India: Cyber Crimes “an unlawful act where in the computer is either a tool or a target or both”

– In Indian Legal Perspective
Last Updated: 24 September 2004
Article by Rajkumar Dubey

Introduction:

The glares of radiant brains have overshadowed the artificial bodily shines. An un-ending pursuit for excellence has stretched the dimensions of research to the limits in either direction. The modern world has witnessed successful amalgamation of bright minds and brighter machines making destinations unseen henceforth closer than ever before.

Research is not restricted to working on a fixed path. Science being a sympathetic mother do not deny those who attempted research in the reverse direction. The corollary was emergence of an era of crimes better known as "Cyber Crimes". The challenges before the inventors in the present century changed likewise to finding means to restrict such crimes.

It is worthwhile to note here that the first cyber crime took place as early as in the year 1820. The crimes have however gained momentum in India only in the recent past. As an upshot, the Indian Parliament gave effect to a resolution of the General Assembly of the United Nations for adoption of a Model Law on Electronic Commerce. The consequence was the passing of Information Technology Act 2000. The Act aims to regulate and legalize E-Commerce and take cognizance of offences arising there from.

Definition:

The Cambridge dictionary defines Cyber Crimes as Crimes committed with the use of computers or relating to computers, especially through the Internet. Universally, Cyber Crime is understood as "an unlawful act where in the computer is either a tool or a target or both".

Cyber Crimes are different from conventional crimes as in cyber crimes; the crime is committed in an electronic medium and here mens rea is not a requirement but is rather a general rule under the penal provisions of the Information Technology Act. The element of mens rea in Internet crimes is that the offender must have been aware at the time of causing the computer to perform the function that the access thus intended to be secured was unauthorized.

Classification of Cyber Crimes:

The Information Technology Act deals with the following cyber crimes along with others:

Tampering with computer source documents:

A person who knowingly or intentionally, conceals (hides or keeps secret), destroys (demolishes or reduces), alters (change in characteristics) or causes another to conceal, destroy, and alter any computer source code used for a computer, computer program, computer system or computer network, when the computer source code is required to be kept or maintained by law is punishable.

For instance, hiding the C.D.ROM in which the source code files are stored, making a C File into a CPP File or removing the read only attributes of a file.

Hacking:

Hacking is usually understood to be the unauthorized access of a computer system and networks. Originally, the term "hacker" describes any amateur computer programmer who discovered ways to make software run more efficiently. Hackers usually "hack" on a problem until they find a solution, and keep trying to make their equipment work in new and more efficient ways. A hacker can be a Code Hacker, Cracker or a Cyber Punk.

Whoever with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person destroys or deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by means is said to commit hacking.

Publishing of information, which is obscene in electronic form:

A person who publishes or transmits or causes to be published in the electronic form, any material which is lascivious, or if its effect is such as to tend to deprave and corrupt persons who are likely to read, see or hear the matter contained or embodied in it, is liable to punishment. The important ingredients of such an offence are publishing (make generally known or issue copies for sale to public), or transmitting (transfer or be a medium for), or causing to be published (to produced the effect of publishing), pornographic material in the electronic form.

Child Pornography:

Child Pornography is a part of cyber pornography but it is such a grave offence that it is individually also recognized as a cyber crime. The Internet is being highly used by its abusers to reach and abuse children sexually, worldwide. The Internet is very fast becoming a household commodity in India. Its explosion has made the children a viable victim to the cyber crime. As more homes have access to Internet, more children would be using the Internet and more are the chances of falling victim to the aggression of pedophiles. The pedophiles use their false identity to trap children and even contact them in various chat rooms where they befriend them and gain personal information from the innocent preys. They even start contacting children on their e-mail addresses. These pedophiles drag children to the net for the purpose of sexual assault or so as to use them as a sex object.

Accessing protected system:

Any unauthorized person who secures access or attempts to secure access to a protected system is liable to be punished with imprisonment and may also be liable to fine.

Breach of confidentiality and privacy :

Any person who, secures access to any electronic record, book, register, correspondence, information, document or other material without the consent of the person concerned or discloses such electronic record, book, register, correspondence, information, document or other material to any other person shall be liable to be punished under the Information Technology Act.

The following is a table showing the various offences under the Information Technology Act, 2000 together with their respective punishments:

S.No

Offence

Punishment

1.

Tampering with computer source document

Imprisonment up to 3 years, Fine up to 2 lakh rupees.

2.

Hacking with computer system

- DO -

3.

Failure to comply with direction of the controller

- DO -

4.

Breach of confidentiality or privacy

Imprisonment up to 2 years, Fine up to one lakh rupees.

