Should spoofing be a part of Pakistan Cyber Crime Law?

Before I give my comment on that whether ‘spoofing’ should be a part of Pakistan cyber crime bill, I would like to tell u people something about ‘spoofing’.

By definition A spoofed email is one that appears to come from one source but has actually emerged from another source. Falsifying the name and / or email address of the sender of the email usually does email spoofing [1].

Usually spoofing includes:

-Spreading viruses and worms
-Message
-Email bombing
- Threatening emails
-Email Frauds

Spreading viruses and worms

Emails are often the fastest and easiest ways to propagate different code over the Internet. The Love Bug virus reached millions of computers within 36 hours of its release. Hackers often bind viruses, worms with e-greeting cards and then email them to unsuspecting persons. Such contaminants can also be bound with software that appears to be an anti-virus patch.
Example.
Consider Mr.Ali whose email address is Ali@hotmail.com. His friend Mr.Junaid email address is Junaid @yahoo.com. Using Send Fake Mail, Ali can send emails purposed to be sent from Junaid’s email account. All he has to do is enter Junaid@yahoo.com in the space provided for sender's email address. Junaid's friends would trust such emails, as they would presume that they have come from Junaid. Ali can use this misplaced trust to send viruses, worms etc. to Junaid's friends [2].

Message
I define message spoofing by giving an example. Consider information@mcaffee.com (this is a spoofed email but the victim does not know this). The email informs him that the attachment contained with the email is a security patch that must be downloaded to detect a certain new virus. Mostly users would open an email and would download the attachment, which actually could be a virus itself!

Email bombing
Email bombing refers to sending a large amount of emails to the victim resulting in the victim's email account or servers crashing. A simple way of achieving this would be to subscribe the victim's email address to a large number of mailing lists. Mailing lists are special interest groups that share and exchange information on a common topic of interest with one another via email. If a person has been unknowingly subscribed to hundreds of mailing lists, his incoming email traffic will be too large and his service provider will probably delete his account. The simplest email bomb is an ordinary email account. All that one has to do is compose a message, enter the email address of the victim multiple times in the "To" field, and press the "Send" button many times [3].
Example.

Consider writing the email address 25 times and pressing the "Send" button just 50 times (it will take less than a minute) will send 1250 email messages to the victim! If a group of 10 people do this for an hour, the result would be 750,000 emails! There are several hacking tools available to automate the process of email bombing. These tools send multiple emails from many different email servers, which make it very difficult, for the victim to protect himself [4].

Threatening emails
People are threatened on different issues to get benefits or money from them. Consider a threatening e-mail story.
Example.
In a recent case, Poorva received an e-mail message from someone who called him or herself 'your friend'. The attachment with the e-mail contained morphed pornographic photographs of Poorva. The mail message said that if Poorva were not to pay Rs. 10,000 at a specified place every month, the photographs would be uploaded to the Net and then a copy sent to her fiancé. Scared, Poorva at first complied with the wishes of the blackmailer and paid the first Rs. 10, 000. Next month, she knew she would have to approach her parents. Then, trusting the reasonableness of her fiancé she told him the truth. Together they approached the police. Investigation turned up the culprit - Poorva's supposed friend who wanted that Poorva and her fiancé should break up so that she would get her chance with him [5].

Email Frauds
Email spoofing is very often used to commit financial crimes. It becomes a simple thing not just to assume someone else's identity but also to hide one's own. The person committing the crime understands that there is very little chance of his actually being identified.
Example.
In a recently reported case, a Pune based businessman received an email from the Vice President of the Asia Development Bank (ADB) offering him a lucrative contract in return for Rs 10 lakh. The businessman verified the email address of the Vice President from the web site of the ADB and subsequently transferred the money to the bank account mentioned in the email. It later turned out that the email was a spoofed one and was actually sent by an Indian based in Nigeria [6].

Conclusion:

So after describing everything about spoofing, I would like to pass my this comment that spoofing should be a part of Pakistan cyber crime bill. But on this question that whether spoofing is a cause of cyber crime or it is just a part of cyber crime, I would like to say on it that it is a part of cyber crime as there are many other major crimes are present like electronic forgery, cyber stalking, packet sniffing are all wrong. But the way by which the crime spoofing is explained in the Budapest Convention on Cyber-crime is not right. It have to be explained in a very clear way because in a country like Pakistan where the literacy rate is very low and people don’t have enough awareness about such things.

1. http://dictionary.reference.com/browse/spoofing
2. http://cybercrime.planetindia.net/email_crimes.htm
3. http://cybercrime.planetindia.net/email_crimes.htm
4. http://cybercrime.planetindia.net/email_crimes.htm
5. http://cybercrime.planetindia.net/email_crimes.htm
6. http://cybercrime.planetindia.net/email_crimes.htm