A Seminar Report
Submitted to the
Rajasthan Technical University, Kota
in Partial fulfillment of the requirement for the degree of BACHELOR OF TECHNOLOGY
Submitted by
Bhushan Sawala
Department of Information Technology
Vedant College of Engineering and Technology Affiliated to Rajasthan Technical University, Kota 8th Sem B.Tech. Session 2011-12
April-2012
�Vedant College of Engineering and Technology, Bundi Affiliated to Rajasthan Technical University, Kota Village- Tulsi P.O-Jhakmund Distt.-Bundi (Raj) Ph.07472141611
Session 2012-2013
CERTIFICATE
CERTIFICATE
This is to certified that the Seminar Report entitled CYBER CRIME has been submitted to the Rajasthan Technical University, Kota fulfillment of the requirement for the award of the degree of Bachelor of Technology in Information Technology By following student of final year B.Tech. (Information Technology).
Student Name:- BHUSHAN SAWALA (Roll no.) :- 08EVNIT013
Guide:
Govind Dev Lodha (Lec. CS & IT) Ram Kumar Batham ( HOD, Information Technology)
�ACKNOWLEDGEMENT
As a part of curriculum of Rajasthan Technical University every Engineering student should undergo A Seminar Report in final year of Engineering. For fulfillment this purpose I have taken my report in a Cyber Crime topic. Basic objects of this report is to known practically how work is performed in internet media. theoretical knowledge is not sufficient for understanding things in a better way. One cannot have complete knowledge without practical experience.
Place:-Kota
BHUSHAN SAWALA
Date:-10/04/2012
(08EVNIT013)
�ABSTRACT
Cybercrime is becoming ever more serious. Findings from the 2002 Computer Crime and Security Survey show an upward trend that demonstrates a need for a timely review of existing approaches to fighting this new phenomenon in the information age. In this paper, we define different types of cybercrime and review previous research and current status of fighting cybercrime in different countries that rely on legal, organizational, and technological approaches. We focus on a case study of fighting cybercrime in India and discuss problems faced. Finally, we propose several recommendations to advance the work of fighting cybercrime. Cybercrime falls into three categories: (1) a computer is the target of criminal activity; (2) the computer is the tool used or is integral to the commission of the crime; and (3) the computer is only an incidental aspect of the crime. Cybercrime is a relatively new phenomenon. Services such as telecommunications, banking and finance, transportation, electrical energy, water supply, emergency services, and government operations rely completely on computers for control, management, and interaction among themselves. Cybercrime would be impossible without the Internet. Most American businesses maintain WWW sites and over half of them conduct electronic commerce on the Internet. The rise in popularity of the Internet for both private persons and businesses has resulted in a corresponding rise in the number of Internetrelated crimes.
�1. Cybercrime an Introduction
The first recorded cyber crime took place in the year 1820! That is not surprising considering the fact that the abacus, which is thought to be the earliest form of a computer, has been around since 3500 B.C. in India, Japan and China. The era of modern computers, however, began with the analytical engine of Charles Babbage. In 1820, Joseph-Marie Jacquard, a textile manufacturer in France, produced the loom. This device allowed the repetition of a series of steps in the weaving of special fabrics. This resulted in a fear amongst Jacquard's employees that their traditional employment and livelihood were being threatened. They committed acts of sabotage to discourage Jacquard from further use of the new technology. This is the first recorded cyber crime! Cybercrime is criminal activity done using computers and the Internet. This includes anything from downloading illegal music files to stealing millions of dollars from online bank accounts. Cybercrime also includes non-monetary offenses, such as creating and distributing viruses on other computers or posting confidential business information on the Internet.
�2. Cybercrime Crimes
Perhaps the most prominent form of cybercrime is identity theft, in which criminals use the Internet to steal personal information from other users. Two of the most common ways this is done is through phishing and pharming. Both of these methods lure users to fake websites (that appear to be legitimate), where they are asked to enter personal information. This includes login information, such as usernames and passwords, phone numbers, addresses, credit card numbers, bank account numbers, and other information criminals can use to "steal" another person's identity. For this reason, it is smart to always check the URL or Web address of a site to make sure it is legitimate before entering your personal information. Because cybercrime covers such a broad scope of criminal activity, the examples above are only a few of the thousands of crimes that are considered cybercrimes. While computers and the Internet have made our lives easier in many ways, it is unfortunate that people also use these technologies to take advantage of others. Therefore, it is smart to protect yourself by using antivirus and spyware blocking software and being careful where you enter your personal information.
