11 Chapter6

Download as pdf or txt
Download as pdf or txt
You are on page 1of 26

Chapter-6.

Security Threats to Netpreneurs

6.1 Virus
6.2 Spyware and Adware
6.3 Cyber Fraud, Spams & Scams
6.4 Hackers and Hacking
6.5 Internet Security-The Malware Protection
6.6 Need of Developing Online Trust
6.7 Legal Environment for Netpreneurs

87
Development of Netpreneurship in India: Critical Evaluation

Security Threats to Netpreneurs

Computers have become an integral part of life for nearly everyone in the world. Ever since
the induction of the internet, they have captured an important place in most businesses and
homes. In the initial days, it grew in popularity amongst knowledge seekers and established
itself as the Information Super highway. Most people cannot even imagine their lives without
computers. They are used to run businesses, keep track of inventory, gather information, and
to communicate with people from great distances. As mankind started understanding the
enormous strengths of a global system of instant electronic communication, Internet came to
be used more and more for commercial applications.

The commercialization of Internet was beneficial to the society for efficient delivery of many
services including Banking, Selling of Electronic Products etc. The onset of new and latest
technologies in e-commerce gave rise to the activities of anti society elements who tried to
exploit the Internet infrastructure for indulging in crimes of various types. It is the growth of
Commercial interests and the threat posed by criminal elements that forced the development
of regulatory mechanisms. “Crimes” can be defined as “Deviant Behaviour from the norms
of a society” and in this context, any action that is deviant of the accepted behavioural norm
of a “Cyber Society” can be called a Cyber Crime. 1

The Internet has become a playground for cyber criminals targeting innocent victims each
day. It is no longer safe to browse the Internet or use a computer on a network, connected to
the Internet, without proper protection against viruses and spyware. But a total cyber security
outfit consists of more than just having anti-virus and anti-spyware software installed on the
computer. Protection is required against spam and hackers to build up trust of netizens.

Now these days the biggest question in front of Netpreneurs are tackling various kind of
threats, like viruses, Spyware, Adware, Spams, Hacking, Cyber frauds, Scams and Hoaxes,
building online trust and implementation of cyber law & regulatory environment.

Security Threats to Netpreneurs 88


Development of Netpreneurship in India: Critical Evaluation

6.1 Virus
A virus is a computer program that loads itself into the memory and does unwanted activities
on a computer. A virus normally makes copies of itself on the hard drive and infects files on
the computer, or it may even damage the hardware. Many people confuse Trojan horses with
viruses. A Trojan horse is mostly the carrier of the virus and does damage to the system only
once, in contrast with a virus, which repeatedly infects the system.2 In recent years a new
breed of viruses have emerged called worms. They spread through e-mail (some use their
own e-mail engine) and causes havoc worldwide.

Causes of Virus Infection

There are million ways a virus can infect a system. The most common ones are the
following:

 By use of infected Micro Floppy Discs, CD's, DVD's or flash drives on the system.

 Through virus or worm infected E-mail, The PCs can even be infected via email

carrying virus or worm.

 Through Web Browsers, while opening the virus infected files over Internet.

 Over Local Area Network.

 By using outdated anti-virus software.

Prevention and removal of Viruses

Anti-virus software is developed to remove a virus from the system. Most of the anti-virus
applications available today have a resident shield that constantly scans the system in the
background for any virus activity. They make use of virus definition files for known viruses
and heuristic technology to detect unknown viruses. It is imperative to keep the anti-virus
software up to date to ensure protection against the newest threats. One anti-virus software
package should be used at a time, as there may be a clash between them on using more than
one antivirus, which will render the Anti-virus protection useless.

Security Threats to Netpreneurs 89


Development of Netpreneurship in India: Critical Evaluation

6.2 Spyware and Adware

Spyware is software that monitors activity on the computer, like keyboard and mouse
activity. Spyware is capable of recording passwords, credit card numbers, e-mail addresses
and other personal information entered into the computer via the keyboard. The spyware
either creates a backdoor that allows the creator of the software to hack into the system to
retrieve the recorded information, or it mails the information back to the creator of the
software. Spyware is sometimes the carrier of viruses or opens a backdoor for virus attacks.
Care should be taken while using public computers as spyware poses great amount of threats.
Spyware is also used by employers to monitor the activities of employees on company
computers. Many people regard adware and spyware as two different types of software.
Adware is in fact only a "good" name for spyware and there is no substantial difference
between the two.

Roots of Spyware infection

Spyware does not directly spread like a computer virus or worm and generally, an infected
system does not attempt to transmit the infection to other computers. The spyware gets on a
system through deception of the user or through exploitation of software vulnerabilities.

Mostly spyware is installed without user’s knowledge. The distributor of spyware usually
presents the program as a useful utility-for instance as a "Web accelerator" or as a helpful
software agent. The Users download and install the software without immediately suspecting
that it could cause harm. Spyware can also come bundled with shareware or other
downloadable software, as well as music CDs. The user downloads a program and installs it,
and the installer additionally installs the spyware. A third way of distributing spyware
involves tricking users by manipulating security features designed to prevent unwanted
installations. Internet Explorer prevents websites from initiating an unwanted download.
Instead, it requires a user action, such as clicking on a link.

