid, p.145.
14
the user into surrendering private information that will be used for identity theft.
The e-mail directs the user to visit a web site where they are asked to update
personal information, such as passwords and credit card, social security, and bank
account numbers that the legitimate organization already has. The Web site,
however, is bogus and set up only to steal the user‘s information. By spamming
large groups of people, the phisher counted on the e-mail being ready by a
percentage of people who actually had listed credit card numbers with
legitimately. Phishing, also referred to as brand spoofing or carding, is a variation
on fishing, the idea being that bait is thrown out with the hopes that while most
will ignore the bail, some will be tempted into bitting.17
The damage caused by phishing ranges from loss of access to e-mail to
substantial financial loss. This style of identity theft is becoming more popular,
because of ease with which unsuspecting people often divulge personal
information to phishers, including credit card numbers and social security
numbers. Once this information is acquired, the phishers may use a person‘s
details to create fake accounts in a victim‘s name, ruin a victim‘s credit, or even
prevent victims from accessing their own accounts. It is estimated that between
May 2004 and May 2005, approximately 1.2 million computer users in the United
States suffered losses caused by phishing/totaling approximately $929 million US
Dollar. U.S. businesses lose an estimated $2 billion USD a year as their clients
become victims, The United Kingdom also suffers from the immense increase in
phishing. In March 2005, the amount of money lost in the UK was approximately
£12 million Pound Sterling.18
2.10 Denial of Service Attack (Dos Attack)
This is an act by the criminal, who floods the bandwidth of the victim‘s network
or fills his e-mail box with spam mail depriving him of the services he is entitled
to access or provide short for denial-of-service attack, a type of attack on a
network that is designed to bring the network to its knees by flooding it with
17
Ibid, p.146.
18
Ibid, p.148.
15
useless traffic. May Dos attacks, such as the Ping of Death and Teardrop attacks,
exploit limitations in the TCP/IP protocols. For all known Dos attacks are
constantly being dreamed up by hacker. This involves flooding a computer
resource with more requests than it can handle. This involves flooding a computer
resource with more requests than it can handle. This causes the resource (e.g.a
web server) to crash thereby denying authorized users the service offered by the
resource. Another variation to a typical denial of service attack is known as a
Distributed Denial of service (DDoS) attack wherein the perpetrators are many
and are geographically widespread. It is very difficult to control such attacks. The
attack is initiated by sending excessive demands to the victim‘s computer‘s,
exceeding the limit that the victim‘s servers can support and making the server‘s
crash. Denial-of-service attacks have had an impressive history having, in the past,
brought down websites like Amazon, CNN, Yahoo and eBay.19
2.11 Data Diddling
Data diddling involves changing data prior or during input into a computer. In
other words, information is changed from the way it should be entered by a person
typing in the data, a virus that changes data, the programmer of the databases or
application, or anyone else involved in the process of having information stored in
a computer file. The culprit can be anyone involved in the process of creating,
recording, encoding, examining, checking, converting, or transmitting data. This
kind of an attack involves altering raw data just before it is processed by a
computer and then changing it back after the after the processing is completed.
Electricity Boards in India have been victims to data diddling programs inserted
when private parties were computerizing their systems.20
This is one of the simplest methods of committing a computer-related crime,
because it requires almost no computer skills whatsoever. Despite the ease of
committing the crime, the cost can be considerable. For example, a person
entering accounting may change data to show their account, or a person entering
19
Ibid, pp.149-150.
20
Ibid, p.156.
16
accounting may change data to sho9w their account, or that or a friend or family
member, is paid in full. By changing or failing to enter the information, they are
able to steal from the company. To deal with this type of crime, a company must
implement policies and internal controls. This may include performing regular
audits, using software with built-in features to combat such problems, and
supervising employees.21
2.12 Salami Attacks
A salami attack is a series of minor data-security attacks that together result in a
larger attack. For example, a fraud activity in a bank where an employee steals a
small amount of funds from several accounts, can be considered a salami attack.
Crimes involving salami attacks typically are difficult to detect and trace. These
attacks are used for the commission of financial crimes. They key here is to make
the alteration so insignificant that in a single case it would go completely
unnoticed, e.g. a bank employee inserts a program, into the bank‘s servers, that
deducts a small amount of money (say Rs. 5 a month) form the account of every
customer. No account holder will probably notice this unauthorized debit, but the
bank employee will make a sizable amount of money every month.22
To cite an example; an employee of a bank in USA was dismissed from his
job. Disgruntled at having been supposedly mistreated by his employers the man
first introduced a logic bomb into the bank‘s systems. Logic bombs are
programmes, which are activated on the occurrence of a particular predefined
event. The logic bomb was programmed to take ten cents from all the accounts in
the bank and put them into the account of the person whose amen was
alphabetically the last in the bank‘s rosters. Then he went and opened an account
in the name of Ziegler. The amount being withdrawn from each of the accounts in
the bank was so insignificant that neither any of the account holders nor the bank
officials noticed the fault. It was brought to their notice when a person by name of
Zygler opened his account in that bank. He was surprised to find a sizable amount
21
Ibid, p.156.
22
Ibid, pp.156-57.
17
of money being transferred into his account every Saturday. 23
In January 1993, four executives of a rental-car franchise in Florida were
charged with defrauding at least 47, 000 customers using a salami technique. The
federal grand jury in Fort Lauderdale claimed that the defendants modified a
computer billing program to add five extra gallons to the actual gas tank capacity
of their vehicles. From 1988 through 1991, every customer who returned a care
without topping it off ended up paying inflated rates for an inflated total of
gasoline. The thefts ranged from $ 15 per customer-rather thick slices of salami
but nonetheless difficult for the victims to detect.24
In Los Angeles in October 1998, the district attorneys charged four men with
fraud for allegedly installing computer chips in gasoline pumps that cheated
consumers by oversetting the amounts pumped. The problem came to light when
an increasing number of consumers charged that they had been sold more gasoline
than the capacity of their gas tanks. However, the fraud was difficult to prove
initially because the perpetrators programmed the chips to deliver exactly the right
amount of gasoline when asked for five-and 10-gallon amounts-precisely the
amounts typically used by inspectors.25
Unfortunately, salami attacks are designed to be difficult to detect. The only
hope is that random audits, especially of financial data, will pick up a pattern of
discrepancies and lead to discovery. As any accountant will warn, even a tiny
error must be tracked down, since it may indicate a much larger problem. If we
pay more attention to anomalies, we‘d be in better shape to fight the salami
rogues. Computer systems are deterministic machines-at least where application
programs are concerned. Any error has a cause. Looking for the causes of
discrepancies will seriously hamper the perpetrators of salami attacks. From a
23
Ibid, p.157.
24
Ibid, pp.158-159.
25
[http://www. networkworld. com/newsletters/sec /2002/01467137.html] Last visited 27
March 2015
18
systems developments standpoint, such scams reinforce the critical importance of
sound quality assurance throughout the software development life cycle.26
26
R. K. Chaubey, An Introduction to Cyber Crime and Cyber Laws, 1st ed., (Kolkata: Kamal
Law House, 2009), p.159.
