Real World

certain valet de chambre cyber crime cases This document is an kindle from the entertain Cyber shame & digital inference Indian perspective authored by Rohas Nagpal. This book is avail fit as coursew atomic number 18 for the Diploma in Cyber justice and PG Program in Cyber Law conducted by Asian School of Cyber Laws www. asian rectitudes. org Cyber abhorrence & digital essay Indian purview 23. Real World encases This chapter serves as a ready reference guide. First the non-homogeneous scenarios argon maskinged. A detai lead backchat on the mixed cyber crimes, is covered in the ASCL nationalation tit take Understanding Hackers and Cyber Criminals.This is provided as official coursew ar for the ASCL Certified Cyber offence police detective course. Then the applicable police and effective liabilities be covered. Then the modus operandi usu wholey followed by the shepherds crooks is discussed. The investigation guidelines for cyber crime investigators be non d iscussed in this book as they argon part of the syllabus of the ASCL Certified Cyber annoyance investigator course only. For veridical universe case studies on investigation of cyber crimes, am custom refer to the ASCL publication titled Case Studies on Cyber curse Investigation.This is provided as official coursewargon for the ASCL Certified Cyber aversion Investigator course. 130 2008 Rohas Nagpal. any(prenominal) rights reserved. Cyber evil & digital evidence Indian persuasion 23. 1 Orkut Fake Profile cases Orkut. com is a really popular online club and mixer meshing weavesite. Orkut expendrs great deal search for and interact with plurality who sub divide the same hobbies and interests. They clear induce and link up a wide variety of online communities. The composes of Orkut members ar publicly viewable. The scenarios 1. A juke joint indite of a muliebrity is take a shitd on Orkut.The visibleness displays her correct yell and make reading (such as portion expose, residential ph star number, electric cell send for number and so on. Sometimes it take down has her photograph. The problem is that the profile describes her as a prostitute or a woman of loose character who wants to pick up internal relations with anyone. Other Orkut members see this profile and start calling her at all hours of the day asking for sexual favours. This leads to a destiny of harassment for the dupe and in want manner defames her in society. 2. An online hate community is created.This community displays objectionable culture a clearst a incident country, phantasmal or ethnic grouping or even a agnisest national leaders and historical figures. 3. A fake profile of a man is created on Orkut. The profile contains denigrating knowledge abut the dupe (such as his say sexual weakness, alleged immoral character and so forth The honor Scenario 1 Section 67 of randomness technology telephone number and ingredient 509 of the I ndian penal inscribe. Scenario 2 Section 153A and 153B of Indian penal Code. Scenario 3 Section 500 of Indian punishable Code. Who is unresistant?Scenario 1 Directors of Orkut as puff up as all those who create and update the fake profile. Scenario 2 equal as Scenario 1. Scenario 3 Same as Scenario 1. 2008 Rohas Nagpal. totally rights reserved. 131 Cyber Crime & digital testify Indian horizon The root word Scenario 1 Jealousy or revenge (e. g. the dupe whitethorn rent rejected the advances do by the funny). Scenario 2 Desire to begin racial hatred (e. g. Pakistani citizens creating an anti-India online community). Scenario 3 Hatred (e. g. a school bookman who has failed whitethorn dupeize his teachers).Modus Operandi 1. The shady would create a easy Gmail write up apply a fabricated aro commit. 2. The electronic mail ID elect by him would be unrelated to his real identity. 3. The shadowy would whence login to Orkut. com and create the offensive profi le. 132 2008 Rohas Nagpal. whole rights reserved. Cyber Crime & digital demo Indian eyeshot 23. 2 e-mail Account Hacking Emails atomic number 18 increasingly creation used for social interaction, commerce sector dialogue and online feats. just about e-mail deem holders do non take basic precautions to nurse their e-mail level word of honors.Cases of theft of e-mail passwords and subsequent misuse of electronic mail reckons are becoming very green. The scenarios 1. The victims netmail account password is stolen and the account is whence utilise for sending pop out vindictive grave (computer computer virus, worm, Trojan and so on to people in the victims address book. The recipients of these viruses believe that the telecommunicate is coming from a cognise person and run the attachments. This infects their entropy processors with the malicious grave. 2. The victims email account password is stolen and the cyberpunk tries to deform cash from the vi ctim.The victim is baneened that if he does non pay the money, the randomness contained in the emails go out be utilize. 3. The victims email account password is stolen and obscene emails are direct to people in the victims address book. The legality Scenario 1 Sections 43 and 66 of study engineering Act. Scenario 2 Sections 43 and 66 of education engine room Act and section 384 of Indian punishable Code. Scenario 3 Sections 43, 66 and 67 of Information engineering Act and section 509 of the Indian Penal Code. Who is credible(p)?Scenario 1 Persons who pay back stolen the email account password and who are mis exploitation the email account. Scenario 2 Persons who fox stolen the email account password and who are threatening to misuse it. 2008 Rohas Nagpal. All rights reserved. 