Some spyware authors infect a system through security holes in the Web browser or in other
software. When the user navigates to a Web page controlled by the spyware author, the page
contains code which attacks the browser and forces the download and installation of spyware.

Security Threats to Netpreneurs 90


Development of Netpreneurship in India: Critical Evaluation

The installation of spyware frequently involves Internet Explorer because of its popularity
and history of security issues that have made it the most frequent target.

Adware
Adware is a software application which automatically downloads advertising banners and is
displayed while the program is running. The authors of these applications include additional
code that delivers the ads, which can be viewed through pop-up windows or through a bar
that appears on a computer screen.

Adware is somewhat similar to spyware. Adware is mainly used as a marketing tool to


monitor people's behaviour on the Internet, to determine which products they are interested
in. Spyware reports these statistics to its creators while adware supposedly doesn't. Adware is
sometimes the carrier of spyware and viruses and is hard to get rid off. One of the
characteristic of adware is the consumption of system resources, also common among
spyware.

Prevention and removal of spyware

To remove spyware from the system anti-spyware software is required. Most of the anti-
spyware software removes adware as well. Anti-spyware software works much like Anti-
virus software and some of them also include a resident shield. They have definition files,
which need to be updated, to ensure that the system is protected against the latest threats. One
of the biggest differences between anti-spyware and anti-virus software is the fact that
multiple anti-spyware programs can be installed on a system.

Anti-spyware software also removes adware, it falls under the same category as spyware and
has the same characteristics as spyware. The adware programs breach the system through
browser vulnerabilities and certain web sites exploit security holes to install adware on the
system.

Security Threats to Netpreneurs 91


Development of Netpreneurship in India: Critical Evaluation

6.3 Cyber Fraud, Spams & Scams


Spam is an unwanted, unsolicited e-mail sent out in bulk and is mainly used by unethical
marketers to promote their products. Spam e-mails can be chain letters, jokes or scams sent
out in bulk. These days most of the spams are about cheap software, jewellery, medical
supplies, money making schemes and pornography. Most of these e-mails consist of a single,
attractive image banner embedded into the message, enticing the user to click on it. Some of
the links in these e-mails will automatically take to a server where the client system may get
infected with viruses, spyware, adware, or become victim of a hacking attempt. E-mail
inboxes are overwhelmed with spam and scams by uninvited letter writers and their hidden
purposes. In many cases, they are scam artists trying to steal money and identity of net users.

According to Susan Grant, Director, Internet Fraud Watch, "While not all unsolicited e-mail
messages are fraudulent, consumers should be very suspicious of anyone who promises them
easy money, incredibly cheap prices or free services that may have hidden costs", Internet
Fraud Watch is a nonprofit consumer organization created by the National Consumers
League in 1992.According to IFW in year 2007 Americans lost $6,152,070 to Internet scams.

Most scams are done by e-mail Spam. They entice users to give them critical information like
usernames, passwords, credit card information, or other types of account information.

Most of these e-mails can easily be identified as fraudulent, by identifying a couple of


general characteristics.

 First of all if someone, pretending to represent a company or organisation, contact by


e-mail to supply them with usernames, passwords or other critical information by e-
mail, then it is certain it’s fraudulent. E-mail is one of the most un-secure methods to
send user information and passwords. To prevent from these SSL (Secure Socket
Layer) is used. Most organisations have secure servers, which apply SSL technology
to keep the personal information safe.

 If anyone receives e-mail with a link to a secure server then it does not mean it’s safe
because no banks, financial institutions, or any legitimate organization ever request
updates to personal information via e-mail.

Security Threats to Netpreneurs 92


Development of Netpreneurship in India: Critical Evaluation

 Another way to identify fraud is looking at the real URL, provided as a link in the e-
mail. Most of the popular e-mail clients have a status bar at the bottom of the screen.
If anyone moves the cursor on the link, the exact URL (Uniform Resource Locator)
will appear in the status bar. If the URL does not appear exactly at the status bar,
while moving the cursor on the link then it can be identified as a fraud.

All cyber frauds do not occur through e-mails, other fraudulent methods are also popular.

Reasons of becoming a spam victim

There are various ways by which any one can become a spam victim. The most common
reasons are as follows:-

 The e-mail address is published on a public server, or it is available publicly.

 If the e-mail address is send to any unethical organization which may pass it to a third
party.

 Chain e-mails contain hundreds and thousands of e-mails as they get forwarded to
other recipients. If the e-mail is included in the mailing list of a chain letter, chances
are good that this e-mail landed in the inbox of a spammer.

 The e-mail address is entered at a spammer's web site without any knowledge or
permission by some person.

