Best Cyber and Privacy Lawyer 2022 awarded to Adv Prashant Mali

Prashant Mali receiving award from Actor Makrand Deshpande 

Advocate Prashant Mali Got Best Cyber and Privacy lawyer of the year by the hands of Makrand Deshpande , other awardees include Mumbai Mayor Kishori Pednekar, ex Mumbai Police Commissioner Hemant Nagrale , VC of University of Mumbai, Hon. Sharad Pawar  n others . Lop Devendra Phadnavis and MP Sanjay Raut were chief guests 

Earlier Lt. Balasaheb Thakre and Lt. Lata Mangeshkar we’re also recipients of the same award. 

#award #cybercrime #privacy #lawyer #law #follow #media #mumbai #cybersecurity #publicpolicy #IamChevening #IVLP #media #news

IT Rules 2021 - Social Media & OTT Rules

Social media, OTT Platforms, online news websites regulation in india (Information Technology Rules, 2021 )

This are the Rules framed pursuant to the powers conferred by Section 79(2)(c) and Section 69A(2) of the Information Technology Act, 2000 provides for classification of films and other entertainment programmes, including web series, bring digital news platforms within the ambit of regulations covering print and electronic media and attempts to rein in social media intermediaries. 

Guidelines for intermediary and social media intermediary 

The Rules define 'significant social media intermediary' as social media with users above the threshold notified by the Central government. 

The Rules mandate that social media intermediary should 'enable the identification of the first originator of the information on its computer, as "may be required by a judicial or or an order passed by the Competent authority" and such an order shall only be passed for the purposes of prevention, detection, investigation, prosecution or punishment of an offence related to the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, or public order.

If has also been provided that the significant social media intermediary "shall have a physical contact address in India published on its website or mobile based Internet application or both, as the case may be, for the purposes of receiving the communication addressed to it."

The rules and regulations, privacy policy or user agreement of the intermediary should inform the user of computer resource not to host, display, upload, modify, publish, transmit, store, update or share any information that is inter alia, obscene, pornographic, paedophilic, threatens the unity, integrity, defence, security or Sovereignty of India, friendly relations with foreign States, or public order, or causes incitement to the commission of any cognizable offence or prevents investigation of any offence or is insulting any foreign States. 

No such information should be published which is patently false and untrue, and is written or published in any form, with the intent to mislead or harass a person, entity or agency for financial gain or to cause any injury to any person.

Self-Regulatory Body

It has been notified that would be one or more self-regulatory bodies of publishers. Such a body shall be headed by a retired judge of the Supreme Court, a High Court or independent eminent person and have not more than six members. The concerned Regulatory body will have to register with the Ministry of Information and Broadcasting. This body will oversee the adherence by the publisher to the Code of Ethics and address grievances that have not be been resolved by the publisher within 15 days.

Disposing a grievance

It has been laid down that a self-regulating body while disposing a grievance or an appeal will issue guidance or advisories to the applicable publisher/entities: 

(a) warning, censuring, admonishing or reprimanding such entity; 

(b) requiring an apology by such entity; or 

(c) requiring such entity to include a warning card or a disclaimer; or 

(d) in case of online curated content, direct such entity to (i) reclassify ratings of relevant content; (ii)make appropriate modification in the content descriptor, age classification and access control measures; (iii) edit synopsis of relevant content; 

Code of Ethics and Procedure/safeguards for Digital/Online media

Part III of the Rules state that digital and online media will be governed by Code of Ethics. The Code of Ethics which in turn is given in the appendix make the Programme Code under under section 5 of the Cable Television Networks regulation) Act, 1995 and norms of Journalistic Conduct of the Press Council of India under the Press Council Act, 1978 applicable to digital media. 

The Code of Ethics is applicable to those entities who are operating within the territory of India and such entity conducts the systematic business activity of making its content available in India, which is targeted at Indian users. The code of ethics will cover the following entities:

• 1. Publishers of news and current affairs content; 

• intermediaries which primarily enable the transmission of news and current affairs content; 

• 2. Publishers of online curated content.

