The law that regulates the Internet must be considered in the context of the geographic scope of the Internet and political borders that are crossed in the process of sending data around the globe. The unique global structure of the Internet raises not only jurisdictional issues, that is, the authority to make and enforce laws affecting the Internet, but also questions concerning the nature of the laws themselves.
In their essay "Law and Borders -- The Rise of Law in Cyberspace", David R. Johnson and David G. Post argue that it became necessary for the Internet to govern itself and instead of obeying the laws of a particular country, "Internet citizens" will obey the laws of electronic entities like service providers. Instead of identifying as a physical person, Internet citizens will be known by their usernames or email addresses (or, more recently, by their Facebook accounts). Over time, suggestions that the Internet can be self-regulated as being its own trans-national "nation" are being supplanted by a multitude of external and internal regulators and forces, both governmental and private, at many different levels. The nature of Internet law remains a legal paradigm shift, very much in the process of development.[6]
Leaving aside the most obvious examples of governmental content monitoring and internet censorship in nations like China, Saudi Arabia, Iran, there are four primary forces or modes of regulation of the Internet derived from a socioeconomic theory referred to as Pathetic dot theory by Lawrence Lessig in his book, Code and Other Laws of Cyberspace:
1. Law: What Lessig calls "Standard East Coast Code," from laws enacted by government in Washington D.C. This is the most self-evident of the four modes of regulation. As the numerous United States statutes, codes, regulations, and evolving case law make clear, many actions on the Internet are already subject to conventional laws, both with regard to transactions conducted on the Internet and content posted. Areas like gambling, child pornography, and fraud are regulated in very similar ways online as off-line. While one of the most controversial and unclear areas of evolving laws is the determination of what forum has subject matter jurisdiction over activity (economic and other) conducted on the internet, particularly as cross border transactions affect local jurisdictions, it is certainly clear that substantial portions of internet activity are subject to traditional regulation, and that conduct that is unlawful off-line is presumptively unlawful online, and subject to traditional enforcement of similar laws and regulations.
2. Architecture: What Lessig calls "West Coast Code," from the programming code of the Silicon Valley. These mechanisms concern the parameters of how information can and cannot be transmitted across the Internet. Everything from internet filtering software (which searches for keywords or specific URLs and blocks them before they can even appear on the computer requesting them), to encryption programs, to the very basic architecture of TCP/IP protocols and user interfaces falls within this category of mainly private regulation. It is arguable that all other modes of internet regulation either rely on, or are significantly affected by, West Coast Code. 3. Norms: As in all other modes of social interaction, conduct is regulated by social norms and conventions in significant ways. While certain activities or kinds of conduct online may not be specifically prohibited by the code architecture of the Internet, or expressly prohibited by traditional governmental law, nevertheless these activities or conduct are regulated by the standards of the community in which the activity takes place, in this case internet "users." Just as certain patterns of conduct will cause an individual to be ostracized from our real world society, so too certain actions will be censored or self-regulated by the norms of whatever community one chooses to associate with on the internet.
4. Markets: Closely allied with regulation by social norms, markets also regulate certain patterns of conduct on the Internet. While economic markets will have limited influence over non-commercial portions of the Internet, the Internet also creates a virtual marketplace for information, and such information affects everything from the comparative valuation of services to the traditional valuation of stocks. In addition, the increase in popularity of the Internet as a means for transacting all forms of commercial activity, and as a forum for advertisement, has brought the laws of supply and demand to cyberspace. Market forces of supply and demand also affect connectivity to the Internet, the cost of bandwidth, and the availability of software to facilitate the creation, posting, and use of internet content.

These forces or regulators of the Internet do not act independently of each other. For example, governmental laws may be influenced by greater societal norms, and markets affected by the nature and quality of the code that operates a particular system.

Payment Cards is the generic name used to indicate all kinds of cards that allow the cardholder to transact using them. A Payment card can be a Debit Card or a Credit Card or a Prepaid Card. Banks issue these card types to suit particular customer segments and those cards can be used for some specific, defined purposes. We will see what all these card variants mean, in a moment. But if you are reading this article on this website, chances are that you already have some kind of a Payment Card in your wallet, or at least have somebody at home, who has one. And before we actually touch the central theme of this write-up (which is how to avoid falling victim to Card Frauds), it will be worth the while to have a little practical information about the amazing world of Payment Cards.
We will not be delving deep into the history of Payment Cards. It is sufficient to know that Payment cards as we know today have evolved over the last 50 years and more. The Magnetic Stripe card that we see today originated over 30 years ago. These cards, although they have basically remained the same in form & design, have added various features over the years to facilitate immediate recognition & identification, to ease usage, and to enhance security. Some of these features include the inclusion of Holograms, Special Embossed or Indent-Printed characters, Special anti-counterfeiting markings and micro-printing, Tamper-evident signature panels, inclusion of a unique Card Verification Code/ Value (CVC or CVV) indent printed on the signature-stripe of the card etc.
Most payment Cards are either issued on a MasterCard or a Visa platform by the Card Issuing Institutions, which in India are Banks. There are other proprietary card brands such as American Express, Diners Club, Discover and JCB which are issued in some regions. But MasterCard & Visa card products are the ones which are universally issued and accepted by Banks and financial institutions and this article will dwell mostly on those. In practice, you will never see a payment card with just a MasterCard or a Visa logo or brandmark. MasterCard & Visa are called “Card Associations” or “Schemes”, and they license Member Banks to issue cards with rigourous controls and standard specifications. Cards issued under this licensing regime by banks are therefore called bankcards.
There are over 20,000 or so member institutions worldwide, which issue either MasterCard or Visa branded cards .These cards are expected to give the holder unique privileges and rights to use the product seamlessly at any outlet, which is capable of accepting the same, across the globe. Most payment cards can be used both at Point-Of-Sale (POS) machines to pay for goods & services and at Automated Teller Machines (ATMs) to withdraw cash.
Therefore the elements & components of a payment card are very standard. These cards need to be universally recognized by Merchants, and should work well on the existing card acceptance infrastructure. The Cards acceptance infrastructure has a common architecture or backbone for all the countries across the world, but has varying levels of sophistication depending on how progressed that country is. Under the MasterCard or Visa licensing regime, a member Bank which issues a payment card is called an “Issuer”, and a member Bank which accepts a payment card through an ATM owned & operated by it or through a POS machine located at a Merchant recruited by it is called an “Acquirer”. A member bank can both be an Issuer and Acquirer of Cards, and often, Banks opt for issuance and acceptance of both MasterCard & Visa products. Such banks are therefore called dual issuers or acquirers.


