Cyber Crime

Meaning
Cybercrime is a broad term that is used to define criminal activity in which computers or
computer networks are a tool, a target, or a place of criminal activity and includes everything from
electronic wracking to denial-of-service attacks.
It is a general term that covers crimes like phishing, Credit card fraud, bank robbery, illegal
downloading, industrial espionage, child pornography, kidnapping children via chat rooms, scams,
cyber terrorism, creation and or distribution of viruses, spam, and so on.
It also covers traditional crimes in which computers or networks are used to enable illicit
activity. Cybercrime is increasing day by day, nowadays it has become a new fashion to earn money
by fraud calls or to take revenge through hacking other accounts.

Types Of Cybercrimes

A. Crimes against persons are:

 Cyberstalking is to create a physical threat that creates fear of using computer
technology such as the internet, e-mail, phones, text messages, webcams, websites,
or videos.
 Dissemination of Obscene Material includes Indecent exposure/ Pornography
(basically child pornography) and hosting the website containing these prohibited
materials. These obscene matters may cause harm to the mind of the adolescent and
tend to deprave or corrupt their mind.
 Defamation is an act of imputing any person to lower the dignity of the person by
hacking his mail account and sending some emails by using vulgar language to an
unknown person’s mail account.
 Hacking means unauthorized control/access over a computer system and the act of
hacking destroys the whole data as well as computer programs. Hackers usually hack
telecommunication and mobile network.
 Cracking means that a stranger has broken into your computer systems without your
knowledge and consent and has tampered with precious confidential data and
information.
 E-Mail Spoofing: A spoofed e-mail may be said to be one, which misrepresents its
origin. It shows its origin to be different from which it originates.
 SMS Spoofing is blocking through spam which means unwanted uninvited
messages. The wrongdoer steals the mobile phone number of any person and sends
an SMS via the internet and the receiver gets the SMS from the mobile phone
number of the victim. It is a very serious cybercrime against any individual.
 Carding means false ATM cards i.e., Debit and Credit cards used by criminals for
their monetary benefits through withdrawing money from the victim's bank account
mala-finely. There is always unauthorized use of ATM cards in this type of
cybercrime.
 Cheating & Fraud means the person who is doing the act of cybercrime i.e.,
stealing passwords and data storage has done it with having a guilty mind which
leads to fraud and cheating.
 Child Pornography involves the use of computer networks to create, distribute, or
access materials that sexually exploit underage children.
  Assault by Threat refers to threatening a person with fear for their lives or the lives
of their families through the use of a computer network i.e. E-mail, videos, or
phones.
B. Crimes against Property:
As there is rapid growth in international trade where businesses and consumers are increasingly
using computers to create, transmit and store information in electronic form instead of traditional
paper documents.

 Intellectual Property Crimes: Intellectual property consists of a bundle of rights.

Any unlawful act by which the owner is deprived completely or partially of his rights
is an offense. The common form of IPR violation may be said to be software piracy,
infringement of copyright, trademark, patents, designs and service mark violation,
theft of computer source code, etc.
 Cyber Squatting: It means where two persons claim for the same Domain Name
either by claiming that they had registered the name first on by right of using it
before the other or using something similar to that previously. For example, two
similar names i.e., www.yahoo.com and www.yaahoo.com.
 Cyber Vandalism: Vandalism means deliberately destroying or damaging the
property of another. Thus, cyber vandalism means destroying or damaging the data
when a network service is stopped or disrupted. It may include within its purview
any kind of physical harm done to the computer of any person. These acts may take
the form of the theft of a computer, some part of a computer, or a peripheral attached
to the computer.
 Hacking Computer System: Hacktivism attacks those including Famous Twitter
and blogging platforms by unauthorized access/control over the computer. Due to the
hacking activity, there will be a loss of data as well as computers. Also, research
especially indicates that those attacks were not mainly intended for financial gain too
and to diminish the reputation of a particular person or company.
 Transmitting Virus: Viruses are programs that attach themselves to a computer or a
file and then circulate themselves to other files and other computers on a network.
They usually affect the data on a computer, either by altering or deleting it. Worm
attacks play a major role in affecting the computerized system of individuals.
 Cyber Trespass: It means to access someone's computer without the right
authorization of the owner and does not disturb, alter, misuse, or damage data or
system by using a wireless internet connection.
 Internet Time Thefts: Basically, Internet time theft comes under hacking. It is the
use by an unauthorized person, of the Internet hours paid for by another person. The
person who gets access to someone else's ISP user ID and password, either by
hacking or by gaining access to it by illegal means, uses it to access the Internet
without the other person's knowledge. You can identify time theft if your Internet
time has to be recharged often, despite infrequent usage.