133 Cyber Crime & Digital endorse Indian office Scenario 3 Persons who start stolen the email account password and who are mis exploitation the email account. The reason Scenario 1 Corpor ate Espionage, perverse joy in initiation able to drop valuable teaching belonging to strangers etc. Scenario 2 sinful pecuniary win.Scenario 3 Revenge, jealousy, hatred. Modus Operandi 1. The funny would install keyloggers in public computers (such as cyber cafes, airport lounges etc) or the computers of the victim. 2. unsuspicious victims would login to their email accounts victimisation these infected computers. 3. The passwords of the victims email accounts would be emailed to the suspicious. 134 2008 Rohas Nagpal. All rights reserved. Cyber Crime & Digital yard Indian Perspective 23. 3 Credit tantalise postiche Credit vizors are habitually world used for online involution of airline and railway tickets and for different ecommerce transactions.Although just about of ecommerce websites have implemented strong security measures (such as SSL, secure web servers etc), instances of realization card frauds are increasing. The scenario The victims computer ad dress card study is stolen and use for making online purchases (e. g. airline tickets, package, subscription to big websites etc). The law Sections 43 and 66 of Information engine room Act and section 420 of Indian Penal Code. Who is credible? All persons who have stolen the consultation card information as intumesce as those who have misused it. The agent Illegal monetary gain.Modus Operandi Scenario 1 The hazard would install keyloggers in public computers (such as cyber cafes, airport lounges etc) or the computers of the victim. Un peculiaring victims would use these infected computers to make online transactions. The credit card information of the victim would be emailed to the suspect. Scenario 2 Petrol pump attendants, workers at sell outlets, hotel waiters etc none down information of the credit cards used for making requital at these establishments. This information is sold to criminal gangs that misuse it for online frauds. 2008 Rohas Nagpal. All rights rese rved. 135 Cyber Crime & Digital endorse Indian Perspective 23. 4 Online Share Trading Fraud With the advent of dematerialization of treats in India, it has become authorization for investors to have demat accounts. In close cases an online banking account is linked with the share trading account. This has led to a high number of online share trading frauds. The scenario Scenario 1 The victims account passwords are stolen and his accounts are misused for making fraudulent bank transfers.Scenario 2 The victims account passwords are stolen and his share trading accounts are misused for making unauthorised transactions that termination in the victim making losses. The law Scenario 1 Sections 43 and 66 of Information engine room Act and section 420 of Indian Penal Code. Scenario 2 Sections 43 and 66 of Information engineering Act and section 426 of Indian Penal Code. Who is likely? Scenario 1 All persons who have stolen the account information as sound as those who have misuse d it. Scenario 2 All persons who have stolen the account information as healthy as those who have misused it.The demand Scenario 1 Illegal pecuniary gain Scenario 2 Revenge, jealousy, hatred Modus Operandi Scenario 1 The suspect would install keyloggers in public computers (such as cyber cafes, airport lounges etc) or the computers of the victim. Unsuspecting victims would use these infected computers to login to their online banking and share trading accounts. The passwords and brisk(prenominal) information of the victim would be emailed to the suspect. Scenario 2 Same as scenario 1. 136 2008 Rohas Nagpal. All rights reserved. Cyber Crime & Digital recite Indian Perspective 3. 5 Tax Evasion and cash Laundering Many unscrupulous stage production line community and money launderers (havala operators) are exploitation realistic as well as somatic store media for conceal information and records of their outlawed business. The scenario Scenario 1 The suspect uses pe rsonal repositing media for covert the information e. g. hard drives, floppies, USB drives, expeditious phone entrepot cards, digital television camera memory cards, CD ROMs, DVD ROMs, iPods etc. Scenario 2 The suspect uses practical(prenominal) transshipment center media for hiding the information e. g. mail accounts, online briefcases, transfer sites, Gspace etc. The law Scenario 1 Depending upon the case, eatable of the Income Tax Act and measure of currency Laundering Act go forth apply. Scenario 2 Depending upon the case, provisions of the Income Tax Act and Prevention of Money Laundering Act w ailing apply. Who is liable? Scenario 1 information. The person who hatchs the Scenario 2 The person who hides the information. If the operators of the virtual retentiveness rapidity do non cooperate in the investigation, wherefore they in any case become liable.The develop Scenario 1 Illegal financial gain Scenario 2 Illegal financial gain Modus Operandi Scenario 1 Th e suspect would purchase trivial store devices with large data storage capacities. Scenario 2 The suspect would open free or paid accounts with online storage providers. 