19
Chapter 3
INTERNATIONAL PERSPECTIVE ON CYBERCRIME
The global world network, which united millions of computers located in different
countries and opened broad opportunities to obtain and exchange information, is
used with criminal purposes more and more often. The introduction of electronic
money and virtual banks, exchanges and shops became one of the factors of the
appearance of a new kind of crime- transnational computer crimes. Today law
enforcement face tasks of counteraction and investigation of crimes in the sphere
of computer technologies, cyber crimes. Still the definition of cyber crime remains
unclear to law enforcement, though criminal actions on the Internet pose great
social danger. Transnational character of these crimes gives the grounds to say
that development of a mutual policy to regulate main problem should be a part of
every strategy to fight cyber crime.27
Anonymity and absence of frontiers makes the Internet an efficient weapon in
hands of criminals. Investigation and prevention of computer crimes turns into a
―headache‖ of law enforcement officer. In the virtual space criminals usually act
form sites in other countries. In such cases it is necessary to cooperate with
foreign law enforcement agencies, and that is possible not always. Taking into
consideration that globalization of such crime, it is more and more obvious that so
State is able to cope with such threats independently. During investigation of
transnational cyber crimes law enforcement of a concrete State, authorities of
which extend only on its territory exclusively, should cooperate with each other in
accordance with international legal documents accepted by these countries.
Depending on relations between interested countries and corresponding
27
R. K. Chaubey, ibid, p.167.
20
information or other facts, a necessary to develop additional authorities and
procedures on investigating of such crimes may appear.28
One of the most serious steps taken on regulate this problem was the
adoption of Cyber Crime Convention by European Council on 23 November
2001, the first investigating agreement on judicial and procedural aspects of
investigating and prosecuting on judicial and prosecuting cyber crimes. It
specifies efforts coordinated at the national and international level and directed at
preventing illegal intervention into the work of computer systems. The
Convention stipulates actions targeted at national and intergovernmental level
directed to prevent unlawful infringement of computer system functions. The
Convention divides forbidden content (racist websites and child porn content) and
breaking copyright laws.29
3.1 Mysterious Cyber Crimes
The most nefarious and crafty criminals are the ones who operate completely
under the radar. In the computing world security breaches happen all the time, and
in the best cases the offenders get tracked down by the FBI or some other law
enforcement agency. But it's the ones who go uncaught and unidentified (those
who we didn't highlight in our Cyber Crime Hall Fame that are actually the best.
Attempting to cover your tracks is Law-Breaking 101; being able to effectively do
so, that's another story altogether. When a major cyber crime remains unsolved,
though, it probably also means that those of us outside the world of tech crime
solving may never even know the crime occurred. These are some of the top
headline-worthy highlights in the world of unsolved computing crime—cases in
which the only information available is the ruin left in their wake.
The WANK Worm (October 1989)
Possibly the first "hacktivist" (hacking activist) attack, the WANK worm hit
NASA offices in Greenbelt, Maryland. WANK (Worms Against Nuclear Killers)
28
Ibid, pp.167-168.
29
Ibid, p.168.
21
ran a banner (pictured) across system computers as part of a protest to stop the
launch of the plutonium-fueled, Jupiter-bound Galileo probe. Cleaning up after the
crack has been said to have cost NASA up to a half of a million dollars in time
and resources. To this day, no one is quite sure where the attack originated,
though many fingers have pointed to Melbourne, Australia-based hackers.30
Ministry of Defense Satellite Hacked (February 1999)
A small group of hackers traced to southern England gained control of a MoD
Skynet military satellite and signaled a security intrusion characterized by officials
as "information warfare," in which an enemy attacks by disrupting military
communications. In the end, the hackers managed to reprogram the control system
before being discovered. Though Scotland Yard's Computer Crimes Unit and the
U.S. Air Force worked together to investigate the case, no arrests have been
made.31
CD Universe Credit Card Breach (January 2000)
A blackmail scheme gone wrong, the posting of over 300,000 credit card numbers
by hacker Maxim on a Web site entitled "The Maxus Credit Card Pipeline" has
remained unsolved since early 2000. Maxim stole the credit card information by
breaching CDUniverse.com; he or she then demanded $100,000 from the Web site
in exchange for destroying the data. While Maxim is believed to be from Eastern
Europe, the case remains as of yet unsolved. 32
Military Source Code Stolen (December 2000)
If there's one thing you don't want in the wrong hands, it's the source code that can
control missile-guidance systems. In winter of 2000, a hacker broke into
government-contracted Exigent Software Technology and nabbed two-thirds of
the code for Exigent's OS/COMET software, which is responsible for both missile
30
[http://www.pcmag.com/article2/0,2817,2331225,00.asp] last visited April 1, 2016.
31
Ibid.
32
Ibid.
22
and satellite guidance, from the Naval Research Lab in Washington, D.C.
Officials were able to follow the trail of the intruder "Leaf" to the University of
Kaiserslautern in Germany, but that's where the trail appears to end.33
Anti-DRM Hack (October 2001)
In our eyes, not all hackers are bad guys (as evidenced by our list of the Ten
Greatest Hacks of All Time); often they're just trying to right a wrong or make life
generally easier for the tech-consuming public. Such is the case of the hacker
known as Beale Screamer, whose FreeMe program allowed Windows Media users
to strip digital-rights-management security from music and video files. While
Microsoft tried to hunt down Beale, other anti-DRM activists heralded him as a
crusader. 34
3.2 Initiatives taken by the Organizations worldwide from time to control the
growing of cyber crime
There are various initiatives taken by the Organizations worldwide from time to
control the growing of cyber crime. Some of the initiatives taken by various
organizations are:
3.3 The United Nation
A Resolution on combating the criminal misuse of information technologies was
adopted by the General Assembly on December 4, 2000 including as followings:
(a) States should ensure that their laws and practice eliminate safe havens for
those who criminally misuse information technologies.
(b) Legal systems should protect the confidentiality integrity and availability of
data and computer systems from unauthorized impairment and ensure the criminal
abuse is penalized.35
33
Ibid
34
Ibid
35
Ibid, p.169.
