POLICE WORKSHOP

1- I T ACT 2000 AND AMENDEMENTS 2006 2- TYPES OF CYBER CRIMES AND RELEVENT SECTIONS 3- MODUS OPERANDI OF CYBER CRIMINALS 4- SECURITY MEASURES WHILE CARRYING INVESTIGATION

INFORMATION TECHNOLOGY ACT, 2000



We in India had a vision to become the 12th nation in the world to enact a Cyberlaw. Cyberlaw. We have enacted the Information Technology Act, 2000, 2000, extending to the whole of India INCLUDING J&K. J&K. Also in true spirit of one wired world the act applies to any offences or contraventions committed outside India by any person, irrespective of his nationality, if the act or conduct constituting the offence or contravention involves a computer, computer system or computer network located in INDIA .

INFORMATION TECHNOLOGY ACT, 2000



Basic legal framework for E-Commerce Epromotes trust in electronic environment IT Act creates a conducive environment for promoting E-Commerce in the Ecountry.
Acceptance of electronic documents as evidence in a court of law. Acceptance of electronic signatures at par with handwritten signatures.

INFORMATION TECHNOLOGY ACT, 2000



This act provides for legal recognisation for transactions carried out by means of electronic data interchange and other means of electronic communication. For this, the act further amends the Indian Penal Code, 1860, the Indian Evidence Act, 1872, the Bankers Books Evidence Act, 1891, and the Reserve Bank of India Act, 1934.

PENALTIES AND ADJUDICATION



43. Penalty for damage to computer, computer system, etc. If any person without permission of the owner or any other person who is in charge of a computer, computer system or computer network,network,-

SECTION 43


(a) accesses or secures access to such computer, computer system or computer network; (b) downloads, copies or extracts any data, computer data base or information from such computer, computer system or computer network including information or data held or stored in any removable storage medium;

SECTION 43


(c) introduces or causes to be introduced any computer contaminant or computer virus into any computer, computer system or computer network; (d) damages or causes to be damaged any computer, computer system or computer network, data, computer data base or any other programmes residing in such computer, computer system or computer network;

SECTION 43


(e)disrupts or causes disruption of any computer, computer system or network; (f) denies or causes the denial of access to any person authorised to access any computer, computer system or computer network by any means; (g) provides any assistance to any person to facilitate access to a computer, computer system or computer network in contravention of the provisions of this Act, rules or regulations made there under;

SECTION 43


(h) charges the services availed of by a person to the account of another person by tampering with or manipulating any computer, computer system, or computer network, THEN he shall be liable to pay damages by way of compensation not exceeding one crore rupees to the person so affected.

OFFENCES


65. Tampering with computer source documents. Whoever knowingly or intentionally conceals, destroys or alters or intentionally or knowingly causes another to conceal, destroy or alter any computer source code used for a computer, computer programme, computer system or computer network, when the computer source code is required to be kept or maintained by law for the time being in force, shall be punishable with imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both.

OFFENCES
 

67. Publishing of information which is obscene in electronic form. Whoever publishes or transmits or causes to be published in the electronic form, any material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it, shall be punished on first conviction with imprisonment of either description for a term which may extend to five years and with fine which may extend to one lakh rupees and in the event of a second or subsequent conviction with imprisonment of either description for a term which may extend to ten years and also with fine which may extend to two lakh rupees.

OFFENCES
 

75. Act to apply for offence or contravention committed outside India. (1) Subject to the provisions of sub-section (2), subthe provisions of this Act shall apply also to any offence or contravention committed outside India by any person irrespective of his nationality. (2) For the purposes of sub-section (1), this Act subshall apply to an offence or contravention committed outside India by any person if the act or conduct constituting the offence or contravention involves a computer, computer system or computer network located in India

AMENDMENTS IN I T ACT 2006

 

(na) (Inserted vide ITAA-2006) ITAA"Cyber cafe" means any facility from where access to the internet is offered by any person in the ordinary course of business to the members of the public

AMENDMENTS IN I T ACT 2006



Sec 43(i) Destroys, deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means (Inserted vide ITAA-2006) ITAA-

AMENDMENTS IN I T ACT 2006

 

43 A Compensation for failure to protect data (Inserted vide ITAA 2006) Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation, not exceeding five crore rupees, to the person so affected.

