Session day 1 -27.02.2019

1. Session 1
2. =========
3. "Introduction to Information Security
4. Introduction to Cyber-Space
5. Types Of Hackers
6. Cyber Laws and Acts"
7.  
8.  
9. Information and Data
10. ====================
11.  
12. Information
13. -----------
14. It is collectino of data, which can malke some sense out of it --> Organised way.
15.  
16. Data
17. ----
18. It is unorganised representation, raw facts and figures. which alone cannot make some sense
19.  
20. Example
21. -------
22.  
23. Hello Abhijeet,
24. Let's have a bomb blast in Coffee Area on 1st Of March 2019 at 1300 hours.
25. By
26. Ashok.
27.  
28. Data
29. Sender
30. Receiver
31. Activity
32. Location
33. Date
34. Time
35.  
36. Different Types Of Data
37. ========================
38. Personal Information
39. Finincial Informaion
40. Economical Information
41. Banking Information
42.  
43. Ethical Hacking and Web Application VAPT
44. -----------------------------------------
45. Hacking
46. =======
47. Hacker?
48. =======
49. Unauthorised access --> Authorised Access
50. Hacker is a person who have the highest amount of knowledge in terms of computer and processes.
51. How does a computer works
52. How does a process works
53. what are the things running in the backend
54. how new Internet Technology works
55.  
56. Hacking
57. =======
58. Authorised access and unauthorised access of teh data and the device.
59. Authorised Access --> XYZ company --> They launched a web application and aseked you to exploit it and report the vulnerabilities ---> Permission to hack. ---> Bug Bounty Programs
60. Unauthorised Access --> XYZ company launched an application. A person comes in to the network and exploits the application --> Breached into the system and get the juicy informatino from teh device --> without any permission. --> Illegal Hacking
61.  
62. 3 Different Categories
63. 1. White Hat Hacker
64. -------------------
65. They are really very good people, who cares for the welfare and security of the organisation. They perform hack on the legal basis and contract basis.
66. Rahukl Tyagi
67. Abhijeet Singh
68. Valshit Malhotra
69.  
70. 2. Black Hat Hackers
71. ---------------------
72. They are really bad people, who just care about money. They will perform any kind of hack if you will give them some money.
73. New Lizard Squad --> Destruction over the cyber space.
74.  
75. 3. Grey Hat Hackers
76. -------------------
77. They are the combinatino of both White and black hat hackers.
78. They work for the welfare of the society.
79. They will perform hack but they will report as well.
80. Julian Assange ---> wikileaks
81. Edward Snoden
82. ShadowBrokers --> Leaked NSA TOOL Kit
83. Anonymous --> Worlds largest online hacker's army
84.  
85. Why Do People Hack?
86. ===================
87. 1. FUN
88. 2. Seek Information
89. 3. Money
90. 4. Exploration --> How secure you are
91. 5. Revenge
92. 6. Fame
93. ZooZOo Hacker
94.  
95. If you want to know how much secure you are, then you needed to be hacked.
96.  
97. Some OPther Categories
98. 1. Script Kidiez --> Copy the code and how to paste the code. --> Lands in jail
99. 2. N00bz --> They ade one to whom we called new kidz --> they are learning in the cyber space.
100. 3. Crackers --> They are no the hacker, they just know how to crack the paswords.
101.  
102. Cyber Terrorism
103. ===============
104. Any kind of terrorism which uses the digital technology --> cyber crime
105.  
106. India --> There is no lwa for syber crime, what we have is a book which is IT ACT 200 and IT ACT 2008, which we follow for \cyber crime\
107. Information Technology ACT 2000| 2008
108. It is a document by Telecommunication Department of India
109.  
110. Some Major Sectons which we need to keep in mind befor commiting any work.
111. Cyber Crimes And Laws
112. =====================
113. IT Act 2000 and IT Act 2008
114. 28 Types of cyber crime, but all of them are categorised into these few group:
115. --> Hacking
116. --> Identity Theft
117. --> Insult, Online Defamation
118. --> Harrasament
119. --> Cyber Terrorism
120.  