2008 Rohas Nagpal. All rights reserved. 137 Cyber Crime & Digital essay Indian Perspective 23. 6 Source Code Theft Computer acknowledgment code is the to the highest degree important asset of computer computer parcel program companies. Simply put, source code is the scheduling instructions that are compiled into the executable files that are sold by package development companies.As is expected, most(prenominal) source code thefts take place in package program companies. Some cases are in like manner describe in banks, manufacturing companies and other organisations who gravel pi caboodle software developed for their use. The scenario Scenario 1 The suspect (normally an employee of the victim) splays the source code and sells it to a business rival of the victim. Scenario 2 The suspect (usuall y an employee of the victim) steals the source code and uses it as a creation to make and sell his own chance variable of the software. The law Scenario 1 Sections 43, 65 and 66 of the Information applied science Act, section 63 of the Copyright Act.Scenario 2 Sections 43, 65 and 66 of the Information applied science Act, section 63 of the Copyright Act. Who is liable? Scenario 1 The persons who steal the source code as well as the persons who purchase the stolen source code. Scenario 2 The persons who steal the source code. The need Scenario 1 Illegal financial gain. Scenario 2 Illegal financial gain. Modus Operandi Scenario 1 If the suspect is an employee of the victim, he would usually have luff or indirect irritate to the source code. He would steal a copy of the source code and hide it using a virtual or physical storage device. 138 2008 Rohas Nagpal. All rights reserved. Cyber Crime & Digital Evidence Indian Perspective If the suspect is non an employee of the victi m, he would hack into the victims servers to steal the source code. Or he would use social engineering to pound unauthorised access to the code. He would past contact potential vendees to make the ex switch. Scenario 2 If the suspect is an employee of the victim, he would usually have direct or indirect access to the source code. He would steal a copy of the source code and hide it using a virtual or physical storage device. If the suspect is not an employee of the victim, e would hack into the victims servers to steal the source code. Or he would use social engineering to get unauthorised access to the code. He would then modify the source code (either himself or in association with other programmers) and effectuate his own software. 2008 Rohas Nagpal. All rights reserved. 139 Cyber Crime & Digital Evidence Indian Perspective 23. 7 Theft of Confidential Information Most business organisations store their sensitive information in computer systems. This information is leade d by rivals, criminals and whatevertimes disgruntle employees.The scenario Scenario 1 A business rival get downs the information (e. g. auditor quotations, business plans etc) using hacking or social engineering. He then uses the information for the expediency of his own business (e. g. quoting lower rank for the tender). Scenario 2 A criminal obtains the information by hacking or social engineering and threatens to make the information public unless the victim pays him some money. Scenario 3 A disgruntled employee steals the information and mass mails it to the victims rivals and in any case posts it to numerous websites and youthfulsgroups.The law Scenario 1 Sections 43 and 66 of the Information applied science Act, section 426 of Indian Penal Code. Scenario 2 Sections 43 and 66 of the Information applied science Act, section 384 of Indian Penal Code. Scenario 3 Sections 43 and 66 of the Information Technology Act, section 426 of Indian Penal Code. Who is liable? Scenari o 1 The persons who steal the information as well as the persons who misuse the stolen information. Scenario 2 The persons who steal the information as well as the persons who threaten the victim and extort money.Scenario 3 The disgruntled employee as well as the persons who help him in take and distributing the information. The antecedent Scenario 1 Illegal financial gain. Scenario 2 Illegal financial gain. Scenario3 Revenge. one hundred forty 2008 Rohas Nagpal. All rights reserved. Cyber Crime & Digital Evidence Indian Perspective Modus Operandi Scenario 1 The suspect could hire a skilled hacker to break into the victim systems. The hacker could in addition use social engineering techniques. model A very good flavour woman went to meet the system executive director (sysadmin) of a large company.She interviewed the sysadmin for a cartridge article. During the interview she flirted a potful with the sysadmin and while leaving she accidentally left(a) her pen drive at the sysadmins room. The sysadmin accessed the pen drive and saw that it contained numerous some other(prenominal) photographs of the lady. He did not realize that the photographs were Trojanized erstwhile the Trojan was in place, a kitty of sensitive information was stolen very easily. parable The sysadmin of a large manufacturing company sure a beautifully packed CD ROM containing security updates from the company that developed the operational system that ran his companys servers.He installed the updates which in reality were Trojanized software. For 3 years after that a lot of confidential information was stolen from the companys systems Scenario 2 Same as scenario 1. Scenario 3 The disgruntled employee would usually have direct or indirect access to the information. He can use his personal computer or a cyber cafe to counterpane the information. 