AMENDMENTS IN I T ACT 2006

 

66 Computer Related Offences (Substituted vide ITAA 2006) If any person, dishonestly, or fraudulently, does any act referred to in section 43, he shall be punishable with imprisonment for a term which may extend to two years or with fine which may extend to five lakh rupees or with both. Explanation: For the purpose of this section,-a) section,the word "dishonestly" shall have the meaning assigned to it in section 24 of the Indian Penal Code; b) the word "fraudulently" shall have the meaning assigned to it in section 25 of the Indian Penal Code.

AMENDMENTS IN I T ACT 2006



66 A Punishment for sending offensive messages through communication service, etc.( Introduced vide ITAA 2006) Any person who sends, by means of a computer resource or a communication device,-a) any content that is device,grossly offensive or has menacing character; or b) any content which he knows to be false, but for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred, or ill will, persistently makes use of such computer resource or a communication device, shall be punishable with imprisonment for a term which may extend to two years and with fine.

AMENDMENTS IN I T ACT 2006



67 A Punishment for publishing or transmitting of material containing sexually explicit act, etc. in electronic form (Inserted vide ITAA 2006) Whoever publishes or transmits or causes to be published or transmitted in the electronic form any material which contains sexually explicit act or conduct shall be punished on first conviction with imprisonment of either description for a term which may extend to five years and with fine which may extend to ten lakh rupees and in the event of second or subsequent conviction with imprisonment of either description for a term which may extend to seven years and also with fine which may extend to ten lakh rupees.

AMENDMENTS IN I T ACT 2006



Exception: This section and section 67 does not extend to any book, pamphlet, paper, writing, drawing, painting, representation or figure in electronic formform(i) the publication of which is proved to be justified as being for the public good on the ground that such book, pamphlet, paper, writing, drawing, painting, representation or figure is in the interest of science,literature,art,or learning or other objects of general concern; or (ii) which is kept or used bona fide for religious purposes.

AMENDMENTS IN I T ACT 2006

 

84 B Punishments for abetment of offences (Inserted Vide ITA-2006) ITAWhoever abets any offence shall, if the act abetted is committed in consequence of the abetment, and no express provision is made by this Act for the punishment of such abetment, be punished with the punishment provided for the offence under this Act. Explanation: An Act or offence is said to be committed in consequence of abetment, when it is committed in consequence of the instigation, or in pursuance of the conspiracy, or with the aid which constitutes the abetment

WHAT IS COMPUTER CRIME?



where

Computer is a target.

Computer is a tool of crime

Computer is incidental to crime

Cyber Crime


Any criminal act dealing with computers, and networks, where the computer is a tool, target, or both. Also, traditional crimes conducted through the use of computers. For example:
Breaches Breaches Breaches Breaches of of of of Physical Security Personnel Security Communications and Data Security Operating Security

1) Tampering with computer source documents



A person who knowingly or intentionally, conceals (hides or keeps secret), destroys (demolishes or reduces), alters (change in characteristics) or causes another to conceal, destroy, and alter any computer source code used for a computer, computer program, computer system or computer network, when the computer source code is required to be kept or maintained by law is punishable. For instance, hiding the C.D.ROM in which the source code files are stored, making a C File into a CPP File or removing the read only attributes of a file.

2) Hacking


Hacking is usually understood to be the unauthorized access of a computer system and networks. Originally, the term "hacker" describes any amateur computer programmer who discovered ways to make software run more efficiently. Hackers usually "hack" on a problem until they find a solution, and keep trying to make their equipment work in new and more efficient ways. A hacker can be a Code Hacker, Cracker or

3) Publishing of information, which is obscene in electronic form



A person who publishes or transmits or causes to be published in the electronic form, any material which is lascivious, or if its effect is such as to tend to deprave and corrupt persons who are likely to read, see or hear the matter contained or embodied in it, is liable to punishment.

4) Child Pornography


This crime refers to any sexual abuse targeted towards children. This may be sending pornographic mails, sending abusive messages ,uploading photographs of children and so on.

5) Accessing protected system

Any unauthorized person who secures access or attempts to secure access to a protected system is liable to be punished with imprisonment and may also be liable to fine.