Some of the things that MasterCard & Visa do are as follows:
1. Encourage Member Banks to issue various Payment Cards, under strict licensing & operating regimes, to suit various customer segments. They encourage Member Banks to recruit merchants & set-up cardholder interaction devices (EDC/ Card Swipe/ POS machines, ATMs, Proximity readers etc) where these cards can be used. Both issuance and acceptance of cards are commercial decisions of the Member banks, and Banks are free to offer the services & charge fees for features which they think will be most attractive to their target consumers – both cardholders and merchants.
2. Set-up the standards & systems for the reasonably secure & efficient networks which allows all these 20,000+ Member Banks to “talk” to , or have interface with each other for authorization and daily settlement process between them. Thus MasterCard & Visa help set-up the infrastructure for payment Card usage and administer the same.
3. Intervene in and resolve any disputes between the Member Banks as per the operating regulations. Refine the operating regulations to meet evolving challenges.
4. They also work hard to protect the integrity & value of their respective brand by controlling what their cards, systems and networks can be used for. They manage the risks associated with Payment Card transactions.
MasterCard & Visa do NOT do the following:
1. They do not issue any cards directly under their brand names (often advertisements give a wrong impression)
2. They do not encourage nor tolerate an environment where the usage of a card product by a consumer is disadvantaged in favour of other forms of payment (such as cash or cheque). Thus, MasterCard & Visa require Member Banks not to tolerate practices such as surcharging of Cardholders by Merchants, except wherever permitted by local laws (In India, for example, Petroleum Companies and Railways surcharge their cardholder customers since this is allowed by local regulations)



Types of Cards, by product features:
Credit Cards: These are “Buy Now- Pay Later” cards. A credit card is offered to a customer who has adequate and declared income resources and often a well-established credit standing with a financial institution. The Issuer is effectively giving an unsecured line of credit to the cardholder, and bearing the credit risk for the same. Therefore, often this is a fee-based product to partly offset the credit risk of the issuing bank. A fixed credit limit is assigned to the customer after careful profiling & scrutiny of his/her credentials & income, and perceived ability and willingness to repay. Depending on the transaction date and the billing date, the customer enjoys an interest-free credit period of between 20-50 days. The customers are also given the option of typically repaying back anything between 5% to 100% of their total monthly outstanding, and to roll-over or “revolve” the remainder to suit their financial convenience. Interests or “Annual Percent Rates” charged for such revolved amounts can be very high – often to the tune of about 36-45%. A credit card is typically used by a customer for high-ticket spends such as purchasing durables, travel & entertainment etc. Credit Cards can also be used in both Cardholder Present (CP) mode as in a shop, or in Cardholder-Not-Present (CNP) mode, which are Mail Order or Internet E-Commerce transactions. Comparatively, there can be more risks in the latter.
Most Credit Cards in India are signature based for use at the Point-Of-Sale, but in the near future many Indian Banks are likely to issue Chip based credit cards which are more secure and versatile. Most countries in Europe have already migrated to Chip + PIN based cards because their issuance & acceptance infrastructure is geared-up for such cards.
Debit Cards: These are “Buy Now- Pay Now” type of cards. The Cardholder has an account with the card issuing bank, and for all practical purposes, s/he is accessing their own account or funds to pay for a transaction at a merchant location or to access cash at an ATM. These are technically “deposit access” cards. Thus this card is purely used as a convenient payment mechanism rather than to draw on credit. Issuers in India and other developing countries have started seeing a huge upswing in the number of customers opting for debit cards because many customers in these countries are traditionally credit-averse, or because they are often unable to meet the credit approval norms of the Issuers. Thus they use the monies in their Bank accounts through these cards. Most Debit Cards are indent printed (not embossed), and many Issuers restrict their debit cards usage only to the scenario where the cardholder is present at the scene of transaction, such as on a POS machine or at an ATM.
Prepaid Cards: These cards are “Pay Now- Buy Later” Cards and the most common examples are “Gift Cards”, “Travel Cards” or “Payroll / Employee Benefits Cards” etc. These are aimed at particular segments of the market to migrate and wean customers away from cash.
Gift Cards are a niche market, and can come in attractive alternate shapes and forms.
Travel Currency Cards can be denominated in one or more currencies of the country where the customer is intending to travel, and Foreign Exchange allowance can be purchased in Indian Rupees and loaded onto the Card in terms of the designated Foreign Currency.
Payroll/ Employee Benefits Cards are for organizations to streamline their payroll functions & facilitate payouts of commission, allowances etc by avoiding writing & dispatching of cheques for recurring payments to agents/vendors etc. These cards help overcome logistical hurdles.
Risks associated with Payment cards:
Well, now that you have reached thus far within this write-up, let us address the main theme of the same. Please note that the risks dealt with here are from a Cardholder perspective.
Risks associated with Debit Cards:
Since issue of debit cards and prepaid cards involves interaction with and scrutiny by the Bank’s internal staff, often these will be issued to you across the counter within committed turn-around time after due verifications.