• intermediaries which primarily enable the transmission of online curated content.

Monthly compliance report

The rules require the concerned body/entity to publish a monthly compliance reportmentioning the details of complaints received and action taken on the complaints as well as details of contents removed proactively by the significant social media intermediary.

Such entities should not publish content which affects the sovereignty and integrity of India, jeopardises security of State or which is detrimental to India’s friendly relations with foreign countries. Further, online content should be classified based on the nature of the content 'U', 'UA', 'A' etc

They should also take into consideration India’s multi-racial and multi-religious context and exercise due caution and discretion when featuring the activities, beliefs, practices, or views of any racial or religious group.

A three tier structure has been notified to address the grievances made by various users. 

(a) Level I - Self-regulation by the applicable entity; 

(b) Level II — Self-regulation by the self-regulating bodies of the applicable entities 

(c) Level III - Oversight mechanism by the Central Government.

Establishment of "Grievance Portal"

It has been laid down that the concerned Ministry shall establish an online Grievance Portal, as the central repository for receiving and processing all grievances from the public in respect of the Code of Ethics, within three months of the commencement of the rules.

• If a person is having a grievance against any 'content published by an applicable entity'then the same may register its grievance on the Grievance Portal.

• The Portal shall generate and issue an acknowledgement of the grievance a the benefit of the complainant within 24 hours of its registration, and electronically direct the grievance to the applicable entity for addressing the grievance, and also refer such grievance to the Ministry and the self-regulating body for information and record.

Mandatory Notification by the Significant publishers and 'content' creators 

It has been stated that it shall be mandatory for 'significant publisher' of news and current affairs content to notify the Broadcast Seva that - it is operating in the territory of India, by furnishing the information that may be required on the Broadcast Seva by the Ministry, for the purpose of enabling communication and coordination with such publisher. 

The explanation reads that - for the purposes of this rule, a publisher of news and current affairs content shall be a significant publisher of news and current affairs content if it: 

(a) publishes news and current affairs content as a systematic business activity. 

(b) operates in the territory of India.

(c) has not less than five lakh subscribers, or fifty lakh followers on the services of any significant social media intermediary, as the case may be.

"Publisher/entities shall take into consideration India’s multi-racial and multi-religious context and exercise due caution and discretion when featuring the activities, beliefs, practices, or views of any racial or religious group.” reads out the general principles of the code of conduct 

Self-Classification of Content

The rules state that the OTT platforms, which have been regulating their content through various, would be self-classifying the content into five age based categories- U (Universal), U/A 7+, U/A 13+, U/A 16+, and A (Adult). The concerned online platforms would be required to implement parental locks for content classified as U/A 13+ or higher, and reliable age verification mechanisms for content classified as “A”.

My Views :

Government has played a carrot and stick, while adamant social media gets the stick as it gets in other countries too, OTT platforms and Online news gets the carrot of self regulation. Now, within 3 months, WhatsApp has too ready their software to pinpoint originator of message so fake news peddler’s will be behind the bars quickly . Now US IT behemoths like Google and Facebook need to appoint compliance officers responsible towards Indian law and enforcement and these officers can face jail like the impending Amazon Prime lady with any Anticipatory bail for tandav Web-series. I think next now we can wait for media bargaining code like the one in EU, UK and Australia . Indian cyberspace is now governed cyberspace moving an inch towards Internet Balkanisation, which remains inevitable .

When IT Act, 2000 is applied, IPC cannot be applied by Police in the FIR

IT Act is a Special Act: case laws By Advocate (Dr.) Prashant Mali
Sharat Babu Digumarti Vs. Govt. of NCT of Delhi. 
MANU/SC/1592/2016. 
Gagan Harsh Sharma and Ors. Vs. The State of Maharashtra and Ors. MANU/MH/3012/2018.
Ajay Murlidhar Batheja Vs. The State Of Maharashtra and Ors. MANU/MH/  /2018.

