Cyber Crime in India: An Overview

Cybercrime is a crime that involves a computer and a network. The computer may
have been used to commit the crime and in many cases, it is also the target. Cybercrime may
threaten a person or a nation’s security and financial health. Since the invention of the
Internet, communication throughout the world has advanced. The rise of cybercrime, also
referred to as e-crimes (electronic crimes), is one of the biggest problems facing modern
society. As a result, cybercrime is a threat to all countries, businesses, and people worldwide.
Millions of people have fallen victim to it, and it has spread to many regions of the world.
Given the seriousness of e-crime, as well as its global scope and effects, it is obvious that a
shared knowledge of such illegal behaviour is necessary for effective e-crime management.
This paper covers the definitions, varieties, and intrusions of e-crime. It has also concentrated
on the anti-e-crime laws in India. With the increasing use of computers in society, cybercrime
has become a major issue. The advancement of technology has made man dependent on
internet for all his needs. Internet has given man access to everything while sitting at one
place. Social networking, online shopping, online studying, online jobs, every possible things
that Man can think of can be done through the medium of internet. The cyber crime is
different from any other crime happening in the society. The reason being, it has no
geographical boundaries and the cyber criminals are unknown. It is affecting all the
stakeholders from government, business to citizens alike. In India cybercrime is increasing
with the increased use of information and communication technology (ICT). Therefore, this
article tries to study abrief introduction of cybercrime, different types, Amendments, and
analyse the Cyber Crime happening in India. Further he discusses some steps to overcome
cybercrime in India. In an increasingly interconnected world driven by digital advancements,
the rise of cybercrime has become a pressing concern for nations around the globe, and India
is no exception. With a growing population of internet users and a rapid digital
transformation across various sectors, the country has witnessed a surge in cybercriminal
activities, posing significant challenges to individuals, businesses, and the overall Cyber
security landscape.
Introduction

Cybercrime is a relatively recent development in the realm of crime.

Cybercrime is any illegal activity carried out on or through a computer, the internet, or any
other technology covered by the "Information Technology Act." The most prevalent type of
crime in contemporary India is cybercrime, which has a catastrophic effect. Criminals not
only seriously harm society and the government, but they also greatly conceal their identity.
Technically skilled criminals engage in a number of illegal activities online. Cybercrime can
be broadly construed as any illegal activity that makes use of a computer or the internet as a
tool, a target, or both. Although the term "cybercrime" is not defined in any act or statute
approved by the Indian legislature, it has occasionally been interpreted by Indian courts.
The misuse of technology and society's increasing reliance on it in modern society are the
root causes of cybercrime, an unstoppable evil. Computer use and other associated
technologies are becoming an increasingly necessary part of daily life, supporting user ease.
This medium is limitless and unquantifiable. Only a few of the recently growing cybercrimes
include cyber-stalking, cyber-terrorism, email spoofing, email bombing, cyber pornography,
cyber defamation, and others. Some common crimes may be considered cybercrimes if they
are carried out online or via a computer. As technology advances, humans have become
reliant on the internet for all of their requirements. The internet has provided us with quick
access to everything while being seated in one location. Every imaginable thing that one can
think of can be done through the medium of the internet, including social networking, online
shopping, data storage, gaming, online schooling, and online jobs. The internet is used in
nearly all aspects of life. As the internet and its associated advantages grew in popularity, so
did the notion of cybercrime. Different types of cybercrime have evolved with the increasing
dependency on the internet. There was a dearth of understanding about the crimes that might
be perpetrated over the internet a few years ago but today in terms of cybercrime, India is not
far behind the other countries, where the rate of occurrence of cybercrime is also on the rise.

According to the report of Norton Life lock, a Cyber Security

software company, in the last 12 months, 27 million Indian adults have been victims of
identity theft, and 52 Percent of people in the nation are unaware of how to defend
themselves against cybercrime.
 Further, on August 30, 2019, the Ministry of Home Affairs launched
the National Cyber Crime Reporting Portal to offer people a centralized system for reporting
all sorts of cybercrime occurrences online, with a special focus on cybercrimes against
women and children. According to the statistics of the portal, 3,17,439 cybercrime events and
5,771 FIRs have been recorded in the country since its establishment up to February 28,
2021, with 21,562 cybercrime occurrences and 87 FIRs in Karnataka and 50,806 cybercrime
incidents and 534 FIRs in Maharashtra. We can see from the data that the number of victims
of cybercrime is not a small figure hence, cybercrime is an issue of serious concern.

Definition of Cybercrime
Any offenses committed against individuals or groups of individuals to harm the
reputation or cause physical or mental trauma through electronic means can be defined as
Cybercrime. Electronic means can include but are not limited to, the use of modern
telecommunication networks such as the Internet (networks including chat rooms, emails,
notice boards and groups) and mobile phones (Bluetooth/SMS/MMS).

Cybercrime against individuals primarily involves activities that involve the use of
the internet and computers as a tool to extract private information from an individual, either
directly or indirectly, and disclose it on online platforms without the person’s consent or
illegally in order to degrade the person’s reputation or cause mental or physical harm.
Cybercrime is Defined as illegal behaviour involving a computer, a computer network, or a
networked device. Most, but not all, cybercrime is conducted by profit-driven cybercriminals
or hackers. Some cybercrimes target computers or devices directly in order to harm or disable
them, while others target computers or networks in order to disseminate malware, unlawful
information, pictures, or other things. Some cybercrime targets computers in order to infect
them with a computer virus, which subsequently spreads to other computers and, in some
cases, whole networks
What is Cyber Crime
Cybercrime is a broad term that is used to define criminal activity in which
computers or computer networks are a tool, a target, or a place of criminal activity and
include everything from electronic wracking to denial of service attacks. It is a general term
that covers crimes like phishing, Credit card frauds, bank robbery, illegal downloading,
industrial espionage, child pornography, kidnapping children via chat rooms, scams, cyber
terrorism, creation and or distribution of viruses, spam and so on.

It also covers That Traditional Crimes in which computers or networks are used to enable the
illicit activity. Cyber Crime is increasing day by Day, Nowadays it has become a new fashion
to earn money by fraud calls or to take revenge through hacking other accounts.

Oxford Dictionary defines cybercrime as follows:

"Criminal activities committed via computers or the Internet."
"Cybercrime can be defined as those species whose genus is traditional crime and where the
computer is either an object or a subject of the criminal conduct."

How do Cyber Crimes Work

Cybercrime may start everywhere there is digital data, opportunity, or
motivation. From a lone user engaging in cyber bullying to state-sponsored attackers,
cybercriminals come in many shapes and sizes. Cybercrime does not happen in a vacuum; it
is, in many respects, a dispersed phenomenon. That is, hackers frequently enlist the help of
other parties to execute their schemes. This is true whether it’s a malware developer selling
code on the dark web, a distributor of illicit medicines utilizing crypto currency brokers to
keep virtual money in escrow, or state threat actors stealing intellectual property through
technological subcontractors. Cybercriminals employ a variety of attack vectors to carry out
their Cyber Attacks, and they are always looking for new ways to achieve their objectives
while evading discovery and prosecution.

Malware and other forms of software are frequently used by

cybercriminals, but social engineering is typically a key component in the execution of most
types of cybercrime. Phishing emails are a key component of many forms of cybercrime, but
they’re especially crucial in targeted assaults like business email compromise, in which an
attacker impersonates a firm owner through email in order to persuade workers to pay false
bills.

Why is Cyber Crime considered a grave offense?