23
3.4 The Council of Europe
Convention on Cyber Crime of 2001 is a historic milestone in the combat against
cyber crime. Member States should complete the ratification, and other States
should consider the possibility of acceding to the Convention or evaluate the
advisability of implementing the principles of the Convention. With the Council
of Europe Convention on Cyber Crime and the recommendations from, G8, OAS,
and APEC, we may reach our goal of a global legal framework against cyber
crime. By ratifying or acceding to the Council of Europe Convention of Cyber
Crime or implementing the principles States agree to ensure that their domestic
laws criminalize conducts described in the substantive criminal law section and
establish the procedural tools necessary to investigation and prosecute such
crimes. This is the harmonizing of national legal approaches on cyber crime.36
The council of Europe established a Committee of Experts on Crime in CyberSpace in 1997. The committee prepared a proposal for a Convention on Cyber
Crime, and the Council of Europe Convention on Cyber Crime was adopted and
opened for signatures at a Conference in Budapest, Hungry, 2001, The convention
entered into force on July 1, 2004. As of February 2007, the total numbers of
signatures not followed by ratifications are 22 countries. The total number of
ratifications/accessions at present is 21.37
3.5 The European Union
In the European Union, the Commission of the European Communities presented
on April 19, 2002 a proposal for a Council Framework Decision on attacks against
information systems. The proposal was adopted by the Council in 2005 and
includes Article 2: Illegal access to Information System, Article 3: Illegal System
Interference and Article 4: Illegal DateInterference.38
36
Ibid, p.169.
37
Ibid, pp.169-70.
38
Ibid, p.170.
24
Article 2: Illegal access to Information systems.
1. Each Member State shall take the necessary measures to ensure that the
intentional access without right to the whole or any part of an information system
is punishable as a criminal offence, at least for cases which are not minor.
2. Each Member State may decide that the conduct referred to in paragraph I is
incriminated only where the offence is committed by infringing a security
measure.
Article 3: Illegal access to Information systems.
Each Member State shall take the necessary measures to ensure that the
intentional serious hindering or interruption of the functioning of an information
system by inputting, transmitting, damaging, deleting, deteriorating, altering,
suppressing or rendering inaccessible computer data is punishable as a criminal
when committed without right at least for cases which are not minor.
Article 4: Illegal data interference. Each Member State shall take the necessary
measures to ensure that the intentional deletion, damaging, deterioration,
alteration, suppression or rendering inaccessible of computer date on an
information system is punishable as a criminal offence when committed without
right, at least for cases which are not minor.39
3.6 ASEAN
The Association of Southeast Asian Nations (ASEAN) has established high level
Ministerial Meeting on Transnational Crime (AMMTC). At the Meeting in
Bangkok, January 8, 2004, a statement included cyber crime was recognized and
the need for an effective legal cooperation to enhance the fight against
transnational crime. A plan of Action to Implement the Joint Declaration on
ASEAN China Strategic partnership for paces and prosperity was signed on
October 8, 2003, in Bali, Indonesia. ASEAN and China will purses the following
joint actions and measures.40
39
Ibid, pp.170-71.
40
Ibid, p.171.
25
Formulate Cooperative and emergency response procedures for purposes of
maintaining and enhancing cyber security and preventing and combating cyber
crime. In a statement from ASEAN Regional Forum (ARF) on July 2006 it was
emphasized that: ―Believing that an effective fight against cyber tacks and
terrorist misuse of cyberspace requires increased rapid and well functioning legal
and other forms of cooperation.‖41
3.7 APEC
The Ministers and leaders of the Asia Pacific Economic Cooperation (APEC)
have at a meeting in 2002 made a commitment to: ―Endeavor to enact a
comprehensive set of laws relation to cyber security and cyber crime that are
consistent with the provision of international legal instruments, including United
Nations General Assembly Resolution 55/63 (2000) and Convention on Cyber
crime (2001) by October 2003.‖In a Ministerial Meeting in Santiago, Chile,
November 2004, it was agreed to strengthen the respective economies ability to
combat cyber crime by enacting domestic legislation consistent with the
provisions of international legal instruments including the Convention on Cyber
Crime (2001) and relevant United General Assembly Resolutions.42
3.8 G-8 States
The G-8 States established in 1997 the Subgroup of High-Tech Crime. At a
meeting in Washington DC in 1997 the G8 countries adopted Ten Principles in the
combat crime. The goal was to ensure that no criminal receives safe havens
anywhere in the world. At the last Meeting of G8 Justice and Home Affairs
Ministers in Washington DC, on May, 2004, a joint communiqué was including as
follows: ―Continuing to Strengthen Domestic Laws. To truly build globe
capacities to combat terrorist and criminal uses of the Internet, all countries must
continue to improve laws that criminalize misuses of computer network and that
allow for faster cooperation on Internet related investigations, with the council of
41
Ibid, p.171.
42
Ibid, p.171-72.
26
Europe‘s Convention on Cyber crime coming into force on July 1, 2004 we should
take steps to encourage the adoption of the legal standards it contains on a broad
basis.‖43
In a statement from the G8 Meeting in 2002 a goal was emphasized:
―To ensure that law enforcement agencies can quickly respond to serious
cyber threats and incidents.‖
At the Moscow Meeting in 2006 in for the G8 Justice and Home Affairs
Ministers discussed cyber crime and issues of cyberspace. In a statement it was
emphasized:
―We also discussed issue related to shoring accumulated international
experience in combating terrorism as well as comparative analysis of relevant
pieces of legislation on that score. We discussed the necessity of improving
effective countermeasures that will prevent IT terrorism and terrorist acts in this
sphere of high technologies. For that it is necessary to device a set of measures to
prevent such possible criminal acts including in the sphere of telecommunication.
That includes and application of viruses and other harmful computer program. We
will instruct our experts to generate unified approaches to fighting cyber
criminality and we will need an international legal base for this particular work,
and we will apply all of that to prevent terrorist from using computer and Internet
sites to prevent terrorists and the recruitment of other illegal actors.‖
44
3.9 Organization of American States
The Ministers of Justice or Ministers or Attorneys General of the Americas in the
Organization of American States (OAS) recommended in Peru in 1999 the
establishment of a group of government experts on cyber crime. At a meeting in
Trinidad and Tobago in 2002 recommendations were adopted giving the Group of
experts the following mandate:
43
Ibid, p.172.
44
Ibid, pp.172-73.
27
―To consider the Preparation of pertinent inter-American legal instruments and
model legislation for the purpose of strengthening hemispheric cooperation in
combating cyber crime. Considering standards relating to privacy, the protection
of information procedural aspects and crime prevention.‖45
Consideration of recommendation was discussed at a meeting in Washington
DC June 2003. The Fifth Meeting of Ministers of Justice or of Ministers or
Attorneys General of the Americas in Washington DC on April 2004, approved
conclusions and recommendation to the General Assemble of the OAS including
as follows: ―That Member States evaluate the advisability of implementing the
principles of the Council of Europe Convention on Cyber crime (2001) and
consider the possibility of acceding to the convention.‖46
The General Assembly of the Organization of American States requested at
the Meeting on June 7, 2005, the Permanent Council to convene the meeting of
the Group of Government Experts on Cyber crime. The organization of American
States in cooperation with the council of Europe and Spain, organized a
conference in Madrid on December 2005. This conference was titled Cyber Crime
a Global Challenge a Global response. Among the conclusion was adopted:
―Acknowledge the importance of the only international treaty in this field: the
convention on Cyber crime which is open to all states as well as the importance
of strengthening the international legal framework; Strongly encourage States to
consider the possibility of becoming Parties to this Convention in order to make
use of effective and compatible laws and tools to fight cyber crime at domestic
level and on behalf of international cooperation Recognize the need of pursuing
cooperation providing technical assistance and organizing similar events in other
regions of the world.‖47
The permanent council of the Organization of American States resolves on
December 15, 2005. That the Group of Government experts on cyber crime should
meet on February 27-28, 2006. For the purpose of carrying out the mandates
45
Ibid, p.173.