In case personalized debit cards are to be sent to the account-holder, banks often send debit cards and PIN-mailers separately through two different channels (One by courier & another by post) and with a time lag. Then also banks often require that the Debit cards be activated by cardholder for POS purchase by using them first at their own ATMs with the correct ATM PIN.
What the cardholder needs to remember is to change the PIN at the first usage, and never to write the PIN on the card or keep it along with the card. The PIN should be committed to memory. Some banks issue photo-cards, which affords an additional security.
Signature-based Debit Cards: MasterCard unembossed, and Visa Electron are the two common debit card types which are signature-based for acceptance at POS terminals. You should immediately sign the card on receipt therefore, and keep it at all times securely within your full control. In case the card goes missing, you should immediately get it blocked and replaced by calling-up your Bank’s Customer Service helpline, and following it up with a written complaint. Usually, but depending on the Bank’s policy your liability for any POS misuse of a lost/ stolen signature-based debit card ceases the moment you have reported the loss in writing.
“PIN-required-at-POS” Debit Cards: You may additionally consider the benefits of a PIN enabled Debit Card (MasterCard’s Maestro Debit Card in India is the one debit card that also requires usage of PIN at Point of Sale machine, apart from at ATMs). Please check with your Issuer, if they issue such a card. Sometimes customers can not remember their PINs at POS machines, or the POS machine may not have a PIN pad. These can be limiting factors, and according to some people, hinder convenience. It is an individual preference, which debit card type to opt for.
Some banks will give you the option of enabling your Debit Card for Cardholder-Not-Present transactions. Consider the pros and cons fully before you give the consent to activate this feature on your card.
Risks associated with Credit Cards:
A credit Card is an unsecured product, but that does not mean that Issuers will tolerate the Cardholder’s negligence or active / passive participation in allowing their misuse, should it ever happen. In case you ever fall prey to a fraud, immediately report the matter to the Bank in writing. Follow-up with a written complaint to the Law Enforcement authorities, if the Bank’s primary investigation indeed points out to a fraud/ misdemeanor. This way, you shall be demonstrating your good faith and sincere intent. In negligence or collusion on your part is ruled out, you will be immune from any losses.
Application Fraud: If you are applying for a Credit Card through a Direct Sales Executive of the Bank, please verify his/ her credentials and check the ID proof. Most people who get conned by unscrupulous elements simply sign a credit card application form, without filling-in the details; and also hand over the legitimate collaterals such as the pay-slip, address proof etc to an individual whose identity and credentials they have never checked.
Cases of identity theft are sometimes uncovered, where the bad guys use copies of these documents to apply for loans & credit cards of other banks, by mentioning their own address as the primary address for communication. If the Issuer does not properly scrutinize an application at multiple points, and fails to physically verify all the details, they may end up issuing a card in your name, but to the bad guys. When Credit Cards are thus fraudulently obtained, the fraudsters misuse these. When collection attempts fail, and Issuers come to the secondary address (which is most often your work address), you realize that you have been conned. Convincing the Issuers & banks of your innocence and keeping a clean credit reputation then becomes difficult.
To avoid such situations, you should always fill-in the form completely and accurately in your own handwriting. You should also sign and date it. Strike out what is not applicable, including portions in the form for add-on cards, if you are not applying for one. Always keep a photocopy of the entire set of documents submitted, including the numbered application form. Please be careful while responding to tele-verification calls and do not be tempted by the offers from agents to confirm the details of having applied for Card from another Bank