 A spyware, or adware program is capable of recording the e-mail address on anyone


else’s computer, a public computer or on own computer.

Prevention of spam
The various effective measures to prevent the e-mail address from passing out are:

 Reply should not be given to strange e-mails which have not been subscribed. The
first e-mail is to test if the mailbox is active. Once the reply to the message, is send
the spammer will see that the mailbox is active and will send spam on a continuous
basis.

Security Threats to Netpreneurs 93


Development of Netpreneurship in India: Critical Evaluation

 The unsubscribe link in an unknown e-mail should never be clicked.

 Personal e-mail address should not be made available to the public. If there is such
kind of need of providing email address publicly, separate email address should be
maintained for this purpose.

 To gain access to free content on the Internet, there arises a need to supply e-mail. A
separate unused free e-mail account should be maintained to get such kind of free
stuff.

 PCs need to be scanned frequently for viruses, spyware and adware.

 Anti-spam software should be used as prevention against such unsolicited emails.

Prevention from scams


 Money should not be sent to unknown people contacted through emails. or any other
method over the Internet.

 Never reply to, or click on any links in e-mails requesting personal, account or any
kind of user information.

 Never reply to, or click on any links in e-mails received from organizations of which
you are not a member.

 Never reply to, or click on any links in lottery or competition e-mails, in which no
participation has been done. It is not possible to suddenly win a competition without
participating.

Common scams flooding the Net

Auction and retail scams: Scams at online auction sites are the most frequently reported
form of Internet fraud. These schemes typically offer high-value items, such as Cartier
watches, Beanie Babies and computers, in hopes of attracting many consumers. In it the
victim wins the bid, sends the money and receives nothing or receives products of much
lower quality than advertised.

Security Threats to Netpreneurs 94


Development of Netpreneurship in India: Critical Evaluation

Nigerian bank Scam : The Nigerian bank scam is the fastest growing Internet fraud reported
to IFW. Many of these e-mails claim to be from a person in Africa, usually Nigeria. The
writer claims to have access to millions of dollars, either from a relative or from knowledge
of an idle account. A percentage of this money is promised to the victim if they will allow the
money to be processed through their personal bank account. The victim is to keep their share
and send the remaining money to the scammer. The cheque given to the victims is fraudulent.
The victim is then liable to the bank for the cheque they wrote to the scammer. In some
cases, churches and other nonprofit organizations have been targeted by this scam. They are
told a wealthy person has died and left all their money to the victim organization.

Mortgage aid scams: This scam targets people whose home mortgages are in trouble. The
scammers promise to take care of problems with mortgage lenders or to obtain refinancing
for the victim. Sometimes they ask the victims to make mortgage payments directly to them.
They may even ask victims to hand over property deeds. The scammers pocket all the money
the victim has paid and file for bankruptcy in the victim's name, usually without the victim's
knowledge. Victims lose their money and homes and are left with a bankruptcy listed on their
credit records forever.

Work at home and business opportunity scams: Scammers who used newspaper
advertisements to promote the old "work-at-home" scam are now plying their trade via e-
mail. They tempt victims by stating "no experience necessary," promise high earnings and
claim to have inside information. These scammers usually require victims to pay from $35 to
several hundred dollars or more for information, kits or materials that do not provide the
promised results. Frequently, these schemes involve making handicrafts, stuffing envelopes,
medical billing, or state, "Use your home PC to make money fast in your spare time."
Another version of this scam promises victims the secret to a successful business.

Free computer offers: Many offers for free or low-cost computers are scams. "Free" may
only apply to the hard drive. A monitor, keyboard, mouse, modem, printers or speakers may
cost extra. Some offers require providing personal information. Some scams require a
contract with a particular Internet Service Provider for several years of service. There may be
no warranty or customer support. In many cases the computers don't exist at all, or the seller

Security Threats to Netpreneurs 95


Development of Netpreneurship in India: Critical Evaluation

may be on the verge of going out of business and never deliver the promised merchandise or
rebate.

Online medication: While many prescription web sites offer convenience and low prices,
other sites could actually endanger health. There have been many cases of counterfeits drugs
that lack any real similarity to the approved drug. Even drugs that prove to be authentic may
be contaminated or expired. Some of these sites claim to have doctors on staff available to
diagnose and prescribe medications with no examination.

Quick divorce scheme: These e-mails and websites promise a quick divorce obtained in the
Dominican Republic or other foreign country without either partner ever having to leave the
United States. Victims spend $1,000 or more after reading the often false, misleading, or
legally inaccurate information. Most victims eventually receive false assurances that they are
legally divorced. In fact, they are still legally married.

Investment scams: Investment scams give potential victims false information to encourage
them to purchase a certain stock. Unknowingly, victims purchasing this stock cause the
dramatic price increase of these previously weak stocks. The scammers then immediately sell
off their stocks and reap the profits. Victims are left with worthless or nearly worthless stocks
once the price falls. In another version of the scheme, false, negative information about a
company is spread to frighten investors into selling their stocks. Scammers then buy stock at
a low price. After the information is proven false, the stock recovers. While victims sold at a
loss, the scammers make a profit.