46
Ibid, p.174.
47
Ibid, p.174.
28
referred to in the conclusions and recommendations of the fifth Meeting of
Ministers of Justice on April 28-30, 2004.
The Group of Governmental Experts on cyber crime me in Washington DC
February 27-28, 2006.The Agenda included also: Challenges on accessing
drafting and amending legislation consistent with the principles, substantive and
procedural law of the council of Europe convention on cyber crime (2001).48
At the Sixth Meeting of Ministers of Justice in June 2006 it was made a
statement as follows: ―…continue to strengthen cooperation with the council of
Europe so that the OAS member states can give consideration to applying the
principles of the council of Europe‘s Convention on Cyber Crime and to acceding
thereto, and to adoption the legal and other measures required for its
implementation. Similarly that efforts continue to strengthen mechanisms for the
exchange of information and cooperation with other international organizations
and agencies in the area of cyber crime, such as the United Nation, the European
Union, the Asia Pacific Economic co-operation and Development, the G-8, the
commonwealth and Interpol in order for the OAS member states to take advantage
of progress in those forums.‖49
48
Ibid, p.174.
49
Ibid, pp.174-75.
29
Chapter 4
CYBER LAW IN BANGLADESH
4.1 Need for Cyber Law in Bangladesh
Computer has become integral parts of the modern day homes and workplaces.
Countries around the world continue to exhibit an encouraging trend of computer
usage. Most academic institution has invested in the best technology to keep their
students equipped and informed. As for the workplace, there is a gradual trend
towards a possible future brimming with ‗paperless and selfless offices‘. The
dependence on computer is increasing by the day as we are faced with better and
faster machines geared up to fulfill operations that were not even imagined a few
years back. The usage of computers have opened up newer possibilities for
commerce and given fresh lease of life to several industries. The flexibility and
economic feasibility of the Internet has transformed the cyberspace into a colossal
market abundant with opportunities. The cyberspace knows no boundaries, no
parameters and no precincts as it connects people around the world. The cyber
world has rendered our physical tangible world a much smaller place with
distance and time being no longer constraints of the modern day human.
Computer and their influences have traveled into almost every sector. Business,
travel, education, entertainment or any other industry cannot comprehend progress
without the help of these machines, which look innocuous enough to be
underestimated of their potential. Students, professional and organizations around
the world need to understand the inescapable truth that computer are here to stay
and in definite future, it might be difficult to even move an inch without it having
an effect on us. Considering the present trend, it has become almost obligatory for
30
everyone to understand the jurisprudence that countries worldwide have framed to
regulate and control the use of computers.50
For the past several years, many countries have been concentrating on the
awareness on questions of about the governance of cyberspace. The question of
who controls the Internet is directly related to the question who wants to control
the Internet. From the moment that the Internet was opened up to commercial
activity many different groups wanted to dominate, such as user, communication
companies, ISPs, and the government. Of them all, the most objected was the
government intervention, yet it is governments that have managed to exert the
most control.
However as Internet has grown in our country, the need has been felt to enact
the appropriate cyber laws, which are indispensable to legalize and regulate
Internet in Bangladesh. The need for cyber laws was propelled by numerous
factors. The arrival of Internet signaled the commencement of the rise of new and
intricate legal issues. Despite the brilliant acumen of our master draftsman, the
requirement of cyberspace could hardly ever be anticipated. As such, the coming
of the internet led to the emergence of numerous ticklish legal issues and problem
which necessitated the enactment of cyber laws. The existing laws of Bangladesh,
even with the most generous and moderate interpretation, could not be interpreted
in the light of the promising cyberspace, to consist of all aspect relating to
different activities in cyberspace. There are no existing laws that assigned any
legal validity or sanction to the activities in cyberspace, as such, before passing
Cyber Law, email was not ―legal‖ in our country and courts and judiciary in our
country had been reluctant to grant judicial recognition to the legality of email in
the absence of any specific law having been enacted by the parliament. The
Government of Bangladesh responded by coming up with the first cyber law of
Bangladesh – The Information and Communication Technology Act (ICT), 2006.
The Cabinet of Minister of Bangladesh has approved the Information and
Communication Technology bill (ICT), 2006 on February 2005 and it has been
50
Zulfiquar Ahmed, A Text Book on Cyber Law in Bangladesh, 1st ed., (Dhaka: National Law
Book Company, 2009), p.39 – 52.
31
enacted on 8th October, 2006.
The ICT Act defines various terms, which are innovative in the legal lexicon
in Bangladesh. The law consists of a preamble, 97 sections and four schedules.
Cyber Laws are contained in the ICT Act, 2006. This Act aims to provide the
legal infrastructure for e-commerce in Bangladesh. And the cyber laws have a
major impact for e-businesses and the new economy in Bangladesh. So, it is
important to understand what are the various perspectives of the ICT Act, 2006
and what it offers.
4.2 Historical Background of the Information and Communication
Technology Law or Cyber Law
Bangladesh
Government
has
recently
enacted
The
Information
and
th
Communication Technology (ICT) Act, 2006 on 8 October, 2006. The law has
been made in the shape of the United Nations Commission on International Trade
Law (UNCITRAL) of 1996, which is called UNCITRAL Model Law on
economic commerce. The Model Law does not have any force but merely serves
as a model to countries for the evaluation and modernization of certain aspects of
their laws and practices in the field of communication involving the use of
computerized or other modern techniques, and for the establishment of relevant
legislation where none exists. The law is sometimes called cyber law and
sometimes the law of ―Internet‖ or ―Computer‖. Bangladesh is the 32nd nations in
the world that has cyber legislation apart from countries like India, Singapore,
France, Malaysia and Japan.51
4.3 Sides of Cyber Law or ICT Act of Bangladesh
Cyber laws are meant to set the definite pattern, some rules and guidelines that
defined certain business activities going through internet legal and certain illegal
and hence punishable. The ICT Act 2006, the cyber law of Bangladesh, gives the
legal framework so that information is not denied legal effect, validity or
51
Ibid, p.52.
32
enforceability, solely on the ground that it is in the form of electronic record. One
cannot regard government as complete failure shielding numerous e-commerce
activities on the firm basis of which this industry has got to its skies, but then the
law cannot be regarded as free ambiguities.52 The Information and
Communication Technology Act (ICT), 2006 also aims to provide for the legal
framework so that legal sanctity is accorded to all electronic records and other
activities carried out by electronic means. The Act states that unless otherwise
agreed, an acceptance of contract may be expressed by electronic means of
communication and the same have legal validity and enforceability. Some
highlights of the Act has been given below:
Chapter I of the ICT Act 2006 specifically defines some term which are used
in ICT sector and cyber legislation for clearing the concept. This chapter also
stipulates the jurisdiction and superiority of the Act. Extra regional effect of the
Act has been discussed in the chapter.
