Saturday, October 14, 2017

Netflix Phishing




Uncovered by PhishMe, this phishing attack starts with a Netflix branded email asking users to update their account details and has a link to direct them to a spoofed landing page asking for their email address and password. Once that has been entered the page then directs them to another page asking for them to update their credit card details, all while looking like a genuine Netflix page.
These scammers are specifically targeting busy corporates and consumers. The scammer succeeds most of the time targeting corporate email accounts, as large number of people generally tend to use their corporate email accounts for consumer activities. Furthermore, the scammer hopes that you reuse the same password for your personal email account or, if the scammer is very lucky, for your work email account. 
Password re-use is a very simple mistake many people make, and by giving up one account detail, the user has fallen into the trap. As instructed by many Cyber Security Experts around the globe time and again, to have a separate password for each type of account access and use a secure password vault to store those passwords to retrieve when required, but unfortunately this practice is rarely followed by large number of people. 
-Adv. Rajas Pingle, Cyber Law Expert, Netlawgic Legal Services LLP.
- info@netlawgic.com
- www.netlawgic.com
- http://rajaspingle.blogspot.in/

Tuesday, September 15, 2015

Change of Bank details fraud


-Adv. Rajas Pingle, Cyber Law Expert, Netlawgic Legal Services LLP.
Although not new in other countries, the “change of bank details” scam has taken Indian Companies by a storm, where large amount money is getting siphoned off from their respective bank accounts.

Modus Operandi 

The Fraudsters will hack into the email accounts of the targeted Companies and learn about the business transactions between Company A (the seller, the consignor) and Company B (the buyer, the paying company).  Later, fraudsters, impersonating to be Company A, will send fictitious emails (which are very similar to genuine emails) to Company B, claiming that the payment receiving bank account number have changed, and requesting Company B to credit the amount payable to the designated bank account (Fraudster's bank account). Once the money is transferred to the fraudster's bank account, it will be further routed to different bank accounts or will be withdrawn within very short span of time.
The Police investigation shows that its very difficult to pinpoint these fraudsters as they use advanced techniques to hide their 'Internet Protocol' addresses.

To avoid being the next victim, here are some simple precautions.

1) Get the landline numbers of the Supplier's office (even Skype accounts can be hacked) and get in touch with the respective senior management/employees of the Supplier Company.
2) Ask each supplier for their bank accounts in advance and if at all theres a change in the bank account, confirm the same over landline/phone.
3) Email accounts can be hacked we have already established that, for an extra level of safety: have invoices faxed to you, and check whether the sending fax number belongs to the Supplier’s Company.
4)A small amount of wire transfer can be done to check the authenticity of the Supplier's bank account.
5) Watch out for the give aways:
  • Often the letter will include the invitation “in order to confirm this instruction, please call me on my direct dial number xxx” – this will be an unconnected rented line or accommodation office managed by the fraudsters;
  • Similarly beware of supposedly confirmatory emails from almost identical email addresses, eg .com instead of .co.in, or, abcd@xyz1.com instead of abcd@xyz.com which has been set up by the fraudster for that purpose;
  • Does the letter or email contain any errors? – often many typos can be found.
6) The most important thing to do would be, to educate employees/staff in your Company/Organisation by inviting industry experts for trainings/informative sessions on 'Cyber Crimes & Information Technology Law' 
Disclaimer: This does not constitute a legal opinion and would not create Attorney-Client relationship. This article is only for information and awareness purpose and merely a possible interpretation of the law.
Picture - http://siliconangle.com/blog/2015/08/10/ubiquiti-networks-falls-victim-to-46-7m-email-scam/

Monday, January 19, 2015

Power to Adjudicate vis-à-vis Compensation Suits



-Adv. Rajas Pingle, Cyber Law Expert, Netlawgic Legal Services LLP.
- http://rajaspingle.blogspot.in/

Introduction

Keeping in mind the ever increasing amount Cyber Crimes in the country and the over burdened Courts to decide the cases relating to loss of a party, Legislators introduced Section 46 in Information Technology Act, 2000 which specifically empowers the IT Secretary (Adjudicating Officer) of a respective state to hear and decide compensation suits for which the amount does not exceed Rs. 5 Crore. Furthermore the Adjudicating Officer has been empowered with certain powers of Civil Court.

When can a victim file a complaint before Adjudicating Officer?

