ASSIGNENT WORK

CYBERCRIMES AND CRIMINAL JUSTICE SYSTEM IN INDIA

SUBMITTED TO: SUBMITTED BY:

MR. SHIV RAMAN

UJJVAL SINGH

ASSISTANT PROFESSOR
LLM (1STSEM)

CRIMINOLOGY AND CRIMINAL JUSTICE ROLL NO. =

A50801820124

1
AMITY LAW SCHOOL AMITY
LAW SCHOOL

Contents

1. What is Cybercrime?
2. Cyber Crimes in India
3. Common examples of cybercrime
4. Who’s most at risk?
5. Types of Cybercrime
6. Indian Cyber Crime laws
7. IT Act, 2000 and IT (Amendment) Act, 2008
8. Prominent cybercrime cases:
9. Is it possible to stop cybercriminals?
10. How to prevent cybercrime?
11. References
12. Conclusion

2
What is Cybercrime?

Cybercrime is criminal activity that either targets or uses a computer, a computer network or a
networked device.

Most, but not all, cybercrime is committed by cybercriminals or hackers who want to make
money. Cybercrime is carried out by individuals or organizations.

Some cybercriminals are organized, use advanced techniques and are highly technically skilled.
Others are novice hackers.

Rarely, cybercrime aims to damage computers for reasons other than profit. These could be
political or personal.

An important aspect of cybercrime is its nonlocal character: actions can occur in jurisdictions
separated by vast distances. This poses severe problems for law enforcement since previously
local or even national crimes now require international cooperation. 1 For example, if a person
accesses child pornography located on a computer in a country that does not ban child
pornography, is that individual committing a crime in a nation where such materials are illegal?
Where exactly does cybercrime take place? Cyberspace is simply a richer version of the space
where a telephone conversation takes place, somewhere between the two people having the
conversation.2 As a planet-spanning network, the Internet offers criminals multiple hiding places
in the real world as well as in the network itself. However, just as individuals walking on the
ground leave marks that a skilled tracker can follow, cybercriminals leave clues as to their
identity and location, despite their best efforts to cover their tracks. In order to follow such clues
across national boundaries, though, international cybercrime treaties must be ratified.

Cyber Crimes in India

In a report published by the National Crime Records Bureau report (NCRB 2011), the incidence
of cybercrimes under the IT Act has increased by 85.4% in the year 2011 as compared to 2010 in
India, whereas the increase in incidence of the crime under IPC is by 18.5% as compared to the
year 2010. Visakhapatnam records the maximum number of incidence of cases. Maharashtra has
1
https://www.tutorialspoint.com/information_security_cyber_law/introduction.htm
2
“GI Cloud Initiative (Meghraj)”, Department of Electronics and Information Technology, Ministry of
communication and Information Technology, http://deity.gov.in/content/gi-cloud-initiative-meghraj.

3
emerged as the center of cybercrime with maximum number of incidence of registered cases
under cybercrimes. Hacking with computer systems and obscene publication were the main cases
under IT Act for cybercrimes. Maximum offenders arrested for cybercrimes were in the age
group 18-30 years.3 563 people in the age group 18-30 years were arrested in the year 2010
which had increased to 883 in the year 2011.

Common examples of cybercrime

As mentioned, cybercriminals range from individuals to criminal organizations to state-

sponsored actors. Just as the type of criminal varies, so do their crimes and the methods they use
to break the law. From a single hacker who managed to hack into the US stock market to North
Korean state-sponsored groups that propagated ransom ware on a massive scale, there are a
staggering amount of cybercriminals active every day. Moreover, expert skills are no longer
required to become a cyber-crook

Cyber bullying, for instance, is illegal when it constitutes a threat to a person's physical safety,
involves coercion or displays hate or bias against certain protected populations. In that case, the
damage is not financial, but it is still a crime. Unintentional damage might include a disgruntled
employee planting a "harmless" virus that disrupts business in any way. While it may not cause
the same immediate financial damage as stealing proprietary or financial information, it still
causes collateral financial damage due to both lost employee time and whatever money the
company has to spend to fix the problem.

Where does cybercrime come from?

Although the internet is only about 30 years old, experts consider an 1834 hack the first
cybercrime in history. Two thieves were able to infiltrate the French Telegraph System and gain
access to financial markets, committing data theft.

Other early cybercrimes, beginning in the late 1800s and first half of the 20th century saw
hackers focus on the telephone systems. Just two years after phones were invented; teenage boys

3
Aradhana Aravindan, “Once the Preserve of the Youth, IT Staffing Enters Middle Age”, Reuters , January 29,
2014, http://in.reuters.com/article/2014/01/29/india-technology-ageing-idINDEEA0S02720140129.

4
broke into Alexander Graham Bell’s telephone company and caused mischief by misdirecting
calls. Phone hacking, or phreaking, later became popular in the 1960s to 1980s.4

The year 1940 saw the first ethical hacker: French computer expert Rene Carmille hacked into
the Nazi data registry to thwart their attempts to register and track Jews.

In the 1980s, the advent of email brought with it phishing scams (remember the Nigerian
prince?) and malware delivered through attachments. By the 1990s, web browsers had become
commonplace, along with computer viruses. The widespread adoption of social media in the
2000s only increased cybercrime, and especially data theft, due to the nature of these
platforms. During the past ten years, malware infections and data theft have increased

With the proliferation of the Internet of Things, cybercriminals have many creative new ways to
attack. As more and more everyday objects — refrigerators, washing machines, heating systems,
light bulbs, and more — come online, they open new vulnerabilities and opportunities to cyber
crooks. Hackers have already figured out how to infiltrate a casino via its smart fish
tank and deploy ransom ware through a coffee maker; the full scope of cybercrime in the age of
IoT is not quite known yet, but it’s something we should certainly be on guard for.

As an everyday user of computers and mobile devices, how are you most likely to encounter
cybercrime? It can reach you through a variety of ways, including unsafe websites, social media,
holes created by exploited security vulnerabilities, weak passwords on accounts and/or smart
devices, and, especially, email.

Who’s most at risk?

