You are on page 1of 34

Definition –

Cybercrime in a narrow sense (computer crime): Any illegal behavior directed by means
of electronic operations that targets the security of computer systems and the data
processed
by them.
Cybercrime in a broader sense (computer-related crime): Any illegal behavior committed
by means of, or in relation to, a computer system or network, including such crimes as
illegal possession [and] offering or distributing information by means of a computer
system
or network.

Cyber Law in India

1. Sending threatening messages by e-mail - Sec .503 IPC
2. Word, gesture or act intended to insult the modesty of a woman - Sec.509 IPC
3. Sending defamatory messages by e-mail - Sec .499 IPC
4. Bogus websites , Cyber Frauds - Sec .420 IPC
5. E-mail Spoofing - Sec .463 IPC
6. Making a false document - Sec.464 IPC
7. Forgery for purpose of cheating - Sec.468 IPC
8. Forgery for purpose of harming reputation - Sec.469 IPC

Sl.No Offences Section Under IT Act

1. Tampering with computer source Documents - Sec.65
2. Hacking with computer systems , Data Alteration - Sec.66
3. Sending offensive messages through communication service, etc - Sec.66A
4. Dishonestly receiving stolen computer resource or communication device - Sec.66B
5. Identity theft - Sec.66C
6. Cheating by personation by using computer resource - Sec.66D
7. Violation of privacy - Sec.66E
8. Cyber terrorism - Sec.66F
9. Publishing or transmitting obscene material in electronic form - Sec .67
10. Publishing or transmitting of material containing sexually explicit act, etc. in
electronic form - Sec.67A
11. Punishment for publishing or transmitting of material depicting children in
sexually explicit act, etc. in electronic form - Sec.67B
11. Preservation and Retention of information by intermediaries - Sec.67C
12. Powers to issue directions for interception or monitoring or decryption of any
information through any computer resource - Sec.69
13. Power to issue directions for blocking for public access of any information
through any computer resource - Sec.69A
14. Power to authorize to monitor and collect traffic data or information through
any computer resource for Cyber Security - Sec.69B
15. Un-authorized access to protected system - Sec.70
16. Penalty for misrepresentation – Sec.71
17. Breach of confidentiality and privacy - Sec.72
18. Publishing False digital signature certificates - Sec.73
19. Publication for fraudulent purpose - Sec.74
29. Act to apply for offence or contraventions committed outside India - Sec.75
21. Compensation, penalties or confiscation not to interfere with other Punishment - Sec.77
22. Compounding of Offences - Sec.77A
23. Offences with three years imprisonment to be cognizable - Sec.77B
24. Exemption from liability of intermediary in certain cases - Sec.79
25. Punishment for abetment of offences - Sec.84B
26. Punishment for attempt to commit offences - Sec.84C
27. Offences by Companies - Sec.85

Note : Sec.78 of I.T. Act empowers Police Inspector to investigate cases falling under this
Act

36. Web-Jacking - Sec .383 IPC
37. E-mail Abuse - Sec .500 IPC
38. Punishment for criminal intimidation - Sec.506 IPC
39. Criminal intimidation by an anonymous communication - Sec.507 IPC
40. When copyright infringed:- Copyright in a work shall be deemed to be
Infringed - Sec.51
41. Offence of infringement of copyright or other rights conferred by this Act. Any
person who knowingly infringes or abets the infringement of - Sec.63
42. Enhanced penalty on second and subsequent convictions - Sec.63A
43. Knowing use of infringing copy of computer program to be an offence - Sec.63B
44. Obscenity - Sec. 292 IPC
45. Printing etc. of grossly indecent or scurrilous matter or matter intended for
Blackmail - Sec.292A IPC
46. Sale, etc., of obscene objects to young person - Sec .293 IPC
47. Obscene acts and songs - Sec.294 IPC
48. Theft of Computer Hardware - Sec. 378
49. Punishment for theft - Sec.379
50. Online Sale of Drugs - NDPS Act
51. Online Sale of Arms - Arms Act
Details of each section –

43. Penalty for damage to computer, computer system, etc.-
If any person without permission of the owner or any other person who is in charge of a
computer, computer system or computer network,- accesses or secures access to such computer,
computer system or computer network downloads, copies or extracts any data, computer data
base information from such computer, computer system or computer network including
information or data held or stored in any removable storage medium.
Introduces or causes to be introduced any computer contaminant or computer virus into any
computer, computer system or computer network;
damages or causes to be damaged and computer, computer system or computer network, data,
computer database or any other programs residing in such computer, computer system or
computer network;
disrupts or causes disruption of any computer, computer system or computer network;
denies or causes the denial of access to any person authorized to access any computer, computer
system or computer network by any means;
provides any assistance to any person to facilitate access to a computer, computer system or
computer network in contravention of the provisions of this Act, rules or regulations made there
under;
charges the services availed of by a person to the account of another person by tampering with or
manipulating any computer, computer system or compute network he shall be liable to pay
damages by way of compensation not exceeding one crore rupees to the person so affected.
Explanation.-For the purposes of this section.- (i) ―computer contaminant‖ means any set of
computer instructions that are designed –
(a) to modify, destroy, record, transmit date or program residing within a computer, computer
system or computer network; or
(b) by any means to usurp the normal operation of the computer, compute system, or computer
network;
(ii) ―computer database‖ means a representation of information,
knowledge, facts, concepts or instructions in text, image, audio, video that are being prepared or
have been prepare in a formalized manner or have been produced by a computer, computer
system or computer network and are intended for use in a computer, computer system or
computer network;
(iii) ―computer virus‖ means any computer instruction, information, data or program that
destroys, damages, degrades adversely affects the performance of a computer resources or
attaches itself to another itself to another computer resources and operates when a program, date
or instruction is executed or some other even takes place in that computer resource;
(iv) ―damage‖ means to destroy, alter, delete, add, modify or re-arrange any computer resource
by any means.
44. Penalty for failure to furnish information, return, etc.-
If any person who is required under this Act or any rules or regulations made there under to- (a)
furnish any document, return or report to the Controller or the Certifying Authority fails to
furnish the same, he shall be liable to a penalty not exceeding one lakh and fifty thousand rupees
for each such failure;
(b) file any return or furnish any information, books or other documents within the time specified
therefore in the regulations fails to file return or furnish the same within the time specified
therefore in the regulations, he shall be liable to a penalty not exceeding five thousand rupees for
every day during which such failure continues;
(c) maintain books of account or records fails to maintain the same, he shall be liable to a penalty
no exceeding ten thousand rupees for every day during which the failure continues.
45. Residuary penalty.-
Whoever contravenes any rules or regulations made under this Act, for the contravention of
which no penalty has been separately provided, shall be liable to pay a compensation not
exceeding twenty-five thousand rupees to the person affected by such contravention or a penalty
not exceeding twenty-five thousand rupees.
46. Power to adjudicate. -
(1) For the purpose of adjudging under this Chapter whether any person has committed a
contravention of any of the provisions of this Act or of any rule, regulation, direction or order
made there under the Central
Government shall, subject to the provisions of sub section (3), appoint any officer not below the
rank of a Director to the Government of India or an equivalent officer of a State Government to
be an adjudicating officer for holding an inquiry in the manner prescribed by the Central
Government .
(2) The adjudicating officer shall, after giving the person referred to in sub-section (1) a
reasonable opportunity for making representation in the matter and if, on such inquiry, he is
satisfied that the person has committed the contravention, he may impose such penalty or award
such compensation as he thinks fit in accordance with the provisions of that section.
(3) No person shall be appointed as an adjudicating officer unless he possesses such experience
in the filed of Information Technology and legal or judicial experience as may be prescribed by
the Central Government.
(4) Where more than one adjudicating officers are appointed, the Central Government shall
specify by order the matters and places with respect to which such officers shall exercise their
jurisdiction.
(5) Every adjudicating officer shall have the powers of a civil court which are conferred on the
Cyber Appellate Tribunal under sub-section (2) of section (2) of section 58, and-
(a) all proceedings before it shall be deemed to be judicial proceedings within the meaning of
section 193 and 228 of the Indian Penal Code (45 of 1860);
(b) shall be deemed to be a civil court for the purpose of section 345 and 346 of the Code of
Criminal Procedure, 1973 (2 of 1974).
47. Factors to be taken into account by the adjudicating officer. -
While adjudging the quantum of compensation under this Chapter, the adjudicating officer shall
have due regard to the following factors, namely:-
(a) the amount of gain of unfair advantage, whenever quantifiable, made as a result of the
default;
(b) the amount of loss caused to any person as a result of the default;
(c) the repetitive nature of the default.

