Tuesday, October 15, 2019

Ultrasonic Fingerprint Reader has a security loophole

In theory, An ultrasonic fingerprint sensor works by bouncing a sonic pulse wave off of your fingertip to create a three-dimensional image. It's much more secure than optical in-display sensors and will work even if your fingers are greasy, dirty, or wet.
A Galaxy S10 user recently got a Rs.100/-  ‘gel screen protector’ off eCommerce site. However, he realized that after using the protector, any fingerprint could unlock the phone. According to Samsung, the case is under investigation. Nevertheless, the company considers this issue to be related to the cost of the screen protector  Rs. 100/- 
Samsung earlier had warned Galaxy S10 owners against unofficial screen protectors.
Galaxy S10 series which comes with an ultrasonic fingerprint sensor. While this fingerprint reader is top-notch, it does not work well with a tempered glass screen protectors. Many users can not use a smartphone without a screen protector, so what’s the solution? Accessory makers use a liquid adhesive to create a stronger seal between the protector and display. While this seem to work perfectly for some users, try not to buy a Rs.100/- screen protector.

Samsung’s ultrasonic fingerprint reader works by sending sound waves at the user’s finger and reflected waves are read.  However, standard glass protectors create a small gap between the finger and the display. This reduces the effect of the fingerprint sensor. In the era of full-screen devices, ultrasonic on-screen fingerprint sensors are actually a good solution. However, they are by no means perfect. Nevertheless, users will have to come to terms with the fact that only plastic protectors seem to allow ultrasonic fingerprint readers to work without issues.

So even if in theory Ultrasonic fingerprint readers are more accurate than their optical counterparts and more secure because of the 3D impression that the reader creates of your fingerBeware untested technologies can bring in simple security loop holes. Security cannot be measured in price and security is a long standing myth.

Sunday, October 13, 2019

SIM Swap Fraud Remedy via Consumer Courts

SIM Swap Fraud Remedy via Consumer Courts
By Prashant Mali

Case No. 1 : Positive order
BSNL Bengaluru and the Union Bank of India have been ordered to pay Rs 9.6 lakh to a businessman after fraudsters siphoned off money from his bank account in what was described as a sim swap fraud. The national telecom provider was pulled up for issuing a duplicate sim to fraudsters without adhering to Know Your Customer (KYC) norms and the bank for not alerting the customer on time. Nagarathpet resident Ramesh Kumar has been using a mobile phone with a BSNL sim card for many years and had linked it to his account at Union Bank of India’s BVK Iyengar Road branch. On September 22, 2015, Kumar checked his email to find that an unknown beneficiary had been added to his online bank account. By the time he could alert bank authorities about the breach, the fraudsters managed to transfer Rs 9,62,700 from his account. The sim card on his cellphone that was supposed to receive a one-time password (OTP) mysteriously remained de-activated all the while. The 52-year-old businessman lodged a complaint with his bank branch and the cybercrime wing of Bengaluru police only to realise he had fallen prey to a sim swap fraud.
With neither the Union Bank of India nor BSNL acting towards compensating his loss for months, Kumar approached the Bangalore urban 2nd additional district consumer disputes redressal forum on May 5, 2016 to reclaim his money. The consumer forum heard the case in which BSNL and Union Bank of India blamed each other for facilitating the fraud. BSNL claimed it is only a service provider and wasn’t aware that Kumar had linked his cellphone number to his bank account, and that it was the bank’s responsibility to notify him immediately when there was a fraudulent attempt. The bank argued that a BSNL customer centre executive in KG Road was at fault for issuing a duplicate sim card to a fraudster who pretended to be Kumar, deactivated his existing sim card and obtained a replacement. 

After 31 months of hearing, the court blasted BSNL and Union Bank of India for the loss their customer suffered. The judges pointed to the BSNL staffer’s carelessness in issuing a duplicate sim and deactivating Kumar’s original sim. They criticised Union Bank of India authorities for not immediately alerting the customer on the illegal addition of a beneficiary, which he came to know through an official email. In a verdict pronounced last month, 
the forum ordered BSNL Bengaluru telecom district and Union Bank of India, BVK Iyengar Road branch, to jointly refund Rs 9,62,700 to Kumar with interest and an additional Rs 10,000 towards his court expenses within 45 days. What is it Fraudsters, armed with confidential bank details of customers, deactivate sim cards linked to bank accounts by impersonating the victims and submitting fake documents with cellphone service providers and obtaining duplicate sims. The original sims on the victims’ phones get deactivated in the process. The active duplicate sims with the fraudsters receive OTPs and other bank communications, enabling illegal online transfers of large sums of money, while the victims remain clueless.