121. Section 43:
122. Penalty and compensation for damage to computer and computer system
123. Section 65:
124. Tampering with Computer Source Documents
125. Section 66:
126. Computer Related Offences
127. Section 67:
128. Punishment for publishing or transmitting obsence material in electronic form
129. Section 71:
130. Penalty For Misrepresentation
131. Section 72:
132. Breach of confidentiality and privacy
133. CIA - Triad
134. confidentiality Integrity and Availability
135. Section 73:
136. Penalty for publishing electronic signature certificate false in certain patricilar | Signature Forgery
137. IPR -- Intellectual Property Right
138.  
139. Right To Privacy -->
140.  
141.  
142. Section 71:
143. Penalty For Misrepresentati
144.  
145. Fake Facebook profile --> Angel Priya
146. Let's link your facebook with aadhar card
147. 1st invitation to Mr. Modi
148. If you can share you country's SSN then we are ready to accept your proposal
149.  
150. Which Country Is Considered as the strongest country?
151. Gmail
152. Facebook
153. Twitter
154. Linkedin
155. Android
156. IOS
157. Windows
158.  
159. Vault 7 Year Zero --> Smart devices are used by american government for intruding in our privacy
160. Android Decices SAMSUNG
161. Apple
162. Sony
163.  
164. Steganograpgy --> Send data using image and audio and video - Hiding Data in the plain site
165. China -- Google Doesn't work
166.  
167. Snoden --> Movie
168.  
169.  
170.  
171. https://pastebin.com/iFxa94LB
172.  
173.  
174. Virtualization
175.  
176.  
177.  
178. page 2
179.  
180.  
181. Introduction
182. This Document is containing all the related necessary changes related to all the Sections from Indian IT Act 2000. The Indian Information Technology Act 2000 was based on the Model Law on Electronic Commerce adopted by the United Nations Commission on International Trade Law. Thus the Act was enacted to provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as "electronic commerce", which involved the use of alternatives to traditional or paper-based methods of communication and storage of information, to facilitate electronic filing of documents with the Government agencies. After the IT Act 2000, a new Act of Parliament received the assent of the President on 5th February 2009 has been established named IT Amendment Act 2008.
183.  
184. SECTION 3 - Authentication Of Electronic Records By Use Of Digital Signature
185. The Act provides that the authentication of the electronic record can be affected by the use of asymmetric cryptosystem and hash function which envelop and transform the initial electronic record into another electronic record. The digital signature is created in two distinct steps.
186.  
187.  
188. The electronic record is converted into a message digest by using a mathematical function known as “hash function” which digitally freezes the electronic record thus ensuring the integrity of the content of the intended communication contained in the electronic record."
189. That two different electronic records can produce the same hash result using the algorithm.
190.  
191.  
192. SECTION 3A - Authentication Of Electronic Records By Use Of Electronic Signature
193. the signature creation data or the authentication data are, within the context in which they are used, linked to the signatory or, as the case may be, the authenticator and to no other person.
194. The signature creation data or the authentication data were, at the time of signing, under the control of the signatory or, as the case may be, the authenticator and of no other person.
195. Any alteration to the electronic signature made after affixing such signature is detectable;
196. Any alteration to the information made after its authentication by electronic signature is detectable; and it fulfils such other conditions which may be prescribed.
197.  
198. SECTION 4 - Electronic Records
199. Where any law provides that information or any other matter shall be in writing or in the typewritten or printed form, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied if such information or matter is—rendered or made available in an electronic form; and accessible so as to be usable for a subsequent reference.
200.  
201. SECTION 5 - Legal recognition of Electronic Signatures
202. This section provides the legal recognition of Digital Signatures.
203.  
204. SECTION 6 - Foundation of Electronic Governance
205. It lays down the foundation of Electronic Governance. It provides that the filing of any form, application or other documents, creation, retention or preservation of records, issue or grant of any license or permit or receipt or payment in Government offices and its agencies may be done through the means of electronic form.
206.  
207. SECTION 6A - Delivery of services by service provider.
208.  