�3 .Cyber Security:
Cyber security standards have been created recently because sensitive information is now frequently stored on computers that are attached to the internet. Also many tasks that were once done by hand are carried out by computer; therefore there is a need for Information Assurance and security. Cyber security is important to individuals because they need to guard against identity theft. Businesses also have a need for this security because they need to protect their trade secrets, proprietary information, and customers personal information. The government also has the need to secure their information. This is particularly critical since some terrorism acts are organ ized and facilitated by using the internet. One of the most widely used security standards today is ISO/IEC 27002 which started in 1995. This standard consists of two basic parts. BS 7799 part 1 and BS 7799 part 2 both of which were created by (British Standards Institute) BSI. Recently this standard has become ISO 27001. The National Institute of Standards and Technology (NIST) have released several special papers addressing cyber security. Three of these special papers are very
�relevant to cyber security: the 800-12 titled Computer Security Handbook; 800-14 titled Accepted
4. Cybercrime Acts
The Commonwealth Cybercrime Bill 2001 was approved by the Parliament with minor amendments on 27 September 2001. The legislation was an overbroad knee-jerk reaction to then recent well-publicised virus attacks, and has the potential to criminalise innocent behavior such as possession of security software. It also introduced an alarming law enforcement provision requiring release of encryption keys or decryption of data, contrary to the common law privilege against self-incrimination. The Cth Bill implemented section 4.2 of the Model Criminal Code (MCC) and all Australian State and Territory Governments were understood to be intending to implement the computer related offences of the Australian Model Criminal Code.
Reasons for Cybercrime:
Hart in his work The Concept of Law has said human beings are vulnerable so rule of law is required to protect them. Applying this to the cyberspace we may say that computers are vulnerable so rule of law is required to protect and safeguard them against cyber crime. The reasons for the vulnerability of computers may be said to be:
1. Capacity to store data in comparatively small space:
The computer has unique characteristic of storing data in a very small space. This affords to remove or derive information either through physical or virtual medium makes it much easier.
2. Easy to access:
The problem encountered in guarding a computer system from unauthorized access is that there is every possibility of breach not due to human error but due to the complex
�technology. By secretly implanted logic bomb, key loggers that can steal access codes, advanced voice recorders; retina imagers etc. that can fool biometric systems and bypass firewalls can be utilized to get past many a security system.
3. Complex:
The computers work on operating systems and these operating systems in turn are composed of millions of codes. Human mind is fallible and it is not possible that there might not be a lapse at any stage. The cyber criminals take advantage of these lacunas and penetrate into the computer system.
4. Negligence:
Negligence is very closely connected with human conduct. It is therefore very probable that while protecting the computer system there might be any negligence, which in turn provides a cyber criminal to gain access and control over the computer system.
5. Loss of evidence:
Loss of evidence is a very common & obvious problem as all the data are routinely destroyed. Further collection of data outside the territorial extent also paralyses this system of crime investigation.
5. Cyber Criminals
The cyber criminals constitute of various groups/ category. This division may be justified on the basis of the object that they have in their mind. The following are the category of cyber criminals-
1. Children and adolescents between the age group of 6 18 years:
The simple reason for this type of delinquent behavior pattern in children is seen mostly due to the inquisitiveness to know and explore the things. Other cognate reason may be to prove them to be outstanding amongst other children in their group. Further the reasons may be
�psychological even. E.g. the Bal Bharati (Delhi) case was the outcome of harassment of the delinquent by his friends.
2. Organized hackers:
These kinds of hackers are mostly organized together to fulfill certain objective. The reason may be to fulfill their political bias, fundamentalism, etc. The Pakistanis are said to be one of the best quality hackers in the world. They mainly target the Indian government sites with the purpose to fulfill their political objectives. Further the NASA as well as the Microsoft sites is always under attack by the hackers.
3. Professional hackers / crackers:
Their work is motivated by the color of money. These kinds of hackers are mostly employed to hack the site of the rivals and get credible, reliable and valuable information. Further they are ven employed to crack the system of the employer basically as a measure to make it safer by detecting the loopholes.
4. Discontented employee
This group includes those people who have been either sacked by their employer or are dissatisfied with their employer. To avenge they normally hack the system of their employee.