Prashant Mali
Lawyer, Bombay High Court
+919821763157 | cyberlawconsulting@gmail.com

Friday, October 4, 2019

SIM Swap Fraud Solution which India should Adapt By Prashant Mali

SIM Swap or SIM Exchange Fraud Solution which India should Adapt
By Prashant Mali
Being a long-time crusader of SIM swap fraud victims in India and winning many cases in favour of victims, I thought of penning this advice.  Sim Exchange fraud or Sim Hijacking fraud (also known as Port-Out scam or SIM splitting) is a type of account takeover fraud that generally targets a weakness in two-factor authentication & two-step verification, where the second factor or step is an SMS or a call placed to a mobile telephone. In 2018, over 80% of adults were expected to have a bank account, over 1.18 billion people own a mobile phone in India

How SIM Swap Fraud works?

Fraudsters obtain banking account details and your registered mobile number through phishing or through Trojans/Malware or through a leaked database.

Under the pretext of losing the mobile handset, new handset or damaged SIM card, fraudster approaches mobile service provider using a forged authority letter and forged KYC document there by creating a fake identity of genuine customer

Post customer verification, mobile service provider will deactivate or block the old SIM card in the mobile phone which is in customer’s possession and issue a new SIM card to the fraudster. There will be no network on customer’s handset. This done generally on weekends to fraudsters get time before the customer complains Now, customer will not receive any SMS, information such as alerts, OTP, URN etc. on the phone

With the banking details stolen through phishing or Trojan/Malware or via leaked database in darknet fraudster will access and operate customers account and initiate financial transactions which customer will not be aware of and all the SMS for alerts, payment confirmation etc. will go to the fraudster

SIM swap hackers rely on intercepting a one-time password sent by text after stealing a victim's banking credentials, or by using the phone number as a password reset fallback. So the phone company has to offer a straightforward fix: The telecom carrier would set up a system to let the bank query phone records for any recent SIM swaps associated with a bank account before they carried out a money transfer. If a SIM swap had occurred in, say, the last two or three days, the transfer would be blocked. Because SIM swap victims can typically see within minutes that their phone has been disabled, that window of time let them report the crime before fraudsters could take advantage.
After UK and Australia, by August of 2018, Mozambique's largest bank was performing SIM swap checks with all the major carriers. which reduced their SIM swap fraud to nearly zero overnight. Mozambique isn't alone in implementing that fix for the growing epidemic of SIM swap fraud, which is increasingly used for everything from hijacking Instagram accounts to stealing cryptocurrency. Companies in other countries across Africa, including Nigeria, South Africa, and Kenya—where the prevalence of mobile payments have made SIM swaps a particularly serious threat—have put similar carrier-checking remedies in place. 

How the solution can work
All mobile operators in Indian can make an Anti-SIM swap platform available to the banks on a private API that flags up if there was a SIM swap involving a specific mobile number associated with a bank account over a predefined period. The bank then decides what to do next.

Most banks can block any transaction from a mobile number that has undergone a SIM card change within the last 48 hours, while others opt for a longer period of 72 hours. This period of 48-72 hours is considered a safe period during which the subscriber will contact their operator if they have fallen victim to an unauthorized SIM card change.

There’s also the possibility that the mobile owner has legitimately changed their SIM card, and therefore unable to perform an online transaction for the next 48 hours. In such cases, some of the banks can have a process that requires face-to-face verification in a branch office – a reasonable compromise in the circumstances.

Anti-SIM swap Platform workflow
The banks are connected to different mobile operators through a VPN connection so that all traffic is secure.
The online banking system conducts a REST API query to the respective mobile operator giving the mobile number (MSISDN) and the period (24-72 hours) as arguments.
The mobile operator simply returns in real-time: True or False.
If the query is False, the bank allows the transaction as normal. If True, the bank blocks the transaction and may request additional steps to verify the transaction. It is important to reiterate that the mobile operator should not share personal identifiable information (PII) with a third party, in this case, banks. 

