UNIT-5

Cybercrime and Cyber terrorism: Introduction

Cyber attacks can come in the form of viruses, malware, email phishing,
social media fraud - the spectrum of cyber threats is limitless. We are
more interconnected than ever before, but for all of the advantages, that
connectivity leaves us vulnerable to the risks of fraud, theft, abuse, and
attack. Cybercrime can have wide-ranging impacts, at the individual,
local, state, and national levels.

Organized cybercrime, state-sponsored hackers, and cyber espionage can

pose national security risks to our country and our critical infrastructure.

Transportation, power, and other services may be disrupted by large scale

cyber incidents. The extent of the disruption is highly uncertain as it will
be determined by many unknown factors such as the target and size of
the incident.

Vulnerability to data breach and loss increases if an organization's

network is compromised. Information about a company, its employees,
and its customers can be at risk.

Individually-owned devices such as computers, tablets, mobile phones,

and gaming systems that connect to the Internet are vulnerable to
intrusion. Personal information may be at risk without proper security.

What is cyber crime and cyber terrorism?

cyber terrorism is defined by follow: “previously planned, politically motivated attack.
against information, computer systems, computer programs and data that result with.
violence against targets that are not military (civilian) by the sub - national groups or
secret.

What is the impact of cyber terrorism?

An effect, most commonly violence, service disruptions, physical damages,
psychosocial impacts, economic damages, or data breaches. A target, most
commonly civilians, information and communication technology (ICT), data
sources, government agencies, nongovernment organizations, or physical
infrastructure.
 Cybercrime and Cyber Terrorism
As we become more connected and reliant on technology, we become more
vulnerable to cyber attacks.

Cyberattacks can come in the form of viruses, malware, email phishing, social media fraud
- the spectrum of cyber threats is limitless. We are more interconnected than ever before,
but for all of the advantages, that connectivity leaves us vulnerable to the risks of fraud,
theft, abuse, and attack. Cybercrime can have wide- ranging impacts, at the individual,
local, state, and national levels.
 Organized cybercrime, state-sponsored hackers, and cyber espionage can pose
national security risks to our country and our critical infrastructure.
 Transportation, power, and other services may be disrupted by large scale
cyber incidents. The extent of the disruption is highly uncertain as it will be
determined by many unknown factors such as the target and size of the incident.
 Vulnerability to data breach and loss increases if an organization's network
is compromised. Information about a company, its employees, and its customers
can be at risk.
 Individually-owned devices such as computers, tablets, mobile phones, and
gaming systems that connect to the Internet are vulnerable to intrusion. Personal
information may be at risk without proper security.