2008 Rohas Nagpal. All rights reserved. 141 Cyber Crime & Digital Evidence Indian Perspective 23. 8 software Piracy Many peo ple do not contract software buccaneering to be theft.They would neer steal a rupee from someone but would not think twice before using literary brigandd software. There is a common cognition amongst normal computer users to not consider software as home. This has led to software plagiarization becoming a flourishing business. The scenario Scenario 1 The software pirate sells the pirated software in physical media (usually CD ROMs) through a close mesh topology of dealers. Scenario 2 The software pirate sells the pirated software through electronic transfers through websites, publicise boards, newsgroups, netmail emails etc.The law Scenario 1 Sections 43 and 66 of the Information Technology Act, section 63 of Copyright Act. Scenario 2 Sections 43 and 66 of the Information Technology Act, section 63 of Copyright Act. Who is liable? Scenario 1 The software pirate as well as the persons who buy the pirated software from him. Scenario 2 The software pirate as well as the pers ons who buy the pirated software from him. The motive Scenario 1 Illegal financial gain. Scenario 2 Illegal financial gain. Modus Operandi Scenario 1 The suspect uses high speed CD duplication equipment to create multiple copies of the pirated software.This software is sold through a profits of computer hardware and software vendors. Scenario 2 The suspect registers a field of crush defecate using a fabricated trope and then legions his website using a armed service provider that is based in a country that does not have cyber laws. such(prenominal) service providers do not exhibit client information to law enforcement officials of other countries. 142 2008 Rohas Nagpal. All rights reserved. Cyber Crime & Digital Evidence Indian Perspective 23. 9 harmony Piracy Many people do not consider euphony piracy to be theft.They would never steal a rupee from someone but would not think twice before get or using pirated medicament. There is a common perception amongst people us ers to not consider music as property. There is a big business in music piracy. Thousands of unscrupulous businessmen sell pirated music at cat away prices. The scenario Scenario 1 The music pirate sells the pirated music in physical media (usually CD ROMs) through a close lucre of dealers. Scenario 2 The music pirate sells the pirated music through electronic downloads through websites, bare boards, newsgroups, spam emails etc.The law Scenario 1 Sections 43 and 66 of the Information Technology Act, section 63 of Copyright Act. Scenario 2 Sections 43 and 66 of the Information Technology Act, section 63 of Copyright Act. Who is liable? Scenario 1 The music pirate as well as the persons who buy the pirated software from him. Scenario 2 The music pirate as well as the persons who buy the pirated software from him. The motive Scenario 1 Illegal financial gain. Scenario 2 Illegal financial gain. Modus Operandi Scenario 1 The suspect uses high speed CD duplication equipment to create multiple copies of the pirated music.This music is sold through a network of dealers. Scenario 2 The suspect registers a domain name using a unreal name and then hosts his website using a service provider that is based in a country that does not have cyber laws. Such service providers do not divulge client information to law enforcement officials of other countries. 2008 Rohas Nagpal. All rights reserved. 143 Cyber Crime & Digital Evidence Indian Perspective 23. 10 Email Scams Emails are fast advance as one of the most common methods of confabulation in the modern world.As can be expected, criminals are too using emails extensively for their outlawed activities. The scenario In the first step, the suspect convinces the victim that the victim is going to get a lot of money (by way of winning a lottery or from a countermine African bureaucrat who wants to transfer his ill gotten gains out of his home country). In rank to convince the victim, the suspect sends emails (some having official aspect documents as attachments). Once the victim believes this story, the suspect asks for a small fee to cover legal expenses or courier charges.If the victim pays up the money, the suspect stops all contact. The law Section 420 of Indian Penal Code Who is liable? The sender of the email. The motive Illegal financial gain. Modus Operandi The suspect creates email accounts in fictitious names and sends out millions of fraudulent emails using powerful spam software. 144 2008 Rohas Nagpal. All rights reserved. Cyber Crime & Digital Evidence Indian Perspective 23. 