209. For the purposes of this section, service provider so authorised includes any individual, private agency, private company, partnership firm, sole proprietor firm or any such other body or agency which has been granted permission by the appropriate Government to offer services through electronic means in accordance with the policy governing such service sector.
210.  
211. The appropriate Government may also authorise any service provider authorised under sub-section (1) to collect, retain and appropriate such service charges, as may be prescribed by the appropriate Government for the purpose of providing such services, from the person availing such service.
212.  
213. Subject to the provisions of sub-section (2), the appropriate Government may authorise the service providers to collect, retain and appropriate service charges under this section notwithstanding the fact that there is no express provision under the Act, rule, regulation or notification under which the service is provided to collect, retain and appropriate e-service charges by the service providers.
214.  
215. The appropriate Government shall, by notification in the Official Gazette, specify the scale of service charges which may be charged and collected by the service providers under this section:
216. Provided that the appropriate Government may specify different scale of service charges for different types of services.‟.
217.  
218.  
219. SECTION 7 - Retention Of Records
220. Where any law provides that documents, records or information be retained for a specific period, then the requirement will be said to have been met if the documents are retained in electronic format and if the information contained therein remains accessible so as to be usable for subsequent reference in the format it was originally created, generated, sent or received or in a format which can be demonstrated to represent accurately the information originally generated, sent or received, including the details of the identification of the origin, destination, dispatch or receipt of such electronic record are available in the electronic record.
221.  
222. SECTION 7 A - Audit of Documents Etc Maintained in Electronic Form
223. Where in any law for the time being in force, there is a provision for audit of documents, records or information, that provision shall also be applicable for audit of documents, records or information processed and maintained in the electronic form”.
224.  
225.  
226. SECURE ELECTRONIC RECORDS AND SIGNATURES
227.  
228.  
229. SECTION 14 - Secure Electronic Record
230. Where any security procedure is applied to an electronic record, at a specific point of time, then from such point onwards up to the time of verification, the record is deemed to be a secure electronic record.
231.  
232. SECTION 15 - Secure Electronic Signature
233. An electronic signature shall be deemed to be a secure electronic signature if the signature creation data, at the time of affixing signature, was under the exclusive control of signatory and no other person; and the signature creation data was stored and affixed in such exclusive manner as may be prescribed.
234.  
235.  
236. REGULATION OF CERTIFYING AUTHORITIES
237.  
238. SECTION 17 - Appointment of Controllers and their Officers
239. “Assistant Controllers”, the words “,Assistant Controllers, other officers and employees” shall be substituted; Assistant Controllers”, the words “, Assistant Controllers, other officers and employees” shall be substituted.”
240.  
241. SECTION 19 - Recognition of Foreign Certifying Authorities
242. The CCA, with the prior approval of the Central Government and subject to the conditions can recognise any foreign CA as a CA for the purposes of this Act. Once a foreign CA is granted recognition by the CCA, an Electronic Signature Certificate issued by such Certifying Authority will be valid for the purposes of this Act.
243.  
244. SECTION 21 - License to Issue Signature Certificates
245. Any person can obtain a license to issue an ESC by making an application to the CCA. After receiving the application the CCA verifies whether or not such an applicant has satisfied the eligibility criteria, as specified by the Central Government in respect of qualification, expertise, manpower, financial resources and other infrastructure facilities.
246.  
247. SECTION 22 - License for Applications
248. Every application is required to be in the prescribed form. Along with the application the applicant is also required to file a certification practice statement, a statement including the procedures with respect to identification of the applicant etc.
249.  
250. SECTION 43 - Penalty For Damage To Computer, Computer System , ETC
251. In the marginal heading, for the word “Penalty”, the words “Penalty and Compensation” shall be substituted.
252. In clause (a), after the words “computer network”, the words “or computer resource” shall be inserted
253.  
254. SECTION 45
255. Provides for residuary penalty. Whoever contravenes any rules or regulations made under this Act, for the contravention of which no penalty has been separately provided, shall be liable to pay a compensation of 25,000 INR to the person affected by such contravention or a penalty not exceeding twenty-five thousand rupees.
256.  
257.  