Take Action Before Cybercrime and Cyber Terrorism

We can increase your chances of avoiding cyber risks by setting up the proper
controls and sharing information with your friends and family when known risks
exist.
Lock or log-off your computer when you are away from it. This prevents another person
from waiting for you to leave and then sitting down at your computer and accessing all of
your information.
Look for signals that you are using a secure webpage. A secure site encrypts or scrambles
personal information so it cannot be easily intercepted. Signals include a screen notice that
says you are on a secure site, a closed lock or unbroken key in the bottom corner of your
screen, or the first letters of the Internet address you are viewing changes from "http" to
"https."
Look for a privacy policy statement or seal that indicates the site abides by privacy
standards. Take time to read how your privacy is protected.
Take Action on Your Computer and Handheld Devices
 Stay protected while connected. Only connect to the Internet over secure,
password-protected networks. Avoid free internet with no encryption. If you do use
an unsecure public access point, avoid sensitive activities that require passwords or
credit cards.
 If you are unsure of who an email is from, do not respond and do not
 click on any links or attachments.
 Do not respond to online requests for Personally Identifiable Information (PII);
most organizations – banks, universities, companies, etc. – do not ask for your
personal information over the Internet. PII includes, but is not limited to, your full
name, social security number, address, date of birth, place of birth, driver's license
number, vehicle registration plate number, credit card numbers, and physical
appearance.
 Limit who you are sharing information with by reviewing the privacy
settings on your social media accounts. Disable geotagging, which allows anyone
to see where you are – and where you are not.
 Password-protect all devices that connect to the Internet and user
accounts. Create a strong password that contains multiple characters, numbers,
capitalized letters, and symbols.
 Do not use the same password twice. Choose a password that means
something to you and you only and change your passwords on a regular basis.
 Enable multi-factor authentication to ensure that the only person with access to
your accounts is you.
 Apps can be a source for identity theft and malicious activity. Only download
apps from trusted sources. Check your app permissions and only allow what is
necessary. Delete apps that you no longer use or need.
 If you see something suspicious, report it to the proper authorities.
Be Safe During Cybercrime or Cyber Terrorism
If you know that you are the victim of a cyber-attack, or if you know that an
attack has occurred, you should take actions to ensure that your personal data is
protected. Check to make sure the software on all of your systems is up-to-date. Run a
scan to make sure your system is not infected or acting suspiciously. If you find
aproblem, disconnect your device from the Internet and perform a full system restore.
Be Safe At Home
 Disconnect your device (computer, gaming system, tablet, etc.) from the
Internet. By removing the Internet connection, you prevent an attacker or virus from
being able to access your computer and perform tasks such as locating personal data,
manipulating or deleting files, or using your device to attack others.
 If you have anti-virus software installed on your computer, update the virus
definitions (if possible), and perform a manual scan of your entire system. Install all
of the appropriate patches to fix known vulnerabilities.
Be Safe At Work
 If you have access to an information technology department, contact them
immediately. The sooner they can investigate and clean your computer, the less
damage to your computer and other computers on the network.
 If you believe you might have revealed sensitive information about your
organization, report it to the appropriate people within the organization, including
network administrators. They can be alert for any suspicious or unusual activity.
Be Safe if Your PII is Compromised
  Immediately change all passwords, beginning with your financial
passwords. If you used the same password for multiple resources, make sure to
change it for each account, and do not use that password in the future.
 If you believe the compromise was caused by malicious code, disconnect
your computer from the Internet.
 Restart your computer in safe mode and perform a full system restore.
 Contact companies, including banks, where you have accounts as well
as credit reporting companies.
 Close any accounts that may have been compromised. Watch for any
unexplainable or unauthorized charges to your accounts.
Take Action After Cybercrime or Cyber Terrorism
After a cyber-attack that personally impacts your information or your organization's
information, you should take actions to ensure that your data is protected and that
appropriate reports are made to local law enforcement. You can also report online crime or
fraud to your local Cyber crime department or the Internet Crime Complaint Center. Report
identity theft to the Federal Trade Commission. Report phishing scams to the National
Cybersecurity Communications and Integration Center.
If your Personally Identifiable Information (for example your social security number)
was compromised, consider other information that may be at risk. Depending on what
information was stolen, you may need to contact other agencies; for example, if someone
has gained access to your Social Security number, contact the Social Security
Administration. You should also contact the Division of Motor Vehicles if your driver's
license or car registration has been stolen.

Intellectual property in the cyberspace:

In common use, property is simply ‘one’s own thing’ and refers to the relationship
between individuals and the objects which they see as being their own to
dispensewith as they see fit. Scholars in the social sciences frequently conceive of
property asa ‘bundle of rights and obligations’. They stress that property is not a
relationship between people and things, but a

relationship between people with regard to things. Property is often conceptualized

as the rights of ‘ownership’ as defined in law. Private property is that which
belongs to an individual; public property is that which belongs to a community
collectively or a State. Property is usually thought of in terms of a bundle of rights
as defined and protected by the sovereign.

