Session:2020-21

Name: Yash Choudhary

Roll No. 17/ILB/046
Subject: Cyber Law
Topic : cyber crime

School: School Of Law, Justice

& Governance (SoLJ&G)
This Project is made Under the
Guidance of miss Kajal Gupta
*******
INTRODUCTION
Connectivity via the Internet has greatly a bridged geographical distances and made communication
even more rapid. While activities in this limitless new universe are increasing incessantly, the need
for laws to be formulated to govern all spheres of this new revolution was felt. In order to keep pace
with the changing generation the Indian Parliament passed Information Technology (IT) Act, 2000.
The Indian Parliament enacted the Act called the Information Technology Act, 2000. This Act is based
on the Resolution A/RES/51/162 adopted by the General Assembly of the United Nations on 30th
January, 1997 regarding the Model Law on Electronic Commerce earlier adopted by the United
Nations Commission on International Trade Law (UNCITRAL) in its twenty-ninth session. India was
one of the States, which supported this adoption of Law by the General Assembly.

The Act aims at providing legal recognition for transactions carried out by means of electronic data
interchange and other means of electronic communications commonly referred to as "electronic
commerce" which involve the use of alternative to paper based methods of communication and
storage of information and aims at facilitating electronic filing of documents with the government
agencies.

Objectives of the Act:

• To grant legal recognitions for any transactions carried out by means of Electronic Data
Interchange and other means of communication commonly referred to as – ‘Electronic Commerce’,
in place of paper based method of communication.

• To give legal recognitions to digital signature for authentication of any information or matter
which require authentication under any law.

• To facilitate electronic filing of documents with the government department.

• To facilitate electronic storage of data.

• To facilitate and give legal sanctions to electronic fund transfer between the bank and financial
institution.

• To give legal recognitions for keeping books of account by banker in electronic form.

• To Amend the Indian Penal Code 1860, The Indian Evidence, 1872, The Banker’s Book Evidence
Act,1891 and The Reserve Bank of India Act, 1934.

Scope of the Act:

The Information Technology Act 2000 extends to the whole of India. It applies also to any offence or
contravention there under committed outside India by any person.

However The Act does not apply to:

1. A negotiable instrument other than cheque. It means the Information Technology Act is applicable
to cheque.

2. A power-of-attorney.
3. A trust as defined in section 3 of the Indian Trusts Act, 1882.

4. A will.

5. Any contract for the sale or conveyance of immovable property or any interest in such property;

6. Any such class of documents or transactions as may be notified by the Central Government in the
Official Gazette.

Some of the Important Definition:

1."Adjudicating officer" means an adjudicating officer appointed under subsection of section 46.

2."Affixing digital signature" with its grammatical variations and cognate expressions means
adoption of any methodology or procedure by a person for the purpose of authenticating an
electronic record by means of digital signature.

3."Appropriate Government" means as respects any matter-

(i) Enumerated in List II of the Seventh Schedule to the Constitution;

(ii) Relating to any State law enacted under List III of the Seventh Schedule to the Constitution, the
State Government and in any other case, the Central Government.

4."Asymmetric crypto system" means a system of a secure key pair consisting of a private key for
creating a digital signature and a public key to verify the digital signature.

5."Certifying Authority" means a person who has been granted a license to issue a Digital Signature
Certificate under section 24.

6."Certification practice statement" means a statement issued by a Certifying Authority to specify

the practices that the Certifying Authority employs in issuing Digital Signature Certificates.

7."Cyber Appellate Tribunal" means the Cyber Regulations Appellate Tribunal established under sub-
section (1) of section 48.

8."Digital signature" means authentication of any electronic record by a subscriber by means of an

electronic method or procedure in accordance with the provisions of section 3.

9."Digital Signature Certificate" means a Digital Signature Certificate issued under subsection of
section 35.

10."Electronic form" with reference to information means any information generated, sent, received
or stored in media, magnetic, optical, computer memory, micro film, computer generated micro
fiche or similar device.

11."Electronic Gazette" means the Official Gazette published in the electronic form.

12."Secure system" means computer hardware, software, and procedure that-

(a)are reasonably secure from unauthorized access and misuse,

(b)provide a reasonable level of reliability and correct operation,

(c)are reasonably suited to performing the intended functionsand

(d) adhere to generally accepted security procedures.

Advantages of I.T. Act 2000:

1. Helpful to promote e-commerce-

• Email is valid

• Digital signature is valid.

• Payment via credit card is valid.

• Online contract is valid

Above all things validity in eye of Indian law is very necessary. After making IT act 2000 , all above
things are valid and these things are very helpful to promote e-commerce in India .