As mentioned, cybercriminals can target individuals, businesses, and governments. And at the
risk of sounding alarmist, none of those groups are any more or less safe from threats than the
others. Cyber fraudsters are pretty indiscriminate when it comes to choosing their victims.
Luckily, we have some proven strategies for preventing cybercrime, which we’ll share with you
a bit later in this article. (Spoiler alert: the best line of defense is making sure you’re using
good antivirus software.)
4
“Top 20 Countries with the Highest Number of Internet Users”, http://www.internetworldstats.com/top20.htm.

5
Types of Cybercrime

In this section, we look at famous examples of different types of cybercrime attack used by
cybercriminals. Read on to understand what counts as cybercrime.

Hacking

In simple words, hacking is an act committed by an intruder by accessing your computer system
without your permission. Hackers (the people doing the ‘hacking’) are basically computer
programmers, who have an advanced understanding of computers and commonly misuse this
knowledge for devious reasons. They’re usually technology buffs who have expert-level skills in
one particular software program or language. As for motives, there could be several, but the most
common are pretty simple and can be explained by a human tendency such as greed, fame,
power, etc. Some people do it purely to show-off their expertise – ranging from relatively
harmless activities such as modifying software (and even hardware) to carry out tasks that are
outside the creator’s intent, others just want to cause destruction.5

Greed and sometimes voyeuristic tendencies may cause a hacker to break into systems to steal
personal banking information, a corporation’s financial data, etc. They also try and modify
systems so that they can execute tasks at their whims. Hackers displaying such destructive
conduct are also called “Crackers” at times. they are also called “Black Hat” hackers On the
other hand, there are those who develop an interest in computer hacking just out of intellectual
curiosity. Some companies hire these computer enthusiasts to find flaws in their security systems
and help fix them. Referred to as “White Hat” hackers, these guys are against the abuse of
computer systems. They attempt to break into network systems purely to alert the owners of
flaws. It’s not always altruistic, though, because many do this for fame as well, in order to land

5
Robert Trigaux, “Hackers: The Underbelly of Cyberspace”, St.Petersburg Times ,14 June 1998,
http://www.sptimes.com/Hackers/underbelly_of_cyberspace.html.

6
jobs with top companies, or just to be termed as security experts. “Grey Hat” is another term
used to refer to hacking activities that are a cross between black and white hacking.

Some of the most famous computer geniuses were once hackers who went on to use their skills
for constructive technological development. Dennis Ritchie and Ken Thompson, the creators of
the UNIX operating system (Linux’s predecessor), were two of them. 6 Shawn Fanning, the
developer of Napster, Mark Zuckerberg of Facebook fame, and many more are also examples.
The first step towards preventing hackers from gaining access to your systems is to learn how
hacking is done. Of course it is beyond the scope of this Fast Track to go into great details, but
we will cover the various techniques used by hackers to get to you via the internet.

Virus dissemination

Viruses are computer programs that attach themselves to or infect a system or files, and have a
tendency to circulate to other computers on a network. They disrupt the computer operation and
affect the data stored – either by modifying it or by deleting it altogether. “Worms” unlike
viruses don’t need a host to cling on to. They merely replicate until they eat up all available
memory in the system. The term “worm” is sometimes used to mean self-replicating “malware”
(Malicious software).7 These terms are often used interchangeably in the context of the hybrid
viruses/worms that dominate the current virus scenario. “Trojan horses” are different from
viruses in their manner of propagation.

They masquerade as a legitimate file, such as an email attachment from a supposed friend with a
very believable name, and don’t disseminate themselves. The user can also unknowingly install a
Trojan-infected program via drive-by downloads when visiting a website, playing online games
or using internet-driven applications. A Trojan horse can cause damage similar to other viruses,
such as steal information or hamper/disrupt the functioning of computer systems.

Computer viruses usually spread via removable media or the internet. A flash disk, CD-ROM,
magnetic tape or other storage device that has been in an infected computer infects all future
computers in which it’s used. Your computer can also contract viruses from sinister email

6
Jarkko Moilanen, “Realms of Cyber warriors – Definitions and Applications”,(Master’s Thesis) University of
Tampere, August 2009, p. 15.
7
Eric S. Raymond, The New Hacker’s Dictionary , 3rd edition, MIT Press, 1993.

7
attachments, rogue web sites or infected software. And these disseminate to every other
computer on your network.

All computer viruses cause direct or indirect economic damages. Based on this, there are two
categories of viruses:

1) Those that only disseminate and don’t cause intentional damage

2) Those which are programmed to cause damage

However, even by disseminating, they take up plenty of memory space, and time and resources
that are spent on the clean-up job. Direct economic damages are caused when viruses alter the
information during digital transmission. Considerable expenses are incurred by individuals, firms
and authorities for developing and implementing the anti-virus tools to protect computer
systems.

Logic bombs

A logic bomb, also known as “slag code”, is a malicious piece of code which is intentionally
inserted into software to execute a malicious task when triggered by a specific event. It’s not a
virus, although it usually behaves in a similar manner. It is stealthily inserted into the program
where it lies dormant until specified conditions are met. Malicious software such as viruses and
worms often contain logic bombs which are triggered at a specific payload or at a predefined
time. The payload of a logic bomb is unknown to the user of the software, and the task that it
executes unwanted. Program codes that are scheduled to execute at a particular time are known
as “time-bombs”. For example, the infamous “Friday the 13th” virus which attacked the host
systems only on specific dates; it “exploded” (duplicated itself) every Friday that happened to be
the thirteenth of a month, thus causing system slowdowns.

Logic bombs are usually employed by disgruntled employees working in the IT sector. You may
have heard of “disgruntled employee syndrome” wherein angry employees who’ve been fired
use logic bombs to delete the databases of their employers, stultify the network for a while or
even do insider trading. Triggers associated with the execution of logic bombs can be a specific
date and time, a missing entry from a database or not putting in a command at the usual time,
meaning the person doesn’t work there anymore. Most logic bombs stay only in the network they

8
were employed in. So in most cases, they’re an insider job. This makes them easier to design and
execute than a virus. It doesn’t need to replicate; which is a more complex job. To keep your
network protected from the logic bombs, you need constant monitoring of the data and efficient
anti-virus software on each of the computers in the network.