Traditionally, that bundle of rights includes: z control use of the property z benefit
from the property (e. g.: mining rights and rent) z transfer or selling of the property
z exclude others from the property Intellectual Property Protection in Cyberspace
.
The term intellectual property reflects the idea that this subject matter is the product
of the mind or the intellect, and that intellectual property rights may be protected at
law in the same way as any other form of property. Intellectual property laws are
territorial such that the registration or enforcement of IP rights must be pursued
separately in each jurisdiction of interest.

However, these laws are becoming increasingly harmonised through the effects of
international treaties such as the Berne Convention, Paris Convention and WTO
Agreement on TradeRelated Aspects of Intellectual Property Rights. Intellectual
property laws confer a bundle of exclusive rights in relation to the particular form
or manner in which ideas or information are expressed or manifested, and not in
relation to the ideas or conceptsthemselves.

The term “intellectual property” denotes the specific legal rights which authors,
inventors and other IP holders may hold and exercise, and not the intellectual
work itself. Intellectual property laws are designed to protect different forms of
intangible subject matter, although in some cases there is a degree of overlap. Like
other forms of property, intellectual property (or rather the exclusive rights which
subsist in the IP) can be transferred or licensed to third parties. There are various
kinds of tools of protection that come under the umbrella term ‘intellectual
property’. Important among these are the following: z Patents z Trademarks z
Geographical Indications z Layout Designs of Integrated Circuits z Trade Secrets z
Copyrights z Industrial Designs Out of this tool kitty mainly it is copyright and
trademark which are of relevance when we discuss intellectual property protection
in cyberspace. Before proceeding to discuss the exact application of IP laws and
their implication in cyberspace, it becomes imperative to know in some greater
detail about them.

After reading this unit, you should be able to: z explain the term intellectual
property; z describe the basic concept of copyright and the rights included in the
term copyright; z explain infringement of copyright and what are the remedies; z
explain the concept of trademark the rights of trademark and remedies for their
search; and z describe the challenges faced by IPR in cyberspace.
Intellectual Property in Cyberspace. Basic Concept Copyright is a right given by
law to the creators of literary, dramatic, musical and artistic works and producers of
cinematograph films and sound recordings to do or authorize the doing of certain
acts with regard to their creations. It is a kind of protection against unauthorized
use or misuse of a work, but for a
limited duration.

Generally the rights include the rights of authorship, reproduction, distribution,

communication to the public, broadcasting, adaptation and translation. The exact
nomenclature and scope of the rights may vary from country to country and from a
class of work to another class of work. However, international treaties such as the
Berne Convention for the protection of Literary and Artistic Works and the
Agreement on Trade Related Aspects of Intellectual Property Rights have brought in
some kind of harmonization in these rights. In India, copyright is governed by the
Copyright Act, 1957, the Copyright Rules, 1958 and the International Copyright
Order, 1999. The Copyright Act provides the basic law so far as copyrights are
concerned, the Copyright Rules contain the rules and regulations as well as various
procedures and the International Copyright Order extends copyright protection to
works of nationals of specified foreign countries.

The Copyright Act classifies the works in which copyright subsists in India
in to the following three classes:

(a) literary, dramatic, musical and artistic works

(b) cinematograph films, and

(c) sound recordings.

The scope of ‘literary work’ includes any “work which is expressed in print or
writing, irrespective of the question whether the quality or style is high”. It also
includes computer programs and computer databases. Dramatic work includes any
piece for recitation, choreographic work or entertainment in dumb show, the scenic
arrangement or acting, form of which is fixed in writing or otherwise but does not
include a cinematograph film. Musical work means a work consisting of music and
includes any graphical notation of such work but does not include any words or any
action intended to be sung, spoken or performed with the music. Artistic work means
a painting, a sculpture, a drawing (including a diagram, map, chart or plan), an
engraving or a photograph, whether or not any such workpossesses artistic quality; a
work of architecture; and any other work of artistic craftsmanship.