Once the platform is implemented, the level of online banking fraud stemming from SIM swap attacks should fell dramatically, there can be almost no cases involving banks that implement the anti-SIM swap platform. 

Other Solution
Australian banks such as Commonwealth Bank, NAB, Macquarie Bank and Westpac have tackled SIM hijacking from another angle. The banks get a data feed from a company, Paradigm.one, that collects real-time porting data, such as when a number moves from carrier A to carrier B.

A recent SIM change may be viewed as an increased risk if an account has also attempted to suddenly initiate a high-value transaction. Using other metrics, such as device fingerprinting and geolocation, banks can decide whether to reject transactions and suspend accounts. Paradigm.one's system has its limitations, though, as it doesn't collect data for certain types of SIM changes.

Alternative measures to be explored include the use of additional in-device authentication software, such as Google Authenticator or a two-factor authentication device such as a YubiKey.

Extra Links
1. SIM SWAP FRAUD explained in HINDI Language on ABP News, Youtube Video
2. SIM SWAP Fraud Explained in MARATHI Language on ABP Majha News, Youtube Video
3. How to Protect yourself from SIM Swap Fraud Express Computer News

Prashant Mali
Cyber Lawyer, Bombay High  Court
Author, Speaker & Thought Leader.
+919821763157 | cyberlawconsulting@gmail.com

Tuesday, September 24, 2019

Hackers are targeting ATMs in India with new malware that steal data

A banking malware named ATMDTrack  has been active in India since late last summer, in a  kaspersky report .

Allegedly State sponsored Hackers from North Korean government have developed a new strain of malware that has been used to record and steal data from cards inserted into ATM machines in India.

Further analysis of the malware by the Moscow-based cybersecurity firm found the samples to be part of a bigger remote access trojan (RAT) called DTrack.

Calling it a spy tool to attack financial institutions and research centers in India, the experts said the malware strains shared “similarities with the DarkSeoul campaign, dating back to 2013 and attributed to the Lazarus group.”

The DTrack RAT was detected as recently as this month, the researchers noted.

Collecting key logs and browser histories

The threat actors behind DTrack obfuscated their malicious code in an innocuous executable file that was protected behind encryption barriers in a dropper used to install the malware.

Aside from disguising itself as a harmless process, the malware can perform a number of operations such as:

  • .Keylogging
  • .Retrieving browser history
  • .Gathering host IP addresses, information about available networks and active connections
  • .Listing all running processes
  • .Listing all files on all available disk volumes

The collected data was then archived as a password-protected file that’s either saved to the disk or sent to a command-and-control server.

Classifying ATMDTrack as a subset of the DTrack family, the researchers said the developers behind the two malware strains are the “same group of people.”

Given the sophistication of the modus operandi, it’s recommended that target organizations beef up their network and password policies and monitor network traffic for any suspicious behaviour.

The kaspersky report also says the vast amount of DTrack samples that they found shows that the Lazarus group is one of the most active APT groups in terms of malware development, And they see that this group uses similar tools to perform both financially-motivated and pure espionage attacks.

I feel Banks need to go extra mile for searching and weeding out this malware from the ATM’s . ATM have come out as the last mile vulnerability in Indian banking industry due to usage of vulnerable OS and lack of physical security. 

Monday, September 23, 2019

Right to Internet is a fundamental right in India

Internet Access is a fundamental Right held by 

Kerala High Court.

i.e. that the right to have access to the #Internet is part of the right to education as well as the right to privacy under Article 21 of the Indian Constitution .The verdict came on a petition filed by a Kozhikode college student challenging her expulsion for not adhering to restrictions on the use of mobile phone

Justice P.V. Asha made the observation while ordering the Principal of Sree Narayanaguru College, Kozhikode, to re-admit a student who had been expelled from the college hostel for using her mobile phone beyond the restricted hours.

The court observed, “When the Human Rights Council of the United Nations has found that the right of access to Internet is a fundamental freedom and a tool to ensure right to education, a rule or instruction which impairs the said right of the students cannot be permitted to stand in the eye of law.”The verdict came on a petition filed by Faheema Shirin, a third-semester B.A. English student of the college at Chelanur, challenging her expulsion for not adhering to restrictions on the use of mobile phone. As per the rules of the girls’ hostel, inmates were restrained from using mobile phones from 6 p.m. to 10 p.m. every day. She, along with a few other inmates, had protested against the restriction, as it was hampering their learning process. 