48. Establishment of Cyber Appellate Tribunal. -
(1) The Central Government shall, by notification, establish one or more appellate tribunals to be
known as the Cyber Regulations Appellate Tribunal.
(2) The Central Government shall also specify, in the notification referred to in sub-section (1),
the matters and places in relation to which the Cyber Appellate Tribunal may exercise
jurisdiction.
49. Composition of Cyber Appellate Tribunal.-
A cyber Appellate Tribunal shall consist of one person only (hereinafter referred to as the
Presiding Officer of the Cyber Appellate Tribunal) to be appointed, by notification, by the
Central Government.
50. Qualifications for appointment as Presiding Officer of the Cyber Appellate
Tribunal. -
A person shall not be qualified for appointment as the Presiding Officer of a Cyber Appellate
Tribunal unless he-
(a) is, or has been, or is qualified to be, a Judge of a High Court; or
(b) is, or has been, a member of the Indian Legal Service and is holding or has held a post in
Grade I of that Service for at least three years.
51. Term of office. -
The Presiding Officer of a Cyber Appellate Tribunal shall hold office for a term of five years
from the date on which he enters upon his office or until he attains the age of sixty-five years
whichever is earlier.
52. Salary , allowance and other terms conditions of service of Presiding
Officer.-
The salary and allowances payable to, and the other terms and conditions of service including
pension, gratuity and other retirement benefits of, the Presiding Officer of a Cyber Appellate
Tribunal shall be such as may be prescribed:
Provided that neither the salary and allowances nor the other terms and conditions of service of
the Presiding Officers shall be varied to his disadvantage after appointment.
53. Filling up of vacancies. -
If, for reason other than temporary absence, any vacancy occurs in the office of the Presiding
Officer of a Cyber Appellate Tribunal, then the Central Government shall appoint another person
in accordance with the provisions of this Act to fill the vacancy and the proceedings may be
continued before the Cyber appellate Tribunal from the state at which the vacancy is filled.
54. Resignation and removal. -
(1) The Presiding Officer of a Cyber Appellate Tribunal may, by notice in writing under his hand
addressed to the Central Government, resign his office:
Provided that the said Presiding Officer shall, unless he is permitted by the Central Government
to relinquish his office sooner, continue to hold office until the expiry of three months from the
date of receipt of such notice or until a person duly appointed as his successor enters upon his
office or until the expiry of his term of office, whichever is the earliest.
(2) The Presiding Officer of a Cyber Appellate Tribunal shall not be removed from his office
except by an order by the Central Government on the ground of proved misbehaviour or
incapacity after an inquiry made by a Judge of the Supreme Court in which the Presiding Officer
concerned has been informed of the charges against him and given a reasonable opportunity of
being heard in respect of these charges.
(3) the Central Government may, by rules, regulate the procedure for the investigation of
misbehaviour or incapacity of the aforesaid Presiding Officer.
55. Orders constituting Appellate Tribunal to be final and not to invalidate its
proceedings. -
No order of the Central Government appointing any person as the Presiding Officer of a Cyber
Appellate Tribunal shall be called in question in any manner and no act or proceeding before a
Cyber Appellate Tribunal shall be called in question in any manner on the ground merely of any
defect in the constitution of Cyber Appellate Tribunal.
56. Staff of the Cyber Appellate Tribunal. -
(1) The Central Government shall provide the Cyber Appellate Tribunal with such officers and
employees as that Government may think fit.
(2) The officers and employees of the Cyber Appellate Tribunal shall discharge their functions
under general superintendence of the Presiding Officer.
(3) The salaries any allowances and other conditions of service of the officers and employees of
the Cyber Appellate Tribunal shall be such as may be prescribed by the Central Government.
57. Appeal to Cyber Regulations Appellate Tribunal. -
(1) Save as provided in sub-section (2), any person aggrieved by an order made by controller or
an adjudicating officer under this Act may prefer an appeal to a Cyber Appellate Tribunal having
jurisdiction in the matter.
(2) No appeal shall lie to the Cyber Appellate Tribunal from an order made by an adjudicating
officer with the consent of the parties.
(3) Every appeal under sub-section (1) shall be filed within a period of forty-five days from the
date on which a copy of the order made by the Controller or the adjudicating officer is received
by the person aggrieved and it shall be in such form and be accompanied by such fee as may be
prescribed;
Provided that the Cyber Appellate Tribunal may entertain an appeal after the expiry of the said
period of forty-five days if it is satisfied that there was sufficient cause for not filing it within that
period.
(4) On receipt of an appeal under sub-section (1), the Cyber Appellate Tribunal may, after giving
the parties to the appeal, an opportunity of being heard, pass such orders thereon as it thinks fit,
confirming, modifying or setting aside the order appealed against.
(5) the Cyber Appellate Tribunal shall send a copy of every order made by it to the parties tot he
appeal and to the concerned controller or adjudicating officer.
(6) The appeal filed before the Cyber Appellate Tribunal under sub-section (1) shall be dealt
with by it as expeditiously as possible and endeavour shall be made by it to dispose of the appeal
finally within sic months from the date of receipt of the appeal.
58. Procedure and powers of the Cyber Appellate Tribunal. -
(1) The Cyber Appellate Tribunal shall not be bound by the procedure laid down by the Code of
Civil Procedure, 1908 (5 of 1908), but shall be guided by the principles of natural justice and,
subject to the other provisions of this Act and of any rules, the Cyber Appellate Tribunal shall
have powers to regulate its own procedure including the place at which it shall have its sittings.
(2) The Cyber Appellate Tribunal shall have, for the purposes of discharging its functions under
this Act, the same powers as are vested in a civil court under the Code of Civil Procedure, 1908
(5 of 1908), while trying a suit, in respect of the following matters, namely:
(a) summoning and enforcing the attendance of any person and examining him on oath;
(b) requiring the discovery and production of documents or other electronic records;
(c) receiving evidence on affidavits;
(d) issuing commissions for the examination of witnesses or documents;
(e) reviewing its decisions;
(f) dismissing an application for default or deciding it ex parte;
(g) any other matter which may be prescribed.
(3) Every proceeding before the Cyber Appellate Tribunal shall be deemed to be a judicial
proceeding within the meaning of section 193 and 228, and for the purposes of section 196 of the
Indian Penal Code(45 of 1860) and the Cyber Appellate Tribunal shall be deemed to be a civil
court for the purposes of section 195 and Chapter XXVI of the Code of Criminal Procedure,
1973 (2 of 1974).
59. Right to legal representation. -
The appellant may either appear in person or authorise one or more legal practitioners or any of
its officers to present his or its case before the Cyber Appellate Tribunal.
60. Limitation. -
The provisions of the Limitation Act, 12963f (36 of 1963), shall, as far as may be, apply to an
appeal made to the Cyber Appellate Tribunal.
61. Civil court not to have jurisdiction. -
No court shall have jurisdiction to entertain any suit or proceeding in respect of any matter which
an adjudicating officer appointed under this Act or the Cyber Appellate Tribunal constituted
under this Act is empowered by or under this Act to determine and no injunction shall be granted
by any court or other authority in respect of any action taken or to be taken in pursuance of any
power conferred by or under this Act.
62. Appeal to High Court. -
Any person aggrieved by any decision or order of the Cyber Appellate Tribunal may file an
appeal to the High Court within sixty days from the date of communication of the decision or
order of the Cyber Appellate Tribunal to him on any question of fact or law arising out of such
order:
Provided that the High Court may, if it is satisfied that the appellant was prevented by sufficient
cause from filing the appeal within the said period, allow it to filed within a further period not
exceeding sixty days.
63. Compounding of contraventions. -
(1) Any contravention under this Chapter may, either before or after the institution of
adjudication proceedings, be compounded by the Controller or such other officer as may be
specially authorized by him in this behalf or by the adjudicating officer, as the case may be,
subject to such conditions as the Controller or such other officer or the adjudicating officer, as
the case may be, subject to such conditions as the Controller or such other officer or the
adjudicating officer may specify.
Provided that such sum shall not, in any case, exceed the maximum amount of the penalty which
may be imposed under this Act for the contravention so compounded.
(2) Nothing in sub-section (1) shall apply to a person who commits the same or similar
contravention within a period of three years form the date on which the first contravention,
committed, by him, was compounded.
Explanation:- For the purposes of this sub-section, any second or subsequent contravention
committed after the expiry of a period of three years from the date on which the contravention
was previously compounded shall be deemed to be a first contravention.
(3) Where any contravention has been compounded under sub-section(I), no proceeding or
further proceeding, or further proceeding, as the case may be, shall be taken against the person
guilty of such contravention in respect of the contravention so compounded.
64. Recovery of penalty. -
A penalty imposed under this Act, if it is not paid shall be recovered as an arrear of land revenue
and the license or the Digital Signature Certificate, as the case may be, shall be suspended till the
penalty is paid.