2. Enhance the corporate business -

After issuing digital signature, certificate by Certifying authority, now Indian corporate business can
enhance.

3. Filling online forms -

After providing facility, filling online forms for different purposes has become so easy.

4. High penalty for cyber crime -

Law has power to penalize for doing any cyber crime. After making of this law, nos. of cyber crime
has reduced.

Shortcoming of I.T. Act 2000:

1. Infringement of copyright has not been included in this law.

2. No protection for domain names.

3. The act is not applicable on the power of attorney, trusts and will.

4. Act is silent on taxation.

5. No, provision of payment of stamp duty on electronic documents.

CYBER CRIME
In the era of cyber world as the usage of computers became more popular, there was expansion in
the growth of technology as well, and the term ‘Cyber’ became more familiar to the people. The
evolution of Information Technology (IT) gave birth to the cyber space wherein internet provides
equal opportunities to all the people to access any information, data storage, analyze etc. with the
use of high technology. Due to increase in the number of cybercitizens, misuse of technology in
cyberspace was clutching up which gave birth to cyber crimes at the domestic and international level
as well. Though the word Crime carries its general meaning as “a legal wrong that can be followed by
criminal proceedings which may result into punishment” whereas Cyber Crime may be “unlawful
acts wherein the computer is either a tool or target or both”.It could be hackers vandalizing your
site, viewing confidential information, stealing trade secrets or intellectual property with the use of
internet. It can also include ‘denial of services’ and viruses attacks preventing regular traffic from
reaching your site.Cyber crimes are not limited to outsiders except in case of viruses and with
respect to security related cyber crimes that usually done by the employees of particular company
who can easily access the password and data storage of the company for their benefits. Cyber crimes
also includes criminal activities done with the use of computers which further perpetuates crimes i.e.
financial crimes, sale of illegal articles, pornography, online gambling, intellectual property crime, e-
mail, spoofing, forgery, cyber defamation, cyber stalking, unauthorized access to Computer system,
theft of information contained in the electronic form, e-mail bombing, physically damaging the
computer system etc.

CYBER CRIME IS AN EVIL HAVING ITS ORIGIN IN THE GROWING DEPENDENCE

ON COMPUTERS IN MODERN LIFE.
“A simple yet sturdy definition of cyber crime would be unlawful acts wherein the computer is either
a tool or a target or both”. Defining cyber crimes, as “acts that are punishable by the information
Technology Act” would be unsuitable as the Indian Penal Code also covers many cyber crimes, such
as e-mail spoofing, cyber defamation, etc.

• Cybercrime in a narrow sense (computer crime): Any illegal behavior directed by means of
electronic operations that targets the security of computer systems and the data processed by them.

• Cybercrime in a broader sense (computer-related crime): Any illegal behavior committed by

means of, or in relation to, a computer system or network, including such crimes as illegal possession
[and] offering or distributing information by means of a computer system or network.

Types of Cyber Crime:

Cyber Crime refers to all activities done with criminal intent in cyberspace. These fall into three slots.

• Those against persons.

• Against Business and Non-business organizations.

• Crime targeting the government.

Let us examine the acts wherein the computer is a tool for an unlawful act. This kind of activity
usually involves a modification of a conventional crime by using computer. Some examples are,

1. Hacking:

Hacking in simple terms means an illegal intrusion into a computer system and/or network. There is
an equivalent term to hacking i.e. cracking, but from Indian Laws perspective there is no difference
between the term hacking and cracking. Every act committed towards breaking into a computer
and/or network is hacking. Hackers write or use ready-made computer programs to attack the target
computer. They possess the desire to destruct and they get the kick out of such destruction. Some
hackers hack for personal monetary gains, such as to stealing the credit card information,
transferring money from various bank accounts to their own account followed by withdrawal of
money. They extort money from some corporate giant threatening him to publish the stolen
information which is critical in nature.Government websites are the hot targets of the hackers due to
the press coverage, it receives. Hackers enjoy the media coverage.

2. E-Mail spoofing:

A spoofed email is one that appears to originate from one source but actually has been sent from
another source. A spoofed e-mail may be said to be one, which misrepresents its origin. This can also
be termed as E-Mail forging.

E.g. Pooja has an e-mail address pooja@asianlaws.org. Her enemy, Sameer spoofs her e-mail and
sends obscene messages to all her acquaintances. Since the e-mails appear to have originated from
Pooja, her friends could take offence and relationships could be spoiled for life. Email spoofing can
also cause monetary damage. In an American case, a teenager made millions of dollars by spreading
false information about certain companies whose shares he had short sold. This misinformation was
spread by sending spoofed emails, purportedly from news agencies like Reuters, to share brokers
and investors who were informed that the companies were doing very badly. Even after the truth
came out the values of the shares did not go back to the earlier levels and thousands of investors
lost a lot of money.