Special Law:  A law that applies to a place or especially to a particular member or members of a class of persons or things in the same situation but not to the entire class and that is unconstitutional if the classification made is arbitrary or without a reasonable or legitimate justification or basis 1.

The Indian Parliament enacted in the Fifty-First Year of the Republic of India, an act called the Information Technology Act, 2000. This act is based on the resolution A/RES/51/162 adopted by the General Assembly of the United Nations on the 30^TH January 1997 regarding the model law on the electronic commerce earlier adopted by the United Nations Commission on International Trade Law (UNCITAL) in its twenty-ninth session.

The Act is here to protect and provide certain means of redressal even to the owner of a single computer, computer system or computer network located in India which has been violated by any person. The act is the first step to give necessary confidence and protection to the said owner.

The said Act is a special act as it is said section 81 of the act which reads as follows :

Act to have overriding effect.-“The provisions of this Act shall have effect notwithstanding anything inconsistent therewith contained in any other law for the time being in force. Provided that nothing contained in this act shall restrict any person from exercising any right conferred under the Copy Right Act, 1957 or the Patents Act , 1970(39 of 1970)”.

In the case of Sharat Babu Digumarti v Government (NCT of Delhi) [(2017) 2 SCC 18]  the accused were charged with offences under Section 67 of the IT Act

and Section 292 of the IPC. The question before the Supreme Court was whether the accused who was discharged under Section 67 of the IT Act could be prosecuted under Section 292 of IPC. Placing reliance on non-obstante provisions under Section 81 of the IT Act and Section 67A and 67B, it was held that charge under Section 292 could not survive. The decision was on the basis that Sections 67, 67A and 67B was a complete code regarding offence concerning publishing and transmitting obscene material in electronic form and non-obstante provision under Section 81 makes IT Act a special law that will prevail over the general law, IPC.

On 26 October 2018, a two-judge bench of the Bombay High Court vide its judgment in Gagan Harsh Sharma And Anr vs The State Of Maharashtra And Anr on 26 October, 2018 (Criminal Writ Petition No 4361 of 2018) held that when the offence is sufficiently covered under the provisions of the Information Technology Act, 2000 (IT Act), the IT Act will apply as lex specialis to the exclusion of the Indian penal code, 1860 (IPC). The Bombay High Court vide its judgment quashed and set aside the First Information Report (FIR) insofar as the investigation into the offences punishable under the IPC were concerned, on the basis that the ingredients of offences alleged under IPC were the same as compared to the ingredients of the offences alleged to have been committed under IT Act.

I Got this Bail in the sessions court. Police often apply IPC Section 379 in data theft cases along with Section 43 & 66 of the IT Act,2000 .

I argued along with above case laws for non-applicability of IPC S379 which was only added by police to make the offense Non-Bailable, special Act i.e IT Act,2000 when applied IPC sections do not apply. Court has accepted my argument on the merits of Law and granted the Bail

Bail Order of sessions court  - Download Link

In the case of Ajay Murlidhar Batheja vs The State Of Maharashtra And Anr on 26 October 2018 (CRIMINAL APPLICATION NO.1217 OF 2018) the Bombay high court held “We are therefore not inclined to quash the said FIR as far as the offences under the Information Technology Act are concerned, however, we hold that the invocation and application of the provisions of the Indian Penal Code and specifically, Section 420, is not sustainable in light of the judgment Sharat Babu Digumarti v/s. Government (NCT of Delhi) (Supra)”.

Thus we can see that the provisions of this Act will prevail notwithstanding anything inconsistent therewith contained in any other law for the time being in force.

Nevertheless, by virtue of new proviso the scope of the overriding effect shall not restrict any person from exercising any right conferred in Copy Rights Act,1957 or the Patents Act,1970. The idea behind the new proviso is to protect the rights of intellectual property rights holder under the Copyright At or the Patents Act.

