Presentation by Mr. Pavan Duggal as given on 8th Aug 2014 at Infosec keynote event by ClubHack at Bangalore http://infoseckeynote.com

1. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
RETHINKING CORPORATE
SECURITY – POST SNOWDEN
© of images belongs to the respective
copyright holders

2. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
A PRESENTATION
BY
PAVAN DUGGAL
ADVOCATE, SUPREME COURT
OF INDIA
PRESIDENT, CYBERLAWS.NET
PRESIDENT, CYBERLAW ASIA
HEAD, PAVAN DUGGAL
ASSOCIATES

3. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
SNOWDEN REVELATIONS
© of images belongs to the respective
copyright holders

4. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
SNOWDEN REVELATIONS ON
BHARATIYA JANTA PARTY (BJP)
© of images belongs to the respective
copyright holders

5. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
CENTRAL MONITORING SYSTEM
(CMS) & NETRA PROJECT
© of images belongs to the respective
copyright holders

6. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
ONLINE MONITORING,
INTERCEPTION, BLOCKING &
SURVEILLANCE
© of images belongs to the respective
copyright holders

7. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
BLADABINDI VIRUS
© of images belongs to the respective
copyright holders

8. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
SUPERMAN
© of images belongs to the respective
copyright holders

9. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
STUXNET VIRUS
© of images belongs to the respective
copyright holders

10. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
I LOVE YOU VIRUS
© of images belongs to the respective
copyright holders

11. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
VODAFONE INTERCEPTION
DISCLOSURE REPORT
© of images belongs to the respective
copyright holders

12. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
PMO INDIA TWITTER HANDLE
– REPRESENTING A NEW KIND
OF CYBER THREAT
© of images belongs to the respective
copyright holders

13. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
HEARTBLEED
© of images belongs to the respective
copyright holders

14. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
LINKEDIN HACKING
© of images belongs to the respective
copyright holders

15. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
INDIA’S NATIONAL CYBER
SECURITY POLICY 2013
© of images belongs to the respective
copyright holders

16. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
BRING YOUR OWN DEVICE (BYOD)
© of images belongs to the respective
copyright holders

17. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
INTERNET OF THINGS AND
CYBERLAW- JAN 2014
© of images belongs to the respective
copyright holders

18. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
ONLINE FAKE RECRUITMENT
SCAMS
© of images belongs to the respective
copyright holders

19. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
IMPORTANT CASES
Agricultural equipment manufacturing
company data theft case
Offensive emails to company matter
Phone defects blog case
Twitter rumour defamation case
Arif Azim Case

20. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
IMPORTANT CASES
 Twitter fake handles used against company case
 True Caller and CEO phone number compromise
case
 Calls for fake interviews on social media case
 Gurgaon call centre spy camera girl termination case

21. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
CYBER BULLYING GALORE
© of images belongs to the respective
copyright holders

22. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
GURUJI.COM SEARCH ENGINE –
CRIMINAL ACTION
© of images belongs to the respective
copyright holders

23. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
NIRMALJIT SINGH NARULA
Vs. INDIJOBS AT
HUBPAGES.COM & ORS
© of images belongs to the
respective copyright holders

24. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
MUZAFFARNAGAR
COMMUNAL RIOTS
© of images belongs to the respective
copyright holders

25. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
15TH AUGUST, 2012-
BANGALORE MASS
MIGRATIONS
© of images belongs to the respective
copyright holders

26. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
DR. L. PRAKASH- INDIA’S FIRST
LIFE TIMER CYBER CRIMINAL
© of images belongs to the respective
copyright holders

27. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
BAAZEE.COM CASE
© of images belongs to the respective
copyright holders

28. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
MOBILE APPS– TODAY’S
REALITY
© of images belongs to the respective
copyright holders

29. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
CYBERCRIME AS A SERVICE
© of images belongs to the respective
copyright holders

30. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
PRIVACY
© of images belongs to the respective
copyright holders

31. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
DATA PRIVACY AND
CORPORATES- WAKE UP TIME
Data privacy concerns are already sky rocketing
that is why data privacy will continue to be an
important issue.
© of images belongs to the respective
copyright holders

32. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
MALWARE & CYBER
SECURITY
© of images belongs to the respective
copyright holders

33. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
CONCLUSION
© of images belongs to the respective
copyright holders

34. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
SOCIAL MEDIA & SECURITY
CHALLENGES
 well-known Socialbot malware, called the “Koobface”
virus, is specifically created to target social network
platforms. © of images belongs to the respective
copyright holders

35. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
SOCIAL MEDIA & SECURITY
CHALLENGES
 Social media and smartphones exposing
'millions' to cybercrime, says study : AAP
September 06, 2012 1:02PM
 LinkedIn was recently hacked, and users’
passwords stolen and leaked on the Internet. The
company, through its blog, confirmed the event,
declaring that more than six million passwords
were compromised.

36. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
SOCIAL MEDIA & CYBER
CRIMES
 Social media is today becoming the fulcrum
focus point for cyber criminals and cyber
terrorists.
 More and more cyber criminal tendencies are
continuing to emerge in social media.

37. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
SOCIAL MEDIA & SECURITY
CHALLENGES
 Social media and smartphones exposing
'millions' to cybercrime, says study : AAP
September 06, 2012 1:02PM
 LinkedIn was recently hacked, and users’
passwords stolen and leaked on the Internet. The
company, through its blog, confirmed the event,
declaring that more than six million passwords
were compromised.

38. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
CYBER LAW IN INDIA
© of images belongs to the respective
copyright holders

39. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
CYBERCRIMES DEFINED UNDER
THE IT ACT, 2000
 Section 65- Tampering with computer source
documents
 Section 66- Computer related offences
 Section 66A- Punishment for sending offensive
messages through communication
service, etc.

40. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
CYBERCRIMES DEFINED UNDER
THE IT ACT, 2000
 Section 66B- Punishment for dishonestly receiving
stolen computer resource or
communication device.
 Section 66C- Punishment for identity theft
 Section 66D- Punishment for cheating by
personation by using computer
resource

41. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
CYBERCRIMES DEFINED UNDER
THE IT ACT, 2000
 Section 66E- Punishment for violation of
privacy
 Section 66F- Punishment for cyber terrorism
 Section 67- Punishment for publishing or
transmitting obscene material in
electronic form

42. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
CYBERCRIMES DEFINED UNDER
THE IT ACT, 2000
 Section 67A- Punishment for publishing or transmitting of
material containing sexually explicit act, etc.,
in electronic form
 Section 67B- Punishment for publishing or transmitting of
material depicting children in sexually explicit
act, etc., in electronic form
 Section 67C- Preservation and retention of information by
intermediaries

43. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
CYBERCRIMES DEFINED UNDER
THE IT ACT, 2000
 Section 68- Power of the Controller to give directions
 Section 69- Power to issue directions for interception
or monitoring or decryption of any
information through any computer
resource
 Section 69A- Power to issue directions for blocking for
public access of any information through
any computer resource

44. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
CYBERCRIMES DEFINED UNDER
THE IT ACT, 2000
 Section 69B- Power to authorise to monitor and collect
traffic data or information through any
computer resource for cyber security
 Section 70- Protected system
 Section 70A- National nodal agency
 Section 70B- Indian Computer Emergency Response
Team to serve as a national agency for
incident response

45. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
CYBERCRIMES DEFINED UNDER
THE IT ACT, 2000
 Section 71- Penalty for misrepresentation
 Section 72- Breach of confidentiality and
privacy
 Section 72A- Punishment for disclosure of
information in breach of lawful
contract

46. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
INTERMEDIARY
© of images belongs to the respective
copyright holders

47. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
INTERMEDIARY
"Intermediary" with respect to any particular electronic
records, means any person who on behalf of another
person receives, stores or transmits that record or provides
any service with respect to that record and includes
telecom service providers, network service providers,
internet service providers, web hosting service providers,
search engines, online payment sites, online-auction sites,
online market places and cyber cafes.

48. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
INTERMEDIARIES AND DUE
DILIGENCE UNDER THE IT ACT, 2000
 Intermediaries are required to do due
diligence under the terms of the amended
Information Technology Act, 2000.
 This due diligence must be done to ensure
compliance with the relevant parameters of
the amended Information Technology Act,
2000.

49. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
11TH APRIL, 2011 – A HISTORICAL DAY
FOR THE INFORMATION TECHNOLOGY
ACT, 2000
 The Government of India using its wide powers given under the
Information Technology Act, 2000, has notified the Information
Technology Rules, 2011 including the following:
 The Information Technology (Electronic Service
Delivery) Rules, 2011
 The Information Technology (Reasonable Security
Practices And Procedures And Sensitive Personal Data
Or Information) Rules, 2011
 The Information Technology (Intermediaries
Guidelines) Rules, 2011
 The Information Technology (Guidelines for Cyber
Cafe) Rules, 2011

50. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
SENSITIVE PERSONAL DATA OR
INFORMATION

51. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
LIABILITIES OF INTERMEDIARIES AND
THE INDIAN CYBERLAW
 Liability of intermediaries has been specifically now provided
under Section 79 of the amended Information Technology Act,
2000.
 “Google v/s Vishakha” case before the Hon'ble Supreme
Court of India.
 The emphasis on exercise of due diligence by intermediaries is an
important aspect. However, enforceability and implementation
of the Information Technology Act, 2000 has always been a
challenge.
 Most of the companies in India comply with the
Information Technology Act, 2000 in breach rather than in
observance.

52. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
LIABILITIES OF INTERMEDIARIES
AND THE INDIAN CYBERLAW
There could have exposure to legal consequences,
both civil and criminal, for the company and its top
management.
Civil liability-damages by way of compensation
upto 50 million INR per contravention
Criminal Consequences - The top management
could also be exposed to criminal consequences
ranging from imprisonment of 3 years to life
imprisonment and fine from 1 Lakh INR to 10
Lakhs INR.

53. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
LIABILITIES OF INTERMEDIARIES
AND THE INDIAN CYBERLAW –
CRIMINAL CONSEQUENCES
© of images belongs to the respective
copyright holders

54. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
NEED FOR DUE DILIGENCE
Every legal entity is thus required to do due
diligence under the terms of the amended
Information Technology Act, 2000.
This due diligence must be done to ensure
compliance with the relevant parameters of
the amended Information Technology Act,
2000.

55. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
NEED FOR DUE DILIGENCE
 Reasonable Prudence ensues compliance
with the requirements of law, that being
Indian Cyberlaws, IT Act, IT Rules,
notifications, bye-laws and circulars made
thereunder.

56. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
COMPLIANCES AND THE
INDIAN CYBERLAW
© belongs to the respective copyright
holders

57. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
COMPLIANCES BY PAVAN
DUGGAL ASSOCIATES
Pavan Duggal Associates -role in helping
companies ensure compliances with the
Indian Cyberlaw and rules thereunder.
Pavan Duggal Associates assist all
intermediaries to ensure documented
due diligence under the Information
Technology Act, 2000.

58. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
PAVAN DUGGAL ASSOCIATES,
ADVOCATES, SUPREME COURT OF
INDIA
© belongs to the respective copyright
holders

59. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
PAVAN DUGGAL ASSOCIATES
COMPLIANCE FRAMEWORK – FOR
COMPLIANCE, EVALUATION AND
CERTIFICATION
 Asia Pacific Legal 500 says about Pavan Duggal
Associates
“Cyberlaw specialist Pavan Duggal Associates
Advocates is the first port of call for many in
terms of cases involving data theft, usually
companies that have experienced theft of
confidential or commercially sensitive
information by former employees.”
“Pavan Duggal Associates Advocates provides
niche expertise in cyber law.”

60. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
Indian Cyberlaw has created the appropriate legal
framework for promoting e-commerce in the
country as was giving legality to electronic format.
The said lead framework has provided for various
enabling provisions that provide for electronic
authentication and cyber security related issues.
All legal entities have a duty to ensure that its
business operations needs to comply with the
parameters of Information Technology Act, 2000
as also rules and regulations made thereunder.

61. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
CONCLUSION
All in all, Cyberlaw and Cybercrime today
represent important fascinating aspects of
our lives. Cyberlaw and cybercrime
jurisprudence is not just limited to lawyers; it
is of relevance to every user of the electronic
and digital ecosystem as also mobile
ecosystem.
Ignorance of law is no excuse in the eyes of
law

62. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
Only in compliance,
compliance and compliance
with the Indian Cyberlaw lies
the way for Nirvana for any
entity dealing with the digital
and mobile ecosystem.

63. PresentedatClubHackInfosecKeynoteeventinBangaloreon8thAug2014
A PRESENTATION
BY
PAVAN DUGGAL
ADVOCATE, SUPREME COURT OF
INDIA
PRESIDENT, CYBERLAWS.NET
PRESIDENT, CYBERLAW ASIA
HEAD, PAVAN DUGGAL ASSOCIATES
pavan@pavanduggal.com
pavanduggal@yahoo.com