Practical No. 08 ◀◀◀Aim: Using Metasploit and metasploitable for penetration testing.

Cyberlaw section under IT act 2000

43, 65, 66A, 66B, 66C, 66D, 66E, 66F, 67A, 67B, 71, 72, 73 and 74, Penalty and preventive measures to be taken for the crime associated with each case if any and real-life cybercrime cases under each section.

Section 65: Tampering with computer source documents.

Penalty: Imprisonment up to 3 years, or with fine which may extend upto 5 lakh rupees (Rs. 5,00,000), or with both.

Example: In October 1995, Economic Offences Wing of Crime Branch, Mumbai (India), seized over 22,000 counterfeit share certificates of eight reputed companies worth Rs. 34.47 crores. These were allegedly prepared using Desk Top Publishing Systems.

Section 66A: Publishing offensive, false or threatening information.

Penalty: Imprisonment up to three years, or/and with fine up to RS 100,000.

Example: A Puducherry-based businessman Ravi Srinivasan was arrested by local police following a complaint from former finance minister P. Chidambaram’s son, Karti, for posting a tweet, which was critical of him. In his tweet on 20 October 2012, Srinivasan said, “got reports that Karti Chidambaram has amassed more wealth than Vadra”.

Section 66B: Receiving stolen computer or communication device.

Penalty: Imprisonment up to three years, or/and with fine up to RS 100,000.

Example: K.R.Ravi Rathinam vs The Director General Of Police, Writ Petition (MD) No.18210 of 2014 a n d M.P.(MD) Nos.1 and 2 of 2014. A court here has issued summons to film star Rajinikanth and others asking them to appear before it on Tuesday in connection with a suit filed against his film “Linga” on the charge that its storyline had been stolen from another script writer.

Section 66C: Punishment for identity theft.

Penalty: Imprisonment up to three years, or/and with fine up to RS 100,000.

Example: CBI vs Arif Azim, 2003/ Sony Sambandh.com case. In May 2002, someone logged onto the website under the identity of Barbara Campa and ordered a Sony Colour Television set and a cordless headphone. She gave her credit card number for payment and requested that the products be delivered to Arif Azim in Noida. The payment was duly cleared by the credit card agency and the transaction processed. After following the relevant procedures of due diligence and checking, the company delivered the items to Arif Azim.

Section 66D: Cheating using computer resource.

Penalty: Imprisonment up to three years, or/and with fine up to RS 100,000.

Example: Student caught cheating during class X re-exam by use of mobile, 23rd july 2017. A 17-year-old student was caught cheating during class X repeat exam in Thane. A few minutes after the maths part I paper began at 10.30 am, the invigilator noticed the boy taking a picture of the question paper and order to send to a friend for answers, the police said. The student was asked to stop writing and taken aside, the police said. The authorities at the exam centre then called the police. A case under section 66D of the IT Act was registered.

Section 66E: Publishing private images of others.

Penalty: Imprisonment up to three years, or/and with fine up to RS 200,000.

Example: Sai Priya Vs State rep by Inspector of Police, Crl.OP No.14209 of 2016. On the complaint lodged by the petitioner, the respondent police have registered a case in Cr.No.5 of 2016 on 30.03.2016 for an offence u/s 498-A IPC against Sathyanarayana, the husband of the petitioner. It is the grievance of the petitioner that her husband took her to Pondicherry for honeymoon and after forcibly making her to consume liquor had taken photos of her in nude position and is blackmailing her. Even in the complaint given by the petitioner, she has made averments in connection with this allegation and it is supported by a SMS message that is said to have been sent by Satyanarayana, wherein he has stated that “I have nude photos of your daughter”.

Section 66F: Act of cyber terrorism.

Penalty: Imprisonment up to life.