There are many privacy concerns surrounding cybercrime when sensitive
information is intercepted and leaked to the public, legally or otherwise. Some of that
information may include data about military deployments, internal government
communications, and even private data about high-value individuals. Cybercrime is not
confined to individuals alone. Internationally, both governmental and non-state actors engage
in cybercrimes, including espionage, financial theft, and other cross-border crimes.
Cybercrimes crossing international borders and involving the actions of at least one nation-
state is sometimes referred to as cyber warfare.

In 2018, a study by Center for Strategic and International Studies (CSIS), in

partnership with McAfee, a leading cyber security firm concludes that close to $600 billion,
nearly one Percent of global GDP, is lost to cybercrime each year.

Types of Cyber Crime

Cybercrime can be conducted by targeting anything useful for a person or a
country and hence, cybercrimes are divided into certain types. Let us have a look at
these types accordingly.

Child Pornography:
One of the most serious offences is that. The Internet is used by predators to
connect with and sexually assault children all around the world. Children have become a
desirable target for cybercriminals as a result of the widespread use of the internet.
Paedophiles approach children through chat rooms, where they befriend them and take
personal information from their defenceless victims, in order to entice them into their traps.
These paedophiles entice kids to the internet where they then assault them sexually or use
them as sex objects.

Hacking:
Hacking entails gaining access to a device without authorization, altering it to allow
for continuing access, and changing the configuration, function, or service of the target
equipment without the owners' knowledge or approval.

Denial of service attack:

A denial-of-service attack uses extremely basic technology to overwhelm the
target computer, which helps to prevent other machines from accessing the server. Hackers
utilise a variety of techniques to download servers.

Virus dissemination:
This sort of criminal behaviour calls for direct or unauthorised access to the
operating system through the installation of additional programmes that are categorised as ss
bugs, worms, or logic bombs. Computer sabotage, which generally refers to the unlawful
destruction or deletion of machine data or the Internet function, which prevents standard
device functions, is plainly an illegal offence.

Computer Forgery:
This happens as data in computerised records is modified and processed.
Machines can, however, also be employed to carry out forgery. Computerised colour laser
copies' accessibility sparked a fresh wave of fraudulent modification or copying.

Card Card fraud:

Modern businesses can readily exchange cash for cash that is held in computers,
which leads to computer theft. Organised crime frequently targets credit card identity
information as well as personal and financial credit card details. In addition to having a far
larger worth than traditionally economic assets, assets in digital format can potentially belong
to a higher economic class.
Phishing:
Modern businesses can readily exchange cash for cash that is held in computers,
which leads to computer theft. Organised crime frequently targets credit card identity
information as well as personal and financial credit card details. In addition to having a far
larger worth than traditionally economic assets, assets in digital format can potentially belong
to a higher economic class.

Spoofing:
Get one machine on a network to have a separate computer, usually a computer with
special access privileges, so that the other computers can be accessed globally.

Cyber Stalking:
In our culture, cyberstalking refers to the act of following or monitoring someone
online. The victim of a cyber-stalker is not physically pursued; instead, he is tracked down
after an online engagement and stalked, harassed, and intimidated verbally. It is an
infringement on your online privacy.

Threatening:
The suspect contacts the victim in chat rooms or sends obscene emails.

Salami Attack:
In this type of fraud, the culprit makes small adjustments that are undetectable.
Criminals take money from all of the bank's customers' accounts as little as 2.50 per month
and deposit it on their own. No account manager can approach the bank for too little in this
circumstance, although fraudulent gains are enormous.

Email bombing:
Sending an enormous amount of mail to a victim who might be a person, a
company, or even mail servers and causing the system or network to malfunction as a result.
Data Diddling:
Involves making changes to raw data right before a computer processes it, then
making those same changes again once the processing is finished.

Virus Attacks:
Viruses are programmes that attach to a computer or a file and then replicate
themselves on other computers and files connected to a network. They typically affect a
computer's data by altering or erasing it.Worms do not need a host to attach to, in contrast to
viruses. They just create functioning copies of themselves and keep doing so until all of the
computer's available memory has been consumed.

Logic Bombs:
This offence depends on a specific conditional circumstance occurring. The
Chernobyl virus serves as the most prominent illustration; it was dormant for the majority of
the year and only became active on a particular date.

Trojan Attacks:
An illegal programme known as a Trojan hides its true purposes by appearing to
be a legitimate piece of software and operating from within.

Internet time thefts:

This occurs when someone who is not authorised makes use of someone else's
paid-for Internet time. This kind of cybercrime was unheard of before the victim reported it.
The Indian Telegraph Act and the Indian Penal Code are typically used to pursue this crime.

Cybersquatting:
Cybersquatting, which includes typo squatting, is the practise of obtaining a
domain name in order to demand payment from the owner of a trademark (such as a business
name, trade name, or brand name) (where one letter is different). By demonstrating that the
defendant registered a domain name containing the plaintiff's distinctive trademark in bad
faith and with the intent to profit, a trademark owner can prevail in a cybersquatting action.

Cyber Defamation:
Any disparaging message meant to damage a person's brand or reputation is
referred to as cyber defamation. Someone can be defamed through libel or slander. Cyber
defamation is the term for defamation committed using computers and/or the Internet.

Keystroke Logging:
It is encoding and recording a user's keystrokes. This kind of programme is used
to bypass security measures by extracting encryption keys and passwords.

Data-driven attacks:
A kind of attack where the attack is launched by a user or another programme
using innocent data as cover. Because it may start an assault against a system behind the
firewall while still being in data form, a data-driven attack on a firewall is concerning.

DNS spoofing:
A spoofing technique that uses the Domain Name Service, which enables networks
to convert textual domain names to the IP addresses required to route data packets.

Dumpster diving:
A type of human intelligence (HUMINT) in which abandoned items and data are
collected in an effort to find useful information.

Types of Cybercrime against Individuals

Cybercrime may be broadly classified into three types:

1. Cybercrime against an individual is a type of cybercrime that occurs in or through the use
of the internet. Sexual, ethnic, religious, or other forms of harassment exist.
2. Cybercrime against an individual’s property includes computer wreckage, the destruction
of other people’s property, the delivery of destructive programs, trespassing, and unlawful
possession of computer information.

3. Cybercrime against the government, such as Cyber terrorism or plotting against the
governmental activities

Examples of Cybercrime against Individual

1. Phishing and Scam:

Phishing is a sort of social engineering attack and cybercrime against an individual

where the attacker deceives them by sending phony messages and emails in order to get
sensitive information about the user or to attempt to download malicious software and exploit
it on the target machine.

2. Theft of Identity:

Identity theft happens when a cybercriminal utilizes another person’s personal

information, such as credit card details or personal photographs, to perpetrate fraud or a crime
without their permission.

3. Ransomware Infection:

Ransomware attacks are a sort of cybercrime against individuals that is fairly

widespread. It is a sort of virus that may restrict users from accessing all of their personal
data on the device by encrypting it and then demanding a ransom to get access.

4. Malware Attacks:

These are cyber crimes against individuals who use cell phones with internet access
and are sometimes tracked for their location, online searches, usernames, and passwords
input on their devices, webcams, and so on.
5. Cyberstalking:

Cyber stalking is a type of cybercrime against an individual where someone follows

somebody on social media, online websites, or search engines, exposing the user to a barrage
of online messages or emails threatening his or her safety.

6. Social Media Hacking:

Hacking on social media is a cybercrime against an individual when someone creates

a phoney account and gains the followers or friends of the general public. This then provides
the false account the ability to send out mass emails to inboxes.

7. Web Jacking:

Digital marketing has become the new normal, enticing firms to create their own websites.
More website traffic suggests that more people are aware of their products/services/brands.