The Judge observed that the action of the college authorities infringed the fundamental freedom as well as privacy and would adversely affect the future and career of students who want to acquire knowledge and compete with their peers, such

restriction could not be permitted to be enforced.

The court while citing the observations of the SupremeCourt in the S.Rengarajan and others v. P. Jagjivan Ram (1989) case said t “ the fundamental freedom under Article 19(1)(a) can be reasonably restricted only for the purposes mentioned in Article 19(2) and the restriction must be justified on the anvil of necessity and not the quicksand of convenience or expediency.”

The court added that the hostel authorities were expected to enforce only those rules and regulations for enforcing discipline. Enforcement of discipline shall not be by blocking the ways and means of the students to acquire knowledge

The court further said that college authorities as well as parents should be conscious of the fact that the students in a college hostel are adults capable of taking decisions as to how and when they have to study.

Monday, September 2, 2019

Cyber Warfare: Two Instances where Kinetic Force was used in response to Cyberattack

Two Tales of Using Kinetic Force in Response to  Cyberattack 

May 2019, the Israel Defense Forces (IDF) launched a physical attack on Hamas in immediate response to an alleged cyber-assault. The IDF hit a building in the Gaza Strip with an airstrike after claiming the site had been used by Hamas cyber operatives to attack Israel’s cyber space. It came amid days of intense fighting between the IDF and terror groups in the Gaza Strip.

The IDF claimed it stopped the attack online before launching its airstrike on Hamas. It claims it has now wiped out Hamas’ cyber operational capabilities.

 Israel Defense Forces said via Twitter: “We thwarted an attempted Hamas cyber offensive against Israeli targets. Following our successful cyber defensive operation, we targeted a building where the Hamas cyber operatives work. HamasCyberHQ.exe has been removed.”

 It could mark a change in modern cyber warfare tactics, given that it is the first time a cyber-attack has been met with immediate physical retaliation in real-time during active conflict. However, allegedly the US is still the first country to respond to cyber-attacks with military force. In 2015, USA launched a drone strike to kill the British national in charge of ISIL’s hacker groups Junaid Hussain. Hussain had also dumped personal details of US military forces online.

This 2019 attack is different to the 2015 US retaliation: The IDF apparently reacted immediately, rather than planning its response over weeks or months.

 Operations in cyber space are not governed by the rules of warfare. However, the Geneva protocols and international law do cover a response occurring in the physical domain.  There have been attempts to bring in rules for cyber warfare with the Tallinn Manual on the International Law applicable to Cyber Warfare, but this has not been ratified or adopted by any nation or multinational organization.

Saturday, August 24, 2019

First Space Cybercrime of Indentity Theft

First Space #cybercrime of #identitytheft in ISS 

Nasa is investigating a claim that an astronaut Ms. Anne McClain the first Lady astronaut has allegedly accessed the bank account of her estranged husband from the International Space Station.

Accused has acknowledged the crime but denied any wrongdoing When her husband Mr Summer Worden, had filed a complaint with the Federal Trade Commission FTC. Lady astronaut has since returned to Earth.

The astronaut claims, she was merely making sure that the family's finances were in order and there was enough money to pay bills and care for Ms Worden's son - who they had been raising together prior to the divorce in 2018

How does the law work in space?

There are five national or international space agencies involved in the ISS - from the US, Canada, Japan, Russia and several European countries - and a legal framework sets out that national law applies to any people and possessions in space.

So if a Canadian national were to commit a crime in space, they would be subject to Canadian law, and a Russian citizen to Russian law.  Space law also sets out provisions for extradition back on Earth, should a nation decide it wishes to prosecute a citizen of another nation for misconduct in space.

As space tourism becomes a reality, so might the need to prosecute space crime, but for now the legal framework remains untested. 

Thursday, August 22, 2019

Cybercrime conviction in Fake Patanjali Website matter

One Vikas Kumar from Patna was Convicted in #cybercrime for 2 years with Rs. 5,000/- fine for operating fake #Patanjali Website & promising distributorship in lieu of ₹3 Lacks by Ahmednagar Court in Maharashtra.

