Professional Documents
Culture Documents
NAME:
ROLL : 1283054
8TH SEMESTER
ACKNOWLEDGMENT
I am feeling highly elated to work on under the guidance of my Cyber Law Faculty . I am
very grateful to him for the exemplary guidance. I would like to enlighten my readers
regarding this topic and I hope I have tried my best to bring more luminosity to this topic.
I also want to thank all of my friends, without whose cooperation this project was not
possible. Apart from all these, I want to give special thanks to the librarian of my
university who made every relevant materials regarding to my topic available to me at the
time of my busy research work and gave me assistance.
RESEARCH METHODOLOGY
The method used for research is the doctrinal method and involves research in the library and on
the internet.
HYPOTHESIS
The denial of service attacks are a threat to cyberspace security in whole.
Contents
DENIAL OF SERVICE ATTACK...................................................................................................1
INTRODUCTION...........................................................................................................................4
WHAT ARE CYBER CRIMES...................................................................................................4
DIFFERENT TYPES OF CYBER CRIMES..............................................................................5
DENIAL OF SERVICE ATTACKS.................................................................................................6
DISTRIBUTED DENIAL OF SERVICE ATTACKS.................................................................7
DENIAL-OF-SERVICE ATTACK:A WEAPON AGAINST PIRACY?.........................................8
LAWS REGARDING DENIAL OF SERVICE ATTACKS..........................................................11
INSTANCES OF DENIAL OF SERVICE ATTACKS..................................................................13
CONCLUSION..............................................................................................................................16
BIBLIOGRAHY............................................................................................................................17
INTRODUCTION
The advancement of technology has made man dependent on Internet for all his needs. Internet
has given man easy access to everything while sitting at one place. Social networking, online
shopping, storing data, gaming, online studying, online jobs, every possible thing that man can
think of can be done through the medium of internet. Internet is used in almost every sphere.
With the development of the internet and its related benefits also developed the concept of cyber
crimes. Cyber crimes are committed in different forms. A few years back, there was lack of
awareness about the crimes that could be committed through internet. In the matters of cyber
crimes, India is also not far behind the other countries where the rate of incidence of cyber
crimes is also increasing day by day.
In a report published by the National Crime Records Bureau report (NCRB 2011), the incidence
of cyber crimes under the IT Act has increased by 85.4% in the year 2011 as compared to 2010 in
India, whereas the increase in incidence of the crime under IPC is by 18.5% as compared to the
year 2010. Visakhapatnam records the maximum number of incidence of cases. Maharashtra has
emerged as the center of cyber crime with maximum number of incidence of registered cases
under cyber crimes. Hacking with computer systems and obscene publication were the main
cases under IT Act for cyber crimes. Maximum offenders arrested for cyber crimes were in the
age group 18-30 years. 563 people in the age group 18-30 years were arrested in the year 2010
which had increased to 883 in the year 2011.
from electronic cracking to denial of service attacks. It also covers the traditional crimes in
which computers or networks are used to enable the illicit activity.
Unlike other security attacks, DoS attacks usually do not aim at breach of security. Rather, they
are focused on making websites and services unavailable to genuine users resulting in loss of
time and money. These attacks can last many days, jeopardizing the image of an organization and
causing revenue loss towards compensation to users for unavailability of services at the time of
an emergency.
DoS attacks can be of various types depending on the outcomes. Some examples are Smurf
attack, Ping flood, Ping of death, Teardrop attack, Email bomb, etc. Also, the motive of these
attacks could be many, including extortion, personal rivalry, cyber warfare, business competition,
etc.
Although there is not much that can be done to stop these attacks, some basic prevention steps
that can be taken include monitoring the traffic for abnormalities, keeping security definitions
up-to-date, and being aware of the latest threats via social platforms.3
INTERPOL has been working with the Internet Corporation for Assigned Names and Numbers
(ICANN), the non-profit responsible for overseeing the internets domain name structure, to
prevent these abuses.
have a take on the present topic which can be accessed here). However, the only point relevant to
our discussion is the existence of a notice and takes down regime. Section 79, does incorporate
facets of, a notice and take down regime since it expressly notes, in Section 79(3)(b) that the
protections will not apply if the intermediary fails to, on actual knowledge expeditiously
remove the link, or disable access. However, Section 79 misses out on the specifics, and they
are missing from the statute books. This is contrary to the approach which has been followed in
the DMCA, which expressly provides the appointment of a DMCA agent, a notice and take down
procedure with limits as to time (comes handy when you think how much time constitutes
expeditiously), counter-notification procedure, etc.. Zeroing on this the available legal
literature on Internet Intermediary liability in India is though being incredibly diverse, agrees on
one thing, the language in Section 79 is ambiguous and its effect is uncertain.