There are certain offences which affects persons properties which are as
follows:

Intellectual Property Crimes:

Intellectual property consists of a bundle of rights. Any unlawful act by which the owner is
deprived completely or partially of his rights is an offence. The common form of IPR
violation may be said to be software piracy, infringement of copyright, trademark, patents,
designs and service mark violation, theft of computer source code, etc.

Cyber Squatting:
It means where two persons claim for the same Domain Name either by claiming that they
had registered the name first on by right of using it before the other or using something
similar to that previously. For example two similar names i.e. www.yahoo.com and
www.yaahoo.com.

Cyber Vandalism:
Vandalism means deliberately destroying or damaging property of another. Thus cyber
vandalism means destroying or damaging the data when a network service is stopped or
disrupted. It may include within its purview any kind of physical harm done to the computer
of any person. These acts may take the form of the theft of a computer, some part of a
computer or a peripheral attached to the computer.
Hacking Computer System:
Hacktivism attacks those included Famous Twitter, blogging platform by unauthorized
access/control over the computer. Due to the hacking activity there will be loss of data as
well as computer. Also research especially indicates that those attacks were not mainly
intended for financial gain too and to diminish the reputation of particular person or
company.

Transmitting Virus:
Viruses are programs that attach themselves to a computer or a file and then circulate
themselves to other files and to other computers on a network. They usually affect the data on
a computer, either by altering or deleting it.

Cyber Trespass:
It means to access someone's computer without the right authorization of the owner and does
not disturb, alter, misuse, or damage data or system by using wireless internet connection.

Internet Time Thefts:

Basically, Internet time theft comes under hacking. It is the use by an unauthorized person, of
the Internet hours paid for by another person. The person who gets access to someone else's
ISP user ID and password, either by hacking or by gaining access to it by illegal means, uses
it to access the Internet without the other person's knowledge. You can identify time theft if
your Internet time has to be recharged often, despite infrequent usage.

Cybercrimes against Government

There are certain offences done by group of persons intending to threaten the
international governments by using internet facilities. It includes:

Cyber Terrorism:
Cyber terrorism is a major burning issue in the domestic as well as global concern. The
common form of these terrorist attacks on the Internet is by distributed denial of service
attacks, hate websites and hate e-mails, attacks on sensitive computer networks etc. Cyber
terrorism activities endanger the sovereignty and integrity of the nation.

Cyber Warfare:
It refers to politically motivated hacking to damage and spying. It is a form of information
warfare sometimes seen as analogous to conventional warfare although this analogy is
controversial for both its accuracy and its political motivation.

Distribution of pirated software:

It means distributing pirated software from one computer to another intending to destroy the
data and official records of the government.

Possession of Unauthorized Information:

It is very easy to access any information by the terrorists with the aid of internet and to
possess that information for political, religious, social, ideological objectives.

Cyber Laws in India

Information Technology Act, 2000:

The Information Technology Act, which came into effect in 2000, regulates cyber laws in
India. The main goal of this Act is to safeguard eCommerce's legal protection by making it
simple to register real-time records with the government. The sophistication of
cybercriminals and people's propensity to abuse technology led to a number of adjustments.

The ITA highlights the severe punishments and fines established by the Indian Parliament to
protect the e-government, e-banking, and e-commerce industries.

Section 43:
[Penalty and compensation] for damage to computer, computer system, etc. If any person
without permission of the owner or any other person who is in charge of a computer,
computer system or computer network.

Section 66:
Computer related offences - If any person, dishonestly or fraudulently, does any act referred
to in section 43, he shall be punishable with imprisonment for a term which may extend to
three years or with fine which may extend to five lakh rupees or with both.

Section 66B:
Punishment for dishonestly receiving stolen computer resource or communication device -
Whoever dishonestly receive or retains any stolen computer resource or communication
device knowing or having reason to believe the same to be stolen computer resource or
communication device, shall be punished with imprisonment of either description for a term
which may extend to three years or with fine which may extend to rupees one lakh or with
both.

Section 66C:
Punishment for identity theft Whoever, fraudulently or dishonestly make use of the electronic
signature, password, or any other unique identification feature of any other person, shall be
punished with imprisonment of either description for a term which may extend to three years
and shall also be liable to fine which may extend to rupees one lakh.

Section 66D:
Punishment for cheating by personation by using computer resources. Whoever, by means of
any communication device or computer resource cheats by personation, shall be punished
with imprisonment of either description for a term which may extend to three years and shall
also be liable to fine which may extend to one lakh rupees.

Analysis Of Cybercrimes In India:

India is the second largest online market in the world with over 560 million
internet users, Ranked only behind China. And it is estimated that by 2023, there would be
over 650 million internet users in the country. According to the latest national crime records
bureau NCRB data, a total of 27, 248 cases of cybercrime where registered in India in 2018.

In Telangana, 1205 cyber crime cases where registered in the same year. According to FBIs
report,India stands third among top 20 cybercrime victim. The national cyber crime reporting
portal (cybercrime.gov.in) which was started last year by the central government received
33,152 complaints till now resulting in lodging of 790 FIRs.

In fact, according to a 2017 report, Indian consumers had lost over 18 billion US dollars due
to cyber crimes. In 2018, there were over 27,000 cases of cyber crimes recorded in the
country, marking an increase of over 121% compare to the number of the cases as two years
back.

Total number of cyber crimes reported in India from 2012-2018

Number of cyber crimes

2018 27,248

2017 21,796

2016 12,317

2015 11,592
2014 9,622

2013 5,693

2012 3,377

The above table clearly shows the increasing number of cybercrimes cases in
India.The top 5 popular cyber crimes are-Phising scams, identity theft scams, online
harassment, cyber stalking, invasion of privacy.

Laws against Cybercrime in India

Ever since the introduction of cyber laws in India, the Information Technology Act
(IT Act) 2000 covers different types of crimes under cyber law in India. The following types
of cybercrimes are covered under the IT Act 2000.

Identity theft – Identity theft is defined as theft of personnel information of an individual to

avail financial services or steal the financial assets themselves.

Cyberterrorism – Cyberterrorism is committed with the purpose of causing grievous harm

or extortion of any kind subjected towards a person, groups of individuals, or governments.

Cyberbullying – Cyberbullying is the act of intimidating, harassment, defaming, or any other

form of mental degradation through the use of electronic means or modes such as social
media.

Hacking – Access of information through fraudulent or unethical means is known as

hacking. This is the most common form of cybercrime know to the general public.

Defamation – While every individual has his or her right to speech on internet platforms as
well, but if their statements cross a line and harm the reputation of any individual or
organization, then they can be charged with the Defamation Law.

Trade Secrets – Internet organization spends a lot of their time and money in developing
software, applications, and tools and rely on Cyber Laws to protect their data and trade
secrets against theft; doing which is a punishable offense.

Freedom of Speech – When it comes to the internet, there is a very thin line between
freedom of speech and being a cyber-offender. As freedom of speech enables individuals to
speak their mind, cyber law refrains obscenity and crassness over the web.

Harassment and Stalking – Harassment and stalking are prohibited over internet platforms
as well. Cyber laws protect the victims and prosecute the offender against this offense.
Measures Being Taken to Combat the Evolving Threat of Cybercrimes
Several measures have been taken at various levels to combat the evolving threat of
the rise in cybercrimes in India, including government initiatives, law enforcement efforts,
and public-private partnerships. Here are ten pivotal measures being implemented to address
cybercrime in India.

1. Information Technology (IT) Act, 2000

The IT Act serves as India’s primary legislation governing cybercrimes. It defines offences
related to unauthorized access, data theft, hacking, identity theft, and online fraud. The Act
provides legal provisions and penalties for cybercrimes and establishes the country’s
cybersecurity framework.