Security and systems design
Most current real-world computer security efforts focus on external threats, and generally treat the computer system itself as a trusted system. Some knowledgeable observers consider this to be a disastrous mistake, and point out that this distinction is the cause of much of the insecurity of current computer systems - once an attacker has subverted one part of a system without fine-grained security, he or she usually has access to most or all of the features of that system. [citation needed] Because computer systems can be very complex, and cannot be guaranteed to be free of defects, this security stance tends to produce insecure systems.
The 'trusted systems' approach has been predominant in the design of many Microsoft software products, due to the long-standing Microsoft policy of emphasizing functionality and 'ease of use' over security. Since Microsoft products currently dominate the desktop and home computing markets, this has led to unfortunate effects. However, the problems described here derive from the security stance taken by software and hardware vendors generally, rather than the failing of a single vendor. Microsoft is not out of line in this respect, just far more prominent with respect to its consumer marketshare.
It should be noted that the Windows NT line of operating systems from Microsoft contained mechanisms to limit this, such as services that ran under dedicated user accounts, and Role-Based Access Control (RBAC) with user/group rights, but the Windows 95 line of products lacked most of these functions. Before the release of Windows 2003 Microsoft has changed their official stance, taking a more locked down approach. On 15 January 2002, Bill Gates sent out a memo on Trustworthy Computing, marking the official change in company stance. Regardless, Microsoft's operating system Windows XP is still plagued by complaints about lack of local security and inability to use the fine-grained user access controls together with certain software (esp. certain popular computer games).
Financial cost
Serious financial damage has been caused by computer security breaches, but reliably estimating costs is quite difficult. Figures in the billions of dollars have been quoted in relation to the damage caused by malware such as computer worms like the Code Red worm, but such estimates may be exaggerated. However, other losses, such as those caused by the compromise of credit card information, can be more easily determined, and they have been substantial, as measured by millions of individual victims of identity theft each year in each of several nations, and the severe hardship imposed on each victim, that can wipe out all of their finances, prevent them from getting a job, plus be treated as if they were the criminal. Volumes of victims of phishing and other scams may not be known.
Individuals who have been infected with spyware or malware likely go through a costly and time-consuming process of having their computer cleaned. Spyware and malware is considered to be a problem specific to the various Microsoft Windows operating systems, however this can be explained somewhat by the fact that Microsoft controls a major share of the PC market and thus represent the most prominent target.
Reasons
There are many similarities (yet many fundamental differences) between computer and physical security. Just like real-world security, the motivations for breaches of computer security vary between attackers, sometimes called hackers or crackers. Some are teenage thrill-seekers or vandals (the kind often responsible for defacing web sites); similarly, some web site defacements are done to make political statements. However, some attackers are highly skilled and motivated with the goal of compromising computers for financial gain or espionage. An example of the latter is Markus Hess who spied for the KGB and was ultimately caught because of the efforts of Clifford Stoll, who wrote an amusing and accurate book, The Cuckoo's Egg, about his experiences. For those seeking to prevent security breaches, the first step is usually to attempt to identify what might motivate an attack on the system, how much the continued operation and information security of the system are worth, and who might be motivated to breach it. The precautions required for a home PC are very different for those of banks' Internet banking system, and different again for a classified military network. Other computer security writers suggest that, since an attacker using a network need know nothing about you or what you have on your computer, attacker motivation is inherently impossible to determine beyond guessing. If true, blocking all possible attacks is the only plausible action to take.
Vulnerabilities
To understand the techniques for securing a computer system, it is important to first understand the various types of "attacks" that can be made against it. These threats can typically be classified into one of these seven categories:
Exploits
Software flaws, especially buffer overflows, are often exploited to gain control of a computer, or to cause it to operate in an unexpected manner. Many development methodologies used by embedded software licensing professionals rely on testing to ensure the quality of any code released;; this process often fails to discover extremely unusual potential exploits. The term "exploit" generally refers to small programs designed to take advantage of a software flaw that has been discovered, either remote or local. The code from the exploit program is frequently reused in trojan horses and computer viruses. In some cases, a vulnerability can lie in certain programs' processing of a specific file type, such as a non-executable media file.
Eavesdropping
Any data that is transmitted over a network is at some risk of being eavesdropped, or even modified by a malicious person. Even machines that operate as a closed system (ie, with no contact to the outside world) can be eavesdropped upon via monitoring the faint electro-magnetic transmissions generated by the hardware such as TEMPEST. The FBI's proposed Carnivore program was intended to act as a system of eavesdropping protocols built into the systems of internet service providers.
Social engineering and human error
A computer system is no more secure than the human systems responsible for its operation. Malicious individuals have regularly penetrated well-designed, secure computer systems by taking advantage of the carelessness of trusted individuals, or by deliberately deceiving them, for example sending messages that they are the system administrator and asking for passwords. This deception is known as Social engineering.
Denial of service attacks
Denial of service (DoS) attacks differ slightly from those listed above, in that they are not primarily a means to gain unauthorized access or control of a system. They are instead designed to render it unusable. Attackers can deny service to individual victims, such as by deliberately guessing a wrong password 3 consecutive times and thus causing the victim account to be locked, or they may overload the capabilities of a machine or network and block all users at once. These types of attack are, in practice, very hard to prevent, because the behavior of whole networks needs to be analyzed, not only the behaviour of small pieces of code. Distributed denial of service (DDoS) attacks are common, where a large number of compromised hosts (commonly referred to as "zombie computers") are used to flood a target system with network requests, thus attempting to render it unusable through resource exhaustion. Another technique to exhaust victim resources is through the use of an attack amplifier - where the attacker takes advantage of poorly designed protocols on 3rd party machines, such as FTP or DNS, in order to instruct these hosts to launch the flood. There are also commonly vulnerabilities in applications that cannot be used to take control over a computer, but merely make the target application malfunction or crash. This is known as a denial-of-service exploit.
Indirect attacks
Attacks in which one or more of the attack types above are launched from a third party computer which has been taken over remotely. By using someone else's computer to launch an attack, it becomes far more difficult to track down the actual attacker. There have also been cases where attackers took advantage of public anonymizing systems, such as the tor onion router system.
Backdoors
Methods of bypassing normal authentication or giving remote access to a computer to somebody who knows about the backdoor, while intended to remain hidden to casual inspection. The backdoor may take the form of an installed program (e.g., Back Orifice) or could be in the form of an existing "legitimate" program, or executable file. A specific form of backdoors are rootkits, which replaces system binaries and/or hooks into the function calls of the operating system to hide the presence of other programs, users, services and open ports. It may also fake information about disk and memory usage.
Direct access attacks
Common consumer devices that can be used to transfer data surreptitiously.
Common consumer devices that can be used to transfer data surreptitiously.
Someone gaining physical access to a computer can install all manner of devices to compromise security, including operating system modifications, software worms, key loggers, and covert listening devices. The attacker can also easily download large quantities of data onto backup media, for instance CD-R/DVD-R, tape; or portable devices such as keydrives, digital cameras or digital audio players. Another common technique is to boot an operating system contained on a CD-ROM or other bootable media and read the data from the harddrive(s) this way. The only way to defeat this is to encrypt the storage media and store the key separate from the system.
Reducing vulnerabilities
Computer code is regarded by some as just a form of mathematics. It is theoretically possible to prove the correctness of computer programs though the likelihood of actually achieving this in large-scale practical systems is regarded as unlikely in the extreme by some with practical experience in the industry -- see Bruce Schneier et al.
It's also possible to protect messages in transit (ie, communications) by means of cryptography. One method of encryption —the one-time pad —has been proven to be unbreakable when correctly used. This method was used by the Soviet Union during the Cold War, though flaws in their implementation allowed some cryptanalysis (See Venona Project). The method uses a matching pair of key-codes, securely distributed, which are used once-and-only-once to encode and decode a single message. For transmitted computer encryption this method is difficult to use properly (securely), and highly inconvenient as well. Other methods of encryption, while breakable in theory, are often virtually impossible to directly break by any means publicly known today. Breaking them requires some non-cryptographic input, such as a stolen key, stolen plaintext (at either end of the transmission), or some other extra cryptanalytic information.
Social engineering and direct computer access (physical) attacks can only be prevented by non-computer means, which can be difficult to enforce, relative to the sensitivity of the information. Even in a highly disciplined environment, such as in military organizations, social engineering attacks can still be difficult to foresee and prevent.
In practice, only a small fraction of computer program code is mathematically proven, or even goes through comprehensive information technology audits or inexpensive but extremely valuable computer security audits, so it's usually possible for a determined cracker to read, copy, alter or destroy data in well secured computers, albeit at the cost of great time and resources. Extremely few, if any, attackers would audit applications for vulnerabilities just to attack a single specific system. You can reduce a cracker's chances by keeping your systems up to date, using a security scanner or/and hiring competent people responsible for security. The effects of data loss/damage can be reduced by careful backing up and insurance.
Security measures
A state of computer "security" is the conceptual ideal, attained by the use of the three processes:
1. Prevention,
2. Detection, and
3. Response.
* User account access controls and cryptography can protect systems files and data, respectively.
* Firewalls are by far the most common prevention systems from a network security perspective as they can (if properly configured) shield access to internal network services, and block certain kinds of attacks through packet filtering.
* Intrusion Detection Systems (IDS's) are designed to detect network attacks in progress and assist in post-attack forensics, while audit trails and logs serve a similar function for individual systems.
* "Response" is necessarily defined by the assessed security requirements of an individual system and may cover the range from simple upgrade of protections to notification of legal authorities, counter-attacks, and the like. In some special cases, a complete destruction of the compromised system is favored.
Today, computer security comprises mainly "preventive" measures, like firewalls or an Exit Procedure. A firewall can be defined as a way of filtering network data between a host or a network and another network, such as the Internet, and is normally implemented as software running on the machine, hooking into the network stack (or, in the case of most UNIX-based operating systems such as Linux, built into the operating system kernel) to provide realtime filtering and blocking. Another implementation is a so called physical firewall which consists of a separate machine filtering network traffic. Firewalls are common amongst machines that are permanently connected to the Internet (though not universal, as demonstrated by the large numbers of machines "cracked" by worms like the Code Red worm which would have been protected by a properly-configured firewall). However, relatively few organizations maintain computer systems with effective detection systems, and fewer still have organised response mechanisms in place.
Difficulty with response
Responding forcefully to attempted security breaches (in the manner that one would for attempted physical security breaches) is often very difficult for a variety of reasons:
* Identifying attackers is difficult, as they are often in a different jurisdiction to the systems they attempt to breach, and operate through proxies, temporary anonymous dial-up accounts, wireless connections, and other anonymising procedures which make backtracing difficult and are often located in yet another jurisdiction. If they successfully breach security, they are often able to delete logs to cover their tracks.
* The sheer number of attempted attacks is so large that organisations cannot spend time pursuing each attacker (a typical home user with a permanent (eg, cable modem) connection will be attacked at least several times per day, so more attractive targets could be presumed to see many more). Note however, that most of the sheer bulk of these attacks are made by automated vulnerability scanners and computer worms.
* Law enforcement officers are often unfamiliar with information technology, and so lack the skills and interest in pursuing attackers. There are also budgetary constraints. It has been argued that the high cost of technology, such as DNA testing, and improved forensics mean less money for other kinds of law enforcement, so the overall rate of criminals not getting dealt with goes up as the cost of the technology increases.