6) Breach of confidentiality and privacy

Any person who secures access to any electronic record, information, without the consent of concerned or discloses such electronic record, information to any other person shall be liable to be punished under the Information Technology Act.

7) Cyber Stalking


Although there is no universally accepted definition of cyber Stalking, it is generally defined as the repeated acts of harassment or threatening behavior of the cyber criminal towards the victim by using Internet services. Stalking in General terms can be referred to as the repeated acts of harassment targeting the victim such as following the victim, making harassing phone calls, killing the victims pet, vandalizing victims property, leaving written messages or objects. Stalking may be followed by serious violent acts

8) Cyber squatting

Cyber squatting is the obtaining of a domain name in order to seek payment from the owner of the trademark, (including business name, trade name, or brand name), and may include typo squatting (where one letter is different).

9) Data Diddling


This kind of an attack involves altering the raw data just before a computer processes it and then changing it back after the processing is completed. The NDMC Electricity Billing Fraud Case

10) Cyber Defamation



Any derogatory statement, which is designed to injure a person's business or reputation, constitutes cyber defamation.

11) Trojan Attack



A Trojan, the program is aptly called an unauthorized program which functions from inside what seems to be an authorized program, thereby concealing what it is actually doing. Emails are often the fastest and easiest ways to propagate malicious code over the Internet. The Love Bug virus, for instance, reached millions of computers within 36 hours of its release from the Philippines thanks to email. Hackers often bind Trojans, viruses, worms and other computer contaminants with e-greeting cards and then email them to unsuspecting persons. Such contaminants can also be bound with software that appears to be an anti-virus patch. anti-

12) Forgery


Counterfeit currency notes, postage and revenue stamps, mark sheets etc can be forged using sophisticated computers, printers and scanners. It is very difficult to control such attacks. For e.g. across the country students buy forged mark sheets for heavy sums to deposit in college.

13) Financial crimes



This would include cheating, credit card frauds, money laundering etc. such crimes are punishable under both IPC and IT Act. A leading Bank in India was cheated to the extent of 1.39 crores due to misappropriation of funds by manipulation of computer records regarding debit and credit accounts.

14) Internet time theft



This connotes the usage by an unauthorized person of the Internet hours paid for by another person. This kind of cyber crime was unheard until the victim reported it. This offence is usually covered under IPC and the Indian Telegraph Act.

15) Next Virus/worm attack



Virus is a program that attaches it selves to a computer or a file and then circulates to other files and to other computers on a network. They usually affect the data on a computer, either by altering or deleting it. Worms, unlike viruses do not need the host to attach themselves to. They merely make functional copies of themselves and do this repeatedly till they eat up all the available space on a computer's memory.

16) E-mail spoofing E

A spoofed email is one that appears to originate from one source but has actually emerged from another source. Falsifying the name and / or email address of the originator of the email usually does email spoofing. Such kind of crime can be done for reasons like defaming a person or for monetary gain etc. E.g. if A sends email to Bs friend containing ill about him by spoofing Bs email address, this could result in ending of relations between B and his friends.

17) Email bombing



Email bombing means sending large amount of mails to the victims as a result of which their account or mail server crashes. The victims of email bombing can vary from individuals to companies and even the email service provider. Resulting in the victim's email account (in case of an individual) or servers (in case of a company or an email service provider) crashing.

18) Salami attack



This is basically related to finance and therefore the main victims of this crime are the financial institutions. This attack has a unique quality that the alteration is so insignificant that in a single case it would go completely unnoticed. E.g. a bank employee inserts a program whereby a meager sum of Rs 3 is deducted from customers account. Such a small amount will not be noticeable at all.

19) Web Jacking

This term has been taken from the word hijacking. Once a website is web jacked the owner of the site looses all control over it. The person gaining such kind of an access is called a hacker who may even alter or destroy any information on the site.