C. Cybercrimes against Government

 Cyber Terrorism: Cyber terrorism is a major burning issue in the domestic as
well as a global concern. The common form of these terrorist attacks on the
Internet is distributed denial of service attacks, hate websites and hate e-mails,
attacks on sensitive computer networks, etc. Cyberterrorism activities endanger
the sovereignty and integrity of the nation.
  Cyber Warfare: It refers to politically motivated hacking to damage and spying.
It is a form of information warfare sometimes seen as analogous to conventional
warfare although this analogy is controversial for both its accuracy and its
political motivation.
 Distribution of pirated software: It means distributing pirated software from
one computer to another intending to destroy the data and official records of the
government.
 Possession of Unauthorized Information: It is very easy to access any
information by terrorists with the aid of the internet and to possess that
information for political, religious, social, and ideological objectives.

Cyber Laws:
In India, cyber laws are contained in the Information Technology Act, 2000 (“IT Act”)
which came into force on October 17, 2000. The main purpose of the Act is to provide legal
recognition to electronic commerce and to facilitate the filing of electronic records with the
Government.

 Section 65 – Tampering with computer Source Documents

A person who intentionally conceals destroys or alters any computer source code
(such as programs, computer commands, design and layout) when it is required to be
maintained by law commits an offense and can be punished with 3 years imprisonment or a
fine of 2 Lakhs INR or both.

 Section 66 - Using the password of another person

If a person fraudulently uses the password, digital signature or other unique
identification of another person, he/she can face imprisonment up to 3 years or/and a fine of
1 Lakh INR.

 Section 66D - Cheating Using computer resource

If a person cheats on someone using a computer resource or a communication
device, he/she could face imprisonment up to 3 years or/and a fine of up to 1 Lakh INR.

 Section 66E - Publishing Private Images of Others

If a person captures, transmits or publishes images of a person’s private parts without
his/her consent or knowledge, the person is entitled to imprisonment up to 3 years of fine up
to 2 Lakhs INR or both.

 Section 66F - Acts of cyber-Terrorism

A person can face life imprisonment if he/she denies an authorized person access to
the computer resource or attempts to penetrate/access a computer resource without
authorization, with an aim to threaten the unity, integrity, security or sovereignty of the
nation. This is a non-bailable offense.

 Section 67 - Publishing Child Porn or predating children online

If a person captures, publishes or transmits images of a child in a sexually explicit
act or induces anyone under the age of 18 into a sexual act, then the person can face
imprisonment for up to 7 years or a fine of up to 10 lakhs INR or both.
  Section 69 - Govt.'s Power to block websites
If the government feels it necessary in the interest of sovereignty and integrity of
India, it can intercept, monitor or decrypt any information generated, transmitted, received
or stored in any computer resource. The power is subject to compliance of procedure. Under
section 69A, the central government can also block any information from public access.

 Section 43A - Data protection at the corporate level

If a body corporate is negligent in implementing reasonable security practices which
cause wrongful loss or gain to any person, such body corporate shall be liable to pay
damages to the affected person.