Fortunately, there are steps you can take to protect your computer, your information and your peace of mind from computer creeps who try to slow down a network operation, or worse yet, steal personal information to commit a crime. Here are some tips to help you, from the Mumbai Police
Make sure your passwords have both letters and numbers, and are at least eight characters long. Avoid common words: some hackers use programs that can try every word in the dictionary. Don’t use your personal information, your login name or adjacent keys on the keyboard as passwords-and don’t share your passwords online or over the phone.

The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information.. 
By spamming large groups of people, the “phisher†counted on the e-mail being read by a percentage of people who actually had listed credit card numbers with legitimately. Phishing, also referred to as brand spoofing or carding, is a variation on “fishing,†the idea being that bait is thrown out with the hopes that while most will ignore the bait, some will be tempted into biting.

This is an act by the criminal, who floods the bandwidth of the victim’s network or fills his e-mail box with spam mail depriving him of the services he is entitled to access or provide.
Short for denial-of-service attack, a type of attack on a network that is designed to bring the network to its knees by flooding it with useless traffic. Many DoS attacks, such as the Ping of Death and Teardrop attacks, exploit limitations in the TCp/IP protocols. For all known DoS attacks, there are software fixes that system administrators can install to limit the damage caused by the attacks. But, like Virus, new DoS attacks are constantly being dreamed up by Hacker.

 Cyber Stalking can be defined as the repeated acts harassment or threatening behavior of the cyber criminal towards the victim by using internet services. Stalking in General terms can be referred to as the repeated acts of harassment targeting the victim such as following the victim, making harassing phone calls, killing the victims pet, vandalizing victims property, leaving written messages or objects. Stalking may be followed by serious violent acts such as physical harm to the victim and the same has to be treated and viewed seriously. It all depends on the course of conduct of the stalker.
Both kind of Stalkers – Online & Offline – have desire to control the victims life. Majority of the stalkers are the dejected lovers or ex-lovers, who then want to harass the victim because they failed to satisfy their secret desires. Most of the stalkers are men and victim female.