20) Denial of Service Tools



Denial-ofDenial-of-service attacks are usually launched to make a particular service unavailable to someone who is authorized to use it. These attacks may be launched using one single computer or many computers across the world. In the latter scenario, the attack is known as a distributed denial of service attack. Usually these attacks do not necessitate the need to get access into anyone's

NIGERIAN SCAMS


This scam starts with a bulk mailing or bulk faxing of a bunch of identical letters to businessmen, professionals, and other persons who tend to be of greater-thangreater-thanaverage wealth. This scam is often referred to as the 4-1-9 4scam, ironically after section 4-1-9 of the 4Nigerian Penal Code which relates to fraudulent schemes.

MODUS OPERANDI OF CYBER CRIME

In general, modus operandi is the behavior necessary for the successful commission of a crime. "what an offender has to do to accomplish a crime." At a minimum, every Modus Operandi will contain elements that involve the following: (1) ensure success of the crime; (2) protect identity; and (3) effect escape. It is learned behavior like any other behavior, and involves things like experience, education, and maturity.

POLICE WORKSHOP
ELEMENTS RECORDED IN THE MODUS OPERANDI FILES 1. Class word (the kind of property attacked) 2. Entry (the point of entry) 3. Means (any implements or tools used) 4. Object (kind of property taken) 5. Time (the time of day or any significance about the day) 6. Style (whether the criminal described himself as someone else to gain entry) 7. Tale (any disclosure by the criminal about himself) 8. Transport (how the criminal transported himself) 9.Trademark (any unusual behavior in connection with the crime)

POLICE WORKSHOP
"Modus operandi is the principle that a criminal is likely to use the same technique repeatedly, and any analysis or record of that technique used in every serious crime will provide a means of identification in a particular crime."

POLICE WORKSHOP


TYPES OF CYBER CRIMES A. Hacking /Trojan Horses etc.

1.Cyber-tresspass 1.Cyber-

B.Viruses and Worms

C. Infringement of privacy D. Economic & industrial espionage E. Computer sabotage and computer extortion

POLICE WORKSHOP


TYPES OF CYBER CRIMES 2. Cyber Thefts A. Computer Fraud B. Software Piracy and Other copyright violation C. Theft of telecommunication services D. Computer forgery and counterfeiting E. Electronic Money Laundering & Tax Evasion

POLICE WORKSHOP


TYPES OF CYBER CRIMES 3. CYBER OBSCENITIES A.Child Pornography B.Sex Trade 4. CYBER VIOLENCE A.Cyber Stalking B.Sending hate-emails etc. hate5. CYBER SQUATTING

POLICE WORKSHOP
 

MODUS OPERANDI -DEPENDING UPON TOOLS & TECHNIQUES OF CYBER CRIMES

1.UNAUTHORISED ACCESS 2.VIRUSES & WORMS 3.E3.E-MAIL RELATED CRIMES

POLICE WORKSHOP
 

Unmasking cyber criminals ComputerComputer-related crime is sophisticated, and is usually committed across national borders, frequently with a time delay. The traces it leaves in the systems are intangible and difficult to gather and save. They take the form of digital information stored on all sorts of media: working memory, storage peripherals, hard discs, external discs and USB sticks, electronic components, etc. The problem is how to capture the wide variety of evidence turned up in a digital search. The following questions illustrate the extent to which the concept of digital evidence remains elusive:

POLICE WORKSHOP
    

How to identify the relevant data? How to trace them? How to store them? What are the judicial rules of evidence? How to recover files that have been deleted? How to prove the origin of a message?

POLICE WORKSHOP


How to establish the identity of a person on the basis of only a digital trace, in view of the difficulties of reliably linking digital information with its physical author (virtualization) and the proliferation of identity theft? How to establish the conclusiveness of digital evidence in establishing the truth before a court (concept of digital evidence), knowing that the storage media from which the evidence has been recovered are not infallible (date(date-time information being treated differently from one computer system to another, and subject to tampering)?

POLICE WORKSHOP


Digital evidence is even more difficult to obtain when it is scattered across systems located in different countries. In such cases, success depends entirely on the effectiveness of international cooperation between legal authorities and the speed with which action is taken. Effective use of such evidence to identify individuals depends on the speed with which requests are treated: if treatment is slow, identification is next to impossible.

POLICE WORKSHOP


In most countries there is a significant mismatch between the skills of the criminals who commit high-technology crimes and the highresources available to the law-enforcement and lawjustice authorities to prosecute them. The use of computer technologies by those authorities, whether at the national or international level, remains weak and varies greatly from one country to another. In most cases, the police and judicial authorities rely on conventional investigation methods used for ordinary crime to prosecute cyber criminals so as to identify and arrest them.