A person who is affected by the following acts of a perpetrator can file a complaint before Adjudicating Officer mainly under Section 43 and 43A of the Information Technology Act, 2000.
Section 43: If any person without permission of the owner or any other person who is in-charge of a computer, computer system or computer network -
(a) accesses or secures access to such computer;
(b) downloads, copies or extracts any data, computer data base or information from such computer, including information or data held or stored in any removable storage medium;
(c) introduces or causes to be introduced any computer contaminant or computer virus into any computer;
(d) damages or causes to be damaged any computer
(e) disrupts or causes disruption of any computer
(f) denies or causes the denial of access to any person authorized to access any computer
(g) provides any assistance to any person to facilitate access to a computer,
(h) charges the services availed of by a person to the account of another person by tampering with or manipulating any computer
(i) destroys, deletes or alters any information residing in a computer resource
(j) Steals, conceals, destroys or alters or causes any person to steal, conceal, destroy or alter any computer source code.
Compensation limit - As per the loss
Section 43A:
Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation, to the person so affected
Compensation limit - As per the loss

Duration of the Proceedings

According to the Information Technology (Qualification and Experience of Adjudicating Officers and Manner of Holding Enquiry) Rules, 2003, Rule 4(k) clearly states that, as far as possible, every application shall be heard and decided in four months and the whole matter in six months.
How is the Quantum of Compensation decided?
The following factors are taken into the consideration while adjudicating the matter;(a) the amount of gain of unfair advantage, wherever quantifiable, made as a result of the default;
(b) the amount of loss caused to any person as a result of the default;
(c) the repetitive nature of the default.

To sum up the article, people who have been affected by the instances like,

  • Unauthorised Copying of Data/Data Theft;
  • Credit/Debit Card fraud;
  • Net Banking Fraud;
  • Damage to the Computer;
  • Body Corporate negligent in protecting your sensitive personal information;
  • Denial of access to the Computer (Mobile phone, tablet, Laptop etc..) and so forth..
can approach the Adjudicating Officer which is the IT Secretary of every state.
Disclaimer: This does not constitute a legal opinion and would not create Attorney-Client relationship. This article is only for information and awareness purpose and merely a possible interpretation of the law.
Image - http://searchbuzz.co/wp-content/uploads/2012/05/ehh-630-gavel-keyboard-law-istock-630w.jpeg
Image Copyrights are with the Owner.

Wednesday, November 5, 2014

Cyber Pornography

Cyber Pornography

Adv. Rajas C. Pingle




This post has been divided into following parts:

  • Current Scenario in India & in other Developed Countries;
  • Advantages & Disadvantages of Pornography;
  • Practicality of banning Cyber Pornography in India & Role of an Intermediary;
  • Necessary amendments to Information Technology Act, 2000 for better Regulation, prosecution and conviction as far as Cyber Pornography Offences are concerned
  • Educating the Police on Cyber Pornography Offences for quality investigation and Problems & Solutions while Investigating the Cyber Pornography Offences; And
  • Awareness campaigns for educating Parents on Parental Control in curbing Cyber Pornography

Current Scenario in India & other Countries

In India Information Technology Act, 2000 deals with the issue of Cyber Pornography. Under the Act storing or private viewing of pornography is legal as it does not specifically restricts it. On the other hand transmitting or publishing the pornographic material is illegal, following are some sections of Information Technology Act, 2000 which prohibit cyber pornography with certain exceptions to Section 67 & 67A;

“Section 66A of the Information Technology Act, 2000 prohibits sending of offensive messages through communication service”

“Section 66E of the Information Technology Act, 2000 prohibits capturing, transmitting or publishing the image of a private area of a person without consent”

“Section 67 of the Information Technology Act, 2000 specifically prohibits, transmission or publication of obscene material in electronic form”  

“Section 67A of the Information Technology Act, 2000 prohibits transmission or publication of material containing sexually explicit act in electronic form”

“Section 67B of the Information Technology Act, 2000 prohibits storying, private viewing, transmission or publication of material containing child pornography in electronic form”.

Exception: Section 67 and section 67A does not extend to any book, pamphlet, paper, writing, drawing, painting, representation or figure in electronic form- 

(i)  the publication of which is proved to be justified as being for the public good on the ground that such book, pamphlet, paper, writing, drawing, painting, representation or figure is in the interest of science, literature, art, or learning or other objects of general concern; or
(ii)  which is kept or used bona fide for religious purposes.
As far as the above sections relating to Cyber Pornography are concerned, Section 67A and 67B are the only sections which are non-bailable as per Section 77B of the Act, whereas others are bailable. 