3. Cyber Defamation:

It is an act of imputing any person with intent to lower down the dignity of the person by hacking his
mail account and sending some mails with using vulgar language to unknown persons mail
account.This occurs when defamation takes place with the help of computers and or the
Internet.e.g. someone published defamatory matter about someone on a websites or sends e-mail
containing defamatory information to all of that person’s friends.

4. Phishing:

In computing, phishing is a form of social engineering, characterized by attempts to fraudulently

acquire sensitive information, such as passwords and credit card details, by masquerading as a
trustworthy person in an electronic communication. The term phishing arises from the use of
increasingly sophisticated lures to "fish" for users' financial information and passwords. Phishing is
typically carried out by email spoofing or instant messaging and it often directs users to enter details
at a fake website whose look and feel are almost identical to the legitimate one.

For Example:Criminal sends a message via e-mail like “ Congratulations you have won $100,00,000”
to a random persons e-mail address and thereby asks the receiver of the mail to fill in some personal
details so that the money can be transferred to the receiver of the mail. The criminal also asks for
some processing charges to be paid so that the amount can be transferred. Many a times the person
to whom the mail has been sent pays the processing charges but does not receive the prize money
mentioned in the mail.

5. Cyber squatting:
Cyber squatting (also known as domain squatting), is registering, trafficking in, or using a domain
name with bad faith intent to profit from the goodwill of a trademark belonging to someone else.
The cybersquatter then offers to sell the domain to the person or company who owns a trademark
contained within the name at an inflated price.

It means where two persons claim for the same Domain Name either by claiming that they had
registered the name first on by right of using it before the other or using something similar to that
previously. For example two similar names i.e. www.yahoo.com and www.yaahoo.com.

6. Cyber Terrorism:

Cyber terrorism is a major burning issue in the domestic as well as global concern. The common form
of these terrorist attacks on the Internet is by distributed denial of service attacks, hate websites and
hate e-mails, attacks on sensitive computer networks etc. Cyber terrorism activities endanger the
sovereignty and integrity of the nation.

Cyber Regulations Appellate Tribunal (CRAT):

A Cyber Regulations Appellate Tribunal (CRAT) is to be set up for appeals from the order of any
adjudicating officer. Every appeal must be filed within a period of forty-five days from the date on
which the person aggrieved receives a copy of the order made by the adjudicating officer. The
appeal must be the appropriate form and accompanied by the prescribed fee. An appeal may be
allowed after the expiry of forty-five days if sufficient cause is shown.

The appeal filed before the Cyber Appellate Tribunal shall be dealt with by it as expeditiously as
possible and endeavor shall be made by it to dispose of the appeal finally within six months from the
date of receipt of the appeal. The CRAT shall also have certain powers of a civil court.

As per Section 61, no court shall have the jurisdiction to entertain any matter that can be decided by
the adjudicating officer or the CRAT. However, a provision has been made to appeal from the
decision of the CRAT to the High Court within sixty days of the date of communication of the order
or decision of the CRAT. The stipulated period may be extended if sufficient cause is shown. The
appeal may be made on either any question of law or question of fact arising from the order.

[Section 6A] Delivery of Services by Service Provider (Inserted vide ITAA-2008):

(1) The appropriate Government may, for the purposes of this Chapter and for efficient delivery
of services to the public through electronic means authorize, by order, any service provider
to set up, maintain and upgrade the computerized facilities and perform such other services
as it may specify, by notification in the Official Gazette.
(2) Explanation: For the purposes of this section, service provider so authorized includes any
individual, private agency, private company, partnership firm, sole proprietor form or any
such other body or agency which has been granted permission by the appropriate
Government to offer services through electronic means in accordance with the policy
governing such service sector.
 (2) The appropriate Government may also authorize any service provider authorized under sub-
section (1) to collect, retain and appropriate service charges, as may be prescribed by the
appropriate Government for the purpose of providing such services, from the person availing such
service.

(3) Subject to the provisions of sub-section (2), the appropriate Government may authorize the
service providers to collect, retain and appropriate service charges under this section
notwithstanding the fact that there is no express provision under the Act, rule, regulation or
notification under which the service is provided to collect, retain and appropriate e- service charges
by the service providers.

(4) The appropriate Government shall, by notification in the Official Gazette, specify the scale of
service charges which may be charged and collected by the service providers under this section:

Provided that the appropriate Government may specify different scale of service charges for
different types of services.

Section 7 provides that the documents, records or information which is to be retained for any
specified period shall be deemed to have been retained if the same is retained in the electronic form
provided the following conditions are satisfied:

(i) The information therein remains accessible so as to be usable subsequently.