How do they Operate
a. Collect all personal information about the victim such as name, family background, Telephone Numbers of residence and work place, daily routine of the victim, address of residence and place of work, date of birth etc. If the stalker is one of the acquaintances of the victim he can easily get this information. If stalker is a stranger to victim, he collects the information from the internet resources such as various profiles, the victim may have filled in while opening the chat or e-mail account or while signing an account with some website.
b. The stalker may post this information on any website related to sex-services or dating services, posing as if the victim is posting this information and invite the people to call the victim on her telephone numbers to have sexual services. Stalker even uses very filthy and obscene language to invite the interested persons.
c. People of all kind from nook and corner of the World, who come across this information, start calling the victim at her residence and/or work place, asking for sexual services or relationships.
d. Some stalkers subscribe the e-mail account of the victim to innumerable pornographic and sex sites, because of which victim starts receiving such kind of unsolicited e-mails.
e. Some stalkers keep on sending repeated e-mails asking for various kinds of favors or threaten the victim.
f. In online stalking the stalker can make third party to harass the victim.
g. Follow their victim from board to board. They “hangout” on the same BB’s as their victim, many times posting notes to the victim, making sure the victim is aware that he/she is being followed. Many times they will “flame” their victim (becoming argumentative, insulting) to get their attention.
h. Stalkers will almost always make contact with their victims through email. The letters may be loving, threatening, or sexually explicit. He will many times use multiple names when contacting the victim.
i. Contact victim via telephone. If the stalker is able to access the victims telephon, he will many times make calls to the victim to threaten, harass, or intimidate them.
j. Track the victim to his/her home.
Definition of Cyberstalking?
Although there is no universally accepted definition of cyberstalking, the term is used in this report to refer to the use of the Internet, e-mail, or other electronic communications devices to stalk another person. Stalking generally involves harassing or threatening behavior that an individual engages in repeatedly, such as following a person, appearing at a person’s home or place of business, making harassing phone calls, leaving written messages or objects, or vandalizing a person’s property. Most stalking laws require that the perpetrator make a credible threat of violence against the victim; others include threats against the victim’s immediate family; and still others require only that the alleged stalker’s course of conduct constitute an implied threat.(1) While some conduct involving annoying or menacing behavior might fall short of illegal stalking, such behavior may be a prelude to stalking and violence and should be treated seriously.

Nature and Extent of Cyberstalking
An existing problem aggravated by new technology
Although online harassment and threats can take many forms, cyberstalking shares important characteristics with offline stalking. Many stalkers – online or off – are motivated by a desire to exert control over their victims and engage in similar types of behavior to accomplish this end. As with offline stalking, the available evidence (which is largely anecdotal) suggests that the majority of cyberstalkers are men and the majority of their victims are women, although there have been reported cases of women cyberstalking men and of same-sex cyberstalking. In many cases, the cyberstalker and the victim had a prior relationship, and the cyberstalking begins when the victim attempts to break off the relationship. However, there also have been many instances of cyberstalking by strangers. Given the enormous amount of personal information available through the Internet, a cyberstalker can easily locate private information about a potential victim with a few mouse clicks or key strokes.
The fact that cyberstalking does not involve physical contact may create the misperception that it is more benign than physical stalking. This is not necessarily true. As the Internet becomes an ever more integral part of our personal and professional lives, stalkers can take advantage of the ease of communications as well as increased access to personal information. In addition, the ease of use and non-confrontational, impersonal, and sometimes anonymous nature of Internet communications may remove disincentives to cyberstalking. Put another way, whereas a potential stalker may be unwilling or unable to confront a victim in person or on the telephone, he or she may have little hesitation sending harassing or threatening electronic communications to a victim. Finally, as with physical stalking, online harassment and threats may be a prelude to more serious behavior, including physical violence.

 The Internet is being highly used by its abusers to reach and abuse children sexually, worldwide. The internet is very fast becoming a household commodity in India . It’s explosion has made the children a viable victim to the cyber crime. As more homes have access to internet, more children would be using the internet and more are the chances of falling victim to the aggression of pedophiles.
The easy access to the pornographic contents readily and freely available over the internet lower the inhibitions of the children. Pedophiles lure the children by distributing pornographic material, then they try to meet them for sex or to take their nude photographs including their engagement in sexual positions. Sometimes Pedophiles contact children in the chat rooms posing as teenagers or a child of similar age, then they start becoming friendlier with them and win their confidence. Then slowly pedophiles start sexual chat to help children shed their inhibitions about sex and then call them out for personal interaction. Then starts actual exploitation of the children by offering them some money or falsely promising them good opportunities in life. The pedophiles then sexually exploit the children either by using them as sexual objects or by taking their pornographic pictures in order to sell those over the internet.

A black hat is a person who compromises the security of a computer system without permission from an authorized party, typically with malicious intent. The term white hat is used for a person who is ethically opposed to the abuse of computer systems, but is frequently no less skilled. The term cracker was coined by Richard Stallman to provide an alternative to using the existing word hacker for this meaning.[1] The somewhat similar activity of defeating copy prevention devices in software which may or may not be legal in a country's laws is actually software cracking. Terminology