6. Mode and Manner of Committing Cybercrime
1. Unauthorized access to computer systems or networks / Hacking:
This kind of offence is normally referred as hacking in the generic sense. However the framers of the information technology act 2000 have no where used this term so to avoid any confusion we would not interchangeably use the word hacking for unauthorized access as the latter has wide connotation.
�2. Theft of information contained in electronic form:
This includes information stored in computer hard disks, removable storage media etc. Theft may be either by appropriating the data physically or by tampering them through the virtual medium.
3. Email bombing:
This kind of activity refers to sending large numbers of mail to the victim, which may be an individual or a company or even mail servers there by ultimately resulting into crashing.
4. Data diddling:
This kind of an attack involves altering raw data just before a computer processes it and then changing it back after the processing is completed. The electricity board faced similar problem of data diddling while the department was being computerized .
5. Salami attacks:
This kind of crime is normally prevalent in the financial institutions or for the purpose of committing financial crimes. An important feature of this type of offence is that the alteration is so small that it would normally go unnoticed. E.g. The Ziegler case wherein a logic bomb was introduced in the banks system, which deducted 10 cents from every account and deposited it in a particular account.
6. Denial of Service attack:
The computer of the victim is flooded with more requests than it can handle which cause it to crash. Distributed Denial of Service (DDoS) attack is also a type of denial of service attack, in which the offenders are wide in number and widespread. E.g. Amazon, Yahoo.
7. Virus / worm attacks:
Viruses are programs that attach themselves to a computer or a file and then circulate themselves to other files and to other computers on a network. They usually affect the data on a computer, either by altering or deleting it. Worms, unlike viruses do not need the host to
�attach themselves to. They merely make functional copies of themselves and do this repeatedly till they eat up all the available space on a computer's memory. E.g. love bug virus, which affected at least 5 % of the computers of the globe. The losses were accounted to be $ 10 million. The world's most famous worm was the Internet worm let loose on the Internet by Robert Morris sometime in 1988.Almost brought development of Internet to a complete halt.
8. Logic bombs:
These are event dependent programs. This implies that these programs are created to do something only when a certain event (known as a trigger event) occurs. E.g. even some viruses may be termed logic bombs because they lie dormant all through the year and become active only on a particular date (like theChernobyl virus).
9. Trojan attacks:
This term has its origin in the word Trojan horse. In software field this means an unauthorized programme, which passively gains control over anothers system by representing itself as an authorized programme. The most common form of installing a Trojan is through email. E.g. a Trojan was installed in the computer of a lady film director in the U.S. while chatting. The cyber criminal through the web cam installed in the computer obtained her nude photographs. He further harassed this lady.
10. Internet time thefts:
Normally in these kinds of thefts the Internet surfing hours of the victim are used up by another person. This is done by gaining access to the login ID and the password. E.g. Colonel Bajwas case- the Internet hours were used up by any other person. This was perhaps one of the first reported cases related to cyber crime in India. However this case made the police infamous as to their lack of understanding of the nature of cyber crime .
11. Web jacking:
This term is derived from the term hi jacking. In these kinds of offences the hacker gains access and control over the web site of another. He may even mutilate or change the
�information on the site. This may be done for fulfilling political objectives or for money. E.g. recently the site of MIT (Ministry of Information Technology) was hacked by the Pakistani hackers and some obscene matter was placed therein. Further the site of Bombay crime branch was also web jacked. Another case of web jacking is that of the gold fish case. In this case the site was hacked and the information pertaining to gold fish was changed.
7. Classification
The subject of cyber crime may be broadly classified under the following three groups. They are-
1. Against Individuals:
a. their person & b. their property of an individual
2. Against Organization:
a. Government c. Firm, Company, Group of Individuals.
3. Against Society at large:
The following are the crimes, which can be committed against the followings group .
Against Individuals:
i. Harassment via e-mails.
�ii. Cyber-stalking. iii. Dissemination of obscene material. iv. Defamation. v. Unauthorized control/access over computer system. vi. Indecent exposure vii. Email spoofing viii. Cheating & Fraud
Against Individual Property:
i. Computer vandalism.
ii. Transmitting virus. iii. Netrespass iv. Unauthorized control/access over computer system. v. Intellectual Property crimes vi. Internet time thefts
Against Organization:
i. Unauthorized control/access over computer system ii. Possession of unauthorized information. iii. Cyber terrorism against the government organization. iv. Distribution of pirated software etc.