65. Tampering with computer source documents. -
Whoever knowingly or intentionally conceals, destroy, or alter any computer source code used
for a computer, computer program, computer system or computer network, when the computer
source code is required to be kept or maintained by law for the time being in force, shall be
punishable with imprisonment up to three years, or with fine which may extend up to two lakh
rupees, or with both.
Explanation – For the purposes of this section, ―computer source code‖ means the listing of
programs, compute commands, design and layout and program analysis of computer resource in
any form.
66. Hacking with Computer System. -
(1) Whoever with the intent of cause or knowing that is likely to cause wrongful loss or damage
to the public or any person destroys or deletes or alters any information residing in a computer
resource or diminishes its value or utility or affects it injuriously by any means, commits
hacking.
(2) Whoever commits hacking shall be punished with imprisonment up to three years, or with
fine which may extend up to two lakh rupees, or with both.
66 A. Punishment for sending offensive messages through communication
service, etc.( Introduced vide ITAA 2008)
Any person who sends, by means of a computer resource or a communication device,-
a) any information that is grossly offensive or has menacing character; or
b) any information which he knows to be false, but for the purpose of causing annoyance,
inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred, or ill
will, persistently makes by making use of such computer resource or a communication device,
c) any electronic mail or electronic mail message for the purpose of causing annoyance or
inconvenience or to deceive or to mislead the addressee or recipient about the or igin of such
messages (Inserted vide ITAA 2008) shall be punishable with imprisonment for a term which
may extend to two three years and with fine.
Explanation: For the purposes of this section, terms "Electronic mail" and "Electronic Mail
Message" means a message or information created or transmitted or received on a computer,
computer system, computer resource or communication device including attachments in text,
image, audio, video and any other electronic record, which may be transmitted with the message.

66 B. Punishment for dishonestly receiving stolen computer resource or
communication device (Inserted Vide ITA 2008)
Whoever dishonestly receives or retains any stolen computer resource or communication device
knowing or having reason to believe the same to be stolen computer resource or
communication device, shall be punished with imprisonment of either description for a term
which may extend to three years or with fine which may extend to rupees one lakh or with both.

66C. Punishment for identity theft. (Inserted Vide ITA 2008)
Whoever, fraudulently or dishonestly make use of the electronic signature, password or any other
unique identification feature of any other person, shall be punished with imprisonment of either
description for a term which may extend to three years and shall also be liable to fine which may
extend to rupees one lakh.

66D. Punishment for cheating by personation by using computer resource
(Inserted Vide ITA 2008)
Whoever, by means of any communication device or computer resource cheats by personation,
shall be punished with imprisonment of either description for a term which may extend to
three years and shall also be liable to fine which may extend to one lakh rupees.

66 E. Punishment for violation of privacy. (Inserted Vide ITA 2008)
Whoever, intentionally or knowingly captures, publishes or transmits the image of a private area
of any person without his or her consent, under circumstances violating the privacy of that
person, shall be punished with imprisonment which may extend to three years or with fine not
exceeding two lakh rupees, or with both
Explanation -
For the purposes of this section —
(a) ―transmit‖ means to electronically send a visual image with the intent that it be viewed
by a person or persons;
(b) ―capture‖, with respect to an image, means to videotape, photograph, film or record
by any means;
(c) ―private area‖ means the naked or undergarment clad genitals, pubic area, buttocks or
female breast;
(d) ―publishes‖ means reproduction in the printed or electronic form and making it available for
public;
(e) – under circumstances violating privacy‖ means circumstances in which a person can have a
reasonable expectation that—
(i) he or she could disrobe in privacy, without being concerned that an image of his private area
was being captured; or
(ii) any part of his or her private area would not be visible to the public, regardless of whether
that person is in a public or private place.

67. Publishing of information which is obscene in electronic form.
Whoever publishes or transmits or causes to be published in the electronic form, any material
which is lascivious or appeal to the prurient interest or if its effect is such as to tend to deprave
and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or
hear the matter contained or embodied in it, shall be punished on first conviction with
imprisonment of either description for a term which may extend to five years and with fine
which may extend to one lakh rupees and in the event of a second or subsequent conviction with
imprisonment of either description for a term which may extend to ten years and also with fine
which may extend to two lakh rupees.
68. Power of the Controller to give directions. –
(1) The Controller may, by order, direct a Certifying Authority or any employee of such
Authority to take such measures or cease carrying on such activities as specified in the order if
those are necessary to ensure compliance with the provisions of this Act, rules or any regulations
made there under.
(2) Any person who fails to comply with any order under sub-section (1) shall be guilty of an
offence and shall be liable on conviction to imprisonment for a term not exceeding three years or
to a fine not exceeding two lakh rupees or to both.
69. Directions of Controller to a subscriber to extend facilities to decrypt
information. –
(1) If the Controller is satisfied that it is necessary or expedient so to do in the interest of the
sovereignty or integrity of India, the security of the State, friendly relations with foreign States or
public order or for preventing incitement to the commission of any cognizable offence, for
reasons to be recorded in writing, by order, direct any agency of the Government to intercept any
information transmitted through any computer resource.
(2) The subscriber or any person in charge of the computer resource shall, when called upon by
any agency which has been directed under sub-section (1), extend all facilities and technical
assistance to decrypt the information.
(3) The subscriber or any person who fails to assist the agency referred to in sub-section (2) shall
be punished with an imprisonment for a term which may extend to seven years.
70. Protected system.-
(1) The appropriate Government may, by notification in the Official Gazette, declare that any
computer, computer system or computer network to be a protected system.
(2) The appropriate Government may, by order in writing, authorize the persons who are
authorized to access protected systems notified under sub-section.
(3) Any person who secures access or attempts to secure access to a protected system in
contravention of the provisions of this section shall be punished with imprisonment of either
description for a term which may extend to ten years and shall also be liable to fine.
71. Penalty for misrepresentation.-
Whoever makes any misrepresentation, to, or suppresses any material fact from, the Controller or
the Certifying Authority for obtaining any licennce or Digital Signature Certificate, as the case
may be, shall be punished with imprisonment for a terms which may extend to two years, or with
fine which may extend to one lakh rupees, or with both.
72. Breach of confidentiality and privacy.-
Save as otherwise provided in this Act or any other law for the time being in force, if any person
who, in pursuance of any of the powers conferred under this Act, rules or regulations made there
under, has secured access to any electronic record, book, register, correspondence, information,
document or other material without the consent of the person concerned discloses such electronic
record, book, register, correspondence, information, document or other material to any other
person shall be punished with imprisonment for a term which may extend to two years, or with
fine which may extend to one lakh rupees, or with both.
73. Penalty for publishing Digital Signature Certificate false in certain
particulars. -
(1) No person shall publish a Digital Signature Certificate or otherwise make it available to any
other person with the knowledge that-
(a) the Certifying Authority listed in the certificate has not issued it; or
(b) the subscriber listed in the certificate has not accepted it; or
(c) the certificate has been revoked or suspended, unless such publication is for the purposes of
verifying a digital signature created prior to such suspension or revocation.
(2) Any person who contravenes the provisions of sub-section (1) shall be punished with
imprisonment for a term which may extend to two years, or with fine which may extend to one
lakh rupees, or with both.
Cases related to each section -
1. Section 43 - Penalty and Compensa tion for damage to computer,
computer system, etc Related Case: Mphasis BPO Fraud: 2005 In December
2004, four call centre employees, working at an outsourcing facility operated by MphasiS
in India, obtained PIN codes from four customers of MphasiS‘ client, Citi Group. These
employees were not authorized to obtain the PINs. In association with others, the call
centre employees opened new accounts at Indian banks using false identities. Within two
months, they used the PINs and account information gleaned during their employment at
MphasiS to transfer money from the bank accounts of Citi Group customers to the new
accounts at Indian banks. By April 2005, the Indian police had tipped off to the scam by a
U.S. bank, and quickly identified the individuals involved in the scam. Arrests were made
when those individuals attempted to withdraw cash from the falsified accounts, $426,000
was stolen; the amount recovered was $230,000. Verdict: Court held that Section 43(a)
was applicable here due to the nature of unauthorized access involved to commit
transactions.