Conclusion:

It is often found that police in cybercrime matters to make the offence nonbailable will add 379 or 420 or 408 of the Indian Penal Code. The above case laws clearly indicate that when sections of the IT Act,2000 are applied sections from the general law namely IPC should not be added.

By Advocate (Dr.) Prashant Mali [MSc (Computer. Sci.) LLB, LLM, Ph.D. in Cyber Law]

Mobile: +919821763157

Email: cyberlawconsulting@gmail.com

Twitter: @AdvPrashantMali

References :

1. “Special law.” The Merriam-Webster.com Legal Dictionary, Merriam-Webster Inc., https://www.merriam-webster.com/legal/special%20law. Accessed 14 January 2020.

Petya Ransomeware Attack : What to Do immediately

Petya/Petwrap ransomware

What is Petya Ransomeware do?

Ans: 

Ransomware, Petya does not encrypt files on a targeted system one by one.

Instead, Petya reboots victims computers and encrypts the hard drive's master file table (MFT) and rendering the master boot record (MBR) inoperable, restricting access to the full system by seizing information about file names, sizes, and location on the physical disk.

Petya replaces the computer's MBR with its own malicious code that displays the ransom note and leaves computers unable to boot.

Why it spreads fast?

Ans : Petya ransomware successful in spreading because it combines both a client-side attack (CVE-2017-0199) and a network based threat (MS17-010)

So patch both first!

Affected countries: UK, Ukraine, India, the Netherlands, Spain, Denmark, and others

Behavior:

Encrypts MFT (Master File Tree) tables for NTFS partitions and overwrites the MBR (Master Boot Record) with a custom bootloader that shows a ransom note and prevents victims from booting their computer.

Actions to be taken:

1. Block source E-mail address

wowsmith123456@posteo.net

2. Block domains:

http://mischapuk6hyrn72.onion/

http://petya3jxfp2f7g3i.onion/

http://petya3sen7dyko2n.onion/

http://mischa5xyix2mrhd.onion/MZ2MMJ

http://mischapuk6hyrn72.onion/MZ2MMJ

http://petya3jxfp2f7g3i.onion/MZ2MMJ

http://petya3sen7dyko2n.onion/MZ2MMJ

3. Block IPs:

95.141.115.108

185.165.29.78

84.200.16.242

111.90.139.247

4. Apply patches:

Refer(in Russian): https://habrahabr.ru/post/331762/

5. Disable SMBv1

6. Update Anti-Virus hashes

a809a63bc5e31670ff117d838522dec433f74bee

bec678164cedea578a7aff4589018fa41551c27f

d5bf3f100e7dbcc434d7c58ebf64052329a60fc2

aba7aa41057c8a6b184ba5776c20f7e8fc97c657

0ff07caedad54c9b65e5873ac2d81b3126754aac

51eafbb626103765d3aedfd098b94d0e77de1196

078de2dc59ce59f503c63bd61f1ef8353dc7cf5f

7ca37b86f4acc702f108449c391dd2485b5ca18c

2bc182f04b935c7e358ed9c9e6df09ae6af47168

1b83c00143a1bb2bf16b46c01f36d53fb66f82b5

82920a2ad0138a2a8efc744ae5849c6dde6b435d

myguy.xls EE29B9C01318A1E23836B949942DB14D4811246FDAE2F41DF9F0DCD922C63BC6

BCA9D6.exe 17DACEDB6F0379A65160D73C0AE3AA1F03465AE75CB6AE754C7DCB3017AF1FBD

As of a Kill-switch can be used for #Petya Ransomware. 

i.e. Just create a file "C:\Windows\perfc"

Does this affect you?* 

Though this attack is largely targeting companies, it's important you stay vigilant and take following precautionary measures.

- Always make sure your anti-virus is up-to-date to maximize the protection available to you.

- Don't click too quickly. This attack may be spreading through phishing or spam emails, so make sure you check an email's content for legitimacy. Hover over a link and see if it's going to a reliable URL. Or, if you're unsure about an email's content or the source it came from, do a quick search and look for other instances of this campaign, and what those instances could tell you about the email's legitimacy.