2. National Cyber Security Policy

The government has formulated the National Cyber Security Policy to safeguard critical
information infrastructure and enhance the resilience of cyberspace. This policy focuses on
strengthening cybersecurity capabilities, establishing cybersecurity organizations, promoting
research and development, and facilitating international cooperation.

3. Cyber Cells and Cybercrime Investigation Units

Law enforcement agencies have established dedicated cyber cells and investigation units
nationwide. These units handle cybercrime cases, conduct investigations, and prosecute
offenders. They collaborate with other agencies and international entities to combat cyber
threats.

4. Cyber Crime Reporting Platforms

The government has launched online portals and helplines to facilitate the reporting of
cybercrimes. Platforms such as the Cyber Crime Reporting Portal and the National Cyber
Crime Reporting Portal allow individuals and organizations to report cyber incidents, seek
assistance, and register complaints.
5. Capacity Building and Training

To address the skill gap in cybersecurity, the government has taken initiatives to promote
capacity building and training programs. Various educational institutions, organizations, and
cybersecurity agencies offer training courses, workshops, and certifications to enhance
cybersecurity skills among professionals and law enforcement personnel.

6. Public Awareness and Cybersecurity Campaigns

The government, in collaboration with industry bodies and cybersecurity organizations,

conducts public awareness campaigns to educate individuals, businesses, and students about
cybersecurity best practices. These campaigns aim to enhance awareness of cyber threats,
safe online behaviour, and the importance of cybersecurity hygiene.

7. Public-Private Partnerships

Collaboration between the government, private sector, and industry stakeholders is crucial in
combating cybercrime effectively. Public-private partnerships facilitate information sharing,
joint initiatives, and the development of cybersecurity frameworks and standards.

8. International Cooperation

India actively engages in international cooperation to combat cybercrime. It participates in

bilateral and multilateral agreements, collaborations, and information-sharing networks with
other nations to address cross-border cyber threats, cyber terrorism, and cyber espionage.

9. Cybersecurity Audits and Compliance

The government emphasizes the importance of cybersecurity audits and compliance with
cybersecurity standards for organizations. Regulatory bodies and industry-specific authorities
have introduced guidelines and frameworks to ensure cybersecurity compliance across
sectors.

10. Research and Development

Efforts are being made to promote research and development in cybersecurity. Collaboration
between academia, research institutions, and industry fosters innovation, the development of
cybersecurity technologies, and the discovery of advanced defence mechanisms against cyber
threats.
These measures collectively aim to strengthen the cybersecurity ecosystem in India, enhance
incident response capabilities, and create a secure digital environment for individuals,
businesses, and government institutions. Continued efforts, investment, and awareness are
essential to stay ahead of the evolving threat landscape of cybercrime.

Steps to avoid Cybercrime against Individuals

1. Making use of an internet security package: This helps safeguard your private and
financial information while you use the internet by offering real-time protection against
known and unknown malware, such as viruses and ransomware.

2. Use secure passwords: Avoid using the same password across many websites, and change
it frequently. Make them challenging. That entails utilizing a minimum of 10 different letters,
numbers, and symbols.

3.Disclosing private information: Never communicate or divulge any sensitive information,

including your bank account number, ATM pin, password, or email address, over an
unencrypted connection.

4. Not answering spam: Avoid visiting untrusted websites or clicking on links sent to you
by unknown or untrusted websites. Spams are the most common form of cybercrime against
the individual.

Students should become more knowledgeable about cybercrimes and cyber laws
and should be made aware of them. Students in computer centres, schools, colleges, and
universities should also receive instruction in cyber literacy. In order to give students a
foundational understanding of the Internet and its security, educational institutions might
arrange cyber law awareness programmes. Regularly reviewing bank and credit card
statements can help to lessen the impact of online crimes and identity theft.Keep your
operating system up to date to deter hackers from accessing your computer. By keeping your
computer updated, you can stop attackers from taking advantage of software flaws that could
otherwise give them access to your system and allow them to hack it for illegal purposes.
Eight-character passwords should be strong and unique, utilising a mix of symbols, phrases,
and figures for online activities like online banking. Avoid using passwords that are easily
traceable, such as your email address, login name, last name, date of birth, or month of birth.
You shouldn't use the same password for each online service you use. Keep various
passwords on hand for various internet activities.To secure your webmail or social media
account, enable two-step authentication in the webmail. Add your cell phone number to your
email account so you can be alerted if someone tries to access your account.Your username
and password are necessary to open your account with two-step authentication. However, for
your personal protection, a verification code is sent to your listed mobile number if you forget
your password. Even if a hacker is able to guess your password, he or she will be unable to
access your account without the temporary verification code.Your computer needs security
software installed since it helps shield you from online threats and is therefore necessary for
basic online security. These programmes are therefore essential for maintaining online safety.
It comes with firewall and antivirus software. The firewall regulates who and what is able to
communicate with your computer over the internet. By maintaining all online activities,
including email and web browsing, antivirus safeguards the machine against viruses, worms,
Trojan horses, and other malicious programmes.Since they provide all the security software
required for online protection in a single package, integrated security programmes like
Norton Internet Security, which combines Firewall, Antivirus, Antispyware, and other
features like Anti Spam and Parental Controls, have gained popularity in recent years.

Avoid clicking on the links in emails that request personal information since they
could direct you to a harmful or fake website. Read the privacy policies on a company's
website and software before you give them your data. You won't receive emails from
trustworthy businesses requesting personal information.

Never disclose personal information publicly on websites. This is as good as

disclosing one's identity to a stranger in public place. Always avoid sending any photograph
online particularly to strangers and chat friends as there have been incidents of misuse of the
photographs. Never enter credit card number to any side that is not secured, to prevent its
misuse
Reasons for the Rise of Cybercrime
The rise of cybercrime in India is a complex issue, with several key factors
contributing to its growth and impact. Here are the five important reasons for the rise of
cybercrime in India.

1. Increasing Internet Penetration

India has witnessed a remarkable surge in Internet penetration, driven by the availability of
affordable smartphones and low-cost data plans. While this digital revolution has brought
numerous benefits, it has expanded the potential target pool for cybercriminals.

2. Rapid Digital Transformation

Various sectors in India, including banking, e-commerce, healthcare, and government

services, have undergone rapid digital transformation. Adopting online platforms and digital
systems has created new opportunities for cybercriminals to exploit vulnerabilities and launch
attacks.

3. Financial Incentives

Cybercrime is often driven by financial gain. India’s growing economy, increasing digital
transactions, and adoption of digital payment systems have provided cybercriminals with
lucrative opportunities for financial fraud, including phishing attacks, online scams, and
credit card fraud.

4. Lack of Cybersecurity Awareness

Despite the increasing digital literacy, many individuals and organizations in India still lack
sufficient awareness of cybersecurity best practices. This lack of awareness leaves them
vulnerable to social engineering techniques, malware attacks, and other cyber threats.

5. Data Privacy Concerns

With organizations’ increasing collection and storage of personal data, data privacy concerns
have risen. The unauthorized access, theft, or misuse of personal information can lead to
identity theft, financial fraud, and other forms of cybercrime.
Addressing these key aspects of the rise of cybercrime in India requires a multi-faceted
approach involving cybersecurity awareness campaigns, capacity building, legal frameworks,
public-private partnerships, and investments in cybersecurity infrastructure. By addressing
these challenges and promoting a cyber-resilient ecosystem, India can mitigate the risks
associated with cybercrime and protect individuals, organizations, and critical digital
infrastructure.
Landmark judgments
The following judgments are the landmark judgments on cybercrime in India. The first
cybercrime occurred in 1992 when the first polymorphic virus was released. The case
of Yahoo v. Akash Arora (1999) was one of the earliest examples of cybercrime in India. The
defendant, Akash Arora, was accused of utilizing the trademark or domain name
‘yahooindia.com,’ and a permanent injunction was sought in this case. The case of Vinod
Kaushik and others v. Madhvika Joshi and others (2012) is the other example in which the
court held that according to Section 43 of the IT Act, 2000, accessing the e-mail accounts of
the spouse and father-in-law without their consent is prohibited. In 2011, a decision was
reached in this matter. All of these instances deal with the question of how cybercrime has
evolved, with a focus on India.