Example: The Mumbai police have registered a case of „cyber terrorism‟, the first in the state since an amendment to the Information Technology Act, where a threat email was sent to the BSE and NSE on Monday. The MRA Marg police and the Cyber Crime Investigation Cell are jointly probing the case. The suspect has been detained in this case. The police said an email challenging the security agencies to prevent a terror attack was sent by one Shahab

Md with an ID sh.itaiyeb125@yahoo.in to BSE‟s administrative email ID corp.relations@bseindia.com at around 10.44 am on Monday. The IP address of the sender has been traced to Patna in Bihar. The ISP is Sify. The email ID was created just four minutes before the email was sent. “The sender had, while creating the new ID, given two mobile numbers in the personal details column. Both the numbers belong to a photo frame-maker in Patna, ‟‟ said an officer.

Section 67A: Publishing images containing sexual acts.

Penalty: Imprisonment up to seven years, or/and with fine up to RS 1,000,000.

Example: The Oshiwara police registered an FIR against Ajay Hatewar for tweeting defamatory statements against chief minister Devendra Fadnavis and posting a picture of the CM enjoying a vacation with his family in 2011-2012.

Section 67B: Publishing child porn or predating children online.

Penalty: Imprisonment up to five years, or/and with fine up to RS 1,000,000 on first conviction. Imprisonment up to seven years, or/and with fine up to RS 1,000,000 on second conviction.

Example: On 25.01.2020 an unknown person had sent whatsapp message `Hi How are u’ and on 26.01.2020 when the daughter of the complainant questioned as to who was he, the person had sent bad messages and made use of the photographs attached to the status in `whatsapp’ and sent obscene photographs connecting photos of the victim and also threatened that if she does not join him for chat he would upload those photographs to face book. In this connection complaint was lodged on 27.01.2020 at 5 P.M. and the case was registered

under Section 67B of The Information Technology Act and later offence under Sections 14 and 15 of POCSO Act were also invoked.

Section 71: Misrepresentation.

Penalty: Imprisonment up to two years, or/and with fine up to RS 100,000.

Example: On 28.6.2018, a complaint was lodged by the Secretary, NTBRS, alleging that the two websites were engaged in the sale of tickets for the 68th Nehru Trophy Boat Race to be held in the year 2018. A crime was promptly registered under Sections 463, 465, 468 of the IPC and Section 71 of the Information Technology Act, 2000. The 1st petitioner was arrested and he was remanded to judicial custody. The wife of the 1st petitioner was later arrayed as the 2nd accused.

Section 72: Breach of confidentiality and piracy.

Penalty: Imprisonment up to two years, or/and with fine up to RS 100,000.

Example: Privacy as a concept involves what privacy entails and how it is to be valued. Privacy as a right involves the extent to which privacy is (and should be legally protected). The law does not determine what privacy is, but only what situations of privacy will be afforded legal protection. It is interesting to note that the common law does not know a general right of privacy and the Indian Parliament has so far been reluctant to enact one.The meaning of the word confidentiality and privacy are somewhat synonymous. Confidentiality involves a sense of ‘expressed or ‘implied basis of an independent equitable principle of confidence. Privacy is the claim of individuals, groups or institutions to determine for themselves when, how and to what extent information about them is communicated to others. Right to privacy is more of an implied obligation. It is the ‘right to let alone

Section 73: Publishing electronic signature certificate false in certain particulars.

Penalty: Imprisonment up to two years, or/and with fine up to RS 100,000.

Example: Penalty for publishing electronic Signature Certificate false in certain particulars. No person shall publish a Electronic Signature Certificate or otherwise make it available to any other person with the knowledge that

(a) the Certifying Authority listed in the certificate has not issued it; or

(b) the subscriber listed in the certificate has not accepted it; or

(c) the certificate has been revoked or suspended, unless such publication is for the purpose of verifying a digital signature created prior to such suspension or revocation

Any person who contravenes the provisions of sub-section shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both.

Section 74: Publication for fraudulent purpose.

Penalty: Imprisonment up to two years, or/and with fine up to RS 100,000.

Example: Eramet has immediately initiated the necessary investigations and mobilized all internal and external resources required to terminate these fraudulent activities and take remedial action.

Eramet will file a criminal complaint with the authorities and has taken immediate disciplinary measures against the identified staff. The Group will also take all possible measures to reduce the impact of this fraud on its accounts.

The financial impact of this fraud is currently estimated at EUR 45 million, before insurance or implementation of legal action. It will be accounted for in the operating profit for financial year 2021.