- Do a complete back up. Back up all your PCs immediately. If your machine becomes infected with Petya ransomware, your data could become completely inaccessible. Make sure you cover all your bases and have your data stored on an external hard drive or elsewhere.

- Apply system and application updates.Making sure your operating system is up to date will help contain the spread of this malware.

In Cyber Crime Matters How to SERVE SUMMONS TO PARTY RESIDING ABROAD

Cybercrime :
HOW TO SERVE SUMMONS, PROCESS, WARRANT TO PARTY RESIDING ABROAD-

Comprehensive guidelines referred to in Letter No. 55019/17/2017-Legal Cell, dated ______ of Internal security Division, Ministry of Home Affairs regarding service of summons/notices/judicial process on persons residing abroad. --

1. Section 105 of Criminal Procedure Code (CrPC) speaks of reciprocal arrangements to be made by Central Government with the Foreign Governments with regard to the service of summons / warrants / judicial processes. The Ministry of Home Affairs has entered into Mutual Legal Assistance treaty/Agreements with 22 countries which provide for serving of documents. These countries are Switzerland, Turkey, United Kingdom, Canada, Kazakhastan, United Arab Emirates, Russia, Uzbekistan, Tajikistan, Ukraine, Mongolia, Thailand, France, Bahrain, South Korea, United States of America, Singapore, South Africa, Mauritius, Belarus, Spain and Kuwait. In other cases the ministry makes a request on the basis of assurance of reciprocity to the concerned foreign government through the mission / Embassy. The difference between the two categories of the countries is that the country having MLAT has obligation to consider serving the documents whereas the non-MLAT countries does not have any obligation to consider such a request.Summons/notices/judicial processes issued by the Indian Courts.

2. The summons/warrants/judicial processes received by MHA are forwarded to the concerned Indian Missions/Embassies which in turn, takes up the matter with the designated authority in that country. In case of MLAT countries, the manner of communication is as laid down in MLAT and can be either directly between MHA and the Central Authority or can be through the diplomatic channel. The designated authority after considering the request directs its agency to serve the document on the concerned person and the report of the service, if any is also received through the same chain. This is broadly the system in majority of the countries. However, in some countries private companies/NGOs have also been entrusted with the service of judicial papers.

3. Based on the experience gained, some guidelines are given below which may be followed while making a request to MHA for service of judicial processes. It may, however, be noted that it is the discretion of the requested country to serve the documents and any time frame for a positive response cannot be predicted.

a) All requests for service of summons / notices / judicial processes on persons residing abroad shall be addressed to the Under Secretary(Legal), IS-II Division, Ministry of Home Affairs, 9th Floor, Lok Nayak Bhawan, New Delhi- 110003. 
All requests shall be forwarded through post only with a covering letter from the  Court official giving the following information: 
a) Material facts of the criminal matter including purpose of the request and the nature of the assistance sought. 
b) The offences alleged to have been committed, a copy of the applicable laws and maximum penalties for these offence. 
c) Name, designation, telephone and fax number of the person/officer who will be able to give any clarification, if required. 
d) The complete address of the issuing authority to which the judicial papers/service reports may be returned. 
e) Approval of the competent authority to bear any expenditure, which they be charged by the foreign government/agency for the service of the documents. 
f) Degree of confidentiality required and the reasons therefore(in case of confidentiality requirement). g) Any time limit within which the request should be executed. 
This will be subject to allowance of sufficient margin of time by the requesting agency, as indicated in para 3(iv) of the guidelines b) MHA, on receipt of request, will examine it in view of the provisions of treaty, if exists, with the requested country and as per the provision of CrPC in case of non-treaty country. 
c) MHA requires at least a period of 12 weeks times for service of such notices in the concerned countries. It is, therefore imperative that a date of hearing/appearance may be decided accordingly. 
d) In the case of non English speaking countries, the notices should be accompanied with the certified/authenticated translation(in duplicate) in the official language of the country where the notice is proposed to be served. 
e) Name and address of the individual/organization should be complete in all respect and PO BOX no. and Passport no. will not suffice as address of the individual. 
f) Ministry of Home Affairs responsibility to service the summons is only in Criminal Matters. Hence, summons in Criminal matters only may be sent to the Ministry for service abroad. 
g) MHA does not undertake service of the non-bailable warrants of arrest. The service of non-bailable arrest warrents amounts to the extradition of the individual. 
The request for extradition are based on certain legal procedures contained in applicable treaties negotiated on the basis of the International Principle of Extradition. 
Such requests are to be forwarded to the Ministry of External Affairs, CPV Division, Patiala House Annexe, Tilak Marg, New Delhi – 110001."