Against Society at large:
i. Pornography (basically child pornography).
�ii. Polluting the youth through indecent exposure. iii. Trafficking iv. Financial crimes v. Sale of illegal articles vi. Online gambling vii. Forgery
8. Cyber Acts for Security
The Information Technology Act 2000 was undoubtedly a welcome step at a time when there was no legislation on this specialised field. The Act has however during its application has proved to be inadequate to a certain extent. The various loopholes in the Act are1. The hurry in which the legislation was passed without sufficient public debate, did not really serve the desired purpose Experts are of the opinion that one of the reasons for the inadequacy of the legislation has been the hurry in which it was passed by the parliament and it is also a fact that sufficient time was not given for public debate.
�2. Cyber laws, in their very preamble and aim, state that they are targeted at aiding ecommerce, and are not meant to regulate cybercrime Mr. Pavan Duggal holds the opinion that the main intention of the legislators has been to provide for a law to regulate the e-commerce and with that aim the I.T.Act 2000 was passed, which also is one of the reasons for its inadequacy to deal with cases of cyber crime.
3. Cyber torts The recent cases including Cyber stalking cyber harassment, cyber nuisance, and cyber defamation have shown that the I.T.Act 2000 has not dealt with those offences. Further it is also contended that in future new forms of cyber crime will emerge which even need to be taken care of. Therefore India should sign the cyber crime convention. However the I.T.Act 2000 read with the Penal Code is capable of dealing with these felonies. 4. Cyber crime in the Act is neither comprehensive nor exhaustive: Mr. Duggal believes that we need dedicated legislation on cyber crime that can supplement the Indian Penal Code. The contemporary view is held by Mr. Prathamesh Popat who has stated- "The IT Act, 2000 is not comprehensive enough and doesn't even define the term 'cyber crime". Mr. Duggal has further commented, India, as a nation, has to cope with an urgent need to regulate and punish those committing cyber crimes, but with no specific provisions to do so. Supporters of the Indian Penal Code School vehemently argue that IPC has stood the test of time and that it is not necessary to incorporate any special laws on cyber crime. This is because it is debated by them that the IPC alone is sufficient for all kinds of crime. However, in practical terms, the argument does not have appropriate backing. It has to be distinctly understood that cyber crime and cyberspace are completely new whelms, where numerous new possibilities and opportunities emerge by the day in the form of new kinds of crimes.
�5. Ambiguity in the definitions: The definition of hacking provided in section 66 of the Act is very wide and capable of misapplication. There is every possibility of this section being misapplied and in fact the Delhi court has misapplied it. The infamous go2nextjob has made it very clear that what may be the fate of a person who is booked under section 66 or the constant threat under which the netizens are till s. 66 exists in its present form. Further section 67 is also vague to certain extent. It is difficult to define the term lascivious information or obscene pornographic informa tion. Further our inability to deal with the cases of cyber pornography has been proved by the Bal Bharati case.
6. Uniform law:
Mr. Vinod Kumar (9) holds the opinion that the need of the hour is a worldwide uniform cyber law to combat cyber crime. Cyber crime is a global phenomenon and therefore the initiative to fight it should come from the same level. E.g. the author of the love bug virus was appreciated by his countrymen.
7. Lack of awareness:
One important reason that the Act of 2000 is not achieving complete success is the lack of awareness among the s about their rights. Further most of the cases are going unreported. If the people are vigilant about their rights the law definitely protects their right. E.g. the Delhi high court in October 2002 prevented a person from selling Microsoft pirated software over an auction site. Achievement was also made in the case before the court of metropolitan magistrate Delhiwherein a person was convicted for online cheating by buying Sony products using a stolen credit card.
8. Jurisdiction issues:
Jurisdiction is also one of the debatable issues in the cases of cyber crime due to the very universal nature of cyber space. With the ever-growing arms of cyber space the territorial
�concept seems to vanish. New methods of dispute resolution should give way to the conventional methods. The Act of 2000 is very silent on these issues.
9. Extra territorial application:
Though S.75 provides for extra-territorial operations of this law, but they could be meaningful only when backed with provisions recognizing orders and warrants for Information issued by competent authorities outside their jurisdiction and measure for cooperation for exchange of material and evidence of computer crimes between law enforcement agencies.