There’s another use for the type of action carried out in a logic bomb “explosion” – to make
restricted software trials. The embedded piece of code destroys the software after a defined
period of time or renders it unusable until the user pays for its further use. Although this piece of
code uses the same technique as a logic bomb, it has a non-destructive, non-malicious and user-
transparent use, and is not typically referred to as one Sending spam violates the acceptable use
policy (AUP) of almost all internet service providers. If your system suddenly becomes sluggish
(email loads slowly or doesn’t appear to be sent or received), the reason may be that your mailer
is processing a large number of messages.8 Unfortunately, at this time, there’s no way to
completely prevent email bombing and spam mails as it’s impossible to predict the origin of the
next attack. However, what you can do is identify the source of the spam mails and have your
router configured to block any incoming packets from that address.

Cyber stalking

Cyber stalking is a new form of internet crime in our society when a person is pursued or
followed online. A cyber stalker doesn’t physically follow his victim; he does it virtually by
following his online activity to harvest information about the stalker and harass him or her and
make threats using verbal intimidation. It’s an invasion of one’s online privacy.

Cyber stalking uses the internet or any other electronic means and is different from offline
stalking, but is usually accompanied by it. Most victims of this crime are women who are stalked
by men and children who are stalked by adult predators and pedophiles. Cyber stalkers thrive on
inexperienced web users who are not well aware of netiquette and the rules of internet safety. A
cyber stalker may be a stranger, but could just as easily be someone you know.

Cyber stalkers harass their victims via email, chat rooms, web sites, discussion forums and open
publishing web sites (e.g. blogs). The availability of free email / web site space and the

8
Jose Pagliery, “The evolution of hacking”, CNN , 05 June 2015, http://edition.cnn.com/2015/03/11/tech/computer-
hacking-history/

9
anonymity provided by chat rooms and forums has contributed to the increase of cyber stalking
incidents. Everyone has an online presence nowadays, and it’s really easy to do a Google search
and get one’s name, alias, contact number and address, contributing to the menace that is cyber
stalking. As the internet is increasingly becoming an integral part of our personal and
professional lives, stalkers can take advantage of the ease of communications and the availability
of personal information only a few mouse clicks away. In addition, the anonymous and non-
confrontational nature of internet communications further tosses away any disincentives in the
way of cyber stalking. Cyber stalking is done in two primary ways:

 Internet Stalking: Here the stalker harasses the victim via the internet. Unsolicited email
is the most common way of threatening someone, and the stalker may even send obscene
content and viruses by email. However, viruses and unsolicited telemarketing email alone
do not constitute cyber stalking. But if email is sent repeatedly in an attempt to intimidate
the recipient, they may be considered as stalking. Internet stalking is not limited to email;
stalkers can more comprehensively use the internet to harass the victims. Any other
cyber-crime that we’ve already read about, if done with an intention to threaten, harass,
or slander the victim may amount to cyber stalking.

 Computer Stalking: The more technologically advanced stalkers apply their computer
skills to assist them with the crime. They gain unauthorized control of the victim’s
computer by exploiting the working of the internet and the Windows operating system.
Though this is usually done by proficient and computer savvy stalkers, instructions on
how to accomplish this are easily available on the internet.

Cyber stalking has now spread its wings to social networking. With the increased use of social
media such as Facebook, Twitter, Flickr and YouTube, your profile, photos, and status updates
are up for the world to see. Your online presence provides enough information for you to become
a potential victim of stalking without even being aware of the risk. With the “check-ins”, the

10
“life-events”, apps which access your personal information and the need to put up just about
everything that you’re doing and where you’re doing it, one doesn’t really leave anything for the
stalkers to figure out for themselves. Social networking technology provides a social and
collaborative platform for internet users to interact, express their thoughts and share almost
everything about their lives. Though it promotes socialization amongst people, along the way it
contributes to the rise of internet violations.

ATM fraud

Computers also make more mundane types of fraud possible. Take the automated teller machine
(ATM) through which many people now get cash. In order to access an account, a user supplies a
card and personal identification number (PIN). Criminals have developed means to intercept
both the data on the card’s magnetic strip as well as the user’s PIN. In turn, the information is
used to create fake cards that are then used to withdraw funds from the unsuspecting individual’s
account. For example, in 2002 the New York Times reported that more than 21,000 American
bank accounts had been skimmed by a single group engaged in acquiring ATM information
illegally. A particularly effective form of fraud has involved the use of ATMs in shopping
centres and convenience stores. These machines are free-standing and not physically part of a
bank. Criminals can easily set up a machine that looks like a legitimate machine; instead of
dispensing money, however, the machine gathers information on users and only tells them that
the machine is out of order after they have typed in their PINs. Given that ATMs are the
preferred method for dispensing currency all over the world, ATM fraud has become an
international problem.

Child pornography

With the advent of almost every new media technology, pornography has been its “killer app,” or
the application that drove early deployment of technical innovations in search of profit.
The Internet was no exception, but there is a criminal element to this business bonanza—child
pornography, which is unrelated to the lucrative business of legal adult-oriented pornography.
The possession of child pornography, defined here as images of children under age 18 engaged
in sexual behaviour, is illegal in the United States, the European Union, and many other
countries, but it remains a problem that has no easy solution. The problem is compounded by the

11
ability of “kiddie porn” Web sites to disseminate their material from locations, such as states of
the former Soviet Union as well as Southeast Asia, that lack cybercrime laws. Some law-
enforcement organizations believe that child pornography represents a $3-billion-a-year industry
and that more than 10,000 Internet locations provide access to these materials.

The Internet also provides pedophiles with an unprecedented opportunity to commit criminal acts

through the use of “chat rooms” to identify and lure victims. Here the virtual and the material
worlds intersect in a particularly dangerous fashion. In many countries, state authorities now
pose as children in chat rooms; despite the widespread knowledge of this practice, pedophiles
continue to make contact with these “children” in order to meet them “off-line.” That such a
meeting invites a high risk of immediate arrest does not seem to deter pedophiles. Interestingly
enough, it is because the Internet allows individual privacy to be breached that the authorities are
able to capture pedophiles.

Phishing

A phishing campaign is when spam emails, or other forms of communication, are sent en masse,
with the intention of tricking recipients into doing something that undermines their security or
the security of the organization they work for.

Phishing campaign messages may contain infected attachments or  links to malicious sites. Or
they may ask the receiver to respond with confidential information

A famous example of a phishing scam from 2018 was one which took place over the World
Cup. According to reports by Inc, the World Cup phishing scam involved emails that were sent
to football fans.