2. Section 65 - Tampering with Compute r Source Documents Related
Case: Syed Asifuddin and Ors. Vs. The State of Andhra Pradesh In this case, Tata
Indicom employees were arrested for manipulation of the electronic 32- bit number
(ESN) programmed into cell phones theft were exclusively franchised to Reliance
Infocomm. Verdict: Court held that tampering with source code invokes invokes Section
65 of the Information Technology Act.
.
3. Section 66 - Computer Related Offences Related Case: Kumar v/s Whiteley
In this case the accused gained unauthorized access to the Joint Academic Network
(JANET) and deleted, added files and changed the passwords to deny access to the
authorized users. Investigations had revealed that Kumar was logging on to the BSNL
broadband Internet connection as if he was the authorized genuine user and ‗made
alteration in the computer database pertaining to broadband Internet user accounts‘ of the
subscribers. The CBI had registered a cyber crime case against Kumar and carried out
investigations on the basis of a complaint by the Press Network Intelligence (India) Pvt.
Ltd. Page 7 of 24Information Bureau, Chennai, which detected Confidential the
unauthorized use of broadband Internet. The complaint also stated that the subscribers
had incurred a loss of Rs 38,248 due to Kumar‘s wrongful act. He used to ‗hack‘ sites
from Bangalore, Chennai and other cities too, they said. Verdict: The Additional Chief
Metropolitan Magistrate, Egmore, Chennai, sentenced N G Arun Kumar, the techie from
Bangalore to undergo a rigorous imprisonment for one year with a fine of Rs 5,000 under
section 420 IPC (cheating) and Section 66 of IT Act (Computer related Offence).

4. Section 66A - Punishment for sending offensive messages through
communication service Relevant Case #1: Fake profile of President posted by
imposter On September 9, 2010, the imposter made a fake profile in the name of the
Hon‘ble President Pratibha Devi Patil. A complaint was made from Additional
Controller, President Household, President Secretariat regarding the four fake profiles
created in the name of Hon‘ble President on social networking website, Facebook
Network Intelligence (India) Pvt. Ltd. Page 8 of 24 Li Ming, a graduate student at West
Chester University of Pennsylvania faked his own death, complete with a forged obituary
in his local paper. Nine months later, Li attempted to obtain a new driver‘s license with
the intention of applying for new credit cards eventually. Confidential  The CEO of an
identity theft protection company, Lifelock, Todd Daviss social security number was
exposed by Matt Lauer on NBC‘s Today Show. Davis‘ identity was used to obtain a $500
cash advance loan. . The said complaint stated that president house has nothing to do
with the facebook and the fake profile is misleading the general public. The First
Information Report Under Sections 469 IPC and 66A Information Technology Act, 2000
was registered based on the said complaint at the police station, Economic Offences
Wing, the elite wing of Delhi Police which specializes in investigating economic crimes
including cyber offences. Relevant Case #2: Bomb Hoax mail In 2009, a 15-year-old
Bangalore teenager was arrested by the cyber crime investigation cell (CCIC) of the city
crime branch for allegedly sending a hoax e-mail to a private news channel. In the e-mail,
he claimed to have planted five bombs in Mumbai, challenging the police to find them
before it was too late. At around 1p.m. on May 25, the news channel received an e-mail
that read: ―I have planted five bombs in Mumbai; you have two hours to find it.‖ The
police, who were alerted immediately, traced the Internet Protocol (IP) address to Vijay
Nagar in Bangalore. The Internet service provider for the account was BSNL, said
officials.

5. Section 66D - Punishment for cheating by impersonation by using
computer resource- Relevant Case: Sandeep Vaghese v/s State of Kerala A
complaint filed by the representative of a Company, which was engaged in the business
of trading and distribution of petrochemicals in India and overseas, a crime was
registered against nine persons, alleging offences under Sections 65, 66, 66A, C and D of
the Information Technology Act along with Sections 419 and 420 of the Indian Penal
Code. The company has a web-site in the name and and style `www.jaypolychem.com
but, another web site `www.jayplychem.org was set up in the internet by first accused
Samdeep Varghese @ Sam, (who was dismissed from the company) in conspiracy with
other accused, including Preeti and Charanjeet Singh, who are the sister and brother-in-
law of `Sam Defamatory and malicious matters about the company and its directors were
made available in that website. The accused sister and brother-in-law were based in
Cochin and they had been acting in collusion known and unknown persons, who have
collectively cheated the company and committed acts of forgery, impersonation etc. Two
of the accused, Amardeep Singh and Rahul had visited Delhi and Cochin. The first
accused and others sent e-mails from fake e-mail accounts of many of the customers,
suppliers, Bank etc. to malign the name and image of the Company and its Directors. The
defamation campaign run by all the said persons named above has caused immense
damage to the name and reputation of the Company. The Company suffered losses of
several crores of Rupees from producers, suppliers and customers and were unable to do
business.

6. Section 66E - Punishment for violation of privacy Relevant Cases:
1) Jawaharlal Nehru University MMS scandal In a severe shock to the prestigious and
renowned institute - Jawaharlal Nehru University, a pornographic MMS clip was
apparently made in the campus and transmitted outside the university. Some media
reports claimed that the two accused students initially tried to extort money from the girl
in the video but when they failed the culprits put the video out on mobile phones, on the
internet and even sold it as a CD in the blue film market.
2) Nagpur Congress leader‘s son MMS scandal On January 05, 2012 Nagpur Police
arrested two engineering students, one of them a son of a Congress leader, for harassing a
16-year-old girl by circulating an MMS clip of their sexual acts. According to the Nagpur
(rural) police, the girl was in a relationship with Mithilesh Gajbhiye, 19, son of Yashodha
Dhanraj Gajbhiye, a zila parishad member and an influential Congress leader of Saoner
region in Nagpur district.

7. Section-66F Cyber Terrorism Relevant Case: The Mumbai police have
registered a case of ‗cyber terrorism‘—the first in the state since an amendment to the
Information Technology Act—where a threat email was sent to the BSE and NSE on
Monday. The MRA Marg police and the Cyber Crime Investigation Cell are jointly
probing the case. The suspect has been detained in this case. The police said an email
challenging the security agencies to prevent a terror attack was sent by one Shahab Md
with an ID sh.itaiyeb125@yahoo.in to BSE‘s administrative email ID
corp.relations@bseindia.com at around 10.44 am on Monday. The IP address of the
sender has been traced to Patna in Bihar. The ISP is Sify. The email ID was created just
four minutes before the email was sent. ―The sender had, while creating the new ID,
given two mobile numbers in the personal details column. Both the numbers belong to a
photo frame-maker in Patna,‘‘ said an officer. Status: The MRA Marg police have
registered forgery for purpose of cheating, criminal intimidation cases under the IPC and
a cyber-terrorism case under the IT Act.