The Copyright Act defines cinematograph film as “any work of visual recording
on any medium produced through a process from which a moving image may be
produced by any means and, includes a sound recording accompanying such visual
recording”. Sound recording (phonogram) is a recording of sounds from which
sounds can be produced regardless of the medium on which such recording is
made or the method by which the sounds are produced. Please answer the
following Self Assessment Question. Self Assessment Question 1 Spend 2 Min.
Copyright is governed by Act.
Intellectual Property Protection in Cyberspace 8 8.3.2 Rights Included in the term
‘Copyright’ Copyright is a bundle of rights and this bundle can be broadly
classified into two categories, viz. economic rights and moral rights. Economic
rights are so called because “they imply as a rule that within the limitations set by
the copyright law the owner of the copyright may make all public use of the work
conditional on payment of remuneration”.
These rights enable the copyright owner to reap economic returns for his work.
The major economic rights available in the Indian copyright Act are the following:
(a) Right of Reproduction
(b) Right to Issue Copies of a Work
(c) Rights of Public Performance
(d) Right of Communication to the Public
(e) Adaptation Right
(f) Translation Right Right of reproduction is the most fundamental of all
economic rights. The right envisages that copyright owner has the exclusive right
to authorize the making of one or more copies of a work or of a substantial part of
it in any material form, including sound and visual recording. The most common
kind of reproduction is printing an edition of a book. Storing of a work in any
medium by electronic means is also reproduction. The Copyright Act gives the right
of reproduction in all classes of works. Moral Rights are generally provided with a
view to assert the authorship on a work and also to uphold the right of integrity. The
Indian Copyright Act provides this as special rights of authors to claim authorship
of the work and to restrain or claim damages in respect of any distortion,
mutilation, modification or other act in relation to the said work which is done
before the expiration of the term of copyright if such distortion, mutilation,
modification or otheract would be prejudicial to his honour or reputation. Moral
rights are independent of the economic rights and remain with the author even after
he has transferred his economic rights. In the era of digital technologies, moral
rights, particularly right of integrity, are very necessary to safeguard against misuse
and distortion of an author’s work.
Copyright, being a property right, can be transferred or assigned to another person.
It can also be inherited during the time it exists. Without transferring or assigning, a
copyright owner can license specified uses by others. 8.3.3 Infringement of
Copyright and Remedies Thereof Any copying or duplication, adaptation,
translation, public performance, communication to the public or broadcast done
without the authorization of the copyright owner, or even where any work has been
licensed or assigned, any violation of the conditions of the licence or assignment
 constitutes copyright infringement. Any import of infringing copies also constitutes
copyright infringement. Even such copies made outside India cannot be imported
into India without infringing copyright where such copies, if made in India, would
infringe copyright, even if it may not be an infringement in the country of origin.
Since copyright is a proprietary right, the owner has to administer his own
rights. The Copyright Act provides for collective Intellectual Property in
Cyberspace 9 administration of rights through registered copyright societies.
These societies have to be formed voluntarily by the copyright owners. Only the
owner of copyright or the society who have the rights can institute civil and
criminal proceedings against infringement of his works. Civil remedies include
injunction, and damages.
Copyright infringement is also a cognizable offence. Copyright infringement is
punishable with imprisonment for a term ranging from six months to three years
and with a fine ranging from Rs. 50,000 to Rs. Two lakh. District Courts have
been given jurisdiction to try the suits relating to copyright violation within the
vicinity of which the owner of the copyright resides or carries on business. 8.3.4
Limitations/Exceptions to Copyright The rights granted by copyright are
exclusive in nature. This exclusivity is sometimes criticized as monopoly in favour
of the right owners.
Therefore, in order to balance these opposing private and public interests the
legislature provides the remedy in the form of drawing limitations/exceptions to
copyright. This is achieved by two means; firstly, limiting the duration in which a
work enjoys copyright protection, and secondly, allowing
certain uses without specific authorization by the owner of copyrights, known as fair use
provisions in copyright parlance. Copyright is an intellectual property right and like all other
intellectual property rights it is for a limited duration.
This limitation emanates from the basic concept of intellectual property right that
while creators of intellectual property have the right to control the reproduction
and other uses of their works, they being essential elements in the scientific and
cultural progress of humanity, the society has the right to access and share the
same so that social and cultural life of humanity gets enriched.
While the Berne Convention provides for a minimum period of protection which is
life term of the author plus 50 years thereafter, national governments are free to
provide a longer term of protection. In India, original literary, dramatic, musical and
artistic works enjoy copyright protection for the lifetime of the author plus 60 years
if they are published within the lifetime of the author.
Many types of exploitation of a copyrighted work which are for social purposes
such as education, religious ceremonies, and so on are exempted from the operation
of the rights granted in the Act. For example, playing music at religious
ceremonies, including marriage processions and marriage festivities, official
functions of central and state governments and local bodies will not be affected
bycopyright.
This is done in keeping with the social and cultural traditions of the country. 8.3.5
Registration of Copyright The Copyright Act provides for registration of works.
However, the registration under the Act is voluntary and not obligatory. Registration
does not itself confer copyright but the particulars entered in the Register of Copyright
maintained inthe Copyright Office constitute prima facie evidence of ownership of
copyright in copyright cases. As per the provisions of the Act, copyright subsists in any
work as soon as it is created, without any formality like registration being observed.
8.3.6 International Nature ofCopyright Protection Copyrights are national in nature.
This means that your rights are recognised by your national laws and extend to
the territorial limits of your country. However, international treaties like the
Berne Convention for the Protection of Literary and Artistic Works Intellectual
Property Protection in Cyberspace 10 (1886) the Universal Copyright
Convention (1952) and the Agreement on Trade Related Aspects of Intellectual
Property Rights (1994) ensure protection of copyrights of nationals of a member
country in all other member countries. Through the principle of ‘National
Treatment’ it is ensured that foreigners if they are nationals of a membercountry,
are given the same rights enjoyed by the nationals, except in the matter of term of
protection.
India is part of the international copyright regime through its membership of Berne
Convention for the Protection of Literary and Artistic Works, Convention
Establishing the