These spam emails tried to entice fans with fake free trips to Moscow, where the World Cup was
being hosted. People who opened and clicked on the links contained in these emails had their
personal data stolen. 

Another type of phishing campaign is known as spear-phishing. These are targeted phishing
campaigns which try to trick specific individuals into jeopardizing the security of the
organization they work for. 

12
Unlike mass phishing campaigns, which are very general in style, spear-phishing messages are
typically crafted to look like messages from a trusted source. For example, they are made to look
like they have come from the CEO or the IT manager. They may not contain any visual clues
that they are fake.

So far we’ve discussed the dedicated methods of committing cybercrimes. In a nutshell, any
offence committed using electronic means such as net extortion, cyber bullying, child
pornography and internet fraud is termed as cybercrime. The internet is a huge breeding ground
for pornography, which has often been subject to censorship on grounds of obscenity. But what
may be considered obscene in India, might not be considered so in other countries.

Since every country has a different legal stand on this subject matter, pornography is rampant
online. However, according to the Indian Constitution, largely, pornography falls under the
category of obscenity and is punishable by law. Child pornography is a serious offence, and can
attract the harshest punishments provided for by law.  Pedophiles lurk in chat rooms to lure
children. The internet allows long-term victimization of such children, because the pictures once
put up, spread like wild-fire, and may never get taken down completely. Internet crimes against
children are a matter of grave concern, and are being addressed by the authorities, but this
problem has no easy solution.

Indian Cyber Crime laws

What are cyber laws?

“Cyber law or Internet law is a term that encapsulates the legal issues related to use of the
Internet. It is less a distinct field of law than intellectual property or contract law, as it is a
domain covering many areas of law and regulation”. Cyber laws, same as any other branch of
law, help define what is legal and illegal, and stipulate mechanisms to detect, convict and punish
offenders, and protect electronic property and its rightful use.9

Cyber laws pertain to diverse aspects of the electronic world such as:

9
“Annual Report 2013”, Indian Computer Emergency Response Team, Ministry of Communication and Information
Technology, Government of India, March 31, 2014.

13
 

 software licenses, copyright and fair use

 unauthorized access, data privacy and spamming
 export of hardware and software
 censorship
 computerized voting

IT Act, 2000 and IT (Amendment) Act, 2008

These two pieces of legislation form the bedrock of cyber law infrastructure in India.

The Information Technology (IT) Act, 2000 was passed by the Indian Parliament in May 2000
and came into force in October of the same year. Its prime purpose is to provide the legal
infrastructure for e-commerce in India.10 It was the first legal instrument to provide legal sanctity
to electronic records and contracts expressed through electronic means of communication.

The act was later amended in December 2008 through the IT (Amendment) Act, 2008. Some of
their salient points are:

 Digital Signatures: Electronic records may be authenticated by a subscriber by affixing digital

signatures; further, the signature may be verified using the public key provided by the subscriber

 Certifying Authorities: domestic and foreign certifying authorities (which provide

digital signature certificates) are recognized by the law; a “Controller of Certifying
Authorities” shall supervise them

 Electronic governance: Documents required as per law by any arm of the government
may be supplied in electronic form, and such documents are to be treated the same as
handwritten, typewritten or printed documents
10
Piyali Mandal, “Half the govt. websites in India are prone to cyber-attacks”, Business Standard.

14
  Offences and Penalties: An Adjudicating Officer shall judge whether a person has
committed an offence in contravention of any provision of the IT Act, 2000; the
maximum penalty for any damage to computers or computer systems is a fine up to 1
crore

 Appellate Tribunals: A Cyber Regulations Appellate Tribunal shall be formed which

shall hear appeals against orders passed by the Adjudicating Officers

 Investigation: Offences shall only be investigated by a police officer of the rank of the
Deputy Superintendent of Police or above (amended to the rank “Inspector” or above by
the IT (Amendment) Act, 2008)

 Amendments to other laws: Other acts such as the Indian Penal Code, 1860, the Indian
Evidence Act, 1872, the Bankers’ Books Evidence Act, 1891, the Reserve Bank of India
Act, 1934 were to be amended to align them with the IT Act

 Network Service Providers: Intermediaries in the data transmission process, such as

Internet Service Providers, are not liable in certain cases, so long as the intermediary
expeditiously acts to prevent the cybercrime on getting such instruction from the
Government or its agency.

Why were these laws enacted?

As a result of the technological advancements in the IT industry, computers and internet became
accessible to the common man in our country quite rapidly. Like any technology, IT too met with
two kinds of people -- the users and the abusers.11 While cases of hacking came to light and

11
“IT and ITeS Industry in India”, http://www.ibef.org/industry/information-technology-india.aspx.

15
identity, privacy and information security was found to be increasingly compromised by the new
IT revolution, the need was felt for law and order mechanism in the electronic world too.

What offences are covered under these laws?

One viewpoint considered when drafting the IT Amendment Act, 2008, was that it should be a
comprehensive piece of legislation with minimal dependence on other penal laws. Although this
recommendation seems to have been overlooked, several new offences have been defined in the
2008 version. The two IT Acts together define the below offences and also recommend
punishments for each of them:

Hacking - It is not defined in either of the IT Acts, which in itself may have considerably
weakened the cybercrime legislation in India.

Data theft - This offence is defined as copying or extracting information from a computer
system without the owners, including computer theft and theft of digital signals during
transmission.

Identity theft (including Password Theft) - As per the IT (Amendment) Act 2008, this offence
is defined as fraudulently or dishonestly making use of the electronic signature, password, or any
other unique identification feature of a person.

Email spoofing - This is commonly used by hackers to hide the actual email address from which
phishing and spam message are sent. It may also be used in conjunction with other fraudulent
methods to trick users into providing personal/ confidential information.

Sending offensive messages - The IT Act defines this offense as sending offensive or false
information for the purpose of causing hatred, ill will, etc.

Voyeurism - This is defined as publishing/transmitting of “compromising” images/ videos of a

person without his/her consent.

Child pornography - This covers offences against all individuals who have not completed 18
years of age. Despite being one of the most serious offences, it does not attract any severe
punishment

16
Cyber terrorism - The addition of this offence was a major difference between the two IT Acts.
Cyber terrorism is described in fair detail as denying access to a computer, attempting to access a
computer resource without authorization, or contaminating a computer system.