11 Phishing With the tremendous increase in the use of online banking, online share trading and ecommerce, there has been a corresponding growth in the ncidents of phishing organism used to carry out financial frauds. Phishing involves fraudulently acquiring sensitive information (e. g. passwords, credit card details etc) by masquerading as a self-assertioned entity. The scenario Scenario 1 The victim r eceives an email that appears to have been sent from his bank. The email urges the victim to click on the link in the email. When the victim does so, he is taken to a secure scalawag on the banks website. The victim believes the web foliate to be veritable and he enters his username, password and other information.In reality, the website is a fake and the victims information is stolen and misused. The law Sections 43 and 66 of Information Technology Act and sections 419, 420 and 468 of Indian Penal Code. Who is liable? All persons problematical in creating and sending the fraudulent emails and creating and affirming the fake website. The persons who misuse the stolen or phished information are likewise liable. The motive Illegal financial gain. Modus Operandi The suspect registers a domain name using fictitious details. The domain name is usually such that can be misused for spoofing e. g. Noodle Bank has its website at www. oodle. com The suspects can target Noodle customers using a domain name like www. noodle-bank-customerlogin. com The suspect then sends spoofed emails to the victims. e. g. the emails may appear to come from emailprotected com The fake website is designed to bearing exactly like the original website. 2008 Rohas Nagpal. All rights reserved. 145 Cyber Crime & Digital Evidence Indian Perspective 23. 12 Cyber vulgarism Cyber smut fungus is believed to be one of the largest businesses on the Internet today. The millions of adult websites that flourish on the Internet are testimony to this. bit pornography per se is not ineligible in many countries, child pornography is strictly under-the-counter in most nations today. Cyber pornography includes pornographic websites, pornographic magazines produced using computers (to publish and print the material) and the Internet (to download and transmit pornographic pictures, photos, writings etc). The scenario The suspect accepts online payments and allows paying customers to view / downl oad pornographic pictures, videos etc from his website. The law Section 67 of Information Technology Act. Who is liable? The persons who create and maintain the pornographic websites are liable.In some cases cyber cafe owners and managers may also be liable in case they wittingly allow their customers to access the pornographic websites. The motive Illegal financial gain. Modus Operandi The suspect registers a domain name using fictitious details and hosts a website on a server located in a country where cyber pornography is not illicit. The suspect accepts online payments and allows paying customers to view / download pornographic pictures, videos etc from his website. 146 2008 Rohas Nagpal. All rights reserved. Cyber Crime & Digital Evidence Indian Perspective 23. 3 Online sales agreement of Illegal Articles It is becoming increasingly common to find cases where sale of narcotics drugs, weapons, wildlife etc. is being facilitated by the Internet. Information about the handi ness of the products for sale is being posted on auction websites, bulletin boards etc. The scenario The suspect posts information about the illegal sale that he seeks to make. possible customers can contact the seller using the email IDs provided. If the buyer and seller trust each other after their email and / or telephonic conversation, the actual transaction can be concluded.In most such cases the buyer and seller leave meet depend to face at the time of the nett transaction. Illustration In March 2007, the Pune plain police cracked down on an illegal rave party and arrested hundreds of illegal drug users. The social networking site, Orkut. com, is believed to be one of the modes of communication for gathering people for the illegal drug party. The law Depending upon the illegal items being transacted in, provisions of the Narcotic Drugs and Psychotropic Substances Act, accouterments Act, Indian Penal Code, Wildlife related laws etc may apply. Who is liable?The persons who buy and sell these items. The motive Illegal financial gain. Modus Operandi The suspect creates an email ID using fictitious details. He then posts messages, about the illegal products, in various chat room, bulletin boards, newsgroups etc. Potential customers can contact the seller using the email IDs provided. If the buyer and seller trust each other after their email and / or telephonic conversation, the actual transaction can be concluded. In most such cases the buyer and seller will meet face to face at the time of the final transaction. 2008 Rohas Nagpal. All rights reserved. 147 Cyber Crime & Digital Evidence Indian Perspective 23. 