Online impersonation and Sending bomb hoax email - Section 66D Cybercrime

Section 66(D) Cyber Crime - THE MYSTERY BEHIND HOAX MAIL SOLVED –ONE HELD

                         On 20-04-2017, the sleuths of Commissioner’s Task Force, West Zone team with the assistance of S.R Nagar police, on credible information made sustained efforts and solved the mystery behind hoax mail which was generated from Hyderabad.

  Details of apprehended Accused :-

Motaparthi Vamshi Krishna @ vamshi chowdary S/o. M.A.sV. Prasad, age. 32 yrs, Occ. Transport agent  R/o. Flat no.G-1, TP Sanjana  Amrutha Residency, Miyapur, R.R.Dist, N/o.  Dendullur (village & Mandal), West Godavari Dist, A.P.

 Brief facts

On 15-04-2017 at 1647 hours commissioner of police,Mumbai received a mail from a mail ID ununn0801@gmail.com  claimed to be woman in the email and stated that she overheard six men chating in a hotel and stating that all 23 people have to split from here and board flights in three cities i.e Hyderabad, Chennai and Mumbai to hijack planes at a time tomorrow. 

On the tip of Mumbai Police alerted and sent the information to the concerned Airport Security agencies about a gang planning to hijack flights from three Airports.

  Basing on the information CISF pressed into service and quick reaction commando teams under taken sanitisation drill at Airport and Airlines have been asked to remain extra vigilant. Extra care has been given to passenger checks, baggage scanning, pre embarkation checks and started special patrols to thwart any bid to storm the Airport.    

As a mail generated from Hyderabad, considering the seriousness and sensitivity of the issue, the Commissioner of Police, Hyderabad instructed the Task Force team to   check the veracity of the mail. 

During the enquiry traced the IP address and found it is a net cafe at Madhura Nagar, S.R.Nagar styled as “E netzone” and enquired with the owner of net cafe and found the register of the visitors and filtered eight persons at the time of generating mail. Since the net cafe did not have CCTV footages and there were no proper records maintained at net cafe centre, The Task Force Police made sustained efforts based on the available of CC footage nearby net cafe and lead to the identification of   accused by name Vamsi Krishna.

During the interrogation the accused revealed that he used to chat with his girlfriend who stays at Chennai. Few days back she proposed a trip to Mumbai & Goa. As he is facing financial problems, he unable to bare expanses for their tour,  he requested her to withdraw the trip proposal, but she denied his request, forced him to go to trip to Mumbai & Goa.   In this process to cancel the trip, he hatched a plan to make her believe that flights have been cancelled because of High Alert at airports.