5.

Publishing false digital certificate

- DO -

6.

Publishing digital certificate for fraudulent purposes

- DO -

7.

Misrepresentation or suppression of material facts

- DO -

8.

Failure to assist to decrypt information

Imprisonment up to 7 years

9.

Securing access to protected system

Imprisonment up to 10 years and fine

10.

Publishing Information which is obscene

1st conviction – imprisonment up to 5 years and fine up to one lakh rupees.
2nd conviction – imprisonment up to 10 years and fine up to two lakh rupees.

Cyber crimes other than those mentioned under the IT Act

CyberStalking

Although there is no universally accepted definition of cyberStalking, it is generally defined as the repeated acts of harassment or threatening behavior of the cyber criminal towards the victim by using Internet services. Stalking in General terms can be referred to as the repeated acts of harassment targeting the victim such as following the victim, making harassing phone calls, killing the victims pet, vandalizing victims property, leaving written messages or objects. Stalking may be followed by serious violent acts such as physical harms to the victim. It all depends on the course of conduct of the stalker.

Cybersquatting

Cybersquatting is the obtaining of a domain name in order to seek payment from the owner of the trademark, (including business name, trade name, or brand name), and may include typosquatting (where one letter is different).

A trademark owner can prevail in a cybersquatting action by showing that the defendant, in bad faith and with intent to profit, registered a domain name consisting of the plaintiff's distinctive trademark. Factors to determine whether bad faith exists are the extent to which the domain name contains the registrant's legal name, prior use of the domain name in connection with the sale of goods and services, intent to divert customers from one site to another and use of false registration information and the registrant's offer to sell the domain name back to the trademark owner for more than out-of -pocket expenses.

Data Diddling

This kind of an attack involves altering the raw data just before a computer processes it and then changing it back after the processing is completed.

The NDMC Electricity Billing Fraud Case that took place in 1996 is a typical example. The computer network was used for receipt and accounting of electricity bills by the NDMC, Delhi. Collection of money, computerized accounting, record maintenance and remittance in the bank were exclusively left to a private contractor who was a computer professional. He misappropriated huge amount of funds by manipulating data files to show less receipts and bank remittances.

Cyber Defamation

Any derogatory statement, which is designed to injure a person's business or reputation, constitutes cyber defamation. Defamation can be accomplished as libel or slander. Cyber defamation occurs when defamation takes place with the help of computers and / or the Internet. E.g. someone publishes defamatory matter about someone on a website or sends e-mails containing defamatory information to all of that person’s friends.

Trojan Attack

A Trojan, the program is aptly called an unauthorized program which functions from inside what seems to be an authorized program, thereby concealing what it is actually doing.

Forgery

Counterfeit currency notes, postage and revenue stamps, mark sheets etc can be forged using sophisticated computers, printers and scanners. It is very difficult to control such attacks. For e.g. across the country students buy forged mark sheets for heavy sums to deposit in college.

Financial crimes

This would include cheating, credit card frauds, money laundering etc. such crimes are punishable under both IPC and IT Act. A leading Bank in India was cheated to the extent of 1.39 crores due to misappropriation of funds by manipulation of computer records regarding debit and credit accounts.

Internet time theft

This con notes the usage by an unauthorized person of the Internet hours paid for by another person. This kind of cyber crime was unheard until the victim reported it. This offence is usually covered under IPC and the Indian Telegraph Act.

Virus/worm attack

Virus is a program that attaches itselves to a computer or a file and then circulates to other files and to other computers on a network. They usually affect the data on a computer, either by altering or deleting it. Worms, unlike viruses do not need the host to attach themselves to. They merely make functional copies of themselves and do this repeatedly till they eat up all the available space on a computer's memory.

E-mail spoofing

It is a kind of e-mail that appears to originate from one source although it has actually been sent from another source. Such kind of crime can be done for reasons like defaming a person or for monetary gain etc. E.g. if A sends email to B’s friend containing ill about him by spoofing B’s email address, this could result in ending of relations between B and his friends.

Email bombing

Email bombing means sending large amount of mails to the victims as a result of which their account or mail server crashes. The victims of email bombing can vary from individuals to companies and even the email service provider.

Salami attack

This is basically related to finance and therefore the main victims of this crime are the financial institutions. This attack has a unique quality that the alteration is so insignificant that in a single case it would go completely unnoticed. E.g. a bank employee inserts a programme whereby a meager sum of Rs 3 is deducted from customers account. Such a small amount will not be noticeable at all.

Web Jacking

This term has been taken from the word hijacking. Once a website is web jacked the owner of the site looses all control over it. The person gaining such kind of an access is called a hacker who may even alter or destroy any information on the site.