Chapter II of the Act specifically stipulates that any subscriber may
authenticate an electronic record by affixing his digital signature. It further states
that any person can verify an electronic record by use of a public key of the
subscriber. The said chapter also details the legal recognition of Digital Signature
and electronic records. Chapter II of the ICT Act details about Electronic
Governance and provides inter alia amongst others that where any law provides
that information or any other matter shall be in writing or in the typewritten or
printed from, then, notwithstanding anything contained in such law, such requires
shall be deemed to have been satisfied if such information or matter is rendered or
made available in an electronic from; and accessible so as to be usable for a
subsequent reference.
Chapter III of the ICT Act details for application to the attribution,
acknowledgement and dispatch of electronic records among parties.
Chapter IV of the ICT Act provides rules for secure electronic records &
secure digital signature.
52
Ibid, p.53.
33
Chapter V of the said Act gives a scheme for regulation of Certifying Authorities.
The Act envisage a Controller of Certifying Authorities who shall perform the
function of exercising supervision over the activities of the Certifying Authorities
as also laying down standards and conditions governing the Certifying Authorities
as also specifying the various forms and content of Digital Signature Certificates.
The Act recognizes the need for foreign Certifying Authorities and it further
details the various provisions for the issue of license to issue Digital Signature
Certificates.
Chapter VI of this Act details about applying the security procedure,
acceptance of Digital Signature Certificate, obtaining Digital Signature Certificate
and Control of Private Key. The duties of subscribers are enriched in this said Act.
Chapter VII & VIII of the ICT Act talks about penalties, adjudication,
investigation, judgment and punishment for various offences. The penalties for
damage to computer, computer systems etc. has been fixed as damages by way of
compensation not exceeding Tk. 1,00,00,000 to affected persons. The Act talks of
appointment of any officer not below the rank of a Director to the Government of
Bangladesh or an equivalent officer of state government as an Adjudicating
Officer who shall adjudicate whether any person has made a contravention of any
of the provision of the said Act or rules framed there under. The said Adjudicating
Officer has been given the power of a civil court.
Chapter VIII of the Act also talks of the establishing of the Cyber Regulations
Appellate Tribunal, which shall be an appellate body where appeals against the
order passed by the Adjudicating Officer, shall be preferred. Chapter – VIII of the
Act talks about various offences and the said offences shall be investigated only
by a Police Officer not below the rank of the Deputy Superintendent of police.
Chapter IX of the Act details about police servant, protection of action taken
in good faith. The said Act also proposes to amend the Penal Code, 1860, the
Evidence Act, 1872, the Bankers‘ Books Evidence Act, 1891 to make them in
tune with the provision of the ICT ACT.53
53
Ibid, pp.53-55.
34
4.4 Objective of the ICT Act, 2006`
The preamble of the ICT Act, 2006 declares that, an Act to provide legal
recognition for transaction carried out by means of electronic data interchange and
other means of electronic communication, commonly referred to as ―electronic
commerce‖, which involve the use of alternative to paper-based methods of
communication and storage of information, to facilitate electronic filing of
documents with the Government agencies and further to amend the Penal Code,
1860, the Evidence Act, 1872 and the Bankers‘ Books Evidence Act, 1891 and for
matters connected therewith or incidental thereto.
The object of the ICT Act, 2006, have been illustrated by the Law
Commission‘s Final Report to give effect to the following purposes:
(a) to facilitated electronic communications by means of reliable electronic
records; (b) to facilitate electronic commerce, eliminate barriers to electronic
commerce resulting from uncertainties over writing and signature requirements,
and to promote the development of the legal and business infrastructure necessary
to implement secure electronic commerce; (c) to facilitate electronic filing of
documents with government agencies and statutory corporation, and to promote
efficient delivery of government services by means of reliable electronic records;
(d) to minimize the incidence of forged electronic records, intentional and
unintentional alteration of records, and fraud in electronic commerce and other
electronic transaction; (e) to help to establish uniformity of rules, regulations and
standards regarding the authentication and integrity of electronic records; and
(f) To promote public confidence in the integrity and reliability of electronic
records and electronic commerce, and to faster the development of electronic
commerce through the use of electronic signatures to lend authenticity and
integrity to correspondence in any electronic medium.54
4.5 Establishment & Jurisdiction of Cyber Tribunal in Bangladesh
Government of Bangladesh by gazette notification, for the purpose of quick and
effective trial of crimes committed under the Act, may establish one or more cyber
54
Ibid, p.57.
35
tribunal, sometimes which is stated later as tribunal under section 68(1) of the ICT
Act. The cyber tribunal that is stated in section (1) of the section will comprise of
a session judge or an assistant session judge appointed by the government with
consulting with the Supreme Court; and such a judge appointed will be introduced
―judge, cyber tribunal‖.55 The cyber tribunal under the section may be given
jurisdiction of whole Bangladesh or one or more session jurisdiction; and the
tribunal will only judge the cases of crimes under the Act.56 The special tribunal
may sit and continue its procedure on a place at a certain time and government
will dictate all this by its order.57
Establishment & Jurisdiction of Cyber Appellate Tribunal in Bangladesh the
ICT Act envisages the establishment of the Cyber Appellate Tribunal at one or
more places as the government may deem fit. Section 82(1) of the ICT Act
provides that the government shall, by notification in the Official Gazette,
establish one or more appellate tribunals to be known as the Cyber Appellate
Tribunal. The cyber appellate tribunal will be comprised of a chairman and two
members appointed by the government.58 The chairman will be such a person,
who was a justice of the Supreme Court or is continuing his post or capable to be
appointed as such and one of the member will be as an appointed judicial
executive as a district judge or he may be retired and the other will be a person
having the knowledge and experience in information and technology that is
prescribed.59 The chairman and the members will be in their post minimum 3
years and maximum 5 years and the conditions of their service will be decided by
the government.60 The Cyber Appellate Tribunal shall have the power to hear and
settle the appeal made against the judgment of cyber tribunal and session court.61
55
The Information and Communication Technology Act, 2006, s. 68(2).
56
Ibid, s. 68(3).
57
Ibid, s. 68(4).
58
Ibid, s. 82(2).
59
Ibid, s. 82(3).
60
Ibid, s. 82(4).
61
Ibid, s. 83(1).
36
The appeal tribunal will have authority of supporting, canceling, changing, or
editing the judgment of the cyber tribunal.62 The decision of the appellate tribunal
will be final. The Cyber Appellate Tribunal does not seem to be vested with any
original jurisdiction; it has been vested with the powers of a Civil Court in respect
of, interalia,
a. Summoning and examining of witnesses
b. Requiring production of document
c. Receiving evidence
d. Issuing commissions and
e. Reviewing its decisions.63
62
Ibid, s. 83(2).