FIR was Registered under S66D of the IT Act,2000 & S420 of IPC

1. District - Ahmednagar

2. Police Station - Cyber Police Station

3. C.R.No. 02/2017, IPC Sections 419, 420,467, 468 IT Act Section 66C

4. Name of Accused - Vikas Kumar, r/o Nalanda, Bihar.

5. Facts of the case - Accused in the said case had allegedly offered Distributorship through a fake website of Patanjali and thereby duped the Complainant to the tune of Rs. 3 Lacs.

Technical Investigation of the said crime was undertaken by PI Pawar and the Accused was arrested from Patna, Bihar.

Proceedings of the said case were conducted before the Court of Chief Magistrate, Ahmednagar .

Almost everyone knows someone has been a Victim. But, there's still an attitude that somehow it always happens to the other guy. But, what if you are the other guy?

All across India, the fastest growing Cyber Crime in the nation has been identified as Identity Theft- and its affecting each one of us in insidious ways.
We have all heard of the problem, but only few have recognized the theft of the identity can be so devastating.

Types of identity theft

1. Criminal identity theft

2. Financial identity theft

3. Identity cloning and concealment

Identity Theft as a term refers to Fraud that involves stealing money or getting other benefits by pretending to be someone else. The term is relatively new and is actually a misnomer, since it is not inherently possible to steal an identity, only to use it. The person whose identity is used can suffer various consequences when they are held responsible for the perpetrator's actions.

Section 66C of the IT Act,2000 :

Punishment for identity theft.- Whoever, fraudulently or dishonestly make use of the electronic signature, password or any other unique identification feature of any other person, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine.

Sunday, April 7, 2019

What GOOGLE knows about YOU ?

What does Google know about YOU?

Did you know that unlike searching , when you search on Google, they ? That means they know every search you’ve ever done on Google. That alone is pretty scary, but it’s just the shallow end of the  that they try to collect on people.

What most people don’t realize is that even if you don’t use any Google products directly, they’re still trying to track as much as they can about you. Google trackers have been found on . This means they're also trying to track most everywhere you go on the internet, trying to slurp up your browsing history!

Most people also don’t know that Google runs most of the ads you see across the internet and in apps – you know those ones that follow you around everywhere? Yup, that’s Google, too. They aren’t really a search company anymore – they’re a tracking company. They are tracking as much as they can for these annoying and intrusive ads, including recording every time you see them, where you saw them, if you clicked on them, etc.

But even that’s not all…

If You Use Google Products

If you do use Google products, they try to track even more. In addition to tracking everything you’ve ever searched for on Google (e.g. “weird rash”), Google also tracks every video you’ve ever watched on YouTube. Many people actually don’t know that ; now you know.

And if you use Android (yeah, Google owns that too), then Google is also usually tracking:

Every place you’ve been via Google Location Services.

How often you use your apps, when you use them, where you use them, and whom you use them to interact with. (This is just excessive by any measure.)

All of your text messages, which unlike on iOS, .

Your photos .

If you use Gmail, they of course also have all your e-mail messages. If you use Google Calendar, they know all your schedule. There’s a pattern here: For all Google products (Hangouts, Music, Drive, etc.), you can expect the same level of tracking: that is, pretty much anything they can track, they will.

Oh, and if you use Google Home, they also store a live recording of every command you’ve (or anyone else) has ever said to your device! Yes, you heard that right (err… they heard it) – you can check out all the recordings .

Essentially, if you allow them to, they’ll track pretty close to, well, everything you do on the Internet. In fact, even if you tell them to stop tracking you, Google has been known to not really listen, for example with .

You Become the Product

Why does Google want all of your information anyway? Simple: as stated, Google isn’t a search company anymore, they’re a tracking company. All of these data points allow Google to build a pretty robust profile about you. In some ways, by keeping such close tabs on everything you do, they, at least in some ways, may know you better than you know yourself.

It is alleged that Google also listens to you when the mobile is near you through its App using its ambient noise technology.

And Google uses your personal profile to sell ads, not only on their search engine, but also on over three million other websites and apps. Every time you visit one of these sites or apps, Google is following you around with hyper-targeted ads.

It’s exploitative. By allowing Google to collect all this info, you are allowing hundreds of thousands of advertisers to bid on serving you ads based on your sensitive personal data. Everyone involved is profiting from your information, except you. You are the product.