Use of the term "cracker" is mostly limited (as is "black hat") to some areas of the computer and security field and even there, it is considered controversial. Until the 1980s, all people with a high level of skills at computing were known as "hackers". A group that calls themselves hackers refers to "a group that consists of skilled computer enthusiasts". The other, and currently more common usage, refers to those who attempt to gain unauthorized access to computer systems. Over time, the distinction between those perceived to use such skills with social responsibility and those who used them maliciously or criminally, became perceived as an important divide. Many members of the first group attempt to convince people that intruders should be called crackers rather than hackers, but the common usage remains ingrained. The former became known as "hackers" or (within the computer security industry) as white hats, and the latter as "crackers" or "black hats". The general public tends to use the term "hackers" for both types, a source of some conflict when the word is perceived to be used incorrectly; for example Linux has been criticised as "written by hackers". In computer jargon the meaning of "hacker" can be much broader.
Usually, a black hat is a person who uses their knowledge of vulnerabilities and exploits for private gain, rather than revealing them either to the general public or the manufacturer for correction. Many black hats hack networks and web pages solely for financial gain. Black hats may seek to expand holes in systems; any attempts made to patch software are generally done to prevent others from also compromising a system they have already obtained secure control over. A black hat hacker may write their own zero-day exploits (private software that exploits security vulnerabilities; 0-day exploits have not been distributed to the public). In the most extreme cases, black hats may work to cause damage maliciously, and/or make threats to do so as extortion.
Methods
Techniques for breaking into systems can involve advanced programming skills and social engineering, but more commonly will simply be the use of semi-automatic software. Common software weaknesses exploited include buffer overflow, integer overflow, memory corruption, format string attacks, race conditions, cross-site scripting, cross-site request forgery, code injection and SQL injection bugs.

A Grey Hat in the computer security community, refers to a skilled hacker who sometimes acts legally, sometimes in good will, and sometimes not. They are a hybrid between white and black hat hackers. They usually do not hack for personal gain or have malicious intentions, but may or may not occasionally commit crimes during the course of their technological exploits.
Disambiguation

A white hat hacker, also rendered as ethical hacker, is, in the realm of information technology, a person who is ethically opposed to the abuse of computer systems. Realization that the Internet now represents human voices from around the world has made the defense of its integrity an important pastime for many. A white hat generally focuses on securing IT systems, whereas a black hat (the opposite) would like to break into them.
Terminology

 When Internet was developed, the founding fathers of Internet hardly had any inclination that Internet could also be misused for criminal activities. Today, there are many disturbing things happening in cyberspace.
Cybercrime refers to all the activities done with criminal intent in cyberspace. These could be either the criminal activities in the conventional sense or could be activities, newly evolved with the growth of the new medium. Because of the anonymous nature of the Internet, it is possible to engage into a variety of criminal activities with impunity and people with intelligence, have been grossly misusing this aspect of the Internet to perpetuate criminal activities in cyberspace. 

The field of Cybercrime is just emerging and new forms of criminal activities in cyberspace are coming to the forefront with the passing of each new day. In short we can say, Cyber crimes are any crimes that involve a computer and a network. In some cases, the computer may have been used in order to commit the crime, and in other cases, the computer may have been the target of the crime. 
Cyber crime encompasses any criminal act dealing with computers and networks (called hacking). Additionally, cyber crime also includes traditional crimes conducted through the Internet. For example; hate crimes, telemarketing and Internet fraud, identity theft, and credit card account thefts are considered to be cyber crimes when the illegal activities are committed through the use of a computer and the Internet.

Cyber crime has become a profession and the demographic of your typical cyber criminal is changing rapidly, from bedroom-bound geek to the type of organized gangster more traditionally associated with drug-trafficking, extortion and money laundering.
It has become possible for people with comparatively low technical skills to steal thousands of pounds a day without leaving their homes. In fact, to make more money than can be made selling heroin (and with far less risk), the only time the criminal need leave his PC is to collect his cash. Sometimes they don't even need to do that.
In all industries, efficient business models depend upon horizontal separation of production processes, professional services, sales channels etc. (each requiring specialized skills and resources), as well as a good deal of trade at prices set by the market forces of supply and demand. Cyber crime is no different: it boasts a buoyant international market for skills, tools and finished product. It even has its own currency.
The rise of cyber crime is inextricably linked to the ubiquity of credit card transactions and online bank accounts. Get hold of this financial data and not only can you steal silently, but also – through a process of virus-driven automation – with ruthlessly efficient and hypothetically infinite frequency.
The question of how to obtain credit card/bank account data can be answered by a selection of methods each involving their own relative combinations of risk, expense and skill.
The most straightforward is to buy the ‘finished product’. In this case we’ll use the example of an online bank account. The product takes the form of information necessary to gain authorized control over a bank account with a six-figure balance. The cost to obtain this information is $400 (cyber criminals always deal in dollars). It seems like a small figure, but for the work involved and the risk incurred it’s very easy money for the criminal who can provide it. Also remember that this is an international trade; many cyber-criminals of this ilk are from poor countries in Eastern Europe, South America or South-East Asia.
The probable marketplace for this transaction will be a hidden IRC (Internet Relay Chat) chatroom. The $400 fee will most likely be exchanged in some form of virtual currency such as e-gold.
Not all cyber-criminals operate at the coalface, and certainly don’t work exclusively of one another; different protagonists in the crime community perform a range of important, specialized functions.