258. OFFENCES LISTED WITH PUNISHMENT AND FINES
259.  
260.  
261. The Act has specified that Tampering with computer source documents, Hacking computer system, Publishing of information which is obscene in electronic form or failure of a CA or its employees to follow the directions/ Orders of the CCA, failure to comply with Directions of Controller to a subscriber to extend facilities to decrypt information, accessing a protected system without proper authorization, material misrepresentation, Penalty for publishing Electronic Signature Certificate false particulars, Publication for fraudulent purpose, sending of grossly offensive information, false information, etc will be offences. (Some facts can same as IT ACT 2000)
262.  
263. The area of Cyber Security according to IT AMENDMENT ACT 2008 is functionalized by Indian Computer Emergency Response Team (CERT-In).
264.  
265. SECTION 65 - Tampering with computer source code documents
266. If any person knowingly or intentionally: Conceals, destroys or alters or intentionally or knowingly causes another to conceal, destroy, or alter any computer source code used for a computer, computer programme, computer system or computer network, when the computer source code is required to be kept or maintained by law for the time being in force.
267. Imprisonment upto 3 years and Fine upto 200,000 INR.
268.  
269. SECTION 66 - Hacking with computer system dishonestly or fraudulently
270. If any person, dishonestly or fraudulently does any act which results in damage to a computer or a computer system or secures unauthorized access to a secure computer system or downloads or copies data etc (acts described under section 43 of the Act), the he can be punished with a prison term which can extend upto two years or with a fine which can extend up to ₹Five Lakhs or both. Here the Act refers to the India Penal Code for interpreting the meaning of the words “dishonestly” and “fraudulently”.
271. Imprisonment upto 3 years and Fine upto 500,000 INR.
272.  
273. *SECTION 66 A - Punishment for sending offensive messages through communication service
274. Any person who sends, by means of a computer resource or a communication device any information that is grossly offensive or has menacing character; or which he knows to be false, or sends any electronic mail or message so as to mislead the addressee about the origin of such message but for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred, or ill will, persistently makes by making use of such computer resource or a communication device, shall be punishable with imprisonment for a term which may extend to three years and with fine.
275. Imprisonment upto 3 years and Fine upto 100,000 INR or both.
276.  
277. SECTION 66 B - Dishonestly receiving and retaining any stolen computer resource or communication device is also made punishable by amendment.
278. Whoever dishonestly receives or retains any stolen computer resource or communication device knowing or having reason to believe the same to be stolen shall be punished.
279. Imprisonment upto 3 years and Fine upto 100,000 INR or both.
280.  
281. SECTION 66 C - Identity Theft
282. Fraudulently or dishonestly make use of the electronic signature, password or any other unique identification feature of any other person. Whoever, fraudulently or dishonestly make use of the electronic signature, password or any other unique identification feature of any other person, shall be punished with imprisonment.
283. Imprisonment upto 3 years and Fine upto 100,000 INR or both.
284.  
285. SECTION 66 D - Cheating by Personation by using computer resource
286. Whoever, by means of any communication device or computer resource cheats by personation, shall be punished with imprisonment for a term.
287. Imprisonment upto 3 years and Fine upto 100,000 INR or both.
288.  
289. SECTION 66 E - Violation of Privacy
290. Whoever, intentionally or knowingly captures, publishes or transmits the image of a private area of any person without his or her consent, under circumstances violating the privacy of that person, shall be punished.
291. Imprisonment upto 3 years and Fine upto 200,000 INR or both.
292.  
293. SECTION 66 F - Punishment for cyber terrorism
294. Any person with intent to threaten the unity, integrity, security or sovereignty of India or to strike terror in the people or any section of the people by denying or cause the denial of access to any person authorized to access computer resource or attempting to penetrate or access a computer resource without authorisation or exceeding authorized access or introducing or causing to introduce any Computer Contaminant and by means of such conduct causes or is likely to cause death or injuries to persons or damage to or destruction of property or disrupts or knowing that it is likely to cause damage or disruption of supplies or services essential to the life of the community or adversely affect the critical information infrastructure specified under section 70, or knowingly or intentionally penetrates or accesses a computer resource without authorisation or exceeding authorized access, and by means of such conduct obtains access to information, data or computer database that is restricted for reasons of the security of the State or foreign relations; or any restricted information, data or computer database, with reasons to believe that such information, data or computer database so obtained may be used to cause or likely to cause injury to the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order, decency or morality, or in relation to contempt of court, defamation or incitement to an offence, or to the advantage of any foreign nation, group of individuals or otherwise, commits the offence of cyber terrorism.