8. Section 67 - Punishment for publishing or transmitting obscene material
in electronic form : Whoever publishes or transmits or causes to be published in the
electronic form, any material which is lascivious or appeals to the prurient interest or if
its effect is such as to tend to deprave and corrupt persons who are likely, having regard
to all relevant circumstances, to read, see or hear the matter contained or embodied in it,
shall be punished on first conviction with imprisonment of either description for a term
which may extend to two three years and with fine which may extend to five lakh rupees
and in the event of a second or subsequent conviction with imprisonment of either
description for a term which may extend to five years and also with fine which may
extend to ten lakh rupees.


9. Section 67A - Punishment for publishing or transmitting of material
containing sexually explicit act, etc. in electronic form : Whoever publishes
or transmits or causes to be published or transmitted in the electronic form any material
which contains sexually explicit act or conducts hall be punished on first conviction with
imprisonment of either description for a term which may extend to five years and with
fine which may extend to ten lakh rupees and in the event of second or subsequent
conviction with imprisonment of either description for a term which may extend to seven
years and also with fine which may extend to ten lakh rupees.

10. Section 67B. Punishment for publishing or transmitting of material
depicting children in sexually explicit act, etc. in electronic form :
Whoever:- (a) publishes or transmits or causes to be published or transmitted material in
any electronic form which depicts children engaged in sexually explicit act or conduct or
(b) creates text or digital images, collects, seeks, browses, downloads, advertises,
promotes, exchanges or distributes material in any electronic form depicting children in
obscene or indecent or sexually explicit manner or (c) cultivates, entices or induces
children to online relationship with one or more children for and on sexually explicit act
or in a manner that may offend a reason able adult on the computer resource or (d)
facilitates abusing children online or (e) records in any electronic form own abuse or that
of others pertaining to sexually explicit act with children, shall be punished on first
conviction with imprisonment of either description for a term which may extend to five
years and with a fine which may extend to ten lakh rupees and in the event of second or
subsequent conviction with imprisonment of either description for a term which may
extend to seven years and also with fine which may extend to ten lakh rupees: Provided
that the provisions of section 67, section 67A and this section does not extend to any
book, pamphlet, paper, writing, drawing, painting, representation or figure in electronic
form.

11. Section 69 - Powers to issue directions for interception or monitoring
ordecryption of any information through any computer resource.-(1)
Where the central Government or a State Government or any of its officer specially
authorized by the Central Government or the State Government, as the case may be, in
this behalf may, if is satisfied that it is necessary or expedient to do in the interest of the
sovereignty or integrity of India, defence of India, security of the State, friendly relations
with foreign States or public order or for preventing incitement to the commission of any
cognizable offence relating to above or for investigation of any offence, it may, subject to
the provisions of sub-section (2), for reasons to be recorded in writing, by order, direct
any agency of the appropriate Government to intercept, monitor ordecrypt or cause to be
intercepted or monitored or decrypted any information transmitted received or stored
through any computer resource.(2) The Procedure and safeguards subject to which such
interception or monitoring ordecryption may be carried out, shall be such as may be
prescribed.(3) The subscriber or intermediary or any person in charge of the computer
resource shall, when called upon by any agency which has been directed under sub
section (1),extend all facilities and technical assistance to - (a) provide access to or secure
access to the computer resource generating, transmitting, receiving or storing such
information; or (b) intercept or monitor or decrypt the information, as the case may be; or
(c) provide information stored in computer resource.(4) The subscriber or intermediary or
any person who fails to assist the agency referred to in sub-section (3) shall be punished
with an imprisonment for a term which may extend to seven years and shall also be liable
to fine.

12. Section 69A - Power to issue directions for blocking for public access of
any information through any computer resource:(1) Where the Central
Government or any of its officer specially authorized by it in this behalf is satisfied that it
is necessary or expedient so to do in the interest of sovereignty and integrity of India,
defense of India, security of the State, friendly relations with foreign states or public
order or for preventing incitement to the commission of any cognizable offence relating
to above, it may subject to the provisions of sub-sections (2)for reasons to be recorded in
writing, by order direct any agency of the Government or intermediary to block access by
the public or cause to be blocked for access by public any information generated,
transmitted, received, stored or hosted in any computer resource.(2) The procedure and
safeguards subject to which such blocking for access by the public may be carried out
shall be such as may be prescribed.(3) The intermediary who fails to comply with the
direction issued under sub-section(1) shall be punished with an imprisonment for a term
which may extend to seven years and also be liable to fine.

13. Section 69B. Power to authorize to monitor and collect traffic data or
information through any computer resource for Cyber Security (1) The
Central Government may, to enhance Cyber Security and for identification, analysis and
prevention of any intrusion or Network Intelligence (India) Pvt. Ltd. Page 22 of
24spread of computer contaminant in the country, by notification in the official
Gazette, authorize any agency of the Government to monitor and collect traffic data or
information generated, transmitted, received or stored in any computer resource.(2) The
Intermediary or any person in-charge of the Computer resource shall when called upon
by the agency which has been authorized under sub-section (1), provide technical
assistance and extend all facilities to such agency to enable online access or to secure and
provide online access to the computer resource generating, transmitting, receiving or
storing such traffic data or information.(3) The procedure and safeguards for monitoring
and collecting traffic data or information, shall be such as may be prescribed.(4) Any
intermediary who intentionally or knowingly contravenes the provisions of subsection (2)
shall be punished with an imprisonment for a term which may extend to three years and
shall also be liable to fine.
14. Section 71. Penalty for mis representation :Whoever makes any
misrepresentation to, or suppresses any material fact from, the Controller or the
Certifying Authority for obtaining any license or Electronic Signature Certificate, as the
case may be, shall be punished with imprisonment for a term which may extend to two
years, or with fine which may extend to one lakh rupees, or with both.

15. Section 72 - Breach of confidentiality and privacy : Any person who, in
pursuant of any of the powers conferred under this Act, rules or regulations made there
under, has secured access to any electronic record, book, register, correspondence,
information, document or other material without the consent of the person concerned
discloses such electronic record, book, register, correspondence, information, document
or other material to any other person shall be punished with imprisonment for a term
which may extend to two years, or with fine which may extend to one lakh rupees, or
with both.


16. Section 72A - Punishment for Disclosure of information in breach of
lawful contract : Any person including an intermediary who, while providing services
under the terms of lawful contract, has secured access to any material containing personal
information about another person, with the intent to cause or knowing that he is likely to
cause wrongful loss or wrongful gain discloses, without the consent of the person
concerned, or in breach of a lawful contract, such material to any other person shall be
punished with imprisonment for a term which may extend to three years, or with a fine
which may extend to five lakh rupees, or with both.

17. 73. Penalty for publishing electronic Signature Certificate false in
certain particulars. (1) No person shall publish a Electronic Signature Certificate or
otherwise make it available to any other person with the knowledge that (a) the Certifying
Authority listed in the certificate has not issued it; or (b) the subscriber listed in the
certificate has not accepted it; or (c) the certificate has been revoked or suspended, unless
such publication is for the purpose of verifying a digital signature created prior to such
suspension or revocation(2) Any person who contravenes the provisions of sub-section
(1)shall be punished with imprisonment for a term which may extend to two years, or
with fine which may extend to one lakh rupees, or with both.






Some other cases –

1. Orkut Fake Profile cases-

Orkut.com is a very popular online community and social networking website. Orkut users can
search for and interact with people who share the same hobbies and interests. They can create
and join a wide variety of online communities. The profiles of Orkut members are publicly
viewable.
.
The scenarios-
1. A fake profile of a woman is created on Orkut. The profile displays her correct name
information (such as address, residential phone number, cell phone number etc). Sometimes it
even has her photograph.The problem is that the profile describes her as a prostitute or a woman
of ―loose character‖ who wants to have sexual relations with anyone. Other Orkut members see
this profile and start calling her at all hours of the day asking for sexual favors. This leads to a lot
of harassment for the victim and also defames her in society.
2. An online hate community is created. This community displays objectionable information
against a particular country, religious or ethnic group or even against national leaders and
historical figures.
3 .A fake profile of a man is created on Orkut. The profile contains defamatory information
about the victim (such as his alleged sexual weakness, alleged immoral character etc)

The law-
Scenario 1: Section 67 of Information Technology Act and section 509 of the Indian Penal
code.
Scenario 2: Section 153A and 153B of Indian Penal Code.
Scenario 3: Section 500 of Indian Penal Code.

