Beware-You can be a Victim of Circumstances
.

Last week, India's premier ISP, VSNL (with 60 % + market share), sent a warning to all its subscribers stating as follows.
 

"VSNL's security team has been coming across certain attempts by some of the VSNL subscribers to carry out security violations such as hacking attempts, port scans and other illegal intrusions into Internet networks in India and other countries.  We would like to advice that VSNL has been constantly able to recognize the identity of such intruders, which is well documented.

VSNL has been requested by some of the foreign networks who have detected intruders from VSNL subscribers to initiate actions, consequently we would like to advice in the interest of the security and reliability of business transactions on the Internet, VSNL intends to strictly abide by the cyber laws.  Individuals and companies which are involved in cyber laws violation, hacking intrusion and scanning of other systems will be reported to the appropriate authorities for necessary action."


Cyber Laws have been in force in India since October 17th this year. However in many other countries it has been in existence for some time. These laws have been mostly modeled on the draft of the UNCITRAL. One of the features of these laws is an attempt to make it applicable to those who are not residing within the Country of jurisdiction. 

For example, Section 75 of the ITA-2000 states as follows.
 

 Act to apply for offense or contravention committed outside India

      (1) Subject to the provisions of sub-section (2), the provisions of this Act shall apply also to any offense or contravention committed outside India by any person irrespective of his nationality.
      (2) For the purposes of sub-section (1), this Act shall apply to an offense or contravention committed outside India by any person if the act or conduct constituting the offense or contravention involves a computer, computer system or computer network located in India. 


Similar clauses are also present in the Cyber Laws of other countries.

According to the Indian Cyber laws, "Hacking" may be punished with an imprisonment of 3 years or a fine of Rs 2 lakhs, Besides, the person / organisation affected may have to be compensated for loss or damage suffered  to the extent of Rs 1 crore or such other amount that the Court may decide. 

Hacking for the purpose of "imprisonment and Fine" is defined as follows.

Hacking with Computer System

      (1) Whoever with the intent to cause or knowing that he is likely to cause wrongful  loss or damage to the public or any person, destroys or deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means, commits hacking.
 

For the purpose of compensation to be awarded to the affected person, Any "Unauthorised access or  or assistance to access" may be considered  as an offense with or without "Copying", "Deleting" "Damaging" information. 

In cases of systems declared as "Protected Systems" (The Government is yet to come out with a list of such systems), even an "Attempt to Access" is punishable with an imprisonment of upto 10 years.

Additionally, "Adventurous youngsters" should also be aware that they are under the shadow of Cyber Laws of other countries with similar provisions. For example Malaysia sets out punishments upto 10 years imprisonment for some of the frauds committed through Internet.

Whenever Cyber Frauds or Hacking takes place, the ISP s will be asked to produce evidence or provide assistance to the law enforcement authorities. In such cases, they are bound by law to assist the Police or the Judiciary. Indian Cyber Laws also prescribe heavy fines and Imprisonment to Network Managers and ISP owners who may assist the commission of crimes by their negligence.

VSNL Sets a Right Example for ISP s:

VSNL has taken the right step to put its members on guard about the risks involved in attempted hacking.  This is the first step in "Cyber Law Compliance". Other ISP s need to follow this example to avoid Vicarious responsibilities. 

VSNL had already been blacklisted in the past by many ISP s in USA because of their members being engaged in "Spamming". naavi.org had on several occasions brought this to the notice of VSNL since this had blocked Indians from sending e-mails to addresses such as @iname.com etc. 
After proper representations from VSNL the black listing has been lifted. 

VSNL has demonstrated its "Monitoring Capabilities" and  in the past (atleast in Chennai) assisted some of its clients when the Internet passwords have been misused. They have been able to provide the telephone numbers from which a password was used, to enable tracing of the unauthorised entry. They have also successfully assisted the Chennai Police in solving a murder mystery as well as 'E-mail harassment" in a couple of cases. 

The systems are therefore in place for VSNL to trace log ins to the telephone numbers through which offenses are committed.

The Flip side

In the light of this development, where a "Telephone Number" can be pointing to a "Crime", it is also necessary to spare a thought for mistakes that can wrongly accuse an honest person. This is of great concern to the "Netizen's Forum for Credible Cyber regulations".

The most important thing is for Netizens owning Computer systems to ensure that if they are allowing their systems to be shared by others, they may be risking the possibility of being hauled up for the offense of any of the users.

If you find that your son's gang of friends is spending too much time on the computer in your house, please be on guard. One of those spoilt brat may bring a Policeman to your door with an arrest warrant on your wife in whose name the phone may stand.

You may be Framed!!

Once it dawns on the criminals that their actions can be traced to the telephone numbers, it is possible that they may try to use diverted telephone lines to commit Cyber offenses. This may land other  innocent persons in trouble. VSNL as well as the law enforcement authorities should be alert to such possibilities before jumping into conclusion about a Cyber Crime. Since it is  easy to bribe the DOT linesman to divert a telephone line (and this practice is rampant to save costs), there are many  linesmen in the telecom department to oblige the criminals for such diversion without understanding the implications.

 It is therefore possible to "Fix" a person deliberately or otherwise by interested persons through call diverts. 

The telephone department should therefore take steps to warn their staff in writing to the effect that any such diversions will not only be considered as "Corruption" but also an "Abatement in a criminal act". VSNL should also take up this matter with the Department of telecommunication and put a stop to this obnoxious practice.

it is also necessary for organisations to note that most of such telephone frauds involve diversion of an office phone line to a private party after the office hours to enable them make international calls. When a Cyber fraud occurs on such a line, the "officials" of the Company may be held personally responsible.

Since "Hacking" is a cognizable offense, arrests with or without warrants may also be possible for individuals for the suspected offenses committed by any person using the telephone line registered in his name or in the name of the company he is responsible for.

In order to avoid harassment of innocent individuals, there has to be checks and balances and VSNL, DOT, MTNL as well as the Police should work out a strategy whereby the lower level officials donot harass citizens for financial gains. 

Naavi
6/11/00

Please Send Your comments if any
 

 .