This ambiguity, the absence of definitions and procedures in part promotes a DOS attack. It is
unreasonable equally on content and link hosting websites who do not have a brightline rule as
well as content owners who are to wait on their enforcement till rules are enacted for a notice and
take down procedure. It promotes conflict and it promotes private enforcement through extrajudicial processes. Why file a court action based on ambiguous statute when you can handle
such matters more efficiently. Sample what Mr. Girish Kumar, MD, AIplex Software has to
say about the next step to a copyright infringement notice, How can we put the site down? The
only means that we can put the site down is by launching a denial-of-service attack. Basically we
have to flood the site with millions and millions of requests and put the site down.
This launch of a Denial of Service attack on a moral plane is certainly not proportional, as it goes
beyond disabling the infringing link to the entire website. Even if one reasons that this is the only
possible technical solution, it is clearly illegal. The violation of the copyright provides a content
owner a remedy under law and a DOS attack is not one of them. Of course an anton pillar order
cannot be enforced against a website hosted in Sweden by Russian nationals and the remedy is a
paper tiger, the failure of the remedy should not birth the right to a wrong. DOS as a cyberwrong
is clearly provided under Indian statute with Section 43(f) clearly prohibiting it by stating that,
any person who, denies or causes the denial of access to any person authorised to access any
computer, computer system or computer network by any means; shall be liable.
Society often does not the see the immediate effects of vigilante justice and it even often tacitly
approves them. Vigilante justice is seen as a quick and dirty way of taking care of business.
However, it does have serious effects as to promoting lawlessness itself. These are not
philosophical pronouncements but the analysis of the current controversy itself. Due to the
actions of Aiplex, a group of persons who usually congregate around message boards such as
4Chan and go by the meme of Anonymous have started launching coordinated DOS attacks on
media watchdogs themselves. Operation Payback as it is called, seems planned and well
coordinated. Its ideology and rationale appear compelling and it can be gathered from its
propaganda poster. This all looks like a destructive cycle which will be stuck on repeat. At the
end of the day it will invite more attention to the open architecture of the internet and there will
be a general crackdown on the protocols and technology which allows anonymity.
Evaluating the present situation if one if to allocate blame, one would easily allocate more to the
content owners than website owners. Content If you set the instance in Bhagalpur the content
owners would be the acid pouring policemen and the website owners would be the lawless
criminals. It is important to consider that content owners who have organized these DOS attacks,
though may be suffering a legal injury are large corporations claim to be model citizens. It does
not befit their stature, reputation and legal obligations to engage in DOS attacks. Finally, in a day
an age where copyright has become a more of a topic for debate than a provision of law, when it
is generally suffixed by reformer and enforcer and it is the subject of constant demands for
revision by any interest group the use of a DOS attack is not only legally but also morally
indefensible.
person who is in charge of a computer, accesses or downloads, copies or extracts any data or
introduces any computer contaminant like virus or damages or disrupts any computer or denies
access to a computer to an authorised user or tampers etc, he shall be liable to pay damages to the
person so affected. Earlier in the ITA -2000 the maximum damages under this head was Rs.1
crore, which (the ceiling) was since removed in the ITAA 2008.
The essence of this Section is civil liability. Criminality in the offence of data theft is being
separately dealt with later under Sections 65 and 66. Writing a virus program or spreading a virus
mail, a bot, a Trojan or any other malware in a computer network or causing a Denial of Service
Attack in a server will all come under this Section and attract civil liability by way of
compensation. Under this Section, words like Computer Virus, Compute Contaminant, Computer
database and Source Code are all described and defined.
The Indian Penal Code, 1860: Normally referred to as the IPC, this is a very powerful
legislation and probably the most widely used in criminal jurisprudence, serving as the main
criminal code of India.
Enacted originally in 1860 and amended many time since, it covers almost all substantive aspects
of criminal law and is supplemented by other criminal provisions. In independent India, many
special laws have been enacted with criminal and penal provisions which are often referred to
and relied upon, as an additional legal provision in cases which refer to the relevant provisions of
IPC as well.
ITA 2000 has amended the sections dealing with records and documents in the IPC by inserting
the word electronic thereby treating the electronic records and documents on a par with
physical records and documents. The Sections dealing with false entry in a record or false
document etc (eg 192, 204, 463, 464, 464, 468 to 470, 471, 474, 476 etc) have since been
amended as electronic record and electronic document thereby bringing within the ambit of IPC,
all crimes to an electronic record and electronic documents just like physical acts of forgery or
falsification of physical records.
In practice, however, the investigating agencies file the cases quoting the relevant sections from
IPC in addition to those corresponding in ITA like offences under IPC 463,464, 468 and 469 read
with the ITA/ITAA Sections 43 and 66, to ensure the evidence or punishment stated at least in
either of the legislations can be brought about easily.
that a bank ATM machine is unusable because someone has stuck chewing gum in it. For the
Internet, it means not being able to access an e-commerce site or a Web site. In case of a
telecommunications network, DoS happens when there is a flooding of the network. If an
application software or system breaks due to some security attack resulting in the application or
system being unavailable, it is also a DoS attack. Because adversaries are concerned only with
causing a jam by consuming bandwidth and resources so that a legitimate user cannot access the
system, the need not worry about properly completing handshakes and transactions. Rather, they
wish to flood the victim's computer with as many packets as possible in a short period of time. To
prolong the effectiveness of the attack, they spoof source IP addresses to make tracing and stopping the DoS be as difficult as possible
Some more cases of DoS attacks are.