Punishment - While all other offences are punishable by imprisonment up to 3-5 years and/or a
fine of up to 3-5 Lakh, an individual convicted of cyber terrorism is punishable by imprisonment
for life.

Who enforces the law? Where do I file a complaint?

What should you do if the password to your email account is stolen? Or if everyone on your
Facebook friends list are receiving spam messages from your account? You may start by filing a
complaint with the local police station. A major positive of the IT (Amendment) Act, 2008 over
the original IT Act, 2000 was that police officers of the rank of “Inspector” or above were
empowered to investigate cybercrimes, as against the rank of “Deputy Superintendent of Police”
or above required by the original Act. 12 This would have, at least theoretically, considerably
increased the bandwidth of enforcement agencies in handling cybercrimes. However, try not to
cross any fingers or toes hoping that you’d get your email account back, as you shall see in the
next section.

Here are some examples of cybercrime-fighting infrastructure set up in different parts of India:

1. India’s first exclusive cybercrime enforcement setup was the Cyber Crime Police Station set
up in Bangalore

2. This was followed up by a similar police station in Andhra Pradesh, which functions from
Hyderabad city and has statewide jurisdiction

3. Cyber Crime Investigations Cells have also been set up by police departments of Mumbai,
Kolkata and Tamil Nadu

Have these laws really helped us?

12
E.Dilipraj, “PPP – Opening of a New Avenue in India’s Cyber Security”, CAPS Issue Brief , 80/12.

17
The conviction rate for cybercrimes in India has been less than 10 convictions in the last 12 years
since the IT Act came into force. Further, there have been zero convictions after IT
(Amendment) Act, 2008 was implemented.

A serious drawback of current cybercrime legislation is that all offences, except cyber terrorism,
are bailable. This allows ample leeway for guilty individuals to destroy all electronic evidence of
their crimes as soon as they have attained bail. 13 This “non-serious” approach to cybercrime has
led to most people as well as enforcement agencies losing faith in the legislation itself, and
contributed to the extremely low conviction rate.

Prominent cybercrime cases:

First conviction for a cybercrime in India

A call center employee at Noida had gained access to to an American citizen’s credit card
information and used the same to purchase a color television and a cordless phone through a
Sony Entertainment website catering to NRIs. A month after the items were delivered to the
individual, Sony Entertainment was informed by the credit card agency that the card owner had
denied making the purchase. Luckily, digital photographs taken at the time of delivery were
evidence enough for the CBI to convict the individual under several sections of the Indian Penal
Code.

First conviction under the IT Act, 2000

Obscene and defamatory messages regarding a divorced woman were posted on a Yahoo
message group, which resulted in phone calls to the woman in the belief that she was soliciting.
Investigating based on a complaint made by the victim in February 2004, the police traced the
source of the message to a Mumbai resident who was a family friend of the victim. He had
resorted to harassing the victim as she had rejected his marriage offer. The accused’s lawyers
argued that the offending messages might have been sent by either the victim’s ex-husband or by
the victim herself in order to implicate the accused, and that the documentary evidence was not
sustainable under the Indian Evidence Act. However, the court found the accused guilty based on
13
E. Dilipraj, “India’s Cyber Security 2013: A Review”, CAPS Issue Brief , 97/14, January27, 2014.

18
the statements by the Cyber Cafe owner where the messages originated as well as expert witness
provided by Naavi. The accused was sentenced to rigorous imprisonment for 2 years and fine of
Rs. 5000/-.

Hackers deface the official website of theMaharashtra Government

The website http://www.maharashtra government.in, which contains details about government

departments, circulars, reports, and several other topics, was hacked on 20 September 2007.
Sources believed the hackers to be from Washington, USA, although, the hackers identified
themselves as “Hackers Cool Al-Jazeera” and claimed they were based in Saudi Arabia, which
authorities believe might be a red herring to throw investigators off their trail. Deputy Chief
Minister and Home Minister R.R. Patil stated that, if needed, the government would seek help of
private IT experts to find the hackers.

Online credit card scam solved; three held guilty

A bank employee who had access to credit card details of the banks customers used them along
with two other individuals to book tickets online and sell them to third parties. According to the
information provided by the police, the scam was detected when one of the customers received
an SMS alert for purchasing an airline ticket even though he had the card on him and had not
used it. The alert customer immediately informed the bank who then involved the police. Eight
days investigation by Cyber Cell head DCP Sunil Pulhari, PI Mohan Mohadikar, and A.P.I Kate
resulted in the arrests of the three involved.

The Bank NSP Case

One of the leading cybercrime cases is the Bank NSP case is the one where a management
trainee of the bank was engaged to be married. The couple exchanged many emails using the
company computers. After some time the two broke up and the girl created fraudulent email ids
such as "indianbarassociations" and sent emails to the boy's foreign clients. She used the bank’s
computer to do this. The boy's company lost a large number of clients and took the bank to court.
The bank was held liable for the emails sent using the bank's system.

Andhra Pradesh Tax Case

19
Dubious tactics of a prominent businessman, from Andhra Pradesh, were exposed after officials
of the department got hold of computers, used by the accused in one of the many cyber fraud
cases in India. The owner of a plastics firm was arrested and Rs 22 crore cash, was recovered
from his house by sleuths of the Vigilance Department. They sought an explanation from him
regarding the unaccounted cash within 10 days. The accused submitted 6,000 vouchers, to prove
the legitimacy of trade and thought his offence would go undetected but after careful scrutiny of
vouchers and contents of his computers, it was revealed that all of them were made after the raids
were conducted. It was later revealed that the accused was running five businesses under the
guise of one company and used fake and computerized vouchers to show sales records and save
tax.

IN THE HIGH COURT OF MADRAS

Fatima Riswana v. State Rep. by ACP., Chennai & Ors14.