295. Imprisonment for Life.
296.  
297.  
298. SECTION 67 - Publish or transmit Obscene material - 1st time & Subsequent Obscene in Electronic Form
299. Whoever publishes or transmits or causes to be published or transmitted in the electronic form, any material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in h, shall be punished.
300. First conviction with imprisonment of three years and with fine five 5,00,000 INR and in the event of Second or subsequent conviction with imprisonment of five years and also with fine of 10,00,000 INR.
301.  
302. SECTION 67 A - Punishment for publishing or transmitting of material containing sexually explicit acts, etc., in Electronic Form Whoever publishes or transmits or causes to be published or transmitted in the electronic form any material which contains sexually explicit act or conduct shall be punished.
303. First conviction with Imprisonment of Five years and with Fine of 10,00,000 INR and in the event of Second or subsequent conviction with Imprisonment of Seven Years and also with Fine of 10,00,000 INR.
304. SECTION 67 B - Punishment for publishing or transmitting of material depicting children in sexually explicit acts,etc., in Electronic Form.
305. Whoever, publishes or transmits or causes to be published or transmitted material in any electronic form which depicts children engaged in sexually explicit act or conduct or creates text or digital images, collects, seeks, browses, downloads, advertises, promotes, exchanges or distributes material in any electronic form depicting children in obscene or indecent or sexually explicit manner or cultivates, entices or induces children to online relationship with one or more children for and on sexually explicit act or in a manner that may offend a reasonable adult on the computer resource or facilitates abusing children online or records in any electronic form own abuse or that of others pertaining to sexually explicit act with children, shall be punished. "Children" means a person who has not completed the age of 18 years.
306. First Conviction with Imprisonment of Five Years and with a fine of 10,00,000 INR and in the event of Second or subsequent conviction with imprisonment of seven years and also with fine of 10,00,000 INR.
307. SECTION 67 C - Preservation and Retention of Information by Intermediaries
308. An intermediary shall preserve and retain such information as may be specified for such duration and in such manner and format as the Central Government may prescribe an any intermediary who intentionally or knowingly abstains from doing the same shall be punished.
309. Imprisonment for Three years and shall also be liable to fine which is not defined.
310.  
311. SECTION 68 - Controller’s directions to certifying Authorities or any employees failure to comply knowingly or intentionally
312. Any person who intentionally or knowingly fails to comply with any order under sub-section shall be guilty of an offence and shall be liable on conviction.
313. Imprisonment for Two years or a Fine of 1,00,000 INR or with Both.
314.  
315. SECTION 69 - Power to issue directions for interception or monitoring or decryption of any information through any computer resource
316. The CCA can direct a CA or the employees of such a CA to take such measures or cease carrying on such activities as specified in the order if those are necessary to ensure compliance with the provisions of this Act, Rules or any Regulations made there under. Any person intentionally or knowingly failing to comply with such an order will have committed an offence and will be liable on conviction.
317. Imprisonment for Two years or to a Fine of 1,00,000 INR or to both.
318. SECTION 69 A - Power to issue directions for blocking for public access of any information through any computer resource. Where the central Government or a State Government or any of its officer specially authorized by the Central Government or the State Government, as the case may be, in this behalf may, if is satisfied that it is necessary or expedient to do in the interest of sovereignty and integrity of India, Defence of India, Security of the State, Friendly relations with foreign States or Public order or for preventing incitement to the commission of any cognizable offence relating to above, it may subject to the provisions of sub-section. The Government is required to specify safeguards, subject to which the interception or monitoring or decryption is to be done. Any person, be it a subscriber or an intermediary or any other person who is in charge of the computer resource, is bound to extend all possible cooperation, technical assistance and facility as may be required by the authorities to access or to secure access to the computer resource containing such information; generating, transmitting, receiving or storing such information or intercept or monitor or decrypt or block the information, as the case may be or provide information stored in computer resource.
