Botnet attacks and the Law

January 7, 2011, by | Start Discussion


Introduction
A botnet (a contraction of the term “RoBOT NETwork”) is a computer network made up of a vast number of compromised  computers  that have been infected with malicious code, and can be remotely-controlled through commands sent via the Internet. Typically, users whose computers have been conscripted into a botnet are unaware that their computers have been compromised. The computer so affected is called as “Zombie”.

The Law
Case Study
Siddarth, a skilled programmer creates a malicious code and releases it on the internet. It has compromised vast number of computers and caused a loss of worth millions of dollars.

Applicable Sections
Sections 43, 66 and 66 (A) of the Information Technology Act and Section 426 of Indian Penal Code
•    Sec. 43
If any person without permission of the owner or any other person who is incharge of a computer, computer system or computer network,—
(c) Introduces or causes to be introduced any computer contaminant or computer virus into any computer, computer system or computer network;
He shall be liable to pay damages by the way of compensation to the person so affected;
Explanation — for the purposes of this section,—

(i)    "Computer Contaminant" means any set of computer instructions that are designed—

(a) to modify, destroy, record, transmit data or program residing within a computer, computer system or computer network; or
(b) by any means to usurp the normal operation of the computer, computer system, or computer network;

•    Sec. 66

Any person “dishonestly” or “fraudulently” –
(c) Introduces or causes to be introduced any computer contaminant or computer virus into any computer, computer system or computer network;
He shall be liable for an imprisonment which may extend upto 3 years and fine upto Rs. 5 lakh.
For the purpose of this Section,
The word “dishonestly” shall have the meaning assigned to it in Section 24 of the Indian Penal Code. , i.e.:-
“Whoever does anything with the intention of causing wrongful gain to one person or wrongful loss to another person is said to do that thing "dishonestly".”
The word “fraudulently” shall have the meaning assigned to it in Section 25 of the Indian Penal Code, i.e.:-
“A person is said to do a thing fraudulently if he does that thing with intent to defraud but not otherwise.”

•    Sec. 66A

Any person who sends, by means of a computer resource or a communication device—
(a)    any information that is grossly offensive or has menacing character; or

(b)    any information which he knows to be false, but for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will, persistently by making use of such computer resource or a communication device,

(c)    any electronic mail or electronic mail message for the purpose of causing annoyance  or inconvenience or to deceive or to mislead the addressee or recipient about the origin of such messages,
He shall be punishable with imprisonment for a term which may extend to three years and with fine.

•    Sec. 426 of Indian Penal Code

Punishment for mischief
Whoever commits mischief shall be punished with imprisonment of either description for a term which may extend to three months, or with fine, or with both.

Additionally provisions are also made in Sec. 66F Cyber terrorism and Sec. 69B Power to authorise to monitor and collect traffic data or information through any computer resource for cyber security regarding introduction, intrusion and spread of Computer Contaminant.
 


Sagar is a Law graduate. He is Head at Asian School of Cyber Laws(Maharashtra). He specializes in Cyber Law, Intellectual Property Law and Corporate Law. He teaches at numerous educational institutions across India.

Leave a Reply