The motive-
Scenario 1: Jealousy or revenge (e.g. the victim may have rejected the advances made by the
suspect).
Scenario 2: Desire to cause racial hatred (e.g. Pakistani citizens creating an anti-India online
community).
Scenario 3: Hatred (e.g. a school student who has failed may victimize his teachers).

Modus Operandi-
1. The suspect would create a free Gmail account using a fictitious name.
2. The email ID chosen by him would be unrelated to his real identity.
3. The suspect would then login to Orkut.com and create the offensive profile.




2. Email Account Hacking-

Emails are increasingly being used for social interaction, business communication and online
transactions. Most email account holders do not take basic precautions to protect their email
account passwords. Cases of theft of email passwords and subsequent misuse of email accounts
are becoming very common.

The scenarios-
1. The victim‘s email account password is stolen and the account is then misused for sending out
malicious code (virus, worm Trojan etc) to people in the victim‘s address book. The recipients of
these viruses believe that the email is coming from a known person and run the
attachments. This infects their computers with the malicious code.
2. The victim‘s email account password is stolen and the hacker tries to extort money from the
victim. The victim is threatened that if he does not pay the money, the information contained in
the emails will be misused.
3. The victim‘s email account password is stolen and obscene emails are sent to people in the
victim‘s address book.

The law-
Scenario 1: Sections 43 and 66 of Information Technology Act.
Scenario 2: Sections 43 and 66 of Information Technology Act and section 384 of Indian Penal
Code.
Scenario 3: Sections 43, 66 and 67 of Information Technology Act and section 509 of the Indian
Penal Code.

The motive-
Scenario 1: Corporate Espionage, perverse pleasure in being able to destroy valuable
information belonging to strangers etc.
Scenario 2: Illegal financial gain.
Scenario 3: Revenge, jealousy, hatred.

Modus Operandi-
1. The suspect would install key loggers in public computers (such as cyber cafes, airport
lounges etc) or the computers of the victim.
2. Unsuspecting victims would login to their email accounts using these infected computers.
3. The passwords of the victim‘s email accounts would be emailed to the suspect.










3. Credit Card Fraud-

Credit cards are commonly being used for online booking of airline and railway tickets and for
other ecommerce transactions. Although most of ecommerce websites have implemented strong
security measures (such as SSL, secure web servers etc), instances of credit card frauds are
increasing.

The scenario-
The victim‘s credit card information is stolen and misused for making online purchases (e.g.
airline tickets, software, subscription to pornographic websites etc).

The law-
Sections 43 and 66 of Information Technology Act and section 420 of Indian Penal Code.

Who is liable?
All persons who have stolen the credit card information as well as those who have misused it.

The motive-
Illegal financial gain.

Modus Operandi-
Scenario 1: The suspect would install key loggers in public computers (such as cyber cafes,
airport lounges etc) or the computers of the victim. Unsuspecting victims would use these
infected computers to make online transactions. The credit card information of the victim
would be emailed tithe suspect.
Scenario 2: Petrol pump attendants, workers at retail outlets, hotel waiters etc note down
information of the credit cards used for making payment at these establishments. This
information is sold to criminal gangs that misuse it for online frauds.

4. Theft of Confidential Information-
Most business organizations store their sensitive information in computer systems. This
information is targeted by rivals, criminals and sometimes disgruntled employees.

The scenario-
Scenario 1: A business rival obtains the information (e.g. tender quotations, business plans etc)
using hacking or social engineering. He then uses the information for the benefit of his own
business (e.g. quoting lower rates for the tender).
Scenario 2: A criminal obtains the information by hacking or social engineering and threatens to
make the information public unless the victim pays him some money.
Scenario 3: A disgruntled employee steals the information and mass mails it to the victim‘s
rivals and also posts it to numerous websites and newsgroups.

The law-
Scenario 1: Sections 43 and 66 of the Information Technology Act, section 426 of Indian Penal
Code.
Scenario 2: Sections 43 and 66 of the Information Technology Act, section 384 of Indian Penal
Code.
Scenario 3: Sections 43 and 66 of the Information Technology Act, section 426 of Indian Penal
Code.

Who is liable?
Scenario 1: The persons who steal the information as well as the persons who misuse the
stolen information.
Scenario 2: The persons who steal the information as well as the persons who threaten the
victim and extort money.
Scenario 3: The disgruntled employee as well as the persons who help him in stealing and
distributing the information.

The motive-
Scenario 1: Illegal financial gain.
Scenario 2: Illegal financial gain.
Scenario3: Revenge.

Modus Operandi-
Scenario 1: The suspect could hire a skilled hacker to break into the victim systems. The
hacker could also use social engineering techniques.
Case :
A very good looking woman went to meet the system administrator (sysadmin) of a large
company. She interviewed the sysadmin for a ―magazine article‖. During the interview she
flirted a lot with the sysadmin and while leaving she ―accidentally‖ left her pen drive at the
sysadmin‘s room. The sysadmin accessed the pen drive and saw that it contained many
photographs of the lady. He did not realize that the photographs were Trojanized! Once the
Trojan was in place, a lot of sensitive information was stolen very easily.

Case :
The sysadmin of a large manufacturing company received a beautifully packed CD ROM
containing ―security updates‖ from the company that developed the operating system that ran his
company‘s servers. He installed the ―updates‖ which in reality were Trojanized software.
For 3 years after that a lot of confidential information was stolen from the company‘s systems!
Scenario 2: Same as scenario 1.
Scenario 3: The disgruntled employee would usually have direct or indirect access to the
information. He can use his personal computer or a cyber café to spread the information.









5. Music Piracy-

Many people do not consider music piracy to be theft. They would never steal a rupee from
someone but would not think twice before buying or using pirated music. There is a common
perception amongst people users to not consider music as ―property‖. There is a huge business in
music piracy. Thousands of unscrupulous businessmen sell pirated music at throw away prices.

The scenario-
Scenario 1: The music pirate sells the pirated music in physical media (usually CD ROMs)
through a close network of dealers.
Scenario 2: The music pirate sells the pirated music through electronic downloads through
websites, bulletin boards, newsgroups, spam emails etc.

The law-
Scenario 1: Sections 43 and 66 of the Information Technology Act, section 63 of Copyright Act.
Scenario 2: Sections 43 and 66 of the Information Technology Act, section 63 of Copyright Act.

Who is liable?
Scenario 1: The music pirate as well as the persons who buy the pirated software from him.
Scenario 2: The music pirate as well as the persons who buy the pirated software from him.

The motive-
Scenario 1: Illegal financial gain.
Scenario 2: Illegal financial gain.

Modus Operandi-
Scenario 1: The suspect uses high speed CD duplication equipment to create multiple copies of
the pirated music. This music is sold through a network of dealers.
Scenario 2: The suspect registers a domain name using a fictitious name and then hosts his
website using a service provider that is based in a country that does not have cyber laws. Such
service providers do not divulge client information to law enforcement officials of other
countries.


6. Phishing-

With the tremendous increase in the use of online banking, online share trading and ecommerce,
there has been a corresponding growth in the incidents of phishing being used to carry out
financial frauds.
Phishing involves fraudulently acquiring sensitive information (e.g. passwords, credit card
details etc) by masquerading as a trusted entity.

The scenario-
Scenario 1: The victim receives an email that appears to have been sent from his bank. The
email urges the victim to click on the link in the email. When the victim does so, he is taken to ―a
secure page on the bank‘s website‖. The victim believes the web page to be authentic
and he enters his username, password and other information. In reality, the website is a fake and
the victim‘s information is stolen and misused.