POLICE WORKSHOP
 

Orkut Fake Profile cases Orkut.com is a very popular online community and social networking website. Orkut users can search for and interact with people who share the same hobbies and interests. They can create and join a wide variety of online communities. The profiles of Orkut members are publicly viewable.

POLICE WORKSHOP
 

The scenarios 1. A fake profile of a woman is created on Orkut. The profile displays her correct name and contact information (such as address, residential phone number, cell phone number etc). Sometimes it even has her photograph. The problem is that the profile describes her as a prostitute or a woman of loose character who wants to have sexual relations with anyone. Other Orkut members see this profile and start calling her at all hours of the day asking for sexual favors. This leads to a lot of harassment for the victim and also defames her in society.

POLICE WORKSHOP


 

2. An online hate community is created. This community displays objectionable information against a particular country, religious or ethnic group or even against national leaders and historical figures. 3. A fake profile of a man is created on Orkut.The profile contains defamatory information abut the victim (such as his alleged sexual weakness, alleged immoral character etc) The law Scenario 1: Section 67 of Information Technology Act and section 509 of the Indian Penal Code. Scenario 2: Section 153A and 153B of Indian Penal Code. Scenario 3: Section 500 of Indian Penal Code.

POLICE WORKSHOP
 

 

The motive Scenario 1: Jealousy or revenge (e.g. the victim may have rejected the advances made by the suspect). Scenario 2: Desire to cause racial hatred (e.g. Pakistani citizens creating an anti-India antionline community). Scenario 3: Hatred (e.g. a school student who has failed may victimize his teachers).

POLICE WORKSHOP
 

Modus Operandi 1. The suspect would create a free Gmail account using a fictitious name. 2. The email ID chosen by him would be unrelated to his real identity. 3. The suspect would then login to Orkut.com and create the offensive profile.

POLICE WORKSHOP
 

Email Account Hacking Emails are increasingly being used for social interaction, business communication and online transactions. Most email account holders do not take basic precautions to protect their email account passwords. Cases of theft of email passwords and subsequent misuse of email accounts are becoming very common.

POLICE WORKSHOP
 

The scenarios 1. The victims email account password is stolen and the account is then misused for sending out malicious code (virus, worm, Trojan etc) to people in the victims address book. The recipients of these viruses believe that the email is coming from known person and run the attachments. This infects their computers with the malicious code.

POLICE WORKSHOP


2. The victims email account password is stolen and the hacker tries to extort money from the victim. The victim is threatened that if he does not pay the money, the information contained in the emails will be misused. 3. The victims email account password is stolen and obscene emails are sent to people in the victims address book.

POLICE WORKSHOP
 

 

The motive Scenario 1: Corporate Espionage, perverse pleasure in being able to destroy valuable information belonging to strangers etc. Scenario 2: Illegal financial gain. Scenario 3: Revenge, jealousy, hatred.

POLICE WORKSHOP
 

Modus Operandi 1. The suspect would install key loggers in public computers (such as cyber cafes, airport lounges etc) or the computers of the victim. 2. Unsuspecting victims would login to their email accounts using these infected computers. 3. The passwords of the victims email accounts would be emailed to the suspect.

POLICE WORKSHOP


Modus Operandi FOR Credit Card Fraud The suspect would install key loggers in public computers (such as cyber cafes, airport lounges etc) or the computers of the victim. Unsuspecting victims would use these infected computers to login to their online banking and share trading accounts. The passwords and other information of the victim would be emailed to the suspect.

POLICE WORKSHOP
 

Source Code Theft Computer source code is the most important asset of software companies. Simply put, source code is the programming instructions that are compiled into the executable files that are sold by software development companies. As is expected, most source code thefts take place in software companies. Some cases are also reported in banks, manufacturing companies and other organizations who get original software developed for their use.