319.  
320. Imprisonment for a Seven Years and also liable to fine or both.
321. SECTION 69 B - Power to authorise to monitor and collect traffic data or information through any computer resource for Cyber Security : The Central Government may, to enhance Cyber Security and for identification, analysis and prevention of any intrusion or spread of computer contaminant in the country, by notification in the official Gazette, authorise any agency of the Government to monitor and collect traffic data or information generated, transmitted, received or stored in any computer resource. The Intermediary or any person in-charge of the Computer resource shall when called upon by such agency provide technical assistance and extend all facilities to such agency to enable online access or to secure and provide online access to the computer resource generating , transmitting, receiving or storing such traffic data or information. The government shall prescribe procedure and safeguards for monitoring and collecting traffic data or information. Any intermediary who intentionally or knowingly contravenes the provisions shall be punished.
322.  
323. Imprisonment Three Years and shall also be liable to fine or both.
324. (i) “computer contaminant” shall have the meaning assigned to it in Section 43;
325. (ii) “traffic data” means any data identifying or purporting to identify any person, computer system or computer network or location to or from which the communication is or may be transmitted and includes communications origin, destination, route, time, date, size, duration or type of underlying service and any other information.‟
326.  
327. SECTION 70 - Any unauthorised access to such system Protected Systems
328. The Government has notified certain computer resources as Critical Information Infrastructure to be a protected system. Critical Information Infrastructure refers to computer systems or resources the destruction or incapacitation of which would result in a debilitating impact on the national security, economy, public health or safety. The appropriate Government can, by notification in the Official Gazette, declare that any computer, computer system or computer network which directly or indirectly affects the facility of a Critical Information Infrastructure, to be a protected system and authorize the persons who are authorized to access protected systems. In this regards the Government can prescribe specific information security practices and procedures. Any person who secures unauthorized access or attempts to secure unauthorized access to a protected system, can be punished.
329.  
330. Imprisonment of Ten Years and can also be liable to fine or both.
331. SECTION 70 A - National Nodal Agency : The Central Government may, by notification published in the Official Gazette, designate any organisation of the Government as the national nodal agency in respect of Critical InformationInfrastructure Protection. The national nodal agency designated under sub-section shall be responsible for all measures including Research and Development relating to protection of Critical Information Infrastructure.
332. SECTION 70 B - Indian Computer Emergency Response Team (CERT-IN)to serve as national agency for incident response: The Central Government shall, by notification in the Official Gazette, appoint an agency of the Government to be called the Indian Computer Emergency Response Team. The Indian Computer Emergency Response Team shall serve as the national agency for performing the following functions in the area of cyber security, collection, analysis and dissemination of information on cyber incidents forecast and alerts of cyber security incidents, emergency measures for handling cyber security incidents coordination of cyber incidents response activities issue guidelines, advisories, vulnerability notes and white-papers relating to information security practices, procedures, prevention, response and reporting of cyber incidents such other functions relating to cyber security as may be prescribed, For carrying out the above functions, the agency may call for information and give direction to the service providers, intermediaries, data centers, body corporate and any other person.
333.  
334. Any service provider, intermediaries, data centers, body corporate or person who fails to provide the information called for or comply with such direction shall be punishable with Imprisonment for One year or with fine of 1,00,000 INR or with both.
335.  
336. SECTION 71 - Penalty for Misrepresentation or suppressing any material fact
337. Whoever makes any misrepresentation to, or suppresses any material fact from, the Controller or the Certifying Authority for obtaining any licence or ESC, as the case may be, can be punished.
338.  
339. Imprisonment to Two years, or with fine of 1,00,000 INR, or with both.
340.  
341. SECTION 72 - Penalty for breach of confidentiality and privacy of el. records, books, info., etc without consent of person to whom they belong.