63
Zulfiquar Ahmed, A Text Book on Cyber Law in Bangladesh, 1st ed., (Dhaka: National Law
Book Company, 2009), p.150-52.
37
Chapter 5
PREVENTIVE MEASURES ON CYBER CRIME:
PERSPECTIVE BANGLADESH
5.1 What makes cybercrime laws so difficult to enforce
Deb Shinder discusses both the difficulty of enforcing cybercrime laws and of
tracking down cybercriminals in the first place. When the Internet first "went
commercial" and became affordable enough and easy enough to access for
ordinary people (that is, those outside academia and government), it was a new
frontier. Like the Wild West of old, it was mostly unregulated; legislators hadn't
anticipated the rapid growth or the types of online behaviors that would require
new laws to protect innocent users.
Over the more than two decades since, state and federal governments have
passed many statutes to address the problem of criminal activities that take place
over the Internet. Cyberbullying, cyberstalking, theft of wireless services,
spamming, unauthorized access - most of these laws didn't exist twenty-five years
ago.
So now we have plenty of laws on the books, but enforcing them is another
matter. It can be frustrating for the victims of such crimes, when the perpetrators
are never brought to justice. Some local police departments have set up divisions
specifically devoted to computer crimes enforcement, but some shy away from
investigating and enforcing these types of crime. That's because, for a number of
reasons, enforcing laws governing online behavior is intrinsically more difficult
than the enforcement of "traditional" laws. In this article, we'll take a look at those
reasons.
5.2 Jurisdictional issues
The concept of jurisdiction pertains to which agency or court has the authority to
38
administer justice in a particular matter, and to the scope of those agencies' and
courts' authority. Jurisdiction can be based on a number of different things64:
Branch of law. In the U.S., there are three broad branches of law: criminal
law, civil law, and regulatory law. The criminal (or penal) system deals with
offenses that are prosecuted by the government - local, state or federal - and can
be punished by monetary fines, loss of liberty (jail or prison), or in extreme cases,
even loss of life (death penalty). The civil system deals with disputes between
individuals or organizations (including in some cases government agencies), in
which the party found liable is ordered to pay monetary damages and/or ordered
to do or not do something (injunction). Regulatory agencies have jurisdiction over
specific industries or activities and can impose fines and/or take away an
individual's or organization's authorization to conduct business or engage in the
regulated activity. Type of case. Within each system, there can be different
agencies or courts assigned responsibility for different types of cases. For
example, within the criminal system, some courts deal exclusively with traffic
offenses and some deal with domestic violence and other family law cases. Some
law enforcement agencies have jurisdiction only over crimes that violate the
state's alcoholic beverage code, or only investigate and prosecute offenses that fall
under the parks and wildlife code. Within the civil system, some courts handle
only divorce cases, others handle only probate matters, and so forth. Grade of
offense. In the criminal justice system, different courts have jurisdiction over
different grades of offense, based on severity. Municipal courts may handle only
city ordinance violations and/or certain misdemeanor offenses. County courts may
handle more serious misdemeanors, while district courts handle felony offenses.
Monetary damages. In the civil system, different courts handle cases based on the
monetary damages. For example, small claims courts or justice of the peace courts
may have jurisdiction over lawsuits up to a few thousand dollars. Level of
government. In the U.S., there are separate laws, law enforcement agencies and
court systems for different levels of government. In the criminal system, you have
64
[http://www.techrepublic.com/blog/it-security/what-makes-cybercrime-laws-so-difficult-toenforce/4997/] Last visited 10 May 2016
39
municipal police, county sheriffs (and in some states, constables and/or marshals),
state police or troopers, and numerous federal agencies such as the FBI, DEA,
BATF, etc., enforcing the laws that are passed by the governing bodies at the
corresponding levels (city and county ordinances passed by city councils and
county commissioners, state statutes passed by state legislative bodies and federal
laws passed by the U.S. Congress).65
Because these systems are separate, a person can be charged, tried and
acquitted under state law, for example, and then charged, tried and convicted
under federal law for the same act, without incurring double jeopardy. There are
also international law-making bodies such as the EU and the UN; their laws are
generally adopted by the member nations via treaties.
Geographic area. Any good real estate agent will tell you it's all about
location, location, location - and that's what geographic jurisdiction pertain to. In
the case of the courts, it's also referred to as venue. A law enforcement agency or
court has jurisdiction only over crimes that take place in the geographic location
where that agency or court has authority. That may include the location of the
perpetrator, the location of the victim, or the location where the crime actually
occurred.
Before a law enforcement agency can investigate a cybercrime case, it has to
have jurisdiction. The first thing that must be determine is whether a crime has
taken place at all. In some cases, there is no law on the book that covers the
particular circumstance. In other cases, the wrongful action that took place is a
civil matter, not a criminal one. This might be the case, for instance, if you
entrusted your data to a company and that company lost it.
If a criminal offense has occurred, the next step is to determine what law was
violated. Was it a city ordinance, a state statute, or a federal law? Local police
don't generally pursue a person for federal crimes, and the FBI doesn't generally
investigate and arrest for state offenses (although in some serious matters,
agencies at different levels come together to form task forces and work together to
65
[http://www.techrepublic.com/blog/it-security/what-makes-cybercrime-laws-so-difficult-toenforce/4997/] Last visited 10 May 2016
40
pursue criminals who commit offenses that are violations at both levels).
The next, and in the case of cybercrime the stickiest point, is to determine the
geographic jurisdiction. This is more difficult in cybercrime cases than in other
types of crime because often the perpetrator is not in the same city, state or even
country as the victim.66 Why is geographic jurisdiction such a big problem? There
are a couple of important reasons: Laws differ from state to state and nation to
nation. An act that's illegal in one locale may not be against the law in another.
This complicates things if the perpetrator is in a location where what he/she is
doing isn't even against the law - even though it's a clear-cut crime in the location
where the victim is. Law enforcement agencies are only authorized to enforce the
law within their jurisdictions. A police officer commissioned in California has no
authority to arrest someone in Florida, the FBI doesn't have the authority to arrest
someone in Spain and so forth. Extradition (the process by which a state or nation
surrenders a suspect to another) is difficult at best, and often impossible. Under
international law, a country has no obligation to turn over a criminal to the
requesting entity, although some countries have treaties whereby they agree to do
so. Even in those cases, it's usually an expensive and long, drawn-out process.
Thus jurisdictional issues frequently slow down or completely block the
enforcement of cybercrime laws. Extradition treaties often require "double
criminality," meaning the conduct must be a crime in both the jurisdiction seeking
to extradite and in the jurisdiction from which the extradition is sought.
5.3 Anonymity and identity
Before jurisdiction even comes into play, it's necessary to discover where - and
who - the criminal is before you can think about making an arrest. This is a
problem with online crime because there are so many ways to hide one's identity.