10. Raising a cyber army:
By using the word cyber army by no means I want to convey the idea of virtual army, rather I am laying emphasis on the need for a well equipped task force to deal with the new trends of hi tech crime. The government has taken a leap in this direction by constituting cyber crime cells in all metropolitan and other important cities. Further the establishment of the Cyber Crime Investigation Cell (CCIC) of the Central Bureau of Investigation (CBI) 11) is definitely a welcome step in this direction. There are man cases in which the C.B.I has achieved success. The present position of cases of cyber crime is
11. Cyber savvy bench:
Cyber savvy judges are the need of the day. Judiciary plays a vital role in shaping the enactment according to the order of the day. One such stage, which needs appreciation, is the P.I.L., which the Kerela High Court has accepted through an email. The role of the judges in todays word may be gathered by the statement- judges carve law is to law ought to be. Mr T.K.Vishwanathan, member secretary, Law Commission, has highlighted the requirements for introducing e-courts in India. In his article published in The Hindu he has stated if there is one area of Governance where IT can make a huge difference to Indian public is in the Judicial System.
�12. Dynamic form of cyber crime:
Speaking on the dynamic nature of cyber crime FBI Director Louis Freeh has said, "In short, even though we have markedly improved our capabilities to fight cyber intrusions the problem is growing even faster and we are falling further behind. The (de)creativity of human mind cannot be checked by any law. Thus the only way out is the liberal construction while applying the statutory provisions to cyber crime cases.
13. Hesitation to report offences:
As stated above one of the fatal drawbacks of the Act has been the cases going unreported. One obvious reason is the non-cooperative police force. This was proved by the Delhi time theft case. "The police are a powerful force today which can play an instrumental role in preventing cybercrime. At the same time, it can also end up wielding the rod and harassing innocent s, preventing them from going about their normal cyber business."(10) This attitude of the administration is also revelled by incident that took place at Merrut and Belgam. For complete realisation of the provisions of this Act a cooperative police force is require.
9.Prevention Of Cyber Crime
Prevention is always better than cure. It is always better to take certain precaution while operating the net. A should make them his part of cyber life. Saileshkumar Zarkar, technical advisor and network security consultant to the Mumbai Police Cyber crime Cell, advocates the 5P mantra for online security: Precaution, Prevention, Protection, Preservation and Perseverance. A netizen should keep in mind the following things-
�1. To prevent cyber stalking avoid disclosing any information pertaining to one. This is as good as disclosing your identity to strangers in public place. 2. Always avoid sending any photograph online particularly to strangers and chat friends as there have been incidents of misuse of the photographs. 3. Always use latest and up date anti virus software to guard against virus attacks. 4. Always keep back up volumes so that one may not suffer data loss in case of virus contamination 5. Never send your credit card number to any site that is not secured, to guard against frauds. 6. Always keep a watch on the sites that your children are accessing to prevent any kind of harassment or depravation in children. 7. It is better to use a security programme that gives control over the cookies and send information back to the site as leaving the cookies unguarded might prove fatal. 8. Web site owners should watch traffic and check any irregularity on the site. Putting hostbased intrusion detection devices on servers may do this. 9. Use of firewalls may be beneficial. 10. Web servers running public sites must be physically separate protected from internal corporate network. Adjudication of a Cyber Crime - On the directions of the Bombay High Court the Central Government has by a notification dated 25.03.03 has decided that the Secretary to the Information Technology Department in each state by designation would be appointed as the AO for each state.
�10. Application Security and Application Networks
Would your organization benefit from application security and the Application Network?