The law-
Sections 43 and 66 of Information Technology Act and sections 419, 420 and 468 of Indian
Penal Code.

Who is liable?
All persons involved in creating and sending the fraudulent emails and creating and maintaining
the fake website. The persons who misuse the stolen or ―phished‖ information are also liable.

The motive-
Illegal financial gain.

Modus Operandi-
The suspect registers a domain name using fictitious details. The domain name is usually such
that can be misused for spoofing e.g. Noodle Bank has its website at www.noodle.com The
suspects can target Noodle customers using a domain name like www.noodle-bank-
customerlogin.com The suspect then sends spoofed emails to the victims. e.g. the emails may
appear to come from info@noodle.com The fake website is designed to look exactly like
the original website.


7. Cyber Pornography-

Cyber pornography is believed to be one of the largest businesses on the Internet today. The
millions of pornographic websites that flourish on the Internet are testimony to this. While
pornography per se is not illegal in many countries, child pornography is strictly illegal in most
nations today.
Cyber pornography includes pornographic websites, pornographic magazines produced using
computers (to publish and print the material) and the Internet (to download and transmit
pornographic pictures, photos, writings etc).

The scenario-
The suspect accepts online payments and allows paying customers to view / download
pornographic pictures, videos etc from his website.

The law-
Section 67 of Information Technology Act.

Who is liable?
The persons who create and maintain the pornographic websites are liable. In some cases
cyber café owners and managers may also be liable in case they knowingly allow their customers
to access the pornographic websites.

The motive-
Illegal financial gain.

Modus Operandi-
The suspect registers a domain name using fictitious details and hosts a website on a server
located in a country where cyber pornography is not illegal. The suspect accepts online payments
and allows paying customers to view / download pornographic pictures, videos etc from his
website.

8. Online Sale of Illegal Articles-

It is becoming increasingly common to find cases where sale of narcotics drugs, weapons,
wildlife etc. is being facilitated by the Internet. Information about the availability of the products
for sale is being posted on auction websites, bulletin boards etc.

The scenario-
The suspect posts information about the illegal sale that he seeks to make. Potential customers
can contact the seller using the email IDs provided. If the buyer and seller trust each other after
their email and / or telephonic conversation, the actual transaction can be concluded. In most
such cases the buyer and seller will meet face to face at the time of the final transaction.

Case :
In March 2007, the Pune rural police cracked down on an illegal rave party and arrested
hundreds of illegal drug users. The social networking site, Orkut.com, is
believed to be one of the modes of communication for gathering people
for the illegal ―drug‖ party.

The law-
Depending upon the illegal items being transacted in, provisions of the Narcotic Drugs and
Psychotropic Substances Act, Arms Act, Indian Penal Code, Wildlife related laws etc may apply.

Who is liable?
The persons who buy and sell these items.

The motive-
Illegal financial gain.

Modus Operandi-
The suspect creates an email ID using fictitious details. He then posts messages, about the illegal
products, in various chat rooms, bulletin boards, newsgroups etc. Potential customers can contact
the seller using the email IDs provided. If the buyer and seller trust each other after their email
and / or telephonic conversation, the actual transaction can be concluded. In most such cases the
buyer and seller will meet face to face at the time of the final transaction.




9. Virus Attacks -

Computer viruses are malicious programs that destroy electronic information. As the world is
increasingly becoming networked, the threat and damage caused by viruses is growing by leaps
and bounds.

The scenario-
Scenario 1: The virus is a general ―in the wild‖ virus. This means that it is spreading all over the
world and is not targeted at any specific organisation.
Scenario 2: The virus targets a particular organisation. This type of a virus is not known to
anti-virus companies as it is a new virus created specifically to target a particular organisation.

The law-
Scenario 1: Sections 43 and 66 of Information Technology Act and section 426 of Indian Penal
Code.
Scenario 2: Sections 43 and 66 of Information Technology Act and section 426 of Indian Penal
Code.

Who is liable?
Scenario 1: The creator of the virus.
Scenario 2: The creator of the virus as well as the buyer who purchases the virus (usually to
target his business rivals).

The motive-
Scenario 1: Thrill and a perverse pleasure in destroying data belonging to strangers.
Scenario 2: Illegal financial gain, revenge, business rivalry.

Modus Operandi-
Scenario 1: A highly skilled programmer creates a new type or strain of virus and releases it on
the Internet so that it can spread all over the world. Being a new virus, it goes undetected by
many anti-virus software and hence is able to spread all over the world and cause a lot of
damage. Anti-virus companies are usually able to find a solution within 8 to 48 hours.
Scenario 2: A highly skilled programmer creates a new type or strain of virus. He does not
release it on the Internet. Instead he sells it for a huge amount of money.
The buyer uses the virus to target his rival company. Being a new virus, it may be undetected
by the victim company‘s anti-virus software and hence would be able to cause a lot of damage.
Anti-virus companies may never get to know about the existence of the virus.

10. Web Defacement-

Website defacement is usually the substitution of the original home page of a website with
another page (usually pornographic or defamatory in nature) by a hacker.
Religious and government sites are regularly targeted by hackers in order to display political or
religious beliefs. Disturbing images and offensive phrases might be displayed in the process, as
well as a signature of sorts, to show who was responsible for the defacement.
Websites are not only defaced for political reasons, many defacers do it just for the thrill.

The scenario-
The homepage of a website is replaced with a pornographic or defamatory page. In case of
Government websites, this is most commonly done on symbolic days (e.g. the Independence day
of the country).

The law-
Sections 43 and 66 of Information Technology Act [In some cases section 67 and 70 may also
apply].

Who is liable?
The person who defaces the website.

The motive-
Thrill or a perverse pleasure in inciting communal disharmony.

Modus Operandi-
The defacer may exploit the vulnerabilities of the operating system or applications used to host
the website. This will allow him to hack into the web server and change the home page and other
pages. Alternatively he may launch a brute force or dictionary attack to obtain the administrator
passwords for the website. He can then connect to the web server and change the webpages.

11. Sajeesh Krishnan v. State of Kerala (Kerala High Court, Decided on June 5,
2012)
Petition before High Court for release of passport seized by investigating agency during arrest.
In the case of Sajeesh Krishnan v. State of Kerala (Decided on June 5, 2012), a petition was
filed before the Kerala High Court for release of passport seized at the time of arrest from
the custody of the investigating agency. The Court accordingly passed an order for release of the
passport of the petitioner.
The Court, while deciding the case, briefly mentioned the facts of the case which were relevant
to the petition. It stated that the ―gist of the accusation is that the accused pursuant to
a criminal conspiracy hatched by them made attempts to extort money by black mailing a
Minister of the State and for that purpose they have forged some CD as if it contained statements
purported to have been made by the Minister.‖ The Court also noted the provisions under which
the accused was charged. They are Sections 66-A(b) and 66D of the Information Technology
Act, 2000 along with a host of sections under the Indian Penal Code, 1860 (120B – Criminal
Conspiracy, 419 – Cheating by personation, 511- Punishment for attempting to commit offences
punishable with imprisonment for life or other imprisonment, 420 – Cheating and dishonestly
inducing delivery of property, 468 – Forgery for purpose of cheating, 469 – Forgery for purpose
of harming and 201 – Causing disappearance of evidence of offence, or giving false information
to screen offender read with 34 of Indian Penal Code, 1860)
12. J.R. Gangwani and Another v. State of Haryana and Others (Punjab and
Haryana High Court, Decided on October 15, 2012)
Petition for quashing of criminal proceedings under section 482 of the Criminal Procedure
Code, 1973
In the Punjab and Haryana High Court, an application for quashing of criminal proceeding
draws attention to a complaint which was filed under Section 66-A(c). This complaint was filed
under Section 66-A(c) on the ground of sending e-mails under assumed e-mail addresses to
customers of the Company which contained material which maligned the name of the Company
which was to be sold as per the orders of the Company Law Board. The Complainant in the case
received the e-mails which were redirected from the customers. According to the accused and the
petitioner in the current hearing, the e-mail was not directed to the complainant or the company
as is required under Section 66-A (c).
The High Court held that, ―the petitioners are sending these messages to the purchasers of cranes
from the company and those purchasers cannot be considered to be the possible buyers of the
company. Sending of such e-mails, therefore, is not promoting the sale of the company which is
the purpose of the advertisement given in the Economic Times. Such advertisements are,
therefore, for the purpose of causing annoyance or inconvenience to the company or to deceive
or mislead the addressee about the origin of such messages. These facts, therefore, clearly bring
the acts of the petitioners within the purview of section 66A(c) of the Act.‖
13. State of Tamil Nadu Vs Suhas Katti-

The Case of Suhas Katti is notable for the fact that the conviction was achieved successfully
within a relatively quick time of 7 months from the filing of the FIR. Considering that
similar cases have been pending in other states for a much longer time, the efficient
handling of the case which happened to be the first case of the Chennai Cyber Crime Cell
going to trial deserves a special mention.