                            In this connection he created a fake flight booking Ticket on her name dt. 16-04-2017 from Chennai to Mumbai, sent the fake ticket to his girl friend through his mail Id my3softcreations@gmail.com to her mail id on 15-04-2017 to believe her.  If she knows about the fake ticket, she will avoid him.  On that he went to one internet centre styled as “E Net zone” at Madhura Nagar, SR.Nagar on 15-04-2017 at about 1600 hrs. In this net zone he created a fake mail id “ununn0801@gamil.com”  and secured the Mail Ids of Mumbai police commissioner and others and prepared fake message as ‘’hi sir am female here am doing this mail frim Hyderabad as i don’t want to revel my details couse am a female and scared of issues, and mailing u this couse in the after noon around 2pm while having lunch there were 6 guys talking those guys are musclims, they were talking abt plane hijack tommarrow in Hyderabad chennai and Mumbai airport they were talking very slowly but unfortunately i heard few conversations abt this, they were saying all us 23 people have to split from here and have to board flights in 3 cities and hijack them at a time. They spoke some other things also but i couls not hear them as i heard only these few sentences from them, i dont know do am i doing correct or not and they are true or not but heard this so kindly go through this and as i informed this as a duty and a citizen of india and pls dont make me to get into issues’’

On further questioning he revealed that   previously he  was involved in two cases Cr.No. 411/2010, U/s. 420, 458,506 R/w. 34 IPC of S.R.Nagar PS & Cr.No. 32/2013, U/s. 66(D) of ITA Act-2008 & 420 IPC of CCS, Cyber crimes.

The apprehended accused along with seized material being handover to SHO, S.R.Nagar PS for taking further action under 66D of IT act and sec 419, 182 IPC.

New age Cyber Crimes : 2016

New Age Cyber Crimes : 2016

New trends in cybercrime are emerging all the time, with estimated costs to the global economy running to billions of dollars.

In the past, cybercrime was committed mainly by individuals or small groups. Today, we are seeing highly complex cybercriminal networks bring together individuals from across the globe in real time to commit crimes on an unprecedented scale.

Criminal organizations turning increasingly to the Internet to facilitate their activities and maximize their profit in the shortest time. The crimes themselves are not necessarily new – such as theft, fraud, illegal gambling, sale of fake medicines – but they are evolving in line with the opportunities presented online and therefore becoming more widespread and damaging.

Identity theft

Identity theft and fraud is one of the most common types of cybercrime. The term Identity Theft is used, when a person purports to be some other person, with a view to creating a fraud for financial gains. When this is done online on the Internet, its is called Online Identity Theft. The most common source to steal identity information of others, are data breaches affecting government or federal websites. It can be data breaches of private websites too, that contain important information such as – credit card information, address, email ID’s, etc.

Ransomware

Ransomware enters your computer network and encrypts your files using public-key encryption, and unlike other malware this encryption key remains on the cyber criminals server. Attacked users are then asked to pay huge ransoms to receive this private key via Bit Coins.

DDoS attacks

DDoS attacks are used to make an online service unavailable and bring it down, by bombarding or overwhelming it with traffic from multiple locations and sources. Large networks of infected computers, called Botnets are developed by planting malware on the victim computers. The idea is normally to draw attention to the DDOS attack, and allow the hacker to hack into a system. Extortion and blackmail could be the other motivations.

Botnets

Botnets are networks of compromised computers, controlled by remote attackers in order to perform such illicit tasks as sending spam or attacking other computers.  Computer Bots can also be used act like malware and carry out malicious tasks. Then can be used to assemble a network of computers and then compromise them.

Up to now, most botnets have been assembled by constantly roaming the internet probing for PCs that are unprotected. When a vulnerable machine is discovered, it is infected with malware that lies there undetected, awaiting the command to start pinging the site that has been chosen for an attack. For the more sophisticated cybercriminal, though, this way of doing things is beginning to look obsolete. The PC market has peaked, so zombie machines will become rarer and existing PCs tend to be better managed and protected from intrusion than they used to be. We are getting to the point, in other words, where PC-based botnets are soyesterday.

So where is the smart online criminal going to go next? Obligingly, the tech industry has provided him with the capability to assemble even bigger botnets with much less effort. The new magic ingredient is the IOT internet of things – small, networked devices that are wide open to penetration. The attacks will come from large numbers of enslaved devices – routers, cameras, networked TVs and the like. 