The appellant is a prosecution witness in S.C. No. 9 of 2004 wherein respondents 2 to 6 are the
accused facing trail for offences punishable under Section 67 of Information Technology Act,
2000 r/w Section 6 of Indecent Representation of Women (prohibition) Act, 1986, Under Section
5 & 6 of Immoral Traffic (Prevention) Act, 1956, Under Section 27 of Arms Act, 1959 And
Sections 120(B), 506(ii), 366, 306 & 376 I.P.C. The said trial relates to exploitation of certain
men and women by one of the accused Dr. L. Prakash for the purpose of making pornographic
photos and videos in various acts of sexual intercourse and thereafter selling them to foreign
websites. The said session's trail came to be allotted to the foreign websites. The said Session's
trail came to be allotted to the V Fast Track Court, Chennai which is presided over by a lay
Judge. When the said trail before the V Fast Track Court was pending certain criminal revision
petitions came to be filed by the accused against the orders made by the said court rejecting their
applications for supply of copies of 74 Compact Discs (CDs) containing pornographic material
on which the prosecution was relying. The said revision petitions were rejected by the Madras
High Court by its order dated 13th February, 2004 holding that giving all the copies of the
concerned CDs might give room for copying such illegal material and illegal circulation of the
same, however the court permitted the accused persons to peruse the CDs of their choice in the

14
FATIMA RISWANA V STATE REP BY ACP CHENNAI AND ORS. (2005) 1 SCC 582

20
Chamber of the Judge in the presence of the accused, their advocates, the expert, the public
prosecutor and the Investigating Office and also observed that the case be transferred to another
court with competent jurisdiction presided by a male officer at the option of the sessions judge
and taking the same the accused filed a revision petition for transferred to Fast track 4 court
presided by the male officer and the Appellant alleged that she would be embarrassed if the trail
is conducted by the male presiding officer and that the lady sessions judge didn't object or the
trail of the case and the Appellant alleged that she would be embarrassed if the trail is conducted
by the male presiding officer and that the Lady sessions judge didn't object to the trail of the case
in the fast track 5 and the high court has erred in transferring the case and the Appellant was not
given any opportunity of being heard before the alleged transfer. The learned counsel for the
respondents contended that the Appellant learned though arrayed as witness is for all purpose an
accused herself and law officer appearing in the case had expressed their embarrassment in
conducting the trial before a lady Presiding Officer and even though the Presiding Officer did not
expressly record her embarrassment, it was apparent that she too wanted the case to be
transferred to another court, therefore, this Court should not interfere with the order of transfer. It
was held that this appeal has to be allowed in the sessions case No. 9 of 2004 now transferred to
the IV Fast Track Court Chennai be Transferred back to the V Fast Track Court, Chennai.

IN THE HIGH COURT OF ANDHRA PRADESH

Syed Asifuddin and Ors. vs. The State of Andhra Pradesh And Anr.15

These two petitions are filed by different persons under section 482 of Code of Criminal
Procedure, 1973 (Cr. P.C.) seeking similar relief. Both the matters were admitted on the same
day and since then both the matters are being disposed of as such, this common order covers both
the matters. The petitioners in both the matters seek the relief of quashing FIR No. 20 of 2003 of
Criminal Investigation Department (CID) Police, Hyderabad, registered under section 409, 420
and 120B of Indian Penal Code, 1860 (for short, IPC), Section 65 of the Information Technology
Act, 2000 (for short IT Act) and section 63 of the copyright Act, 1957 (for short, Copyright Act).

15
2006 (1) ALD Cri 96, 2005 CriLJ 4314

21
While admitting the petition, this Court passed orders in criminal miscellaneous petition No.
3951 of 2003 staying all further proceeding including investigation of the crime pending disposal
of the main petition. The Public Prosecutor filed criminal miscellaneous petition No. 232 of 2005
for vacating the said order. The matter was "Finally heard at that stage itself and are being,
disposed of finally. The main allegation against the petitioners is that the MIN of Reliance phone
is irreversibly integrated with ESN and the petitioners hacked ESN so as to wean away RIM
customer to TATA Indicom service. The question is whether the manipulation of this electronic
32-bit number (ESN) programmed into Samsung N191 and LG-2030 cell phone instrument
exclusively franchised to second respondent amounts to altering source code used by these
computer handsets i.e., cell phone instruments. In the background facts, a question would also
arise whether such alteration amounts to hacking with computer system? If the query answered
in the affirmative, it is always open to the police to alter the FIR or it is always open to the
criminal Court to frame a charge specifically with regard to hacking with computer system,
which is an offence under Section 66 of the It Act. At this stage, we may read Sections 65 and 66
of the IT Act.

Crime No. 20 of 2003 in so far as it is under section 409, 420 and 120B of Indian Penal Code,
1860 is quashed and insofar as the crimes under Section 63 of the Copyright Act, 1957, the
criminal petitions are dismissed. The CID Police, which registered Crime No. 20 of 2003, is
directed to complete investigation and file a final report before the Metropolitan Magistrate
competent to take cognizance of the case within a period of Three months from the date of
receipt of this order. The criminal petitions are accordingly dismissed.

CYBER DEFAMATION CASE

SMC Pneumatics (India) Pvt. Ltd. v. JogeshKwatra16 

In India's first case of cyber defamation, a Court of Delhi assumed jurisdiction over a matter
where a corporate’s reputation was being defamed through emails and passed an important ex-
parte injunction.

16
Suit No. 1279/2001 Delhi HC

22
In this case, the defendant JogeshKwatra being an employ of the plaintiff company started
sending derogatory, defamatory, obscene, vulgar, filthy and abusive emails to his employers as
also to different subsidiaries of the said company all over the world with the aim to defame the
company and its Managing Director Mr. R K Malhotra. The plaintiff filed a suit for permanent
injunction restraining the defendant from doing his illegal acts of sending derogatory emails to
the plaintiff.

On behalf of the plaintiffs it was contended that the emails sent by the defendant were distinctly
obscene, vulgar, abusive, intimidating, humiliating and defamatory in nature. Counsel further
argued that the aim of sending the said emails was to malign the high reputation of the plaintiffs
all over India and the world. He further contended that the acts of the defendant in sending the
emails had resulted in invasion of legal rights of the plaintiffs.

Further the defendant is under a duty not to send the aforesaid emails. It is pertinent to note that
after the plaintiff company discovered the said employ could be indulging in the matter of
sending abusive emails, the plaintiff terminated the services of the defendant.

After hearing detailed arguments of Counsel for Plaintiff, Hon'ble Judge of the Delhi High Court
passed an ex-parte ad interim injunction observing that a prima facie case had been made out by
the plaintiff. Consequently, the Delhi High Court restrained the defendant from sending
derogatory, defamatory, obscene, vulgar, humiliating and abusive emails either to the plaintiffs
or to its sister subsidiaries all over the world including their Managing Directors and their Sales
and Marketing departments. Further, Hon'ble Judge also restrained the defendant from
publishing, transmitting or causing to be published any information in the actual world as also in
cyberspace which is derogatory or defamatory or abusive of the plaintiffs.