We also have Section 69A of the Information Technology Act, 2000 where Central Government or its officer appointed can issue directions to other Government Agencies and Intermediaries to block such information for public access if it is necessary or expedient so to do in the interest of sovereignty and integrity of India, defence of India, security of the State, friendly relations with foreign states or public order or for preventing incitement to the commission of any cognizable offence relating to above, now considering the topic of Cyber Pornography although blocking of Cyber Pornography is not explicitly mentioned in this section but it could be implied  the term Public Order in the above mentioned section would mean ‘Maintenance of Law’. Hence an inference can be drawn that Cyber Pornography can be blocked under the said provision.

On perusal of the above mentioned sections one could see there is a clear contradiction between Section 66E of the Information Technology Act, 2000 and other Pornography related sections as Section 66E prohibits capturing, transmitting or publishing the image of a private area of a person ‘without consent’ but the question arises here, is it allowed with consent?, whereas Section 67 and Section 67A of the Information Technology Act, 2000 prohibits the transmission and publication of obscene and sexually explicit material. 

In United States of America with the exception of child pornography, the legal status of accessing Internet pornography is still somewhat unsettled, though many individual states have indicated that the creation and distribution of adult films and photography are legally termed as an act of prostitution.

As of now in America Cyber Pornography is regulated and for the same the traditional method mentioned in the Landmark Judgement of Miller Vs State of California is used along with other legislations. The legality of pornography is determined by the Miller test, the test dictates that the opinion of the local community on a specific pornographic piece is most important in determining its legality. Thus, if a local community determines a pornographic work to meet its standard for obscenity then it is more likely to be banned. This means that a pornographic magazine that might be legal in California could be illegal in Alabama. This standard on pornographic legality is extremely difficult to uphold for the internet given that the internet contains ubiquitous amounts of pornography. It has been argued that if the Miller test were applied to the Internet then, in effect, the community standards for the most conservative community would become the standard for all U.S. based Web sites. The courts are currently examining this issue. 

In United kingdom, the possession of pornographic images for private use has never been an offence, however the sale or distribution of hardcore pornography through any channel was prohibited until the rules were relaxed in 2002. The UK citizens were always able to access pornography without breaking any laws except child pornography. 

In UK, pornography has been divided into three parts, softcore pornography, hardcore pornography and extreme pornography. Extreme pornography is illegal to even possess as on January 2009 and carries a three year imprisonment. Criminal Justice & Immigration Act, Sections 63 to 67 of the Act make it an offence to possess pornographic images that depict acts which threaten a person's life; acts which result in or are likely to result in serious injury to a person's anus, breasts or genitals; bestiality; or necrophilia. They also provide for the exclusion of classified films etc. and set out defences and the penalties for the offence

The UK Government has instructed ISPs to filter legal pornography and other adult subjects "by default". This would mean that anyone who wanted to view websites dealing with these sensitive subjects would have to choose to do so.  

In Australia, government has implemented rating based regulatory framework, criminal legislation in Australia prohibits production, dissemination and consumption of illegal pornography. It is illegal for internet content providers within Australia to 'broadcast' internet pornography classified as MA15+ to R18+ unless such internet pornography is subject to an age verification system or internet pornography which may be classified as X18+ to RC content that is not subject to an Australian Communications and Media Authority (ACMA) infringement notice through exceptions.  

Cyber pornography hosted outside Australia classified by the ACMA under the Classification Board legislation will be blocked if such Cyber pornography is deemed by the AMCA to be refused classification , or 'potentially' refused classification. Refused classification (RC) does include real child abuse internet pornography and bestiality internet pornography. Cyber pornography is prohibited in Australia if it falls within the ‘RC’ or ‘X18+’ classifications or, for content hosted in Australia that is not restricted by an adult verification procedure, if it falls within the ‘R18+’ classification.



Advantages & Disadvantages of Pornography

Advantages - 
  1. Exhaust Value - Pornography can help in relieving sexual tension and can relax human body and mind.
  2. Can be a short cure for long distance relationships - Pornography can be a short cure for long distance relationships, as these people can use the scenes to satisfy natural urges that they would otherwise look to people who use this urge as a tool to take advantage of desperate individuals who are married or in a committed relationship.
  3. Can help in reduction of sexual crimes - There there have been studies that link pornography to crime, there have similar studies that do not link pornography to crime. Therefore, there is no concrete proof of an increase of violence or sexual crimes caused by pornography. It is currently believed that the sexual tension release by watching pornography probably decreases crimes more than it increases crimes. 