CBI v. Arif Azim (Sony Sambandh Case) (2013)

In 2013, India had its first cybercrime conviction. It all started when Sony India Private Ltd,
which owns the website www.sony-sambandh.com and targets Non-Resident Indians (NRI),
filed a complaint. NRIs may use the service to transfer Sony items to friends and family in
India after paying for them online.

The firm guarantees that the items will be delivered to the intended recipients. In May 2002,
someone using the name Barbara Campa went onto the website and bought a Sony Color
Television and cordless headphone. She provided her credit card information and asked for
the items to be sent to Arif Azim in Noida. The credit card company cleared the payment, and
the transaction was completed. The products were delivered to Arif Azim after the business
completed the necessary due diligence and inspection processes.

The firm took digital photos of Arif Azim accepting the package at the time of delivery. The
transaction was completed at that point, but after one and a half months, the credit card
company told the firm that the purchase was illegal since the true owner had denied making
it. The firm reported internet cheating to the Central Bureau of Investigation (CBI), which
opened an investigation under Sections 418, 419, and 420 of the Indian Penal Code. Arif
Azim was detained once the incident was examined. Arif Azim obtained the credit card
number of an American national while working at a contact centre in Noida, which he abused
on the company’s website, according to investigations.

In this one-of-a-kind cyber fraud case, the CBI retrieved the colour television and cordless
headphone. The CBI had enough evidence to establish their case in this instance, therefore
the accused acknowledged his guilt. Arif Azim was found guilty under Sections 418, 419,
and 420 of the Indian Penal Code, marking it the first time that a cybercriminal has been
found guilty. The Court, on the other hand, believed that because the accused was a young
kid of 24 years old and a first-time offender, a compassionate approach was required. As a
result, the Court sentenced the accused to a year of probation. The decision has enormous
ramifications for the entire country. Apart from being the first cybercrime conviction, it has
demonstrated that the Indian Penal Code may be effectively used for some types of
cybercrime that are not covered under the Information Technology Act 2000.

Pune Citibank Mphasis Call Center Fraud (2005)

In 2005, $ 3,50,000 was fraudulently moved from four Citibank accounts in the United States
to a few fake accounts over the internet. The workers won the clients’ trust and got their PINs
under the idea that they would be able to assist them in dealing with tough situations. Instead
of decoding encrypted software or breaching firewalls, they were looking for flaws in the
MphasiS system.

According to the Court, the defendants, in this case, are MphasiS contact centre ex-
employees. Every time an employee enters or exits, they are examined. As a result, the staff
had the numbers memorized. SWIFT, or the Society for Worldwide Interbank Financial
Telecommunication, was used to transmit the money. Unauthorized access to the consumers’
electronic accounts was used to commit the crime. As a result, this case is classified as a
“cybercrime.” The IT Act is wide enough to cover these types of crimes, and any IPC
infarction involving the use of electronic documents can be prosecuted on the same level as
crimes involving traditional materials.

Because of the kind of illegal access that is involved in committing transactions, the Court
determined that Section 43(a) of the IT Act, 2000 is relevant. The defendants were
additionally charged under Sections 66 of the Information Technology Act, 2000, as well
as Sections 420, 465, 467, and 471 of the Indian Penal Code, 1860.

Nasscom v. Ajay Sood & Others (2005)

The National Association of Software and Service Companies (Nasscom), India’s largest
software association, was the plaintiff in this lawsuit. The defendants ran a placement firm
that specialized in headhunting and recruitment. The defendants prepared and sent emails to
third parties in the name of Nasscom in order to collect personal data that they might utilize
for headhunting reasons. According to the Court, the plaintiff’s trademark rights were
recognized by the High Court of Delhi, which issued an ex-parte ad interim injunction
prohibiting the defendants from using the trade name or any other name that is confusingly
similar to Nasscom. The defendants were also barred from claiming to be affiliated with or a
part of Nasscom.

During the process of search, the defendants, under whose names the illegal emails were sent,
were revealed to be fake identities fabricated by an employee on the defendants’ orders in
order to evade detection and legal action. The defendant was liable to pay damages to the
plaintiff for violating his trademark rights.

This was the landmark case in which the Court declared that “phishing” on the internet is an
illegal activity and entails injunction and recovery of damages.

Poona Auto Ancillaries Pvt. Ltd., Pune v. Punjab National Bank, HO New
Delhi & Others (2013)
In 2013, Maharashtra’s IT secretary Rajesh Aggarwal ordered Punjab National Bank (PNB)
to pay Rs 45 lakh to the complainant Manmohan Singh Matharu, MD of Pune-based business
Poona Auto Ancillaries, in one of the biggest compensation awards in a judicial adjudication
of a cybercrime case. After Matharu responded to a phishing email, a fraudster deposited Rs
80.10 lakh from his PNB account in Pune. Since he reacted to the phishing email, the
complainant was requested to share the blame, but the bank was deemed responsible owing to
a lack of appropriate security checks against fraud accounts created to deceive the
Complainant.
State of Tamil Nadu v. Suhas Katti (2004)
The lawsuit stems from an obscene, defamatory, and harassing remark against a divorced
lady that was posted on a Yahoo chat group. The accused also forwarded emails to the victim
seeking information using a fake email account he created in the victim’s name. Due to the
publishing of the message, the lady received a slew of unpleasant phone calls from people
who thought she was soliciting.

The defendant paid the fine and was sent to Chennai’s Central Prison. This is the first case in
India to be convicted under Section 67 of the Information Technology Act of 2000.

More cyber fraud cases getting detected in India Recent News

About 27 lakh complaints of cyber frauds were registered in the country in the last one year
and an increasing number of such cases are getting detected due to enhanced vigil, Union
Home Minister Amit Shah has said. Shah also said that 99.5 per cent police stations in the
country are now connected with a central government network (Crime and Criminal Tracking
Network and Systems or CCTNS) for the purpose of investigation, data analytics, research,
policy making and providing services to citizens ,

"About 27 lakh complaints of cyber frauds were registered in the country in last one year," he
told PTI in an interview over the weekend.The home minister said earlier there was no
system to go after cyber frauds but now a toll free number is available for the general public
to register their complaints.

"We have made provisions for accounts to freeze. People started registering complaints and
within seconds, accounts get frozen (when there is a case of cyber fraud)," he said.
Asked whether cyber fraud cases have gone up in the country, Shah said cases have not gone
up but "frauds are getting detected now. We have also made available a toll free number.

That's why it is getting highlighted".Due to successful resolution of such complaints, people

have been calling on that number, he said.

Last week, CEO of the Indian Cyber Crime Coordination Centre (I4C) Rajesh Kumar had
said that Cambodia, Myanmar, Laos and a few other South East Asian countries have become
hub of trans-national organised gangs which are increasingly carrying out cyber crimes like
financial frauds, digital arrests and ATM card scamming in India.
The cyber fraud cases are mostly handled by the I4C, which is a wing under the cyber and
information security division of the Union Home Ministry. It is mandated to tackle the
burgeoning cyber crimes and attacks in the country in a coordinated and comprehensive
manner.
The I4C has been "continuously monitoring and blocking" cyber crime infrastructure like
Skype accounts, advertisements on Google and Meta, SMS headers, SIM cards, bank
accounts etc, another official said.