This order of Delhi High Court assumes tremendous significance as this is for the first time that
an Indian Court assumes jurisdiction in a matter concerning cyber defamation and grants an ex-
parte injunction restraining the defendant from defaming the plaintiffs by sending derogatory,
defamatory, abusive and obscene emails either to the plaintiffs or their subsidiaries.

PHISHING CASE

23
Nasscom vs. Ajay Sood & Others17

In a landmark judgment in the case of National Association of Software and Service Companies
vs. Ajay Sood & Others, delivered in March, ‘05, the Delhi High Court declared `phishing’ on
the internet to be an illegal act, entailing an injunction and recovery of damages.

Elaborating on the concept of ‘phishing’, in order to lay down a precedent in India, the court
stated that it is a form of internet fraud where a person pretends to be a legitimate association,
such as a bank or an insurance company in order to extract personal data from a customer such as
access codes, passwords, etc. Personal data so collected by misrepresenting the identity of the
legitimate party is commonly used for the collecting party’s advantage. court also stated, by way
of an example, that typical phishing scams involve persons who pretend to represent online
banks and siphon cash from e-banking accounts after conning consumers into handing over
confidential banking details.

The Delhi HC stated that even though there is no specific legislation in India to penalize
phishing, it held phishing to be an illegal act by defining it under Indian law as “a
misrepresentation made in the course of trade leading to confusion as to the source and origin of
the e-mail causing immense harm not only to the consumer but even to the person whose name,
identity or password is misused". The court held the act of phishing as passing off and tarnishing
the plaintiff’s image.

The plaintiff in this case was the National Association of Software and Service Companies
(Nasscom), India’s premier software association. The defendants were operating a placement
agency involved in head-hunting and recruitment. In order to obtain personal data, which they
could use for purposes of head-hunting, the defendants composed and sent e-mails to third
parties in the name of Nasscom.

The high court recognized the trademark rights of the plaintiff and passed an ex-parte ad-interim
injunction restraining the defendants from using the trade name or any other name deceptively
similar to Nasscom. The court further restrained the defendants from holding themselves out as
being associates or a part of Nasscom.

17
119 (2005) DLT 596, 2005 (30) PTC 437 Del

24
The court appointed a commission to conduct a search at the defendants’ premises. Two hard
disks of the computers from which the fraudulent e-mails were sent by the defendants to various
parties were taken into custody by the local commissioner appointed by the court.

The offending e-mails were then downloaded from the hard disks and presented as evidence in
court.

During the progress of the case, it became clear that the defendants in whose names the
offending e-mails were sent were fictitious identities created by an employee on defendants’
instructions, to avoid recognition and legal action. On discovery of this fraudulent act, the
fictitious names were deleted from the array of parties as defendants in the case.

Subsequently, the defendants admitted their illegal acts and the parties settled the matter through
the recording of a compromise in the suit proceedings. According to the terms of compromise,
the defendants agreed to pay a sum of Rs1.6 million to the plaintiff as damages for violation of
the plaintiff’s trademark rights. The court also ordered the hard disks seized from the defendants’
premises to be handed over to the plaintiff who would be the owner of the hard disks.

This case achieves clear milestones: It brings the act of “phishing” into the ambit of Indian laws
even in the absence of specific legislation; It clears the misconception that there is no “damages
culture” in India for violation of IP rights; This case reaffirms IP owners’ faith in the Indian
judicial system’s ability and willingness to protect intangible property rights and send a strong
message to IP owners that they can do business in India without sacrificing their IP rights.

State of Tamil Nadu vs. SuhasKutti, 200418

Brief Facts: The accused was the family friend of the victim. The accused wanted to marry the
victim but the victim refused and married another person. The marriage broke apart. On seeing
this, the accused saw this as an opportunity and asked her for marriage. The victim refused again.
On being refused, the accused posted obscene and defamatory messages about the said victim on
Yahoo messenger groups harming her reputation and insulting her modesty. The accused also
forwarded emails received in a fake account opened by him in the victim’s name. The posting of
18
CC No. 4680 of 2004

25
messages resulted in annoying calls to the victim. The calls were in the belief the victim is
soliciting for sex work. The victim was fed up with the harassment took steps against it and filed
a report again him. The accused was arrested and he reiterated that he did not do such a thing.

Issues: Was the accused liable of the charges under Section 469 of IPC, Section 509 of IPC and
Section 67 of Information Technology Act, 2000?

Arguments raised by the Defense:  The defense counsel argued that the offending mails and
messages were either sent by her ex-husband or any other person but him. He argued that
the victim herself wanted to marry the accused and after being rejected, the victim tried to put
false allegations on the accused.

Judgment: Despite of all such arguments, the proofs were presented before the Court. The IP
address belonging to the harasser was same as the accused. The Cyber Café owner, an eye-
witness, gave statement against the accused. After relying on the expert witnesses and other
evidences produced before Court, the Additional Chief Metropolitan Magistrate held the accused
guilty of offences under Section 469, Section 509 IPC and Section 67 of Information Technology
Act, 2000.

(Section 469 of IPC- Forgery for purpose of harming reputation.)

(Section 509 of IPC- Word, gesture or act intended to insult the modesty of woman.)

(Section 67 of Information Technology Act, 2000- Punishment for publishing or transmitting of

material containing sexually explicit act, etc., in electronic form.)

Also, the accused is convicted and is sentenced for the said offence. He has to undergo 1 year of
S.I (Simple Imprisonment) and pay a fine of Rs. 500/- under the charges of Section 509 of IPC.
He also has to undergo 2 years of R.I (Rigorous Imprisonment) under Section 469 of IPC. For
the offence under Section 67 of the Information Technology Act, 2000, he has to undergo 2 years
of R.I. and pay a fine of Rs. 4000/-. All the sentences will run concurrently.

Microsoft Corporation v YogeshPapat, Delhi HC.