Disadvantages -
  1. Unrealistic delusion - There are actors and actresses in the scene, because they display emotions of expectancy and euphoria, this is not necessarily true. This can lead to unrealistic expectations in real life and can end relationships.
  2. May end Marriages - This doesn't really come into a disadvantage, as it really depends upon the mind set of an individual, in some cases, as soon as your husband/wife views porn, chances are you’ll feel disrespected. Some spouses start feeling insecure, actually inadequate because of their partners. This may make a wedge in the marriage but as I said it really depends on the mindset of an individual. 
  3. Minor exploitation - If minors gain access to pornography, they immediately start thinking that this is what should be done and it changes the focus of life. Without proper education pornography can lead to unsocial behaviour causing a generation of confused and misinterpreting young class. The instances of people becoming pedophiles might also increase  
  4. Religion and Beliefs - Not all, but some religions believe that pornography is a type of adultery or unfaithfulness.



Practicality of banning Cyber Pornography & Role of an Intermediary in India

In India, we already have provisions for blocking of Cyber Pornography vide Section 69A and Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules, 2009 of the Information Technology Act, 2000 which lays down the procedure for actually blocking for access of information by public. According to me the procedure mentioned in the rules is a bit lengthy as one needs to write a complaint and send it to the concerned Nodal Officer appointed by the respective organisation and then if the concerned organisation is satisfied about the need to block the information, then only the Nodal Officer of the organisation will forward the same to designated officer appointed by the Central Government in this behalf, instead of going through all these hassles the Central Government can simply create a wing, where the cognisance of these complaints can be taken and acted upon immediately.

The Information Technology Act, 2000 does not provide specific wording for blocking of Cyber Pornography for public access, one has to interpret Section 69A of the Information Technology Act, 2000 in such a way so as to include Cyber Pornography into the definition of ‘Public Order’ to put check on Cyber Pornography, where Courts in India have already interpreted Public Order as ‘Maintenance of Law’.

Where completely removing pornographic websites will not be a feasible idea, as most of these pornographic websites have their servers outside India, in the Countries where Cyber Pornography is loosely regulated or completely legal, however these pornographic websites can either be completely blocked or regulated by new framework for Cyber Pornography altogether. Service providers as Intermediaries play a very important role as far as enforcement of the present law or future regulatory framework is concerned. Section 79 of the Information Technology Act, 2000 exempts liability of an Intermediary in certain scenarios, however as far as Cyber Pornography offences are concerned, Rule 3(4) of Information Technology (Intermediaries guidelines) Rules, 2011 will be applicable; 

“The intermediary, on whose computer system the information is stored or hosted or published, upon obtaining knowledge by itself or been brought to actual knowledge by an affected person in writing or through email signed with electronic signature about any such information as mentioned in sub-rule (2) above, shall act within thirty six hours and where applicable, work with user or owner of such information to disable such information that is in contravention of sub-rule (2). Further the intermediary shall preserve such information and associated records for at least ninety days for investigation purposes”

On the other hand, if at all we consider complete blocking of every pornographic website at ISP level by putting network filters, one of the downsides would be, everything would be blocked even the good literature or the websites including government websites providing sex education and health education as sometimes the filters provided by ISPs would not recognise the difference between violent pornographic website and a website providing education or good literature.   

The other challenge is blocking or taking down the offensive/objectionable content which is there on the website which do not have servers in India, these organisation don't really comply with the Indian Laws, so obviously Law Enforcement Authorities would have to request these organisation to take down the content and these organisation if they deem fit would do so, taking their own sweet time. The solution would be bringing these organisations within the ambit of Indian Laws by compelling them to establish their servers in India.  



Necessary Amendments to Information Technology Act, 2000

As we all know, Information Technology Act was introduced in the year 2000 and it was the first technology legislation in India and in the year 2008 the Act was amended and it turned out to be a Scenario Changer! Also Information Technology Rules, 2011 defined ‘Sensitive Personal Data’ & ‘Reasonable Security Practices’, which are remarkable welcome changes but nevertheless the current Act still lacks in many areas.

The Cyber Pornography Offences are mainly defined in sections,66A 66E, 67, 67A and 67B, as already discussed above. All other Pornography related offences are bailable as per Section 77B of the Information Technology Act, 2000 the only exceptions being Section 67A & section 67B. This is the main reason why the offenders are committing pornography related offences and still have the audacity to repeat it, as they are entitled to bail as of right and not to mention the long trial period. These sections of the Act should be made non-bailable so as to strike fear into the minds of these offenders, this would definitely reduce the crime rate to some extent. 

Section 66A prohibits sending of offensive messages though communication service, but does not define the word ‘offensive’, the same should be clearly defined to avoid the misuse of this section.  