The case related to posting of obscene, defamatory and annoying message about a divorcee
woman in the yahoo message group. E-Mails were also forwarded to the victim for
information by the accused through a false e-mail account opened by him in the name of the
victim. The posting of the message resulted in annoying phone calls to the lady in the belief
that she was soliciting.

Based on a complaint made by the victim in February 2004, the Police traced the accused to
Mumbai and arrested him within the next few days. The accused was a known family friend
of the victim and was reportedly interested in marrying her. She however married another
person. This marriage later ended in divorce and the accused started contacting her once
again. On her reluctance to marry him, the accused took up the harassment through the
Internet.

On 24-3-2004 Charge Sheet was filed u/s 67 of IT Act 2000, 469 and 509 IPC before The
Hon‘ble Addl. CMM Egmore by citing 18 witnesses and 34 documents and material objects.
The same was taken on file in C.C.NO.4680/2004. On the prosecution side 12 witnesses
were examined and entire documents were marked as Exhibits.

The Defence argued that the offending mails would have been given either by ex-husband
of the complainant or the complainant herself to implicate the accused as accused alleged to
have turned down the request of the complainant to marry her.
Further the Defence counsel argued that some of the documentary evidence was not
sustainable under Section 65 B of the Indian Evidence Act. However, the court relied upon
the expert witnesses and other evidence produced before it, including the witnesses of the
Cyber Cafe owners and came to the conclusion that the crime was conclusively proved.
Ld. Additional Chief Metropolitan Magistrate, Egmore, delivered the judgement on 5-11-04
as follows:
“ The accused is found guilty of offences under section 469, 509 IPC and 67 of IT Act
2000 and the accused is convicted and is sentenced for the offence to undergo RI for 2
years under 469 IPC and to pay fine of Rs.500/-and for the offence u/s 509 IPC
sentenced to undergo 1 year Simple imprisonment and to pay fine of Rs.500/- and for
the offence u/s 67 of IT Act 2000 to undergo RI for 2 years and to pay fine of
Rs.4000/- All sentences to run concurrently.‖
The accused paid fine amount and he was lodged at Central Prison, Chennai. This is
considered as the first case convicted under section 67 of Information Technology Act 2000
in India.
14. SONY.SAMBANDH.COM CASE

India saw its first cybercrime conviction recently. It all began after a complaint was filed by
Sony India Private Ltd, which runs a website called www.sony-sambandh.com, targeting Non
Resident Indians. The website enables NRIs to send Sony products to their friends and relatives
in India after they pay for it online.

The company undertakes to deliver the products to the concerned recipients. In May 2002,
someone logged onto the website under the identity of Barbara Campa and ordered a Sony
Colour Television set and a cordless head phone.
She gave her credit card number for payment and requested that the products be delivered to Arif
Azim in Noida. The payment was duly cleared by the credit card agency and the transaction
processed. After following the relevant procedures of due diligence and checking, the company
delivered the items to Arif Azim.
At the time of delivery, the company took digital photographs showing the delivery being
accepted by Arif Azim.

The transaction closed at that, but after one and a half months the credit card agency informed
the company that this was an unauthorized transaction as the real owner had denied having made
the purchase. The company lodged a complaint for online cheating at the Central Bureau of
Investigation which registered a case under Section 418, 419 and 420 of the Indian Penal Code.
The matter was investigated into and Arif Azim was arrested. Investigations revealed that Arif
Azim, while working at a call centre in Noida gained access to the credit card number of an
American national which he misused on the company‘s site.

The CBI recovered the colour television and the cordless head phone.
In this matter, the CBI had evidence to prove their case and so the accused admitted his guilt.
The court convicted Arif Azim under Section 418, 419 and 420 of the Indian Penal Code — this
being the first time that a cybercrime has been convicted.
The court, however, felt that as the accused was a young boy of 24 years and a first-time convict,
a lenient view needed to be taken. The court therefore released the accused on probation for one
year.

The judgment is of immense significance for the entire nation. Besides being the first conviction
in a cybercrime matter, it has shown that the the Indian Penal Code can be effectively applied to
certain categories of cyber crimes which are not covered under the Information Technology Act
2000. Secondly, a judgment of this sort sends out a clear message to all that the law cannot be
taken for a ride.

15. Nasscom vs. Ajay Sood & Others

In a landmark judgment in the case of National Association of Software and Service Companies
vs Ajay Sood & Others, delivered in March, ‗05, the Delhi High Court declared `phishing‘ on the
internet to be an illegal act, entailing an injunction and recovery of damages.

Elaborating on the concept of ‗phishing‘, in order to lay down a precedent in India, the court
stated that it is a form of internet fraud where a person pretends to be a legitimate association,
such as a bank or an insurance company in order to extract personal data from a customer such as
access codes, passwords, etc. Personal data so collected by misrepresenting the identity of the
legitimate party is commonly used for the collecting party‘s advantage. court also stated, by way
of an example, that typical phishing scams involve persons who pretend to represent online
banks and siphon cash from e-banking accounts after conning consumers into handing over
confidential banking details.

The Delhi HC stated that even though there is no specific legislation in India to penalize
phishing, it held phishing to be an illegal act by defining it under Indian law as ―a
misrepresentation made in the course of trade leading to confusion as to the source and origin of
the e-mail causing immense harm not only to the consumer but even to the person whose name,
identity or password is misused.‖ The court held the act of phishing as passing off and tarnishing
the plaintiff‘s image. The plaintiff in this case was the National Association of Software and
Service Companies (Nasscom), India‘s premier software association.
The defendants were operating a placement agency involved in head-hunting and recruitment. In
order to obtain personal data, which they could use for purposes of headhunting, the defendants
composed and sent e-mails to third parties in the name of Nasscom. The high court recognised
the trademark rights of the plaintiff and passed an ex-parte adinterim injunction restraining the
defendants from using the trade name or any other name deceptively similar to Nasscom. The
court further restrained the defendants from holding themselves out as being associates or a part
of Nasscom.

The court appointed a commission to conduct a search at the defendants‘ premises. Two hard
disks of the computers from which the fraudulent e-mails were sent by the defendants to various
parties were taken into custody by the local commissioner appointed by the court. The offending
e-mails were then downloaded from the hard disks and presented as evidence in court.
During the progress of the case, it became clear that the defendants in whose names the
offending e-mails were sent were fictitious identities created by an employee on defendants‘
instructions, to avoid recognition and legal action. On discovery of this fraudulent act, the
fictitious names were deleted from the array of parties as defendants in the case.

Subsequently, the defendants admitted their illegal acts and the parties settled the matter through
the recording of a compromise in the suit proceedings. According to the terms of compromise,
the defendants agreed to pay a sum of Rs1.6 million to the plaintiff as damages for violation of
the plaintiff‘s trademark rights. The court also ordered the hard disks seized from the defendants‘
premises to be handed over to the plaintiff who would be the owner of the hard disks.

This case achieves clear milestones: It brings the act of ―phishing‖ into the ambit of Indian laws
even in the absence of specific legislation; It clears the misconception that there is no ―damages
culture‖ in India for violation of IP rights; This case reaffirms IP owners‘ faith in the Indian
judicial system‘s ability and willingness to protect intangible property rights and send a strong
message to IP owners that they can do business in India without sacrificing their IP rights.