What is Spoofing?
Spoofing is a situation in which one person successfully poses to be another person by falsifying data and thereby gaining an illegitimate advantage. In terms of computer networks, spoofing has many types including IP spoofing, phishing, Referer spoofing, E-mail Address spoofing, spamming, login spoofing etc.
-A brief description of the different types…
IP spoofing is where you create your own data packets by monitoring the original IP packets. The self created data packets are then injected wherever the illegitimate access is required, thus gaining access to their internet traffic.
Phishing is when someone creates reproduced websites of the original ones to fool people, and is normally done to harvest their usernames and passwords, their credit card numbers etc.
E-mail spoofing and spamming can be, in some instances, used in the same context. E-mail spoofing is where you send the e-mails hiding the sender information, or giving the sender information which is misleading. The email content is usually obscene and unwanted.
-Why Computer Spoofing should be part of the cyber crime law?
As talked before in the documentary of "Electronics Crime Bill 2007" by Mr. Jameel, spoofing can lead to many problems, but here in Pakistan, the cyber crimes are not defined fully. Vague definitions have been submitted in the Electronics Crime Bill 2007 which confuses us to blame someone of a charge. The crime is a crime if the Judge takes it as a crime, and not the law books.
In my personal opinion, computer spoofing should be part of the cyber crime law. Let’s take spamming for an example. Obviously spamming is a cheaper way to advertise products, but as seen so many times, spanning leads to interference many a times, and the Electronics Crime Bill of 2007 sees this as a crime. Taking another example, IP spoofing may be used to disrespect privacy of certain citizens. URL spoofing, which may sometimes lead to hacking of credit card numbers, or other personal and important information, which is a serious forgery case. One clause of the Council of Europe ETS No. 185/Budapest Convention states this:
"Mindful of the need to ensure a proper balance between the interests of law enforcement and respect for fundamental human rights as enshrined in the 1950 Council of Europe Convention for the Protection of Human Rights and Fundamental Freedoms, the 1966 United Nations International Covenant on Civil and Political Rights and other applicable international human rights treaties, which reaffirm the right of everyone to hold opinions without interference, as well as the right to freedom of expression, including the freedom to seek, receive, and impart information and ideas of all kinds, regardless of frontiers, and the rights concerning the respect for privacy;"
-Budapest Convention [Council of Europe ETS No. 185]
Obviously, there are many cases where spoofing is done for professional causes. An example maybe advertisement of some products of a company. Advertising on web pages is expensive, and there maybe cases where not many people visit web pages where you have put on your advertisement. In such cases, mail spoofing and spamming seem to be a cheaper and better option. But then again, people do get irritated by these things and does break some treaties, as that of the 1966 United Nations International Covenant on Civil and Political Rights. Hence or otherwise, again, this is not the way out and spoofing should be a part of the cyber crime law.
A clause that may help defining Computer Spoofing as a cyber crime is given below:
"Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally and without right, the input, alteration, deletion, or suppression of computer data, resulting in inauthentic data with the intent that it be considered or acted upon for legal purposes as if it were authentic, regardless whether or not the data is directly readable and intelligible. A Party may require an intent to defraud, or similar dishonest intent, before criminal liability attaches."
-Budapest Convention [Council of Europe ETS No. 185]
Computer spoofing may have many advantages, but its overall effect has caused much problems than helping out. As seen in URL spoofing and IP spoofing, personal information of people may be accessed and later misused which may lead to serious problems. Like every other thing, computer spoofing has its own advantages and disadvantages. But when the disadvantages are as troublesome as seen here, they overshadow all other advantages. Those advantages have to be sacrificed in order to save ourselves from disadvantages. Computer spoofing should be a part of the cyber crime law, and punishments should be sought-out depending on the level of crime committed.
Saturday, February 23, 2008
Subscribe to:
Posts (Atom)