There are numerous services that will mask a user's IP address by routing traffic
through various servers, usually for a fee. This makes it difficult to track down the
criminal.
66
[http://www.techrepublic.com/blog/it-security/what-makes-cybercrime-laws-so-difficult-toenforce/4997/] Last visited 10 May 2016
41
In 2009, Eugene Kaspersky identified the relative anonymity of Internet users as a
key issue that enables cybercrime and proposed Internet "passports" for
individuals and accreditation for businesses to help combat the problem.67
Some studies have shown that people are more likely to engage in offensive
and/or illegal behavior online because of the perception of anonymity.
However, attempts to better track online identity raise serious issues for
privacy advocates and result in political backlash. And end to anonymity on the
Internet could have serious consequences in countries where the government
punishes dissenters, so even if the technological challenge of identifying every
online user could be overcome, many lawmakers would be hesitant to mandate it.
Cybercriminals exploit the rights and privileges of a free society, including
anonymity, to benefit themselves.68
5.4 Nature of the evidence
Yet another thing that makes cybercrime more difficult to investigate and
prosecute in comparison to most "real world" crimes, is the nature of the evidence.
The problem with digital evidence is that, after all, it is actually just a collection of
ones and zeros represented by magnetization, light pulses, radio signals or other
means. This type of information is fragile and can be easily lost or changed.
Protecting the integrity of evidence and maintaining a clear chain of custody is
always important in a criminal case, but the nature of the evidence in a cybercrime
case makes that job far more difficult. An investigator can contaminate the
evidence simply by examining it, and sophisticated cybercriminals may set up
their computers to automatically destroy the evidence when accessed by anyone
other than themselves.
In cases such as child pornography, it can be difficult to determine or prove
that a person downloaded the illegal material knowingly, since someone else can
67
[http://www.techrepublic.com/blog/it-security/what-makes-cybercrime-laws-so-difficult-toenforce/4997/] Last visited 10 May 2016
68
[http://www.techrepublic.com/blog/it-security/what-makes-cybercrime-laws-so-difficult-toenforce/4997/] Last visited 10 May 2016
42
hack into a system and store data on its drive without the user's knowledge or
permission if the system isn't adequately secured.
In cases of intrusion or cybervandalism, the bad guy often erases all logs that
show what happened, so that there is no evidence to prove that a crime even
occurred, much less where the attack came from.69
5.5 Criticisms of the Cyber Law of Bangladesh
The ICT Act has identified some critical situation, which is not clear to our
archaic legal provisions. The law does something regulate the social norm and
then control of information technology. Ever since the passing of the Information
and Communication Technology Act by parliament, a lot has been said both for
and against the Act. Although the newly enacted Cyber Law has some weakness,
something is better than nothing. The criticism of the Cyber Law of Bangladesh is
given below: Internet is a borderless medium; it spread to every corner of the
world where life is possible and hence is the cyber criminal. Then how come is it
possible to feel relaxed and secure once law is enforced in the nation?
The Act initially was supposed to apply to crimes committed all over the
world, but nobody knows how can this be achieved in practice, how to enforce it
all over the world at the same time? Can we track down the Emil Indian Hacker
who recently hacked our 17 district web portal?70
The Act empowers the Deputy Superintendent of Police to look up into the
investigations and filling of charge sheet when any case related to cyber law is
called. This approach is likely to result in misuse in the context of Corporate
Bangladesh as companies have public offices which would come within the ambit
―public place‖ under the Act. As a result, companies will not be able to escape
potential harassment at the hand of the Deputy Superintendent of Police. Cyber
Offences Investigation Police Officer must have relevant expertise: Under section
80 of the ICT Act, 2006 that a police officer not below the rank of an Inspector of
69
[http://www.techrepublic.com/blog/it-security/what-makes-cybercrime-laws-so-difficult-toenforce/4997/] Last visited 10 May 2016
70
The Prothom Alo (21 March 2010), p.24.
43
Police shall investigate any offences under this Act. This section should be
modified that Inspector of Police and above, must have appropriate ICT
knowledge (i.e. Diploma/Bachelor‘s degree in ICT related subject proper training
in this area).
The draconian power have been given to police officers that a police officer
not below the rank of an Inspector of Police (IP), or any other officer of the
Government authorized by the Government in this behalf for purpose of
investigating and preventing the commission of a cyber crime under section of the
ICT Act, 2006. The unrestricted power given by the ICT Act to the said IP
includes the power ‗to enter any public place and search and arrest without
warrant any person found therein who is reasonably suspected of having
committed or of committing or being about to commit any offences under this
Act‘.71 It is very much possible that the given power may be misused and abused
by the said police officers. This law has given more power to police officer in case
of arresting cyber criminals, albeit cyber crime detection is very difficult. So, this
is similar to section 54 of the Criminal Procedure Code in case of harassment to
public. Spamming is not an offence under the ICT Act, 2006 in Bangladesh. But
Spamming has become a peril in USA, UK and other developed nations and antispamming provision need to be included. Implementation of Global Cyber Law:
Implementation of the law is a big question mark for any nations‘ law enforcing
agency. The implementation of the global cyber law is a big challenge without any
law enforcing agencies. But countries can take the lead in implementation the law
within their national boundaries. Like the US, this has cyber squatting laws that
make cyber squatting is a punishable offence. But other countries are very
confused and Bangladesh is one of those countries. In fact, the ICT Act 2006 has a
provision wherein the law is not only applicable to Bangladeshi‘s netizens but also
to any contravention or any violation done by anybody anywhere in the world is
also liable to the penalties under section 84, which is very impractical unless cyber
law related global agreement is in existence. The provision in section 84 is not
71
The Information and Communication Technology Act, 2006, s. 79.
44
clearly defined as to how and what particular manner, this ICT Act shall apply to
any offence or contravention there-under committed outside of Bangladesh by any
person. The ICT Act does not provide extra-territorial jurisdiction or multiterritorial jurisdiction to law enforcement agencies, but such powers are basically
ineffective. This is because Bangladesh does not have reciprocity like EU
countries and extradition treaties with a large number of countries. ―Domain
Name‖ is the major issue, which related to Internet thoroughly. But the ICT Act,
2006 does not define ―domain Name‖ and the rights and liabilities. ―Domain
Name‖ owners do not find any mention in the ICT Act. There is no provision
about the Intellectual Property Rights of ―domain Name‖ owners. These need
proper attention.
Section 56 of the ICT Act, 2006, that the order of the Government appointing
any person as the Presiding officer of a Cyber Appellate Tribunal shall be final
and shall not be called in question in any manner and no Act or proceeding before
a Cyber Appellate Tribunal shall be called in question in any manner on the
ground merely of any defect in the constitution of a Cyber Appellate Tribunal.