Identity theft scams: One flourishing identity theft scam can be found on Web sites selling
high-demand items at a much lower price than offered by legitimate companies. The victim
is told to pay nothing until the item is received. The scammer then uses the victim's name,
along with an unlawfully obtained credit card number belonging to another person to buy the
item at a legitimate website. Once that website ships the item to the victim, the victim,
believing that the transaction is legitimate, then authorizes his credit card to be billed to the
scammer or sends payment directly to the scammer.

Security Threats to Netpreneurs 96


Development of Netpreneurship in India: Critical Evaluation

Pornography tricks: Some information and pornography sites require victims to download
information or programs. Many of these downloads contain viruses. Some victims may
unknowingly download a dialer program. The dialer program enables the scammer to
disconnect the victim's modem and then connect it to a foreign telephone number, resulting
in expensive phone charges. Some dialer programs turn off the volume on the victim's
computer so victims can't hear the dialing taking place.

Job service scams: Job service scammers take advantage of job seekers. They claim to offer
employment services, inside information or inside contacts to jobs. After paying a fee,
victims learn they only provide advice, help writing a resume or less. Some fraudulent
employment services simply sell lists of companies made from public directories. They may
not have contacted those companies directly or know if there are really any job openings.

Scholarship search: Scholarship search scams charge for their services, guarantee
scholarship money and don't deliver scholarships. Some may provide lists of available
scholarships that the victims could have found on their own for free. There's no such thing as
a guaranteed scholarship unless it's offered directly by the academic institution.

Magazine subscriptions: These scams offer great deals on new subscriptions or to renew
current ones. These con artists (a swindler who exploits the confidence of his victim) trick
victims into spending more than they realize or paying for magazines they'll never receive.
The cost may be described as pennies a month but is not stated how many pennies or for how
long. Some subscription services don't allow cancellations once they have placed the orders
with the publishers.

Travel Fraud: Some unscrupulous companies offer free trips for a price. Often, victims are
told they have won a free trip. These free or incredibly cheap trips may have hidden costs.
The recipient of the free trip is required to make these extra reservations through a specific
company and the costs are much higher than market price. Others may require attending a
long, high-pressure sales pitch for a time share or travel club membership as part of the trip.
Still others are valid only if bringing a companion along at full fare.

Security Threats to Netpreneurs 97


Development of Netpreneurship in India: Critical Evaluation

Lottery and prizes: Victims typically are notified they have won a lottery, yet have to pay
transfer fees, taxes or provide proof of their identity and details of their bank accounts or
credit cards in order to receive the "winnings". The names of these organizations change all
the time although many of the notifications use similar wording. These scammers steal the
victim's identity and empty their bank accounts, make charges on the victim's credit card or
open accounts in the their name.

6.4 Hackers and Hacking


A hacker is someone who gains unauthorized access to a computer system. Many hackers
like the challenge of breaking through a computer security system. Government and big
companies use hackers to maintain their security systems. People normally confuse hackers
with crackers. While hackers crack the code of passwords to hack into a security system,
crackers crack the code of software to bypass its security mechanisms like copyright
protection etc. Hacking and cracking are two different methods, but hackers normally possess
cracking skills and crackers, hackings skills. All hackers are humans. Computerized hackers
are also there, but they are also developed by human beings.

Prevention from Hackers

Hackers gain access to the computer through unguarded ports in the network system. A
firewall or anti-hacker software is required to stop them in their tracks. To prevent hackers
from breaching a computer system, use of the Firewalls and Intrusion Detection Software is
necessary.

6.5 Internet Security-The Malware Protection


Viruses are no longer the only threat on the Internet these days. Spyware, Adware, Trojan
Horses, Key-loggers, Rootkits and many other malicious programs have joined the ranks of
online threats. Single purpose security software is no longer enough to provide adequate
protection against these malicious threats. A combination of anti-virus, anti-spyware, anti-
hacker and anti-spam protection is necessary for all-round protection against malware.

Security Threats to Netpreneurs 98


Development of Netpreneurship in India: Critical Evaluation

Malware is collectively used for viruses, spyware, trojans and all other malicious software
applications and can be viewed as digital terrorism. Malware is not a specific threat but more
like a combination of several threats, making it hard to combat it with an anti-virus or anti-
spyware application alone. Several types of security programs have to be combined into one
integrated package to combat malware effectively.

An Internet Security suite is the best weapon against malware. Malware do not only spread
through web sites, but also through free programs, local area networks and e-mail. That is
why it is necessary to have a firewall and an e-mail scanner to support the protection given
by the anti-virus and anti-spyware components of the security suite.

Benefits of an integrated Internet Security Suite

 All security components are compatible with each other, so no incompatibility issues.

 All components can be monitored, updated, configured and managed from one central
location.