Referring to the CCTNS, the home minister said the government has made efforts to bring all
police stations under the network for the convenience of policing in the country.

"It is almost complete. About 99.5 per cent police stations are now connected with the
network. Just 0.5 per cent are left. That is because of connectivity issues. The police stations
which are left out may be located in very interior areas, on a hill top or in a jungle," he said.
The project was started in 2009. It aims to interlink all police stations under a common
application software for the purpose of investigation, data analytics, research, policy making
and providing citizen services such as reporting and tracking of complaints, request for
antecedent verifications by police etc.
Impacts of the Rise of Cybercrime
The rise of cybercrime in India has significantly affected individuals, businesses, and the
overall cybersecurity landscape. These impacts extend beyond financial losses and affect
various parts of society. Seven critical impacts of the rise of cybercrime in India are
mentioned below.

1. Financial Losses

Cybercrime causes substantial financial losses to individuals, businesses, and the economy as
a whole. Financial fraud, online scams, identity theft, and ransomware attacks result in
monetary damages, affecting personal savings, business revenues, and national economic
growth.

2. Data Breaches and Privacy Concerns

Cybercriminals target databases and systems to gain unauthorized access to sensitive

information. Data breaches compromise personal and financial data, leading to identity theft,
fraudulent activities, and invasion of privacy. Such breaches erode public trust in online
services and digital transactions.

3. Business Disruption and Downtime

Cyberattacks disrupt business operations, causing downtime and financial losses.

Ransomware attacks, distributed denial-of-service (DDoS) attacks, and other cyber threats
can render systems and networks inaccessible, resulting in productivity losses, reputational
damage, and customer dissatisfaction.

4. Intellectual Property Theft

Cybercriminals target businesses to steal intellectual property, trade secrets, and proprietary
information. This theft hampers innovation, undermines competitiveness, and impacts
industries’ long-term growth and sustainability.

5. Reputational Damage
Cyber attacks can severely damage the reputation of individuals and organizations. Incidents
of data breaches and security breaches can lead to negative publicity, loss of customer trust,
and damage to brand image. Rebuilding trust and reputation takes significant time and effort.

6. Regulatory and Legal Challenges

The rise of cybercrime has necessitated the introduction of stringent cybersecurity regulations
and laws. Compliance with these regulations and handling legal challenges related to
cybercrime can be complex and costly for businesses. Governments also face challenges in
enforcing these laws effectively.

7. National Security Concerns

Cyberattacks targeting government institutions, defence systems, and critical infrastructure

raise national security concerns. Breaches of sensitive government data, espionage, and cyber
warfare threaten national sovereignty, public safety, and diplomatic relations.

These impacts of the rise of cybercrime in India emphasize the urgency of strengthening
cybersecurity measures, raising awareness, and fostering collaborations between various
stakeholders. Addressing these impacts is crucial to safeguarding individuals, businesses, and
the nation’s digital infrastructure.
Cyber awareness
1. Cyber awareness and hygiene for parents

Talk to your children about the potential online threats such as grooming, bullying, and
stalking, keep track of their online activities. Set clear guidelines for internet and online
games usage.

Notice indicators of change in behaviour: If your child begins to spend more time online
and starts being defensive or secretive about their online activities, it may be an indicator of
cyber grooming. Talk to your child and engage him/ her in other activities.

Protect your child from Cyber Grooming:Grooming is a practice where someone builds an
emotional bond with a child through social media or chat window with an objective of
gaining their trust for sexual exploitation.

Children may remove privacy settings on social media to make more friends. Parents should
discuss responsible use of social media. Also, they should educate and help them in selecting
strong privacy settings.

Never click suspicious links or attachments: Never click on links or files received in e-
mail, text message or social media from unknown person. This may be an attempt to infect
computer with a malware.

Cover your webcams:A web camera (default in laptops) if hacked/compromised can be

leveraged as a medium to observe/watch and record day to day activities. It is a
recommended to cover webcam when not in use.

Install anti-virus software’s with parental control functionality or parental control

software’s on the devices used by children and review there privacy settings of social media
sites used by them.

Keep software updated:Keep your software and Operating system up-to-date. Hackers
target software vulnerabilities to access private information and putting you at risk, so make
sure to update all your software with the latest security patches. Never install software,
games, music and apps from trusted sources.

Set Secure browser settings:Always choose updated version of the browser and install safe
browsing tools for protection yourself from hackers and malware.

2. Cyber awareness and hygiene for teens and young adults

Secure your online presence just like you secure yourself:If you have not selected the right
settings on your social media accounts, then photos and videos posted can be viewed,
downloaded and used by others without your knowledge.

Select the right privacy settings and content sharing filters on social media so that you are
sharing your information, photos and videos only with your trusted ones.

Be selective about accepting friend request of strangers on social media

Learn how to block someone who is making you uncomfortable

Learn how to remove someone from your friends list

Remember to logout from social media websites after use

Secure your phone with password

If you notice your fake account has been created, you can immediately inform social media
service provider so that the account can be blocked

Be mindful of your appearance on video chat & video calls

Your video chats on social media sites can be recorded by the person on the other side

There have been instances where video chats which were supposed to be private in nature
have been recorded and shared on social media groups and websites

Be careful while accepting chat requests from strangers

Do not use Smartphone for taking sensitive personal photographs and videos

Do not use Smartphone for taking sensitive personal photographs and videos. Most of the
smartphones are connected to internet and cloud storage. If a picture or video has been
clicked/ recorded by using smartphone connected with the cloud, it may get saved
automatically into the cloud. Even if users delete their photos or videos from their phone, the
same photo or video can be recovered from the cloud account or any other device/ PC
connected to the cloud using same account.

If someone has taken such photograph using Smartphone, then take it seriously and make
sure to get it deleted from their smartphone, the cloud and any other device connected using
the same account.

Protect yourself from Cyber stalking:Cyber stalkers show advances on a person repeatedly
despite clear indication of disinterest by such person. They use internet, email, social media
or any other form of electronic communication for stalking

Disable location services for social media sites, mobile devices etc.

Refrain from sharing your personal information like Phone number, e-mail address,
photographs with unknown persons
Consult your relatives and friends, if you think you are a victim of Cyber stalking

Beware of fake social media accounts- Not all the accounts are real and not all
information provided on accounts are true

Be cautious while accepting friend requests from strangers.

Be cautious with sensitive Browsing

One should browse shopping or banking websites or apps only on a device that belongs to
him/ her or on a trusted network. Avoid using friend’s phone, public computer, cyber cafe or
free Wi-Fi for sensitive browsing as data can be stolen or copied.

The deleted data on your communication devices can be recovered

Be careful while you give your mobile devices, PC’s for

servicing/repairing/selling:Personal commuters and mobile devices consists private
information’s which needs to be erased before sending it for repairing, servicing or selling.

Protect your communication devices:Prevent others from accessing your devices by

providing password, PIN, Pattern or biometric information. Always install applications to
your mobile phones, computers, etc. from a trusted source only e.g. Play store, App store or
from official company websites

Report if you find content related to of Child Pornography (CP)/Child Sexual Abuse
Material (CSAM) or sexually explicit material

Any content related to of Child Pornography (CP)/ Child Sexual Abuse Material (CSAM) or
sexually explicit material such as Rape/ Gang Rape (CP/RGR) content should be report to the
concerned social media website

If anybody of your acquaintance shares Child Pornography (CP)/ Child Sexual Abuse
Material (CSAM) or sexually explicit material with you, it is your duty as a responsible
citizen to inform the concerned person that publication, collection and distribution of Child
Pornography (CP)/ Child Sexual Abuse Material (CSAM) or sexually explicit material is
illegal and he should refrain from doing such activities.