Spam and Phishing

Spamming and phishing are two very common forms of cybercrimes. There is not much you can do to control them. Spam is basically unwanted emails and messages. They use Spambots.  Phishing is a method where cyber criminals offer a bait so that you take it and give out the information they want. The bait can be in form of a business proposal, announcement of a lottery to which you never subscribed, and anything that promises you money for nothing or a small favor. There are online loans companies too, making claims that you can get insecure loans irrespective of your location. Doing business with such claims, you are sure to suffer both financially and mentally. 

Phishing has its variants too – notably among them are Tabnapping, Tabjacking, Vishing & Smishing.   Such spamming and phishing attempts are mostly emails sent by random people whom you did not ever hear of. You should stay away from any such offers especially when you feel that the offer is too good. Do not get into any kind of agreements that promise something too good to be true. In most cases, they are fake offers aiming to get your information and to get your money directly or indirectly.

Social Engineering

Social engineering is a method where the cyber criminals make a direct contact with you using emails or phones – mostly the latter. They try to gain your confidence and once they succeed at it, they get the information they need. This information can be about you, your money, your company where you work or anything that can be of interest to the cyber criminals.

It is easy to find out basic information about people from the Internet. Using this information as the base, the cyber criminals try to befriend you and once they succeed, they will disappear, leaving you prone to different financial injuries directly and indirectly. They can sell the information obtained by you or use it to secure things like loans in your name. The latter case is of Identity theft. You should be very careful when dealing with strangers – both on phone and on the Internet.

Malvertising

Malvertising is a method whereby users download malicious code by simply clicking at some advertisement on any website that is infected. In most cases, the websites are innocent. It is the cyber criminals who insert malicious advertisements on the websites without the knowledge of the latter. It is the work of advert companies to check out if an advertisement is malicious but given the number of advertisements they have to deal with, the malverts easily pass off as genuine ads.

In other cases, the cyber criminals show clean ads for a period of time and then replace it with malverts so that the websites and advertisements do not suspect. They display the malverts for a while and remove it from the site after meeting their targets. All this is so fast that the website does not even know they were used as a tool for cybercrime. Malvertising is one of the fastest, increasing types of cybercrime.

PUPs

PUPs, commonly known as  Potentially Unwanted Programs are less harmful but more annoying malware. It installs unwanted software in your system including search agents and toolbars. They include spyware, adware, as well as dialers. Bitcoin miner was one of the most commonly noticed PUPs in 2013.

Drive-By-Downloads

Drive By Downloads too, come close to malvertising. You visit a website and it triggers a download of malicious code to your computer. These computers are then used to aggregate data and to manipulate other computers as well.

The websites may or may not know that they have been compromised. Mostly, the cyber criminals use vulnerable software such as Java and Adobe Flash and Microsoft Silverlight to inject malicious codes as soon as a browser visits the infected website. The user does not even know that there is a download in progress.

Remote Administration Tools

Remote Administration Tools are used to carry out illegal activities. It can be used to control the computer using shell commands, steal files/data, send location of the computer to a remote controlling device and more.

Exploit Kits

A vulnerability means some problem in the coding of a software that enables cyber criminals to gain control of your computer. There are ready to use tools (exploit kits) in the Internet market which people can buy and use it against you. These exploit kits are upgraded just like normal software. Only difference is these are illegal. They are available mostly in hacking forums as well as on the Darknet.

Scams

Notable among Internet scams are (IRS Scams, Insurance Scams, Matrimonial website scams, Techsupport Scams), scams which misuse the Microsoft name and other general tech support scams. Scamsters phone computer users randomly and offer to fix their computer for a fee. Every single day, scores of innocent people are trapped by scam artists into Online Tech Support Scams and forced to shell out hundreds of dollars for non-existent computer problems. 

People should note that employees involved in call centre scams are prosecutable under Section 66(C) & (D) of The IT Act,2000 as well sections of IPC involving Extortion and Cheating are also applied which are non-bailable offences, currently employees working in Mira Road IRS call centre Scam fraud are in jail without bail from last 15 days.