 Integration means trust among integrated components. The firewall automatically


allows the other integrated components of the security suite unrestricted access to the
system. Fewer configurations are therefore required and it results in a more user
friendly and less nagging firewall.

 The security suite simultaneously scans for all types of malware using one single
scanner. No need to use multiple scanners for different threats.

 The anti-virus and anti-spyware components provide offensive and defensive


protection at the same time, while the firewall and spam filter provide defensive
protection in other areas of the system not covered by the malware scanner. It is
possible to provide system wide protection from several angles, making it harder for
malware to infiltrate or hide inside the system.

Security Threats to Netpreneurs 99


Development of Netpreneurship in India: Critical Evaluation

Removal of Malware

The steps involved in removing malware are as follows:

Step 1: Download and install a secure secondary web browser (For example-MozillaFirefox)

Step 2: Download an effective recommended anti-virus and anti-spyware software

Step 3: Disconnect the computer from the Internet and any other network before installing the
software.

Step 4: Disable or un-install the current anti-virus software and it is required to install other
anti-virus software.

Step 5: Install and configure the software downloaded

Step 6: Update the anti-virus and anti-spyware software

Step 7: Scan your computer with the software you downloaded

The computer must be restarted after each scan. Some scanners schedule infected files for
deletion when the system is restarted. A malicious process cannot be deleted while it is active
in the system. To terminate a stubborn process the system needs to be rebooted.

6.6 Need of Developing Online Trust

The growth rate of Internet based e-commerce in recent years is unprecedented. The internet
technologies have given rise to Netpreneur. Like any entrepreneur, a Netpreneur also faces
lot many hurdles in the business and one of the additional and biggest hurdle is concerned
with online security issues. The simple and open technology of the Internet has created a new
concept of Netpreneurs by bringing together a large number of buyers and sellers. Online
markets promote buying and selling of goods and services globally.

In such an open and unknown market place assurance and trust are difficult yet quite
important. Today, privacy is the main consumer issue facing the Internet .Not only a
consumer issue it is also an area of concern for the existing and emerging Netpreneurs.
Absence of robust mechanisms for addressing online trust increases the risk of trade and
creates more friction in the market. There are a number of fraudulent activities going on in
context to online businesses like pages of the sites are copied, modified and fraudulently

Security Threats to Netpreneurs 100


Development of Netpreneurship in India: Critical Evaluation

redirected to other sites where visitors may be mislead with wrong information.3 It is
essential to conduct business transactions comfortably, fostering trust among the transacting
parties .Building online trust is one of the important and crucial aspect of Netpreneurship.

There are various factors that facilitate building online trust and identification of patterns in
which e-commerce organisations could build trust. To build online trust what is also
important is to identify role of technology, Government and other business organisations in
fostering trust.

Dimensions of online trust

Engaging in online transactions raises several questions. Like transaction issues between the
parties, guarantee regarding the commercial information that is transported over the public
switching network, credentials of market maker, buyers and sellers of products and services
,issues about privacy, reliability of information provided in websites, guarantee for
performance of products /services offered by sellers, legal backing for breach of commitment
,etc. Unless these issues are dealt properly conducting online transactions would become
difficult for Netpreneurs.

Building online trust would involve developing strategies to handle these issues properly.
The three dimensions of trust are technology, market place, and market participant. One of
the key facilitating mechanism for online commerce as well as trust building is the legal
framework. When online transactions, digital signatures and evidences produced using
computer databases are not valid in the court of law, online marketplaces will be a non-
starter. The absence of a legal framework will raise the level of risk among transacting
parties dramatically. This will result in poor patronage of online markets. The three
dimensions of online trust needs to be embedded in an overall umbrella of a robust legal
framework.

Security Threats to Netpreneurs 101


Development of Netpreneurship in India: Critical Evaluation

Dimensions of Online Trust

On line Trust - Technology Dimension

Developing trust must happen in several stages. Normally, Internet users don't monitor or
interfere with the network traffic that continuously passes through their machines. Many
sensitive personal and business communications over the net require precautions that address
various threats and the Use of technology to counter these is one of the major dimensions in
fostering online trust. In order to ensure that these security hazards are avoided, E Commerce
sites need to address some aspects of security. Since transactions take place in a virtual
environment, they must be assured of authentication of transacting parties and non-denial
of the transaction.

On line Trust – Market Place Dimension


Credibility of the online market place is also an important thing that needs to be dealt
properly. An online market is nothing but a few mouse clicks for the potential consumer.
These facilities provide enough confidence to the consumer. The physical world, business
practices, the richness and depth of offerings, reputation, brand equity and corporate
governance mechanisms of market participants contribute to the market place dimension of
trust in an online market.