You can also report it on National Cyber Crime Reporting Portal (www.cybercrime.gov.in)

3. Cyber awareness and hygiene for organizations

How to deal with Child Pornography (CP)/ Child Sexual Abuse Material (CSAM) or
sexually explicit material in workplace?
All organisations should have clear and strong HR policies on how to deal with content on
Child Pornography (CP)/ Child Sexual Abuse Material (CSAM) or sexually explicit material

Organisations should have clear rules for use of electronic devices provided by the
organisation

If any employee is found possessing obscene or indecent content, proper investigation and
action should be taken against them

The organisation should report any incidence of sharing and storage of obscene content
within the organisation to the police. The copy of the content should be saved as an evidence
with restricted access

All other copies of the content should be deleted

They can also report through National Cyber Crime Reporting

Portal (www.cybercrime.gov.in).

Publication, Collection and Distribution of Child Pornography (CP)/Child Sexual

Abuse Material (CSAM) or sexually explicit material is illegal

Under Section 67 and 67A of Information Technology Act, 2000 makes publication and
distribution of any material containing sexually explicit act or conduct in electronic form a
punishable offence

Section 67B of IT Act, criminalizes browsing, downloading, creation, publication and

distribution of child pornography

What are the Legal Provisions in relation to Cyber Crimes in India?

Information Technology Act, 2000
The IT Act came into force on 17th October 2000.

Offences under the IT Act are as follows:

Section 65 - Tampering with computer source documents - If a person knowingly or

intentionally conceals, destroys or alters or intentionally or knowingly causes another to
conceal, destroy or alter any computer source code used for a computer, computer
programme, computer system or computer network, when the computer source code is
required to be kept or maintained by law for the time being in force.
Penalty - Imprisonment up to three years, or/and with a fine up to Rs. 200,000.

Section 66 – Hacking with computer system - If a person with the intent to cause or
knowing that he is likely to cause wrongful loss or damage to the public or any person
destroys or deletes or alters any information residing in a computer resource or diminishes its
value or utility or affects it injuriously by any means, commits hack.
Penalty - Imprisonment up to three years, or/and with a fine up to Rs. 500,000.

Section 66B - Receiving stolen computer or communication device - A person receives or

retains a computer resource or communication device which is known to be stolen or the
person has reason to believe that it is stolen.
Penalty - Imprisonment up to three years, or/and with a fine up to Rs.100,000.

Section 66C – Using password of another person - A person fraudulently uses the
password, digital signature or other unique identification of another person.
Penalty - Imprisonment up to three years, or/and with a fine up to Rs. 100,000.

Section 66D – Cheating using computer resource - If a person cheats someone using a
computer resource or communication.
Penalty - Imprisonment up to three years, or/and with a fine up to Rs. 100,000.

Section 66E – Publishing private images of others - If a person captures, transmits or

publishes images of a person's private parts without his/her consent or knowledge.
Penalty - Imprisonment up to three years, or/and with a fine up to Rs. 200,000.

Section 66F – Act of cyber terrorism - If a person denies access to authorized personnel
to a computer resource, accesses a protected system or introduces contaminant into a
system, with the intention of threatening the unity, integrity, sovereignty or security of India,
then he commits cyber terrorism.
Penalty - Imprisonment up to life.

Section 67 - Publishing information which is obscene in e-form - If a person publishes or

transmits or causes to be published in the electronic form, any material which is
lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and
corrupt persons who are likely, having regard to all relevant circumstances, to read, see or
hear the matter contained or embodied in it.
Penalty - Imprisonment up to five years, or/and with a fine up to Rs 1,000,000.

Section 67A - Publishing images containing sexual acts - If a person publishes or transmits
images containing a sexually explicit act or conduct.
Penalty- Imprisonment up to seven years, or/and with a fine up to Rs 1,000,000.

Section 67B – Publishing child porn or predating children online - If a person captures,
publishes or transmits images of a child in a sexually explicit act or conduct. If a person
induces a child into a sexual act. A child is defined as anyone who is under 18 years of age.
Penalty- Imprisonment up to five years, or/and with a fine up to Rs 1,000,000 on first
conviction. Imprisonment up to seven years, or/and with fine up to Rs 1,000,000 on second
conviction.

Section 67C - Failure to maintain records - Persons deemed as intermediary (such as an

ISP) must maintain required records for stipulated time. Failure is an offence.
Penalty- Imprisonment up to three years, or/and with fine.

Section 68 - Failure/refusal to comply with orders - The Controller may, by order, direct a
Certifying Authority or any employee of such Authority to take such measures or cease
carrying on such activities as specified in the order if those are necessary to ensure
compliance with the provisions of this Act, rules or any regulations made there under. Any
person who fails to comply with any such order shall be guilty of an offence.
Penalty- Imprisonment up to three years, or/and with a fine up to Rs 200,000.

Section 69 - Failure/refusal to decrypt data - If the Controller is satisfied that it is

necessary or expedient so to do in the interest of the sovereignty or integrity of India, the
security of the State, friendly relations with foreign States or public order or for preventing
incitement to the commission of any cognizable offence, for reasons to be recorded in
writing, by order, direct any agency of the Government to intercept any information
transmitted through any computer resource. The subscriber or any person in charge of the
computer resource shall, when called upon by any agency which has been directed, extend
all facilities and technical assistance to decrypt the information. The subscriber or any
person who fails to assist the agency referred is deemed to have committed a crime.
Penalty- Imprisonment up to seven years and possible fine.

Section 70 - Securing access to a protected system - The appropriate Government may, by

notification in the Official Gazette, declare that any computer, computer system or
computer network to be a protected system. The appropriate Government may, by order in
writing, authorize the persons who are authorized to access protected systems. If a person
who secures access or attempts to secure access to a protected system, then he is committing
an offence.
Penalty- Imprisonment up to ten years, or/and with fine.

Section 71 – Misrepresentation - If anyone makes any misrepresentation to, or

suppresses any material fact from, the Controller or the Certifying Authority for obtaining
any license or Digital Signature Certificate.
Penalty - Imprisonment up to three years, or/and with fine up to Rs 100,000.

Section 66A of the abovesaid act was held unconstitutional by the Apex Court in the
case Shreya Singhal v. UOI (2015).

This section provided punishment for sending offensive messages through

communication service, etc.
Cyber crimes with IPC implications
Apart from punishments in IT Act, 2000, there are certain crimes that are attracted by IPC
provisions as well. The following is the enumeration of the IPC provisions along with various
cyber crimes that are attracted by respective Sections and the punishment for the same.

Section 292 of IPC: Although this Section was drafted to deal with the sale of obscene
material, it has evolved in the current digital era to be concerned with various cybercrimes.
The publication and transmission of obscene material or sexually explicit act or exploit acts
containing children, etc which are in electronic form are also governed by this section.
Though the crimes mentioned above seem to be alike, they are recognized as different crimes
by the IT Act and IPC. The punishment imposed upon the commission of such acts is
imprisonment and fine up to 2 years and Rs. 2000. If any of the aforementioned crimes are
committed for the second time, the imprisonment could be up to 5 years and the fine could be
imposed up to Rs. 5000.

Section 354C of IPC: The cybercrime dealt with under this provision is capturing or
publication of a picture of private parts or acts of a woman without such person’s consent.
This section exclusively deals with the crime of ‘voyeurism’ which also recognizes watching
such acts of a woman as a crime. If the essentials of this Section (such as gender) are not
satisfied, Section 292 of IPC and Section 66E of IT Act, 2000 is broad enough to take the
offenses of a similar kind into consideration. The punishment includes 1 to 3 years of
imprisonment for first-time offenders and 3 to 7 years for second-time offenders.