The said provisions is a violative of the Fundamental rights of the citizens as are
enshrined in Chapter III of the Constitution of Bangladesh and the said provision
is not convenient and is likely to be struck down by the courts. The Government
cannot claim immunity in appointment to Cyber Appellate Tribunal, as the same
is contrary to the spirit of the Constitution of Bangladesh. So, under the
Constitution of Bangladesh, all proceeding and Act of the Cyber Appellate
Tribunal are null and void-ab-initio.
45
Chapter 6
CONCLUDING REMARKS
6.1 Recommendations
The following recommendations could be taken under consideration for the
betterment of the present conditions.
(l) The existing law does not sufficiently provide compensation to victims of
the cyber crime for injuries caused or loss suffered by them due to the offender's
cyber act. The payment of compensation may be made from the money recovered
by the State from the offender by way of fine.
(2) Cyber Crime reporting in Bangladesh continues to be faulty even to this
day. As a result of this, crimes are either Suppressed, minimized or not reported.
The reporting procedure, therefore, needs to be overhauled
(3) The government may develop a separate authority to monitor the abuse of
cyber.
(4) Cyber crime related cases could be adjudicated under the Druto Bicher
Tribunal.
(5) Regular training campaigning should be arranged for the skill development
of experts who are going to chase these cyber criminals.
(6) The modern western trend favors deletion of all such offences from the
Cyber Act which are solely dependent on morality.
(7) To keep the national security uninterrupted and avoid hacking, web servers
running public sites must be separately protected from internal corporate network
and web site owners should watch traffic and check any inconsistency on the site
by installing host-based intrusion detection devices on servers.
46
6.2 Conclusion
As we move forward into the 21st century, technological innovations have paved
the way for us to experience new and wonderful conveniences in the how we are
educated, the way we shop, how were entertained and the manner in which we do
business. Capacity of human minds is immeasurable. It is not possible to eliminate
cyber crime form the cyber space. It is quite possible to check them. History is the
witness that no legislation has succeeded in totally eliminating crime from the
globe. The only possible step is to make people aware of their rights and duties
and further making the application of the laws more stringent to check crime.
Undoubtedly the ICT Act is a historical step in the cyber world. Further it cannot
be denied that there is a need to bring changes in the Information Technology Act
to make it more effective to combat cyber crime law are not made so stringent that
it may retard the growth of the industry and prove to be counter-productive.
The Penal Code, 1860 was found insufficient to cater to the needs of new
crimes emerging from Internet expansion. Even some of the traditional crimes
such as conspiracy, solicitation, securities, fraud, espionage etc. are now being
committed through Internet which necessitates a new law to curb them. It was in
the background that the ICT Act, 2006 was enacted in Bangladesh for prevention
and control of cyber crimes. Prior to the enactment of this Act, the law applicable
to cyber offences was the Penal code, 1860 which was enacted long back in 1860
when no one even thought of computer technology or cyber criminality. With the
coming into force of ICT Act, 2006, it become necessary to introduce certain
consequential change in certain provisions of the Penal Code, 1860 as also in the
Evidence Act, 1872, in order to meet the new requirements of the cyber space
crimes.72
However, the conception of cyber crime is relating to the age of information
super highway of the contemporary world. Now-a-days crimes are spreading at an
alarming rate in the field of online communication system by the intellectual
criminals. Through the development of technology crimes have been developing
72
N. V.Paranjape, Criminology and Penology, 13th ed., (Allahabad: Central Law Publications,
2008-09) p.141.
47
in different ways and means. So laws should be developed in such a way that
crimes in the field of technological arena can be controlled in an iron hand. But no
such effective legal provisions exist at home and abroad. Though there are some
laws and convention, they cannot be implemented due to some technical
difficulties like procedural complexities and lack of proper executing system.
Taking these advantages, the criminals are occurring heinous crimes like Hacking,
Sending malicious mails, spreading vulgar pictures, cyber terrorism & and illegal
using of intellectual properties. It causes harm to the privacy of individuals as well
as creates threat to the international peace and solidarity. Now it is the demand of
time to prevent such type of crimes for keeping individual privacy as well as
international peace and security. Every country of the world can enact effective
legal provisions within the purview of their national boundary to protect cyber
crimes. United Nations can also take necessary steps to prevent cyber crimes from
the cyber space.73
73
Abdul Halim & N. E. Siddiki, The Legal System of Bangladesh after Separation, 1st ed.,
(Dhaka: University Publications, 2008) p.387.
48
REFERENCE
STATUTES
1. The Constitution of the People‘s Republic of Bangladesh.
2. The Computer Misuse Act (1990).
3. The Computer Fraud and Abuse Act, 1984.
4. The Information and Communication Technology Act (ICT), 2006.
5. The United Nations Commission on International Trade Law (UNCITRAL),
1996.
6. The Penal Code, 1860.
7. The Evidence Act, 1872.
8. The Bankers‘ Books Evidence Act, 1891.
9. The Criminal Procedure Code, 1898.
10. The Bangladesh Bank order, 1972.
11. The Lunatic Act, 1912.
12. The Convention on Cyber Crime, 2001.
JOURNAL
1. Katyal, N. K., Digital architecture as crime control. (Yale Law Journal, 2003)
BOOKS
1. Abdul Halim & N. E. Siddiki, The Legal System of Bangladesh after
Separation, 1st ed., (Dhaka: University Publications, 2008).
2. David wall, Cybercrime: The Transformation of Crime in the Information Age.
(Cambridge: Polity press, 2007)
3. N. V. Paranjape, Criminology and Penology, 13th ed., (Allahabad: Central Law
Publications, 2008-09).
4. Prashant Mali, Text book of cyber crime and penalties.
5. Robert Moore, Cybercrime investigating high-technology computer crime. 2nd
ed. (New York: Routledge, 2015)
49
6. R. K. Chaubey, An Introduction to Cyber Crime and Cyber Laws, 1sted.,
(Kolkata: Kamal Law House, 2009).
7. Zulfiquar Ahmed, A Text Book on Cyber Law in Bangladesh, 1st ed., (Dhaka:
National Law Book Company, 2009).
NEWSPAPER
1. The Prothom Alo.
ELECTRONIC DATA
1. [http://www.crime-research.org/analytics/702/.]
2. [http://www.techrepublic.com/blog/it-security/what-makes-cybercrime-laws-sodifficult-to-enforce/4997/]
3. [http://www.techterms.com/definition/cybercrime.]
4.[http://www.associatedcontent.com/article/44605/cybercrime_a_revolution_in_t
errorism.html?cat=37.]
5. [http://www.networkworld.com/newsletters/sec/2002/01467137.html.]
6. [http://www.cknow.com/cms/vtutor/logic-bombs.html.]
7.[http://teletechblog.blogspot.com/2013/05/cyber-crime-cyber-security-and.html]
8.[https://www.justice.gov/criminal-fraud/identity-theft/identity-theft-andidentity-fraud]
9.[http://www.windowsecurity.com/articles-tutorials/content_security/EmailSpoofing.html]
10.[http://law.jrank.org/pages/11992/Cyber-Crime-Intellectual-propertytheft.html]
50