Security Threats to Netpreneurs 102


Development of Netpreneurship in India: Critical Evaluation

On line Trust – Market Participant Dimension

The third dimension to online trust relates to the credibility of market participants. The
sellers and buyers would like to ensure that the host of the online market has the required
business fundamentals to enable and sustain their trade. The ability to check the credentials
and genuineness of transacting parties will foster greater online trust and will be an important
driver of e-commerce. The speed of adoption of business-to-business e-commerce depends
upon bridging the remotely connected and unknown transacting parties. Some of the issues
like non-repudiation are addressed using technology solutions. Without adequately
addressing these issues online transaction suffers on account of poor trust.

Online Trust – A Framework

In the paper presented by Prof. B. Mahadevan and N.S. Venkatesh on the topic “building
online trust for business to business e-commerce”, he has dealt with the issues of building
online trust and how online market places develop trust among the market participants.
Security Privacy market place and participant issues, dot com brand equity and legal
environment are main issues concerning online market place to foster trust among the
participants.

Building online trust-A Frame work

Security Threats to Netpreneurs 103


Development of Netpreneurship in India: Critical Evaluation

The interplay of these factors provides the online market participants a certain degree of trust
and promotes friction free market mechanism. 4 Other secondary factors which affect online
trust include technology, credibility assessments and brick & mortar brand equity.
Technology choices provide varying degrees of satisfying security and privacy issues.
Credibility assessments made by reputed and neutral organisations on various aspects of the
online market such as the status of security, privacy, market place issues, and brand equity
can substantially improve the confidence of the online consumers. By development of these
secondary factors, e-market players can develop strategies to build online trust.

6.7 Legal Environment for Netpreneurs

The need for regulations to promote e-commerce and following the guidelines of the United
Nations Commission on International Trade and Law (UNCITRAL), India set about to frame
regulations for Cyber Space transactions. Initially, the Ministry of Commerce, Government
of India developed a draft E-Commerce Act 1998 which drew inspiration from the
UNCITRAL model law for E-Commerce as well as similar legislation in Singapore. With the
formation of a separate ministry for Information Technology in December 1999, a new
version of the draft E-Commerce Act was released in the form of Information Technology
Bill 1999 which became the Information Technology Act 2000.

In order to boost e-commerce in India the Government passed the IT bill in May 2000, with
President K.P. Narayanan giving his assent on June 19, 2000. The Information Technology
Act-2000, came into effect from October 17, 2000, has envisaged the following three level
hierarchies for regulation.
 Policy Level Regulation
 Administrative Level Regulation
 Judicial Level Regulation
With the best of intentions, the IT bill has been passed by the parliament to provide a
legislation to facilitate e-commerce and to tackle the growing number of the computer
crimes. According to NASSCOM President Dewang Mehta, the IT Bill will provide the
legal frame work for e-commerce, so that people using credit cards on the internet will have

Security Threats to Netpreneurs 104


Development of Netpreneurship in India: Critical Evaluation

adequate legal protection to prevent misuse. Contracts signed through e-mails will also get
legal recognition. The IT Bill is a great piece of cyber art to herald electronic commerce in
India, change outdated Acts and provides ways to deal with cyber crimes.

Cyber pundits admit that India's e-commerce act could provide trend setting because most
countries recognize its importance to provide mechanisms for innovations in e-commerce.
The bill provides for a legal framework for authentication and origin of electronic
record/communication through digital signature. This will give a spur to the use of internet,
e-mail and e-commerce. The Bill seeks to empower government departments to accept
filing, creating and retention of official documents in the digital format.

Information Technology Act 2000

Recently, the Govt. of India enacted the historical information technology act-2000 to give
legal recognition to and regulate e- commerce and it also comes down heavily on cyber
crime. The enactment of the IT Act is a major step in promoting the use of InfoTech in
Government & industry. The IT, Act is a forward-looking piece of legislation. The IT Act,
2000 also aims to provide the legal framework under which legal sanctity is accorded to all
electronic records and other activities carried out by electronic means. The Act states that
unless otherwise agreed, an acceptance of contract may be expressed by electronic means of
communication and the same shall have legal validity and enforceability.

Objectives of Information Technology Act

The objectives of the Information Technology Act may be described as below:

 To grant legal recognition for transactions carried out by means of electronic data
interchange and other means of electronic communication commonly referred to as
"electronic commerce" in place of paper based methods communication.

 To give legal recognition to Digital Signature for authentication of any information


or matter which requires authentication under a law.

Security Threats to Netpreneurs 105


Development of Netpreneurship in India: Critical Evaluation

 To facilitate electronic filing of documents with Government departments.

 To facilitate electronic storage of data.

 To facilitate and give legal sanction to electronic fund transfers between banks and
financial institutions.

 To give legal recognition for keeping books of account by Bankers in electronic


form.

 To amend the Indian Panel Code, the Indian Evidence Act, 1872 the Banker's Book
Evidence Act, 1891 and the Reserve Bank of India Act, 1934.