(i) Nov 1988 - the Morris worm, written by Cornell CS grad student Robert Morris, was the
very first significant DoS attack. Morris put roughly 5000 machines out of commission
for several hours.
(ii) Mar 1998 - Attackers exploited a problem with Windows NT servers, and successfully
drove thousands of NT stations, including ones at NASA, MIT, the U.S. Navy, and UC
Berkeley, offline. This DoS attack led to the formation of the FBIs Infrastructure
Protection and Computer Intrusion Squad, better known as the Power Rangers.
(iii)
Feb 2000 - DDoS attack caused shutdown of Yahoo, eBay and Amazon for a few
hours.
(iv) Jan 2001 - First major attack involving DNS servers as reflectors. The target was
Register.com.
(v) Feb 2001 - The Irish Government's Department of Finance server was hit by a denial of
service attack carried out as part of a student campaign from NUI Maynooth.
(vi) May 2001 - Worm Code Red was supposed to attack White House website.
(vii)
Oct 2002 - Attackers performed DNS Backbone DDoS Attacks on the DNS root
servers and disrupted service at 9 of the 13 root servers. Aug 2003 - Worm Blaster
attacks Microsoft web pages.
(viii)
(ix) Feb 2007 - Attackers performed a second set of DNS Backbone DDoS Attacks on the
DNS root servers and caused disruptions at two of the root servers.
(x)
(xi)
July 2008 A DDoS attack directed at Georgian government sites containing the
message: "win+love+in+Rusia" [sic] effectively overloaded and shut down multiple
Georgian servers. Websites targeted included the Web site of the Georgian president,
Mikhail Saakashvili, rendered inoperable for 24 hours, and the National Bank of
Georgia.
(xii)
distributed DDoS attack," which disrupts service to about half of its 1,000 customers."
(xiii)
Mar 31, 2009 - A DDoS attack knocks UltraDNS offline for several hours.
(xiv)
April 2-5, 2009 - Domain registrar Register.com is hit with a DDoS that causes
Apr 6-7, 2009 - Customers of The Planet are hit by web site outages as a
June 2009 - The famous P2P site known as The Pirate Bay was rendered
4
http://www.computerworld.com/s/article/9019725/Estonia_recovers_from_massive_DDoS_attac
k
(xvii)
June 2009 - Iranian election protests, foreign activists seeking to help the
opposition engaged in DDoS attacks against Iran's government. The official website of
the Iranian government was rendered inaccessible on several occasions. Critics claimed
that the DDoS attacks also cut off Internet access for protesters inside Iran; activists
countered that, while this may have been true, the attacks still hindered President
Mahmud Ahmadinejad's government enough to aid the opposition.
CONCLUSION
The impact of DoS attacks can vary from minor inconvenience to use of a website, to serious
financial losses for companies that rely on their on-line availability to do business. DoS attacks
generally occur basically in improper system design, insufficient resource.
Cyberspace has emerged as a major new environment for political and military competition and
would necessitate political and military intervention to protect economic and informational
interest vital for national security. The challenges for military in the era of on-line connectivity
and information flow are unique and require a great amount of coordination among the nations.
The challenges get enhanced as cyberspace does not strictly confine itself in military domain and
encompasses civilian activities to a great extent. However, governments of many countries are
reacting typically to these challenges by expanding their cyber warfare capabilities, yet the
politico-military vision that would undermine these efforts are mostly vague and riddled with
definitional inconsistency. A joint civilian defence cooperation including public-private
partnership and consensus amongst all nations is required to defend the cyberspace in the
interests of national security and international stability. Cyberspace should be guided and
constrained by political norms and ethical values. Neither the military nor the technological
perspective can substitute the strategy for building-up trust and stability for safeguarding
international peace and harmony.5 To sum up, though a crime-free society is Utopian and exists
only in dreamland, it should be constant endeavour of rules to keep the crimes lowest. Especially
in a society that is dependent more and more on technology, crime based on electronic offences
are bound to increase and the law makers have to go the extra mile compared to the fraudsters, to
keep them at bay. Technology is always a double-edged sword and can be used for both the
purposes good or bad. Steganography, Trojan Horse, Scavenging (and even DoS or DDoS) are
all technologies and per se not crimes, but falling into the wrong hands with a criminal intent
who are out to capitalize them or misuse them, they come into the gamut of cyber crime and
become punishable offences. Hence, it should be the persistent efforts of rulers and law makers
to ensure that technology grows in a healthy manner and is used for legal and ethical business
growth and not for committing crimes.
BIBLIOGRAHY
1) "International Strategy for Cyberspace" (PDF). The White House. 2011
2) Damiano Bolzoni and Sandro Etalle. Boosting web intrusion detection system by inferring
positive signature. In OTM Conference (2), pages 938-955,2008.
5 Journal of the United Service Institution of India, Vol. CXLI, No. 586, October-December
2011.