(ii) The electronic record is retained in its original format or in a format which accurately represents
the information contained.

(iii) The details which will facilitate the identification of the origin, destination, dates and time of
dispatch or receipt of such electronic record are available therein.

CASELETS AS PERSELECTED IT ACT SECTIONS

1. Section 43 - Penalty and Compensation for damage to computer, computer system, etc

Caselet: Mphasis BPO Fraud: 2005

In December 2004, four call centre employees, working at an outsourcing facility operated by
MphasiS in India, obtained PIN codes from four customers of MphasiS’ client, Citi Group. These
employees were not authorized to obtain the PINs. In association with others, the call centre
employees opened new accounts at Indian banks using false identities. Within two months, they
used the PINs and account information gleaned during their employment at MphasiS to transfer
money from the bank accounts of Citi Group customers to the new accounts at Indian banks.
By April 2005, the Indian police had tipped off to the scam by a U.S. bank, and quickly identified the
individuals involved in the scam. Arrests were made when those individuals attempted to withdraw
cash from the falsified accounts, $426,000 was stolen; the amount recovered was $230,000.

Verdict: Court held that Section 43(a) was applicable here due to the nature of unauthorized access
involved to commit transactions.

Section 43(A) – It deals with compensation for failure to protect data was introduced in the

ITAA -2008. This is another watershed in the area of data protection especially at the corporate
level.

As per this Section, where a body corporate is negligent in implementing reasonable security
practicesand thereby causes wrongful loss or gain to any person, such body corporate shall be liable
to paydamages by way of compensation to the person so affected. The Section further explains the
phrase‘body corporate’ and quite significantly the phrases ‘reasonable security practices and
procedures’ and‘sensitive personal data or information’.Thus the corporate responsibility for data
protection is greatly emphasized by inserting Section 43Awhereby corporates are under an
obligation to ensure adoption of reasonable security practices. Furtherwhat is sensitive personal
data has since been clarified by the central government vide its Notificationdated 11 April 2011
giving the list of all such data which includes password, details of bank accounts orcard details,
medical records etc. After this notification, the IT industry in the nation including techsavvyand
widely technology-based banking and other sectors became suddenly aware of theresponsibility of
data protection and a general awareness increased on what is data privacy and what isthe role of
top management and the Information Security Department in organizations in ensuring data
protection, especially while handling the customers’ and other third party data.

2. Section 65 - Tampering with Computer Source Documents

Caselet: Syed Asifuddin and Ors. Vs. The State of Andhra Pradesh

In this case, Tata Indicom employees were arrested for manipulation of the electronic 32- bit
number (ESN) programmed into cell phones theft were exclusively franchised to Reliance Infocomm.

Verdict: Court held that tampering with source code invokes Section 65 of the Information
Technology Act.

3. Section 66 - Computer Related Offences

Caselet: Kumar v/s Whiteley

In this case the accused gained unauthorized access to the Joint Academic Network (JANET) and
deleted, added files and changed the passwords to deny access to the authorized users.

Investigations had revealed that Kumar was logging on to the BSNL broadband Internet connection
as if he was the authorized genuine user and ‘made alteration in the computer database pertaining
to broadband Internet user accounts’ of the subscribers.
The CBI had registered a cyber crime case against Kumar and carried out investigations on the basis
of a complaint by the Press Information Bureau, Chennai, which detected theunauthorized use of
broadband Internet. The complaint also stated that the subscribers had incurred a loss of Rs 38,248
due to Kumar’s wrongful act. He used to ‘hack’ sites from Bangalore, Chennai and other cities too,
they said.

Verdict: The Additional Chief Metropolitan Magistrate, Egmore, Chennai, sentenced N G Arun
Kumar, the techie from Bangalore to undergo a rigorous imprisonment for one year with a fine of Rs
5,000 under section 420 IPC (cheating) and Section 66 of IT Act (Computer related Offence).

4. Section 66A - Punishment for sending offensive messages through communication service

Caselet: Fake profile of President posted by imposter

On September 9, 2010, the imposter made a fake profile in the name of the Hon’ble President
Pratibha Devi Patil. A complaint was made from Additional Controller, President Household,
President Secretariat regarding the four fake profiles created in the name of Hon’ble President on
social networking website, Facebook.

The said complaint stated that president house has nothing to do with the facebook and the fake
profile is misleading the general public. The First Information Report Under Sections 469 IPC and 66A
Information Technology Act, 2000 was registered based on the said complaint at the police station,
Economic Offences Wing, the elite wing of Delhi Police which specializes in investigating economic
crimes including cyber offences.