Scope of Act

This act is called the information Technology Act, 2000. It shall extend to the whole of India
and, unless otherwise provided in the Act, it applies also to any offence or contravention
there under committed outside India by any person. It shall come into force on such date as
the Central Government may, by notification, appoint different dates may be appointed for
different provisions of this Act. It may be noted that the date from which the Act becomes
effective is yet to be notified.
The Act shall not apply to the Following:
 A negotiable instrument as defined in section 13 of the Negotiable Instrument Act,
1881.
 A power of attorney as defined in section 1 A of the Powers of-Attorney Act, 1882.
 A trust as defined in section 3 of the Indian Trust Act, 1882.
 Any contract for the sale or conveyance of immovable property or any interest in
such property.
 Any such class of documents or transactions as may be notified by the Central
Government in the Official Gazette

Security Threats to Netpreneurs 106


Development of Netpreneurship in India: Critical Evaluation

Cyber Crimes under IT Act -2000

The growth of online business, has given way to activities of anti society elements who tried
to exploit the Internet infrastructure by indulging in Crimes of various types. It is the growth
of Commercial interests and the threat posed by criminal elements that forced the
development of regulatory mechanisms. Therefore, Cyber Crimes became the focus of Cyber
Laws and addressing such concerns was one of the main objectives of IT Act -2000.

The declared objective of IT Act-2000 was to facilitate ECommerce. The Act seems to focus
more on offences that directly affect E-Commerce. Section 4 of IT Act-2000 extends the
applicability of any other law applicable to written documents to Electronic documents, it is
clear that any crime other than those described in IT Act-2000 would be equally enforceable
even when it has a shade of Cyber Crime involved in it. The amendments made to IPC and
the Indian Evidence Act consequential to the passage of IT Act-2000 ensures that such
crimes do not go unpunished. It is therefore considered acceptable that IT Act-2000 restricts
itself to one set of Crimes only which we have described as First Order Cyber Crimes.

Penalties and offences under IT Act-2000

IT Act-2000 discusses consequences of deviant behaviour of a member of a society under


two distinct chapters.

 Chapter IX of the Act covers actions that create liabilities for imposing “Penalties” on
the offender by way of compensation payable to the victim.

 Chapter XI discusses actions that can be classified as “Offences” where there could
be imprisonment and fine payable to the Government.

 Chapter IX offences can be adjudicated by an Adjudication Officer appointed by the


Government.

 Chapter XI crimes can be prosecuted by the law enforcement. Officers as prescribed


by the Act and in the Criminal Procedure Code.

Security Threats to Netpreneurs 107


Development of Netpreneurship in India: Critical Evaluation

Types of Offences

In IT Act-2000, Section 43 is a significant section which covers a broad section of typical


Cyber Crimes. This section provides a financial remedy to a victim to the extent of Rs 1 crore
as compensation for damages suffered. It is imperative however that the damage claimed
may have to be proved to the satisfaction of the relevant judicial authority and cannot be
arbitrary.

Section 43 states: If any person without permission of the owner or any other person who is
in charge of a computer, computer system or computer network:-

(a) accesses or secures access to such computer, computer system or computer network;

(b) downloads, copies or extracts any data, computer data base or information from such
computer, computer system or computer network including information or data held or stored
in any removable storage medium;

(c) introduces or causes to be introduced any computer contaminant or computer virus into
any computer, computer system or computer network;

(d) damages or causes to be damaged by any computer, computer system or computer


network, data, computer data base or any other programmes residing in such computer,
computer system or computer network;

(e) disrupts or causes disruption of any computer, computer system or computer network;

(f) denies or causes the denial of access to any person authorized to access any computer,
computer system or computer network by any means;

(g) provides any assistance to any person to facilitate access to a computer, computer system
or computer network in contravention of the provisions of this Act, rules or regulations made
there under;

(h) charges the services availed of by a person to the account of another person by tampering
with or manipulating any computer, computer system, or computer network, he shall be
liable to pay damages by way of compensation not exceeding one crore rupees to the person
so affected.

Security Threats to Netpreneurs 108


Development of Netpreneurship in India: Critical Evaluation

Explanation.—for the purposes of this section:-

(i) "Computer contaminant" means any set of computer instructions that are designed;
(a) to modify, destroy, record, transmit data or programme residing within a computer,
computer system or computer network; or
(b) by any means to usurp the normal operation of the computer, computer system, or
computer network;

(ii) "Computer data base" means a representation of information, knowledge, facts, concepts
or instructions in text, image, audio, video that are being prepared or have been prepared in a
formalized manner or have been produced by a computer, computer system or computer
network and are intended for use in a computer, computer system or computer network;

(iii) "Computer virus" means any computer instruction, information, data or programme that
destroys, damages, degrades or adversely affects the performance of a computer resource or
attaches itself to another computer resource and operates when a programme, data or
instruction is executed or some other event takes place in that computer resource;

(iv) "Damage" means to destroy, alter, delete, add, modify or rearrange any computer
resource by any means.

The section will become operative only in the event of the offensive act being committed
“without the permission of the owner or the person in charge of a computer System”.
Therefore, it is important for the person claiming the damage to disprove and the person
defending the charge to prove the existence of any “Permission”.
“Permission” in such context can be expressed or implied and is influenced by the normal
practices adopted by persons in similar circumstances.