Section 67 which prohibits transmission or publication of obscene material in electronic form desperately needs an amendment as the word ‘Obscene’ is not specifically defined but nevertheless it gives out a partial definition which is, “any material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it” but at the same time the Apex court bench of Justices K.S. Radhakrishnan and A.K. Sikri upheld the appeal in Sportsworld case in 2014 and ruled that a picture or article can be deemed obscene only if it is lascivious, appeals to prurient interests and tends to deprave and corrupt those likely to read, see or hear it.

“A picture of a nude/semi-nude woman… cannot per se be called obscene…. Only those sex-related materials which have a tendency of ‘exciting lustful thoughts’ can be held to be obscene, but the obscenity has to be judged from the point of view of an average person, by applying contemporary community standard(s),” the court said.

“Applying the community tolerance test, we are not prepared to say such a photograph is suggestive of depraved minds and designed to excite sexual passion… which would depend upon the particular posture and background,” 

The Apex Court in this case has applied the same test of Community Standards as mentioned in the case of Miller Vs. State of California, USA. This issue should obviously be examined further for clarity in the section.

There is an obvious contradiction between Section 66E and other pornography related sections, Section 66E prohibits capturing, transmitting or publishing the image of a private area of a person without consent but if it is done with consent then it is allowed, whereas Section 67 and Section 67A of the Information Technology Act, 2000 prohibits the transmission and publication of obscene and sexually explicit material. The words “transmitting or publishing” should be removed by amendment to resolve this issue. 

In India storing or private viewing of pornography is legal as the Information Technology Act, 2000 does not specifically restricts it, according to me Cyber Pornography should be divided into three parts namely Softcore Pornography, Hardcore Pornography and Extreme Pornography, by defining and adding these types it would be easier to regulate and restrict pornography in general. By amending the Cyber Pornography sections Government can include and prohibit even storing or private viewing of Hardcore and Extreme Pornography. 

As per Rule 3(4) of the Information Technology (Intermediaries guidelines) Rules, 2011 the intermediary shall preserve such information and associated records for at least ninety days for investigation purposes. The stipulated period of preserving the information should be increased from ninety days to one hundred and eighty days, so that the Law Enforcement Agencies could obtain the data even at a later stage in cases which are filed after 90 days.


Educating the Police on Cyber Pornography Offences for quality investigation and problems & solutions while investigating the Cyber Pornography Offences.

The first step towards curbing Cyber Pornography is, getting highest conviction rate, the ultimate effect of this would strike fear in the mind of the offender and as per jurisprudence will have deterrent effect on the offender. This will only happen if the evidence gathered by the investigating agencies is appreciated in the Court of Law. Currently the Defence Lawyers are taking advantage of lack of knowledge as far as evidence gathering in Cyber Pornography Offences is concerned. Courses should be organised at the State level by inviting Cyber Experts, this will ensure quality of investigation and evidence gathering in Cyber Offences in general.

While investigating Cyber Pornography Offences, sometimes the necessary information is required from the Intermediary to forward the investigation, but as some of these intermediaries consider themselves outside the ambit of Indian Laws, getting information from is tiresome process. In some cases, even after providing a Court Order to get the necessary information for investigation, some of the intermediaries don’t provide the information. The solution for this is, these intermediaries should be told to install their servers in India to route the internet traffic from India through these servers, this will ensure their liability under Indian Laws and specifically under Information Technology Act, 2000 and would also speed up the investigation process.       



Awareness Campaigns for Educating Parents on Parental Control to curb Cyber Pornography


 It is known fact, that children/minors are most prone to Cyber Pornography as we have entered into twenty first century and everyone has a Computer at their home. Indian Government should start running campaigns for educating parents on parental control, which can be helpful in curbing Cyber Pornography at its grass root level. Parental Control software or Antivirus which has inbuilt Parental Control should be made available by the Government officially, so that it is easily downloaded and subsequently installed on every computer.


Adv. Rajas C Pingle

[Cyber Law & Cyber Security Expert]

Disclaimer: This does not constitute a legal opinion and would not create Attorney-Client relationship. This article is only for information and awareness purpose and merely a possible interpretation of the law.

Website - www.netlawgic.com


Facebook - https://www.facebook.com/pages/Cyber-Crime-Awareness/246665595391183?sk=timeline

Image http://image.yaymicro.com/rz_512x512/3/d78/stop-sign-with-adult-content-warnings-3d78792.jpg

Image copyrights are with the respective owner.