World Intellectual Property Organization (WIPO), Universal Copyright

Convention, Convention for the Protection of Producers of Phonograms Against
Unauthorized Duplication of Their Phonograms, Multilateral Convention for the
Avoidance of Double Taxation of Copyright Royalties and Additional Protocol, and
the Agreement on Trade Related Aspects of Intellectual Property Rights (TRIPS)

The ethical dimension of cybercrimes the psychology:

We saw that the ‘good life’ is what ethical action seeks to protect and promote.
We’ll say more later about the ‘good life’ and why we are ethically obligated to
care about the lives of others beyond ourselves. But for now, we can define an
ethical issue as ‘important’ or ‘significant’ when its associated harms or benefits
have a substantial possibility of making a difference to certain individuals’ chances
of having a good life, or the chances of a group to live well: that is, to
flourish in society together. Some harms and benefits are not ethically significant.

Say I prefer Coke to Pepsi. If I ask for a Coke and you hand me a Pepsi, even if I am
disappointed, you haven’t impacted my life in any ethically significant way. Some
harms and benefits are too trivial to make a meaningful difference to how our life
goes. Also, ethics implies human choice; a harm that is done to me by a wild tiger or
a bolt of lightning might be very significant, but won’t be ethically significant, for
it’s unreasonable to expect a tiger or a bolt of lightning to take my life or welfare
into account.3 In many technical contexts, such as the engineering, manufacture, and
use of aeronautics, nuclear power containment structures, surgical devices,
buildings, and bridges, it is very easy to see the ethically significant harms that can
come from poor technical choices, and very easy to see the ethically significant
benefits of choosing to follow the best technical practices known to us.