Case Studies:

1. Pune Citibank MphasiS Call Canter Fraud

Some ex-employees of the BPO arm of MPhasiS Ltd MsourcE defrauded US
Customers of Citibank to the tune of Rs 1.5 crores. It was one of those cybercrime cases that
raised concerns of many kinds including the role of "Data Protection".
The crime was committed using "Unauthorized Access" to the "Electronic Account
Space" of the customers. It is therefore firmly within the domain of "Cyber Crimes".
IT-2000 is versatile enough to accommodate the aspects of crime not covered by
ITA-2000 but covered by other statutes since any IPC offense committed with the use of
"Electronic Documents" can be considered a crime with the use of "Written Documents".
"Cheating", "Conspiracy", "Breach of Trust", etc. are therefore applicable in the above case
in addition to the section in ITA-2000.
Under ITA-2000 the offense is recognized both under Section 66 and Section 43.
Accordingly, the persons involved are liable for imprisonment and fine as well as a liability
to pay damages to the victims to the maximum extent of Rs 1 crore per victim for which the
"Adjudication Process" can be invoked.

2. SONY.SAMBANDH.COM CASE
India saw its first cybercrime conviction in 2013. It all began after a complaint was
filed by Sony India Private Ltd, which runs a website called www.sony-sambandh.com,
targeting Non-Resident Indians. The website enables NRIs to send Sony products to their
friends and relatives in India after they pay for them online.
The company undertakes to deliver the products to the concerned recipients. In May
2002, according to the cybercrime case study, someone logged onto the website under the
identity of Barbara Campa and ordered a Sony Colour Television set and cordless
headphones. She gave her credit card number for payment and requested the products to be
delivered to Arif Azim in Noida. The payment was duly cleared by the credit card agency,
and the transaction was processed. After following the relevant procedures of due diligence
and checking, the company delivered the items to Arif Azim.
At the time of delivery, the company took digital photographs showing the delivery
being accepted by Arif Azim. The transaction closed at that, but after one and a half months
the credit card agency informed the company that this was an unauthorized transaction as
the real owner had denied having made the purchase.
 The company lodged a complaint about online cheating at the Central Bureau of
Investigation which registered a case under Sections 418, 419, and 420 of the Indian Penal
Code. The matter was investigated, and Arif Azim was arrested. Investigations revealed that
Arif Azim while working at a call center in Noida gained access to the credit card number of
an American national which he misused on the company's site.
The CBI recovered the color television and the cordless headphone, in this one-of-a-
kind cyber fraud case. In this matter, the CBI had evidence to prove their case, and so the
accused admitted his guilt. The court convicted Arif Azim under Section 418, 419, and 420
of the Indian Penal Code - this being the first time that cybercrime has been convicted.
The court, however, felt that as the accused was a young boy of 24 years and a first-
time convict, a lenient view needed to be taken. The court, therefore, released the accused
on probation for one year. The judgment is of immense significance for the entire nation.
Besides being the first conviction in a cybercrime matter, it has shown that the Indian Penal
Code can be effectively applied to certain categories of cybercrimes that are not covered
under the Information Technology Act 2000. Secondly, a judgment of this sort sends out a
clear message to all that the law cannot be taken for a ride.

3. The Bank NSP Case

One of the leading cybercrime cases is the Bank NSP case the one where a management trainee
of the bank was engaged to be married. The couple exchanged many emails using the company
computers. After some time, the two broke up and the girl created fraudulent email ids such as
"indianbarassociations" and sent emails to the boy's foreign clients. She used the bank’s
computer to do this. The boy's company lost a large number of clients and took the bank to
court. The bank was held liable for the emails sent using the bank's system.

4. Andhra Pradesh Tax Case

Dubious tactics of a prominent businessman, from Andhra Pradesh, were exposed
after officials of the department got hold of computers, used by the accused in one of the
many cyber fraud cases in India. The owner of a plastics firm was arrested and Rs 22 crore
in cash, was recovered from his house by sleuths of the Vigilance Department. They sought
an explanation from him regarding the unaccounted cash within 10 days.
The accused submitted 6,000 vouchers, to prove the legitimacy of trade and thought
his offense would go undetected but after scrutiny of the vouchers and contents of his
computers, it was revealed that all of them were made after the raids were conducted. It was
later revealed that the accused was running five businesses under the guise of one company
and used fake and computerized vouchers to show sales records and save tax.