14 Use of Internet and Computers by Terrorists Many terrorists are using virtual as well as physical storage media for hiding information and records of their illicit business. They also use emails and chat rooms to communicate with their counterparts around the globe. The scenario The suspects carry laptops wherein information relating to the ir activities is stored in encrypted and password protected form. They also create email accounts using fictitious details. In many cases, one email account is shared by many people.E. g. one terrorist composes an email and saves it in the design folder. Another terrorist logs into the same account from another city / country and reads the saved email. He then composes his reply and saves it in the gulp folder. The emails are not actually sent. This makes email tracking and tracing almost impossible. Terrorists also use physical storage media for hiding the information e. g. hard drives, floppies, USB drives, mobile phone memory cards, digital camera memory cards, CD ROMs, DVD ROMs, iPods etc. They also use virtual storage media for hiding the information e. g. mail accounts, online briefcases, FTP sites, Gspace etc. The law Terrorists are covered by conventional laws such as Indian Penal Code and special principle relating to terrorism. Who is liable? Terrorists as well as those who help them to protect their information are liable. If email service providers do not assist the law enforcement personnel in the investigation then they are also legally liable. The motive Keeping terrorism related information confidential. Secure communication amongst terrorist group members. Modus Operandi The terrorists purchase small storage devices with large data storage capacities.They also purchase and use encryption software. The terrorists may also use free or paid accounts with online storage providers. 148 2008 Rohas Nagpal. All rights reserved. Cyber Crime & Digital Evidence Indian Perspective 23. 15 Virus Attacks Computer viruses are malicious programs that destroy electronic information. As the world is increasingly becoming networked, the threat and damage caused by viruses is growing by leaps and bounds. The scenario Scenario 1 The virus is a planetary in the wild virus. This means that it is feast all over the world and is not targeted at any specific org anisation.Scenario 2 The virus targets a especial(a) organisation. This font of a virus is not known to anti-virus companies as it is a new virus created specifically to target a particular organisation. The law Scenario 1 Sections 43 and 66 of Information Technology Act and section 426 of Indian Penal Code. Scenario 2 Sections 43 and 66 of Information Technology Act and section 426 of Indian Penal Code. Who is liable? Scenario 1 The occasion of the virus. Scenario 2 The creator of the virus as well as the buyer who purchases the virus (usually to target his business rivals).The motive Scenario 1 Thrill and a perverse pleasure in destroying data belonging to strangers. Scenario 2 Illegal business rivalry. financial gain, revenge, Modus Operandi Scenario 1 A exceedingly skilled programmer creates a new type or caudex of virus and releases it on the Internet so that it can spread all over the world. be a new virus, it goes undetected by many anti-virus software and hence is able to spread all over the world and cause a lot of damage. Anti-virus companies are usually able to find a solution within 8 to 48 hours. 2008 Rohas Nagpal. All rights reserved. 149 Cyber Crime & Digital Evidence Indian Perspective Scenario 2 A highly skilled programmer creates a new type or strain of virus. He does not release it on the Internet. Instead he sells it for a huge amount of money. The buyer uses the virus to target his rival company. Being a new virus, it may be undetected by the victim companys anti-virus software and hence would be able to cause a lot of damage. Anti-virus companies may never get to know about the existence of the virus. 150 2008 Rohas Nagpal. All rights reserved. Cyber Crime & Digital Evidence Indian Perspective 3. 16 Web Defacement Website defacement is usually the substitution of the original home scalawag of a website with another page (usually pornographic or defamatory in nature) by a hacker. Religious and government sites are regularly t argeted by hackers in lodge to display governmental or religious beliefs. Disturbing images and offensive phrases might be displayed in the process, as well as a signature of sorts, to show who was liable for the defacement. Websites are not only defaced for political reasons, many defacers do it just for the thrill.The scenario The homepage of a website is replaced with a pornographic or defamatory page. In case of Government websites, this is most commonly done on emblematic days (e. g. the Independence day of the country). The law Sections 43 and 66 of Information Technology Act In some cases section 67 and 70 may also apply. Who is liable? The person who defaces the website. The motive Thrill or a perverse pleasure in inciting communal disharmony. Modus Operandi The defacer may exploit the vulnerabilities of the operating system or applications used to host the website.This will allow him to hack into the web server and change the home page and other pages. Alternatively he may launch a brute force or dictionary attack to obtain the administrator passwords for the website. He can then connect to the web server and change the webpages. 2008 Rohas Nagpal. All rights reserved. 151 www. asianlaws. org Head Office sixth Floor, Pride Senate, Behind Indiabulls Mega Store, Senapati Bapat Road, Pune 411016. India Contact be +91-20-25667148 +91-20-40033365 +91-20-64000000 +91-20-64006464 Email emailprotected org URL www. asianlaws. org