The actions covered by the section are:-

a) Securing access to the System: Under this section the offender securing access to the
computer without permission would be charged. There is no need to prove existence of
“Intention to cause damage”.

Security Threats to Netpreneurs 109


Development of Netpreneurship in India: Critical Evaluation

b) Downloading, Copying or extracting any data: Downloading, copying and extracting


data without permission is also considered as an offence. The section even covers data stored
in any removable storage medium.

c) Introducing a computer Contaminant or Virus: Introducing a computer Contaminant or


Virus in a computer is also an offence

d) Damaging data or the System: Even an “Unintentional” or “Accidental Damage” to


either the hardware or a software can be covered within the meaning of this subsection.

e) Disrupting or Causing Disruption to the System: This sub-section may cover a person

Disrupting or Causing Disruption to the System.

f) Blocking access to another authorized user: This provision could cover various
provisions including a case where the password to an e-mail account of a subject victim is
altered by a culprit.

g) Assisting another person in contravening provisions of the law: This provision could
even be extended to any person who negligently handles his password or a system security
feature to commit a contravention.

h) Charging service availed by him to another person by: This provision is intended to
cover Credit Card related frauds or Internet Access right thefts. If it involves “Tampering or
Manipulating” the system then such offences may also qualify as “Hacking” under Section
66 of the Act.

Section 43 of the IT Act-2000 is as good as a whole chapter on Cyber Crimes. Under Chapter
IX, section 44 addresses another type of offence which covers “Failure to furnish returns,
etc”. This is basically aimed at Certifying Authorities furnishing returns to the Controller of
Certifying Authorities.

Offences under Chapter XI of IT Act-2000

Chapter XI of the IT Act-2000 lists a few offences which could result in imprisonment and
fine for the offender. Amongst the principle sections of the chapter are Section 66 which
covers “Hacking”, Section 67, which covers “Obscenity”. Section 65 covers “Tampering

Security Threats to Netpreneurs 110


Development of Netpreneurship in India: Critical Evaluation

With Source Codes” which is an offence covering “Tampering of Evidence”. Section 70


covers special provisions regarding an attempted intrusion of a system declared as “Protected
System”.

Sections 71, 73 and & 74 cover different aspects covering a Digital Certificate user and his
responsibilities. Sections 68 and 69 indicate certain powers given to the Controller to issue
directions and the consequences of their violation. Section 72 covers the responsibilities of
authorities such as the Certifying Authority in respect of information of the public which
comes into their hands and the consequences of the breach of privacy and confidentiality.

Tampering of Computer Source Documents: Section 65 of the IT Act -2000 states,


“Whoever knowingly or intentionally conceals, destroys or alters or intentionally or
knowingly causes another to conceal, destroy or alter any computer source code used for a
computer, computer programme, computer system or computer network, when the computer
source code is required to be kept or maintained by law for the time being in force, shall be
punishable with imprisonment up to three years, or with fine which may extend up to two
lakh rupees, or with both.”

Hacking with a Computer System (Section 66): Under section 66. It states, (1) Whoever
with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the
public or any person, destroys or deletes or alters any information residing in a computer
resource or diminishes its value or utility or affects it injuriously by any means, commits
hacking. (2) Whoever commits hacking shall be punished with imprisonment up to three
years, or with fine which may extend up to two lakh rupees, or with both.

The essential requisites for an act to be defined as "Hacking" in India are as follows.

 There should be an intention to cause a wrongful loss or damage to the public or any
person or

 There should be knowledge that the act is likely to cause a wrongful loss or damage
to the public or any person And

Security Threats to Netpreneurs 111


Development of Netpreneurship in India: Critical Evaluation

 There should be destruction of or deletion of or alteration of or diminution in the


value of or diminishing in the utility of any information residing in a Computer
source.

Publishing of Information which is Obscene: Section 67 of the IT Act-2000 prescribes that


whoever publishes or transmits or causes to be published in the electronic form, any material
which is lascivious or appeals to prurient interest, or if its effect is such as to deprave and
corrupt persons who are likely, having regard to all relevant circumstances, to read, see, or
hear the matter contained or embodied in it shall be punishable with imprisonment in the first
instance up to 5 years and fine up to Rs 1 lakh.

References:
1. Naavi, “Cyber Laws For Every Netizen in India”, Ujvala Consultants P Ltd,Chennai,2004,p.122
2. Cyber top cop, “Virus Preventions & removal tools”,http://www.cybertopcop.com
3. Geo Trust, “Build online trust: Critical infrastructure to foster Business-to-Business confidence” at
http://www.geotrust.com
4. B.Mahadevan & N S Venkatesh, “Building On-line Trust for Business to Business E Commerce -
Issues & Challenges”, IT Asia Millennium Conference, 2000

Security Threats to Netpreneurs 112

You might also like