It doesn’t have to be this way. It is entirely possible for a web-based business to be profitable without making you the product – since 2014,  has been profitable without storing or sharing any personal information on people at all. You can read more about our business model .

The Myth of “Nothing to Hide”

Some may argue that they have “nothing to hide,” so they are not concerned with the amount of information Google has collected and stored on them, but that argument is fundamentally flawed .

Everyone has information they want to keep private: Do you close the door when you go to the bathroom? Privacy is about control over your personal information. You don’t want it in the hands of everyone, and certainly don’t want people profiting on it without your consent or participation.

In addition, privacy is essential to democratic institutions like voting and everyday situations such as getting medical care and performing financial transactions. Without it, there can be significant harms.

On an individual level, lack of privacy leads to putting you into a , getting manipulated by ads, , fraud, and identity theft. On a societal level, it can lead to deepened polarization and societal manipulation like we’ve unfortunately been seeing multiply in recent years.

You Can Live Google Free

Basically, Google tries to track too much. It’s creepy and simply just more information than one company should have on anyone.

Thankfully, there are many good ways to reduce your Google footprint, even close to zero! If you are ready to live without Google,  for services to replace their suite of products, as well as instructions for . It might feel like you are trapped in the Google-verse, but it is possible to break free.

For starters, just switching the search engine for all your searches goes a long way. After all, you share your most intimate questions with your search engine; at the very least, shouldn’t those be kept private? If you switch to the  you will not only make your searches anonymous, but also block Google’s most widespread and invasive trackers as you navigate the web.

If you’re unfamiliar with DuckDuckGo, they are an Internet privacy company that empowers you to seamlessly take control of your personal information online, without any tradeoffs. DuckDuckGo is a search engine alternative to Google at , and offer a  to protect you from Google, Facebook and other trackers, no matter where you go on the Internet.

#privacy #dataprotection #cyber #searchengine 

Thursday, January 17, 2019

WhatsAPP Video Call Divorce: First in Indian Court

WhatsAPP Video Call Divorce
A Nagpur family court has granted divorce & Rs. 10 Lakhs settlement for the wife in the US and husband in India, after recording the wife’s consent via a WhatsApp video call.
The husband, 37, a resident of Khamla in Nagpur, works in Michigan, but was in his home town when the divorce was officially granted by mutual consent.
The wife, 35, is studying in Michigan, US, on a student visa. Expressing her inability to attend the hearing as she was not permitted to seek long leave from her educational institution, the woman had requested that the hearing be conducted via a WhatsApp video call.
After seeking consent from both sides, Nagpur Family Court Judge Swati Chauhan allowed their separation on the condition that the husband would pay the woman a lump-sum one-time alimony of Rs 10 lakh. The divorce was finalised on January 14, 2019 .The family court had obtained the wife’s consent via a WhatsApp video call on the directives of the court.
The couple had an arranged marriage on August 11, 2013, at Secunderabad, now in Telangana. The husband and wife, both engineers, secured jobs in a US-based automobile company.
However, differences cropped up when the wife stayed with her in-laws in Nagpur for some time after her US visa expired. She returned to Michigan later on a student visa. Over time, their differences deepened and the husband filed for divorce at the Nagpur Family Court.
The court referred their case to a counsellor as per existing norms but the hearing took place for some time, as both were abroad. Smita Sarode Singhalkar, the wife’s lawyer, said she then took the lead and arranged a meeting at her office at Khare Town in Nagpur to go for an out of court settlement. The meeting was attended by the husband and his lawyer, while the wife was contacted on WhatsApp video call. The wife’s brother represented her at the negotiation.
While the husband attended the meeting, the wife was represented by her brother. The counsellor interviewed the wife on the terms of settlement via WhatsApp video calls and also consulted the husband. Subsequently, both the lawyers informed the court that since both the husband and wife were already living separately in the US for over a year and the wife was ready for a one-time settlement, a divorce should be granted.
The court turned the divorce case into a mutual consent petition before dissolving the marriage. While the Muslim, women across the world are fighting to ban divorce via Skype and WhatsApp, Indian court grants a divorce to a man in India with the consent of women in the USA 

Navy man in Jail for 2 years for Child Pornography, cyber crime in India

Navy man gets 2 years Jail for Child Pornography, cyber crime in India : Cyber crime conviction By Prashant Mali In the case of D...