5. Bazee.com case
The CEO of Bazee.com was arrested in December 2004 because a CD with
objectionable material was being sold on the website. The CD was also being sold in the
markets in Delhi.
The Mumbai Police and the Delhi Police got into action. The CEO was later released
on bail. This opened up the question as to what kind of distinction we draw between Internet
Service Provider and Content Provider. The burden rests on the accused that he was the
Service Provider and not the Content Provider. It also raises a lot of issues regarding how
the police should handle cybercrime cases.

6. State of Tamil Nadu Vs Suhas Katti

 The Case of Suhas Katti is notable for the fact that the conviction was achieved
successfully within a relatively quick time of 7 months from the filing of the FIR, making it
one of the notable cyberlaw cases in India. Considering that similar cases have been pending
in other states for a much longer time, the efficient handling of the case which happened to
be the first case of the Chennai Cyber Crime Cell going to trial deserves a special mention.
The case is related to the posting of obscene, defamatory, and annoying messages
about a divorced woman in the Yahoo message group. E-mails were also forwarded to the
victim for information by the accused through a false e-mail account opened by him in the
name of the victim. The posting of the message resulted in annoying phone calls to the lady
in the belief that she was soliciting.
Based on a complaint made by the victim in February 2004, the Police traced the
accused to Mumbai and arrested him within the next few days. The accused was a known
family friend of the victim and was reportedly interested in marrying her. She, however,
married another person. This marriage later ended in divorce, and the accused started
contacting her once again. On her reluctance to marry him, the accused took up harassment
through the Internet.
On 24-3-2004, a Charge Sheet was filed, u/s 67 of the IT Act 2000, 469 and 509 IPC
before The Hon'ble Addl. CMM Egmore by citing 18 witnesses and 34 documents and
material objects. The same was taken on file in C.C.NO.4680/2004. On the prosecution side,
12 witnesses were examined, and entire documents were marked as Exhibits.
The Defence argued, in this cybercrime case, that the offending emails would have
been given either by the ex-husband of the complainant or the complainant herself to
implicate the accused as the accused alleged to have turned down the request of the
complainant to marry her.
Further, the defense counsel argued that some of the documentary evidence was not
sustainable under Section 65 B of the Indian Evidence Act. However, the court relied upon
the expert witnesses, and other evidence produced before it, including the witnesses of the
Cyber Cafe owners, and concluded that the crime was proved.
Ld. Additional Chief Metropolitan Magistrate, Egmore, delivered the judgment on 5-
11-04 as follows: "The accused is found guilty of offenses under section 469, 509 IPC and
67 of the IT Act 2000, and the accused is convicted and sentenced for the offense to undergo
RI for 2 years, under 469 IPC, and to pay a fine of Rs.500/- and for the offense u/s 509 IPC
sentenced to undergo 1-year simple imprisonment and to pay a fine of Rs.500/- and for the
offense u/s 67 of the IT Act 2000 to undergo RI for 2 years and to pay a fine of Rs.4000/-.
All sentences to run concurrently."
The accused paid the fine amount, and he was lodged at Central Prison, Chennai.
This is considered the first case convicted under section 67 of the Information Technology
Act 2000 in India.