These broadly encompass:
Coders – comparative veterans of the hacking community. With a few years' experience at the art and a list of established contacts, ‘coders’ produce ready-to-use tools (i.e. Trojans, mailers, custom bots) or services (such as making a binary code undetectable to AV engines) to the cyber crime labour force – the ‘kids’. Coders can make a few hundred dollars for every criminal activity they engage in.
Kids – so-called because of their tender age: most are under 18. They buy, trade and resell the elementary building blocks of effective cyber-scams such as spam lists, php mailers, proxies, credit card numbers, hacked hosts, scam pages etc. ‘Kids’ will make less than $100 a month, largely because of the frequency of being ‘ripped off’ by one another.
Drops – the individuals who convert the ‘virtual money’ obtained in cyber crime into real cash. Usually located in countries with lax e-crime laws (Bolivia, Indonesia and Malaysia are currently very popular), they represent ‘safe’ addresses for goods purchased with stolen financial details to be sent, or else ‘safe’ legitimate bank accounts for money to be transferred into illegally, and paid out of legitimately.
Mobs – professionally operating criminal organizations combining or utilizing all of the functions covered by the above. Organized crime makes particularly good use of safe ‘drops’, as well as recruiting accomplished ‘coders’ onto their payrolls.
Gaining control of a bank account is increasingly accomplished through phishing. There are other cyber crime techniques, but space does not allow their full explanation.
All of the following phishing tools can be acquired very cheaply: a scam letter and scam page in your chosen language, a fresh spam list, a selection of php mailers to spam-out 100,000 mails for six hours, a hacked website for hosting the scam page for a few days, and finally a stolen but valid credit card with which to register a domain name. With all this taken care of, the total costs for sending out 100,000 phishing emails can be as little as $60. This kind of ‘phishing trip’ will uncover at least 20 bank accounts of varying cash balances, giving a ‘market value’ of $200 – $2,000 in e-gold if the details were simply sold to another cybercriminal. The worst-case scenario is a 300% return on the investment, but it could be ten times that.
Better returns can be accomplished by using ‘drops’ to cash the money. The risks are high, though: drops may take as much as 50% of the value of the account as commission, and instances of ‘ripping off’ or ‘grassing up’ to the police are not uncommon. Cautious phishers often separate themselves from the physical cashing of their spoils via a series of ‘drops’ that do not know one another. However, even taking into account the 50% commission, and a 50% ‘rip-off’ rate, if we assume a single stolen balance of $10,000 – $100,000, then the phisher is still looking at a return of between 40 and 400 times the meagre outlay of his/her phishing trip.
In large operations, offshore accounts are invariably used to accumulate the criminal spoils. This is more complicated and far more expensive, but ultimately safer.
The alarming efficiency of cybercrime can be illustrated starkly by comparing it to the illegal narcotics business. One is faster, less detectable, more profitable (generating a return around 400 times higher than the outlay) and primarily non-violent. The other takes months or years to set-up or realise an investment, is cracked down upon by all almost all governments internationally, fraught with expensive overheads, and extremely dangerous.
Add phishing to the other cyber-criminal activities driven by hacking and virus technologies – such as carding, adware/spyware planting, online extortion, industrial spying and mobile phone dialers – and you’ll find a healthy community of cottage industries and international organizations working together productively and trading for impressive profits. Of course these people are threatening businesses and individuals with devastating loss, financial hardship and troubling uncertainty – and must be stopped.

Internet crime is crime committed on the Internet, using the Internet and by means of the Internet.

Computer crime is a general term that embraces such crimes as phishing, credit card frauds, bank robbery, illegal downloading, industrial espionage, child pornography, kidnapping children via chat rooms, scams, cyberterrorism, creation and/or distribution of viruses, Spam and so on. All such crimes are computer related and facilitated crimes.

With the evolution of the Internet, along came another revolution of crime where the perpetrators commit acts of crime and wrongdoing on the World Wide Web. Internet crime takes many faces and is committed in diverse fashions. The number of users and their diversity in their makeup has exposed the Internet to everyone. Some criminals in the Internet have grown up understanding this superhighway of information, unlike the older generation of users. This is why Internet crime has now become a growing problem in the United States. Some crimes committed on the Internet have been exposed to the world and some remain a mystery up until they are perpetrated against someone or some company.The different types of Internet crime vary in their design and how easily they are able to be committed. Internet crimes can be separated into two different categories. There are crimes that are only committed while being on the Internet and are created exclusively because of the World Wide Web. The typical crimes in criminal history are now being brought to a whole different level of innovation and ingenuity. Such new crimes devoted to the Internet are email “phishing”, hijacking domain names, virus immistion, and cyber vandalism. A couple of these crimes are activities that have been exposed and introduced into the world. People have been trying to solve virus problems by installing virus protection software and other software that can protect their computers. Other crimes such as email “phishing” are not as known to the public until an individual receives one of these fraudulent emails. These emails are cover faced by the illusion that the email is from your bank or another bank. When a person reads the email he/she is informed of a problem with he/she personal account or another individual wants to send the person some of their money and deposit it directly into their account. The email asks for your personal account information and when a person gives this information away, they are financing the work of a criminal

Statistics

The statistics that have been obtained and reported about demonstrate the seriousness Internet crimes in the world. Just the "phishing" emails mentioned in a previous paragraph produce one billion dollars for their perpetrators (Dalton 1). In a FBI survey in early 2004, 90 percent of the 500 companies surveyed reported a security breach and 80 percent of those suffered a financial loss (Fisher 22). A national statistic in 2003 stated that four billion dollars in credit card fraud are lost each year. Only two percent of credit card transactions take place over the Internet but fifty percent of the four billion, mentioned before, are from the transaction online (Burden and Palmer 5). All these finding are just an illustration of the misuse of the Internet and a reason why Internet crime has to be slowed down.

Stopping the problem

The question about how to police these crimes has already been constructed, but this task is turning out to be an uphill battle. Since the first computer crime law, the Counterfeit Access Device and Computer Fraud and Abuse Act of 1984, the government has been trying to track down and stop online criminals. The FBI has tried many programs and investigations in order to deter Internet crime, like creating an online crime registry for employers (Metchik 29). The reality is that Internet criminals are rarely caught. One reason is that hackers will use one computer in one country to hack another computer in another country. Another eluding technique used is the changing of the emails, which are involved in virus attacks and “phishing” emails so that a pattern cannot be recognized. An individual can do their best to protect themselves simply by being cautious and careful. Internet users need to watch suspicious emails, use unique passwords, and run anti-virus and anti-spyware software. Do not open any email or run programs from unknown sources.