26
Facts of the case:-

This case concerns the infringement of copyright in software and notably the interpretation of
Sections 51 and 55 of the Copyright Act 1957. The Microsoft Corporation, the registered
proprietor of the trademark MICROSOFT, requested a permanent injunction restraining the
defendant, its directors and agents from copying, selling, offering for sale, distributing or issuing
to the public counterfeit or unlicensed versions of Microsoft's software program in any manner
that amounts to infringement of Microsoft's copyright in the computer programs, related manuals
and Microsoft's registered trademarks. Microsoft also requested that the defendant be prevented
from selling and distributing any product to which the trademark MICROSOFT or any variants
of this trademark have been applied.

The defendant did not appear before the court, so the proceedings took place ex parte. The court
eventually ruled against the defendant, who was downloading Microsoft software onto the hard
drives of computers that it then sold, without a license or permission to do so from Microsoft.

Decision - The court approached each piece of evidence in turn and, based on the assumption
that 100 computers were sold each year and on the evidence of the software's popularity, held
that Microsoft had suffered a total profit loss of Rs1.98 million, plus interest at 9% from the date
of the decree until the date of payment.

The court, quoting an observation by Justice Laddie in the High Court of England and Wales
in Microsoft Corporation v Electro wide Ltd, held that the defendant's actions "constituted a
general threat to infringe the copyright in the class of software". Justice Predeep Nandrajog, who
presided in this case, stated that:

"It stands established that the defendant has infringed the plaintiff's copyright by making illicit
copies of the operating systems software by openly copying whatever operating system is
currently saleable."

Whose law applies?

A hacker sitting in Iceland may use a proxy in Thailand to hack into servers of the London Stock
Exchange. Which country’s cyber laws apply in this instance? The decentralized nature of the
crime makes it that much tougher to demarcate jurisdiction, further compounded by that fact that

27
cyber laws are not consistent across nations (what may be a cybercrime in India may be perfectly
legal in Sri Lanka). For instance, the provisions of the Indian IT Act, 2000 applies, not only to
the whole of India, but also to offences committed outside outside Indian territory, provided the
offence involved a computer, computer system, or computer network located in India.

Is it possible to stop cybercriminals?

Cyber crooks and thieves can be very hard to catch or stop, making broad solutions to
cybercrime elusive. For specific instances of cyber fraud, we generally rely on the police,
national security departments, and commercial cyber security firms to fight the bad guys.

For the average computer user, it’s quite hard to go up against a cyber-crook. The best approach
is to follow some common best practices. If you can block cybercriminals from getting access to
your devices, you’ll block them from making money off of you — which is, after all, their
primary motivation. And how can you do that?

How to prevent cybercrime?

The best way to protect yourself against cybercrime is to exercise sensible digital habits. Here
are some common-sense browsing habits that will help you defend yourself daily:

 Be wary of emails with sketchy links or attachments you didn’t expect.

 Don’t download anything from unknown sources.
 Check to make sure you’re on a legitimate website before entering any personal info.
 Always apply software updates immediately (they fix security vulnerabilities).
 Don’t use unencrypted public Wi-Fi (in coffee shops, airports, etc.) without a VPN.
 Use strong, unique passwords — don’t reuse the same password across multiple
accounts.
 Use two-factor authentication whenever possible.
 Boost your router security to protect your home network.

How to protect yourself against cybercrime?

28
So, now you understand the threat cybercrime represents, what are the best ways to protect your
computer and your personal data? Here are our top tips:

Keep software and operating system updated

Keeping your software and operating system up to date ensures that you benefit from the latest
security patches to protect your computer.

Use anti-virus software and keep it updated

Using anti-virus or a comprehensive internet security solution like Kaspersky Total Security is

a smart way to protect your system from attacks.

Anti-virus software allows you to scan, detect and remove threats before they become a problem.
Having this protection in place helps to protect your computer and your data from cybercrime,
giving you peace of mind. If you use anti-virus software, make sure you keep it updated to get
the best level of protection.

Use strong passwords

Be sure to use strong passwords that people will not guess and do not record them anywhere. Or
use a reputable password manager to generate strong passwords randomly to make this easier.

Never open attachments in spam emails

A classic way that computers get infected by malware attacks and other forms of cybercrime is
via email attachments in spam emails. Never open an attachment from a sender you do not know.

Do not click on links in spam emails or untrusted websites

Another way people become victims of cybercrime is by clicking on links in spam emails or
other messages, or unfamiliar websites. Avoid doing this to stay safe online.

Do not give out personal information unless secure

29
Never give out personal data over the phone or via email unless you are completely sure the line
or email is secure. Make certain that you are speaking to the person you think you are. 

Contact companies directly about suspicious requests

If you get asked for data from a company who has called you, hang up. Call them back using the
number on their official website to ensure you are speaking to them and not a cybercriminal. 

Ideally, use a different phone because cybercriminals can hold the line open. When you think
you’ve re-dialed, they can pretend to be from the bank or other organization that you think
you’re speaking to.

Be mindful of which website URLs you visit

Keep an eye on the URLs you are clicking on. Do they look legitimate? Avoid clicking on links
with unfamiliar or spam looking URLs.

If your internet security product includes functionality to secure online transactions, ensure it is
enabled before carrying out financial transactions online.

Keep an eye on your bank statements

Our tips should help you avoid falling foul of cybercrime. However, if all else fails, spotting that
you have become a victim of cybercrime quickly is important.

Keep an eye on your bank statements and query any unfamiliar transactions with the bank. The
bank can investigate whether they are fraudulent.

In conclusion

While the internet is a wonderful device and has become an imperceptible part of our lives,
there’s a lot out there that could cause serious trouble. The flip side is cybercrime and sadly, it is
on the rise. The best thing to do is to be prepared. Follow these simple rules. Use your common
sense and act smart. Think before you act and while conducting any online transactions, keep a

30
wary eye. Being aware can help you stay away from cybercrime. After all, the internet can be
full of good experiences if you take preventive measures and keep cyber criminals at bay with
your resourcefulness.

References

1. The Information Technology (Amendment) Act, 2008

2. Types of Cyber Crimes & Cyber Law in India, Prashant Mali, CSIC
3. http://www.cyberlawsindia.net/
4. http://dgit.in/UVeIT8
5. https://www.juriscognitionis.com/post/case-analysis-state-of-tamil-nadu-v-suhas-katti
6. https://delhidistrictcourts.nic.in/ejournals/CYBER%20LAW.pdf
7. https://www.cyberralegalservices.com/detail-casestudies.php

31