All of these contexts present obvious issues of ‘life or death’ in practice; innocent
people will die if we disregard public welfare and act negligently or irresponsibly,
and people will generally enjoy better lives if we do things right. Because ‘doing
things right’ in these contexts preserves or even enhances the opportunities that
other people have to enjoy a good life, good technical practice in such contexts is
also ethical practice. A civil engineer who willfully or recklessly ignores a bridge
design specification, resulting in the later collapse of said bridge and the deaths of a
dozen people, is not just bad at his or her job. Such an engineer is also guilty of an
ethical failure—and this would be true even if they just so happened to be shielded
from legal, professional, or community punishment for the collapse.

In the context of cybersecurity practice, the potential harms and benefits are no less
real or ethically significant, up to and including matters of life and death. But due to
the fact that cybersecurity efforts are often carried out ‘behind the scenes,’ largely
hidden away from customers, clients, and other users, the ethical nature of
cybersecurity practice can be harder to recognize. This part of the module seeks to
make these issues more visible.

Mindset and skills of hackers and other cybercriminals:

Alok (name changed on request) is in his early teens, not the age when he should be
making thousands of dollars. Alok is a hacker who lives on the dangerous by-
lanes of the internet— the dark web. Accessible only through browsers designed to
promote anonymity and confuse law enforcement, the dark web is where the
nefarious elements of the internet hang out. The baby- faced Alok has been
working with a hacker collective on the dark web for nearly three years now. In
those three years, he has been party to several instances of theft and trading,
particularly of credit card information, on the dark web and its marketplaces. He
was never a leader, but one of the foot soldiers, yet he managed to earn bitcoins that
are now worth thousands of dollars. Alok hides his wealth from his parents.
These days, Alok is in the throes of a moral crisis. It may have paid him well, but he
is not sure if he wants to continue being what those in the security business calls a
black hat hacker—someone who uses his skills for negative, often illegal ends. As
he grows up, Alok is going through the realization of his own power and of the ways
in which he can use it.
Meet the hackerIf the mental picture that lights up in your mind when you hear of
Alok the hacker is of a young, bespectacled guy sitting in a dark room, with his face
lit up by the bluish glow of his computer monitor, you are not too far away from
reality. That’s where the journey of most hackers start—staying up in the middle of
the night, trying different things, finding and learning new waysto manipulate
code and find vulnerabilities.

Like Alok, somewhere along the way, they see a fork on the road, one that could take
them towards using their power to make code dance to their tunes for the good, the
other that takes them to the direction where they could wreak havoc. It’s 2017 and
coding is power and exceptional coders have an inordinate amount of power. Efforts
to target cyber installations of ISIS is just one such example.

For most people, the hacker is a mysterious being. There is so little that the person on
the street knows about these digital lock-pickers and much of the little they do know
has been influenced by how the hacker is portrayed in popular culture.

The term hacker itself has become more complicated over the years. Its usage—
alternating between black hat and white hat (the good guys)—means that the meaning
oscillates between something of an outlaw in the Wild West of the internet while at the
same time conjuring up images of the sheriff of the town as well.

The Hacker mind Why do hackers, well, hack? It often starts with a need for thrills, for
validation. It is not always the money on offer that attracts them to turn rogue; it is a
need for the adrenalin rush that comes from breaking impenetrable defences and
proving themselves to other hackers. According to several coders I have met, that
moment of triumph of knowing of their own power, is something of a crucial rite of
passage.

Alok, the young hacker, remembers his first hack, finding a vulnerability in how a
startup in Bangalore stored user data and getting a T-shirt as swag from the company
after he reached out to them and warned them about it. The sense of idealism and an
overwhelming

belief in the power of technology to set right the ills of the society is real and drives
many young coders. Hackers tend to havean acute, heightened sense of what is right
and what is wrong, and much of their behaviour is based ..
That is what, in particular, leads to the formation of hacktivist collectives like
Anonymous which tries to correct what theyclaim are social or injusticesHackers will
exert huge influence over our lives as we move towards an even more connected
world. Civil society and governments need to invest in understanding them and trying
to channelise their power in making the world a better place.