Section 354D of IPC: This section describes and punishes ‘stalking’ including both physical
and cyberstalking. If the woman is being monitored through electronic communication,
internet, or email or is being bothered by a person to interact or contact despite her
disinterest, it amounts to cyber-stalking. The latter part of the Section states the punishment
for this offense as imprisonment extending up to 3 years for the first time and 5 years for the
second time along with a fine imposed in both the instances. In the case of Kalandi Charan
Lenka v. The State of Odisha, the victim received certain obscene messages from an
unknown number which are damaging her character. Moreover, emails were sent and the fake
Facebook account was created by the accused which contained morphed pictures of the
victim. Hence, the accused was found prima facie guilty for cyberstalking by the High Court
under various provisions of IT Act and Section 354D of IPC
Section 379 of IPC: If a mobile phone, the data from that mobile or the computer hardware is
stolen, Section 379 comes into the picture and the punishment for such crime can go up to 3
years of imprisonment or fine or both. But the attention must be given to the fact that these
provisions cannot be applied in case the special law i.e IT Act, 2000 provisions are attracted.
In this regard, in the case of Gagan Harsh Sharma v. The State of Maharashtra, one of the
employers found that the software and data were stolen and someone has breached the
computers and gave access to sensitive information to the employees. The employer gave
information to the police and they filed a case under Section 379, 408, and Section 420 of
IPC and various other IT Act provisions. The question in front of the court is whether the
police can file a case under IPC or not. The court decided that the case cannot be filed based
on the IPC provisions as the IT Act has an overriding effect.

Section 411 of IPC: This deals with a crime that follows the offenses committed and
punished under Section 379. If anyone receives a stolen mobile phone, computer, or data
from the same, they will be punished in accordance with Section 411 of IPC. It is not
necessary that the thief must possess the material. Even if it is held by a third party knowing
it to be others, this provision will be attracted. The punishment can be imposed in the form of
imprisonment which can be extended up to 3 years or fine or both.

Section 419 and Section 420 of IPC: These are related provisions as they deal with frauds.
The crimes of password theft for the purpose of meeting fraudulent objectives or the creation
of bogus websites and commission of cyber frauds are certain crimes that are extensively
dealt with by these two sections of IPC. On the other hand, email phishing by assuming
someone’s identity demanding password is exclusively concerned with Section 419 of IPC.
The punishments under these provisions are different based upon the gravity of the
committed cybercrime. Section 419 carries a punishment up to 3 years of imprisonment or
fine and Section 420 carries up to 7 years of imprisonment or fine.

Section 465 of IPC: In the usual scenario, the punishment for forgery is dealt with in this
provision. In cyberspace, the offenses like email spoofing and preparation of false documents
are dealt with and punished under this Section which imbibes the imprisonment reaching up
to 2 years or fine or both. In the case of Anil Kumar Srivastava v. Addl Director, MHFW, the
petitioner electronically forged signature of AD and later filed a case making false allegations
about the same person. The Court held that the petitioner was liable under Section 465 as
well as under Section 471 of IPC as the petitioner also tried to use it as a genuine document.
Section 468 of IPC: If the offenses of email spoofing or the online forgery are committed for
the purpose of committing other serious offenses i.e cheating, Section 468 comes into the
picture which contains the punishment of seven years of imprisonment or fine or both.

Section 469 of IPC: If the forgery is committed by anyone solely for the purpose of
disreputing a particular person or knowing that such forgery harms the reputation of a person,
either in the form of a physical document or through online, electronic forms, he/she can be
imposed with the imprisonment up to three years as well as fine.

Section 500 of IPC: This provision penalizes the defamation of any person. With respect to
cybercrimes, sending any kind of defamatory content or abusive messages through email will
be attracted by Section 500 of IPC. The imprisonment carried with this Section extends up to
2 years along with fine.

Section 504 of IPC: If anyone threatens, insults, or tries to provoke another person with the
intention of effecting peace through email or any other electronic form, it amounts to an
offense under Section 504 of IPC. The punishment for this offense extends up to 2 years of
imprisonment or fine or both.

Section 506 of IPC: If a person tries to criminally intimidate another person either physically
or through electronic means with respect to the life of a person, property destruction through
fire or chastity of a woman, it will amount to an offense under Section 506 of IPC and
punishment of imprisonment where the maximum period is extended up to seven years or
fine or both.

Section 509 of IPC: This Section deals with the offense of uttering a word, showing a gesture,
and committing an act that has the potential to harm the modesty of a woman. It also includes
the sounds made and the acts committed infringing the privacy of a woman. If this offense is
committed either physically or through electronic modes, Section 509 gets attracted and the
punishment would be imprisonment of a maximum period of one year or fine or both.
Conclusion
The IT Act and the Rules promulgated thereunder regulate the cyber law regime. When the
IT Act is unable to provide for any specific sort of offence or if it does not include exhaustive
provisions with regard to an offence, one may also turn to the provisions of the Indian Penal
Code, 1860. However, the current cyber law system is still insufficient to cope with the wide
range of cybercrimes that exist. With the country advancing towards the ‘Digital India’
movement, cybercrime is continuously developing, and new types of cybercrime are being
added to the cyber law regime on a daily basis. So, there is a need to bring some amendments
to the laws to reduce such crimes.

As we already know for a fact that the IT Act, 2000 has an overriding effect
over the IPC provisions while governing the cybercrimes, there are a lot of instances where
IPC provisions are applied based on the subjective circumstances of every case. Though some
people feel that IPC should not have a realm to govern cybercrimes, there are numerous
cybercrimes that are not extensively dealt by the IT Act, 2000. Hence, after the due
amendments are made to the IT Act which contains with respect to every cybercrime, then
the IPC can be withdrawn from governing in the domain of cybercrimes. India has strict
cybercrime penalties under the IT Act aimed at punishing cyber criminals, deterring would-
be offenders and protecting internet users
Bilbliography

BOOK REFERENCES LIST -

1. Information Technology Law and Practice by Vakul Sharma.

2. Cyber Law - An exhaustive section wise Commentary on The Information Technology Act
along with Rules, Regulations, Policies . by Pavan Duggal

3. The Indian Penal Code , 1860 By KD GAUR .

4. BARE ACT The Indian Penal Code ,1860 .

--------------- O ------------------
WEBLIOGRAPHY
WEBSITE REFERENCES

1 . https://byjus.com/cybercrime/ Last Visited On 27.05.2024 21:45

2. https://www.legalserviceindia.com/legal/article-4998-cyber-crime-in-india-an-
overview.html

Last Visited On 28.05.2024 17:51

3. https://blog.ipleaders.in/critical-analysis-cybercrime-india/

Last Visited On 28.05.2024 13:26

4. https://www.techtarget.com/searchsecurity/definition/cybercrime

Last Visited On 21.05.2024 17:20

5. https://www.pandasecurity.com/en/mediacenter/types-of-cybercrime/

Last Visited On 28.05.2024 16:01

6. https://cybercrime.gov.in/Webform/Crime_OnlineSafetyTips.aspx

Last Visited On 29.05.2024 16:25

7. https://www.writinglaw.com/rise-of-cybercrime-in-india/#measures

Last Visited On 27.05.2024 09:15

8. https://economictimes.indiatimes.com/news/india/more-cyber-fraud-cases-getting-
detected-in-india-due-to-enhanced-vigil-says-amit-shah/articleshow/110494308.cms?
utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst

Last Visited On 27.05.2024 07:15

--------------- O ------------------