7. Nasscom vs. Ajay Sood & Others

In a landmark judgment in the case of the National Association of Software and
Service Companies vs. Ajay Sood & Others, delivered in March, '05, the Delhi High Court
declared 'phishing' on the internet to be an illegal act, entailing an injunction and recovery of
damages. A cybercrime case study has been conducted on the same.
Elaborating on the concept of 'phishing', to lay down a precedent in India, the court
stated that it is a form of internet fraud where a person pretends to be a legitimate
association, such as a bank or an insurance company to extract personal data from a
customer such as access codes, passwords, etc. Personal data so collected by
 misrepresenting the identity of the legitimate party is commonly used to the collecting
party's advantage.
The court also stated, by way of an example, that typical phishing scams involve
persons who pretend to represent online banks and siphon cash from e-banking accounts
after conning consumers into handing over confidential banking details.
The Delhi HC stated that, even though there is no specific legislation in India to
penalize phishing, it held phishing to be an illegal act, by defining it under Indian law as "a
misrepresentation made in the course of trade, leading to confusion, as to the source and
origin of the email causing immense harm, not only to the consumer but even to the person
whose name, identity or password is misused." The court held the act of phishing as passing
off and tarnishing the plaintiff's image.
The plaintiff, in this case, was the National Association of Software and Service
Companies (Nasscom), India's premier software association. The defendants were operating
a placement agency involved in headhunting and recruitment. To obtain personal data,
which they could use for purposes of headhunting, the defendants composed and sent emails
to third parties, in the name of Nasscom.
The high court recognized the trademark rights of the plaintiff and passed an ex-
parte ad interim injunction restraining the defendants from using the trade name or any other
name deceptively similar to Nasscom. The court further restrained the defendants from
holding themselves out as being associated with or a part of Nasscom.
The court appointed a commission to search the defendant’s premises. Two hard
disks of the computers, from which the fraudulent e-mails were sent by the defendants to
various parties, were taken into custody by the local commissioner appointed by the court.
The offending emails were then downloaded from the hard disks and presented as evidence
in court.
During the progress of the cyberlaw case in India, it became clear that the
defendants, in whose names the offending e-mails were sent, were fictitious identities
created by an employee on the defendants' instructions, to avoid recognition and legal
action. Upon discovery of this fraudulent act, fictitious names were deleted from the array of
parties as defendants in the case.
Subsequently, the defendants admitted to their illegal acts and the parties settled the
matter through the recording of a compromise in the suit proceedings. According to the
terms of the compromise, the defendants agreed to pay a sum of Rs1.6 million to the
plaintiff as damages for violation of the plaintiff's trademark rights. The court also ordered
the hard disks seized from the defendant’s premises to be handed over to the plaintiff who
would be the owner of the hard disks.
This case achieves clear milestones: It brings the act of "phishing" into the ambit of
Indian laws, even in the absence of specific legislation; it clears the misconception that there
is no "damage culture" in India for violation of IP rights. this case reaffirms IP owners' faith
in the Indian judicial system's ability and willingness to protect intangible property rights
and sends a strong message to IP owners that they can do business in India without
sacrificing their IP rights.

8. Cyber Attack on Cosmos Bank

In August 2018, the Pune branch of Cosmos bank was drained of Rs 94 crores, in an
extremely bold cyber-attack. By hacking into the main server, the thieves were able to
transfer the money to a bank in Hong Kong. Along with this, the hackers made their way
into the ATM server, to gain details of various VISA and Rupay debit cards.
 The switching system i.e. the link between the centralized system and the payment
gateway was attacked, meaning neither the bank nor the account holders caught wind of the
money being transferred.
According to the cybercrime case study internationally, a total of 14,000 transactions
were carried out, spanning 28 countries using 450 cards. Nationally, 2,800 transactions
using 400 cards were carried out.
This was one of its kind, and in fact, the first malware attack that stopped all
communication between the bank and the payment gateway.

9. Tampering with Computer Source Documents

In a case of manipulation, Tata Indicom employees were taken into custody for
tampering with the electronic 32-bit number (ESN) that is programmed into cell phones. The
theft was for Reliance Intercom. In a verdict on a later date, the court said that since the
source code was manipulated, it calls for the use of Section 65 under the Information
Technology Act.

10. BSNL, Unauthorized Access

In a leading cybercrime case, the Joint Academic Network (JANET) was hacked by
the accused, after which he denied access to the authorized users by changing passwords
along with deleting and adding files. Making it look like he was authorized personnel, he
made changes in the BSNL computer database in their internet users’ accounts.
When the CBI carried out investigations after registering a cybercrime case against
the accused, they found that the broadband Internet was being used without any
authorization. The accused used to hack into the server from various cities like Chennai and
Bangalore, amongst others. This investigation was carried out after the Press Information
Bureau, Chennai, filed a complaint.
In the verdict by the Additional Chief Metropolitan Magistrate, Egmore, Chennai,
the accused from Bangalore would be sent to prison for a year and will have to pay a fine of
Rs 5,000 under Section 420 IPC and Section 66 of the IT Act.