Consider your answer to the following hypothetical question from a line of business or the CIO: "Our business demands that we use [insert any application here]; can we allow our [remote or internal] users access to it?" "No, those users aren't trusted." "No, traffic is not encrypted." "No, we can't extend a VPN because of security." "No, we don't want to put that database server in the DMZ." "No, we can't route the traffic because of NAT and private IP addresses." "No, we'd have to open nonstandard ports and we can't do that." "No, that application is not webified." "No, our firewall can't handle dynamic port requests." "No, we don't allow any direct touch between networks." "No" If any of these answers sound familiar, then application security and the Application Network can help
�11. The Access and security trade-off
Today, extending access to applications for the users who need them is no longer a "nice to have" - but a key determinant of who will win and who will lose. Legacy applications and databases, for example, contain invaluable customer information and provide a great resource for partners and other trusted third parties; email and other messaging applications are indispensable for seemingly instantaneous communication; and 'emerging' applications, such as audio and video conferencing, are now the critical enabler of 'real-time business,' resulting in huge gains in both productivity and profitability. Facilitating the rollout and accessibility of these applications, IP networks - both private and public, wired and wireless - make access to applications possible for any user from any corner of the globe. Why, then, are CIOs constantly refereeing a tug-of-war between the lines of business who want to realize the value of their applications by extending them to the users who need them and the network administrators who want to insulate their network from attack by increasingly limiting access for untrusted third parties? What is driving this zero sum game where any access gained by the business results in a corresponding decrease in network security? The answer lies in the use of network security to deploy applications. That is, network security, which by its design disrupts and limits connectivity between networks, is also used to enable connectivity. These products - while critical for protecting the physical network - were not intended to protect and extend applications and consequently using them to deploy applications inevitably results in the access and security trade off. The solution, however, is not to increase the IT budget to buy more point solutions or deploy an army of network administrators to provide the highly-oxymoronic 'brute force flexibility,' but to deploy a new conceptual network called the Application Network. The Application Network is a logical network that overlays the physical IP network and leverages its communications infrastructure while not undermining its physical security. The Application Network also
�underlies the applications that need the physical network for connectivity, providing robust and extensible application-layer security. When deployed, the Application Networks allow enterprises to use the applications their businesses require and securely extend those to the users who need them - while taking advantage of, not compromising, the network security infrastructure.
12. A Little History
initiated the project to determine a method of linking together many disparate packet networks to enable cross-network communication. According to history, the Thirty years have passed since the U.S. Defense Advanced Research Projects Agency (DARPA) initiative was referred to as the Internetworking project and the resulting mesh of linked packet networks was called the Internet. The Internet at that time was an aggregation of packet networks funded and hosted by government and educational enterprises throughout the United States. Enabling this inter-communication was the development of the Internet Protocol (IP), which defined how data packets are routed across the various networks. Until the 1980's the Internet was a combination of public networks that allowed primarily academic and government to communicate freely and openly. Applications utilizing the TCP/IP protocol suite could be extended to users with routable IP addresses, a requirement of the early Internet. Soon, however, and by design, the Internet and its obvious business benefits began to get the attention of commercial enterprises as well as foreign governments and soon these organizations began to adhere to the IP protocol and connect their local networks to this public communications infrastructure. Now, users were diverse, unknown and not necessarily trusted while the information accessible was no longer academic, but sensitive business and governmental intelligence. Network security was born
�The Purpose of Network Security:
Necessity certainly bred invention with the advent of network security. At a very high level, organizations needed to protect their physical networks from this 'untrusted' Internet and were eager to find solutions that allowed them limited access to the public networks while insulating their networks from potential attack and information theft. Answering this demand, firewalls were developed to protect the physical network. Firewalls, often utilizing Network Address Translation (NAT) for non-routable addresses that are hidden from the outside,were designed to limit network access by breaking the two fundamental rules of IP routing - that is that all network nodes must know of other nodes and all addresses of devices must be known. From the outset, the purpose of basic network security was to protect the physical network from attack by limiting connectivity between the two networks.
Emergence of the Security and Access Trade Off:
The unfortunate downside of physical security that limits connectivity for untrusted users is that it also limits connectivity for trusted users. To provide access for trusted users,network administrators were forced to start 'fixing' the networking rules broken by the physical security as required by the users and the access they required. Opening holes in the perimeter security, however, to allow ingress and egress is exactly that: opening holes. Network administrators quickly realized that the amount of access granted to users was inversely proportional to the security of their network. A seemingly zero sum game, this network security and application access trade off is now a common dilemma within organizations large and small, domestic and international.
�13. Conclusion
Capacity of human mind is unfathomable. It is not possible to eliminate cyber crime from the cyber space. It is quite possible to check them. History is the witness that no legislation has succeeded in totally eliminating crime from the globe. The only possible step is to make people aware of their rights and duties (to report crime as a collective duty towards the society) and further making the application of the laws more stringent to check crime. Undoubtedly the Act is a historical step in the cyber world. Further I all together do not deny that there is a need to bring changes in the Information Technology Act to make it more effective to combat cyber crime. I would conclude with a word of caution for the pro-legislation school that it should be kept in mind that the provisions of the cyber law are not made so stringent that it may retard the growth of the industry and prove to be counter-ps