POLICE WORKSHOP
 

Modus Operandi Scenario 1: If the suspect is an employee of the victim, he would usually have direct or indirect access to the source code. He would steal a copy of the source code and hide it using a virtual or physical storage device. If the suspect is not an employee of the victim, he would hack into the victims servers to steal the source code. Or he would use social engineering to get unauthorized access to the code. He would then contact potential buyers to make the sale.

POLICE WORKSHOP
 

Modus Operandi Scenario 1: The suspect could hire a skilled hacker to break into the victim systems. The hacker could also use social engineering techniques. A very good looking woman went to meet the system administrator of a large company. She interviewed him for a magazine article". During the interview she flirted a lot with him and while leaving she accidentally left her pen drive at his room. The sysadmin accessed the pen drive and saw that it contained many photographs of the lady. He did not realize that the photographs were Trojan zed! Once the Trojan was in place, a lot of sensitive information was stolen very easily.

POLICE WORKSHOP
 

Illustration: The sysadmin of a large manufacturing company received a beautifully packed CD ROM containing security updates from the company that developed the operating system that ran his companys servers. He installed the updates which in reality were Trojan zed software. For 3 years after that a lot of confidential information was stolen from the companys systems!

POLICE WORKSHOP
 

Software Piracy Many people do not consider software piracy to be theft. They would never steal a rupee from someone but would not think twice before using pirated software. There is a common perception amongst normal computer users to not consider software as property. This has led to software piracy becoming a flourishing business.

POLICE WORKSHOP
 

Modus Operandi Scenario 1: The suspect uses high speed CD duplication equipment to create multiple copies of the pirated software. This software is sold through a network of computer hardware and software vendors. Scenario 2: The suspect registers a domain name using a fictitious name and then hosts his website using a service provider that is based in a country that does not have cyber laws. Such service providers do not divulge client information to law enforcement officials of other countries.

POLICE WORKSHOP
 

Cyber Crime Investigations Computer crimes can be separated into two categories: 1) crimes facilitated by a computer and 2) crimes where a computer or network is the target. When a computer is used as a tool to aid criminal activity, it may include storing records of fraud, producing false identification, reproducing and distributing copyright material, collecting and distributing child pornography, and many other crimes.

POLICE WORKSHOP


Technology has made it easier for criminals to hide information about their crimes. Because of the sophistication of the digital environment, evidence is collected and handled differently than it was in the past and often requires careful computer forensic investigation. Crimes where computers are the targets can result in damage or alteration to the computer system. Computers which have been compromised may be used to launch attacks on other computers or networks.

POLICE WORKSHOP


Typically there are two types of levels at which evidence of INTERNET usage exists. Individual Level-on individuals own Levelcomputer or on website accessed by individual using computer. I S P Level-On the servers of individuals LevelI S P.

POLICE WORKSHOP
 

COMMON COMPUTER FORENSIC TECHNIQUES Carrying out pre-raid intelligence review preto assess what types of h/w,s/w and back ups might be expected. Video recording of entire network along with cabling, switches etc. Every individual hardware has distinct number. That number should be duly recorded. Careful identification and labeling of all seized items.

POLICE WORKSHOP


 

Precaution to prevent data being destroyed by hostile individuals immediately prior to raid. Proper handling of computers that are running at time of raid. Following proper shut down techniques. Noting of time on computers internal clock which provides time and date stamp on computer files. Making of an exact sector by sector copy of every hard disk.

POLICE WORKSHOP
 

Gathering information To ensure that your organization can react to an incident efficiently, make sure that staff knows who is responsible for cyber security and how to reach them. The following steps will help you document an incident in its investigation. Preserve the state of the computer at the time of the incident by making a backup copy of logs, damaged or altered files, and files left by the intruder. If the incident is in progress, activate auditing software and consider implementing a keystroke monitoring program if the system log on the warning banner permits.

POLICE WORKSHOP


Document the losses suffered by organization as a result of the incident. These could include the estimated number of hours spent in response and recovery, cost of temporary help, cost of damaged equipment, value of data lost, amount of credit given to customers because of the inconvenience, loss of revenue, value of any trade secrets

POLICE WORKSHOP


THANKS ADVOCATE MAHENDRA LIMAYE DME,BCOM,LLB,PGDCLIT. CYBER LAW CONSULTANT AND FACULTY mahendralimaye@yahoo.com cyberorgindia@yahoo.com