342. No other person can breach the Confidentiality of any Sensitive Document which can be Confidential and has maintaining privacy of electronic records, books, other information, raw data etc. without the consent of the Individual whom they belong too publicly.
343. Imprisonment for Ten Years, or with fine, or with both.
344.  
345. SECTION 72 A - Punishment for Disclosure of Information in Breach of Lawful Contract : No individual can publish a Electronic Signature Certificate or otherwise make it available to any other person with the knowledge that the CA listed in the certificate has not issued it or the subscriber listed in the certificate has not accepted it or the certificate has been revoked or suspended, unless such publication is in the course of verifying a electronic signature created prior to such suspension or revocation. Such a contravention can be punished.
346.  
347. Imprisonment for Two Years, or with fine of 1,00,000 INR, or with both.
348. SECTION 73 - Penalty for publishing False Digital Signature Certificate
349. Whoever knowingly creates, publishes or otherwise makes available a ESC for any fraudulent or unlawful purpose can be punished.
350.  
351. Imprisonment for upto two years, or with fine upto 1,00,000 INR, or with both.
352.  
353. SECTION 74 - Fraudulent Publication
354. Whoever knowingly creates, publishes or otherwise makes available of any fraudulent document, which can be sensitive - insensitive, personal - impersonal, confidential - non-confidential etc. for the unlawful purpose can be punished.
355. Imprisonment for upto two years, or with fine upto 1,00,000 INR, or with both
356.  
357. SECTION 75 - Offences or Contravention committed outside India if the act or conduct constituting the offence involves a computer, computer system or computer network located in India
358. The Act gives extra territorial jurisdiction in cases where the offence or contraventions are committed from outside India, by any person irrespective of his nationality. The provisions of this Act will apply also to any offence or contravention committed outside India by any person irrespective of his nationality if the act or conduct constituting the offence or contravention involves a computer, computer system or computer network located in India. No penalty imposed or confiscation made under this Act can prevent the imposition of any other punishment to which the person affected thereby is liable under any other law for the time being in force.
359.  
360. SECTION 76 - Confiscation of any computer, computer system, floppies, CDs, tape drives or other accessories related thereto in contravention of any provisions of the Act, Rules, Regulations or Orders made.
361. Any peripheral related to computer, computer system, floppies, compact disks, tape drives or any other accessories related thereto, in respect of which any provision of this Act. rules, orders or regulations made there under has been or is being contravened, will be liable to confiscation. Provided that where it is established to the satisfaction of the court adjudicating the confiscation that the person in whose possession, power or control of any such computer, computer system, floppies, compact disks, tape drives or any other accessories relating thereto is found is not responsible for the contravention of the provisions of this Act, rules, orders or regulations made there under, the court can, instead of making an order for confiscation of such computer, computer system, floppies, compact disks, tape drives or any other accessories related thereto, make such other order authorized by this Act against the person contravening of the provisions of this Act, rules, orders or regulations made there under as it may think fit.
362.  
363. SECTION 77 - Compounding of offence - Penalty and Confiscation shall not interfere with other punishments provided under any law
364. This exemption is available only if: The intermediary’s role is limited to providing access to a communication system over which third parties transmit information or temporarily store the same.
365. The intermediary does not Initiate the transmission
366. Select the receiver of transmission or,
367. Modify the information contained in the transmission.
368.  
369. The exemption would however stand withdrawn if intermediary conspires or abets the commission of an unlawful act or after having received the information from the government that any information, data or communication link residing in or connected with computer resources controlled by the intermediary, are being used to commit unlawful acts and such intermediary fails to act expeditiously in removing or disabling access to such link or resource.
370.  
371. SECTION 77 B - Offences with Three years Imprisonment to be Bailable
372. Not with standing anything contained in the Code of Criminal Procedure, 1973 (2 of 1974), the offence punishable with imprisonment of three years and above shall be cognizable and the offence punishable with imprisonment of three years shall be bailable.
373.  
374. Session 2
375.  
376. Network and Network Topologies
377. Protocols
378. IP Address
379. IP Subnet
380. NAT
381. DHCP