The Concept of Cyber Terrorism

Cyber crime and cyber terrorism are both crimes of the cyber world. The difference between the two however is with regard to the motive and the intention of the perpetrator.

While a cyber crime can be described simply as an unlawful act wherein the computer is either a tool or a target or both, cyber terrorism deserves a more detailed definition. One can define cyber terrorism as a premeditated use of disruptive activities or the threat thereof, in cyber space, with the intention to further social, ideological, religious, political or similar objectives, or to intimidate any person in furtherance of such objectives.

Tools of Cyber Terrorism:

Cyber terrorists use various tools and methods to unleash their terrorism. Some of the major tools are as follows:

  1. Hacking
  2. Cryptography
  3. Trojan Attacks
  4. Computer worms
  5. Computer viruses
  6. Denial of service attacks
  7. E-mail related crimes

Motives behind any Attacks are:

  1. Putting the public or any section of the public in fear; or
  2. Affecting adversely the harmony between different religious, racial, language or regional groups or castes or communities; or
  3. Coercing or overawing the government established by law; or
  4. Endangering the sovereignty and integrity of the nation.

Cyber Criminals

Any person who commits an illegal act with a guilty intention or commits a crime is called an offender or a criminal. In this context, any person who commits a Cyber Crime is known as a Cyber Criminal. The Cyber Criminals may be children and adolescents aged b/w 6-18 years, they may be organized hackers, may be professional hackers or crackers, discontented employees, cheaters or even psychic persons.

Target of Cyber Crime

Cyber Crime being a serious threat not only targets the person and property but the organization at large;

Individual

|

…………………………………………………………………………..

|                                                                                   |

               Person                                                                          Property

|                                                                                   |

   Defamation, email                                                    Intellectual Property Crimes

spoofing, unauthorized                                                   Netrespass, transmitting

      access/control.                                                                       Virus etc.

 

 

Organization

|

……..………………………………………………………………………………………

|                                                |                                                 |

           Government                                Firm/Company                                    Society

|                                                |                                                 |

Cyber Terrorism                     Distribution of pirated                     Pornography, Financial

Etc                                     software etc                                    Crimes etc

Adjudicating Authorities:

The Information Technology Act provides for appointment of a Controller of Certifying Authorities as also the Deputy and Assistant Controllers. The main functions of the Controller are to license, certify, monitor and oversee the activities of the certifying authorities. Also, failure to comply with the direction of the Controller would lead to serious consequences.

The Information Technology Act also provides for the establishment of appellate tribunals known as Cyber Regulations Appellate Tribunal (CRAT). It provides that any person who is aggrieved by an order made by the Controller or Adjudicating officer may file an appeal with the CRAT. The CRAT is required to follow the principles of natural justice in deciding matters and has the same powers as are vested in the civil court under the Code of Civil Procedure, 1908. Any person who is aggrieved by the decision or the order of the CRAT may file an appeal to the High Court on any question of fact or law. The CRAT and the Adjudicating officer have the exclusive jurisdiction to entertain any suit and no injunction can be granted by any court or other authority against the action taken by them under the Act.

Jurisdictional Procedure

Jurisdiction is the power of the court to hear and determine a case, in the absence of which the judgment is impotent and ineffective. The basic problem with the Internet Jurisdiction is the presence of multiple parties in different parts of the world. Therefore in Internet it is difficult to establish with certainty as to the place where the defendant resides or where the cause of action took place. The popular contention is for the establishment of the ‘Law of Cyber Space’ thereby making Earth as the Jurisdictional venue for all Internet Crimes and related matters.

The Information Technology Act, 2000 extends to whole of India and also envisages any offence or contravention there under committed outside India by any person. Thus it confers extra-territorial jurisdiction on Indian courts and empowers them to take cognizance of offences committed outside India even by foreign nationals provided that such offence involves a computer, computer system on computer network located in India.

Further, any person irrespective of his territorial location and nationality using a computer located in India to commit an offence or contravention outside India is also liable under the Information Technology Act.

Cyber Crime Investigation Cell

The Central Bureau of Investigation (C.B.I) in India set up a ‘Cyber Crime Investigation Cell’ and "Cyber Crime Research &Development Unit" (CCRDU) to collect and collate information on cyber crimes reported from different parts of the country.

The function of this is to liaise with State Police and other enforcement agencies and to collect information on cases of Cyber Crime reported to them for investigation and also find out about the follow-up action taken in each case. The Unit liaises with software experts to identify areas that require attention of State Police for prevention & detection of such crimes with a view to train them for the task. It collects information on the latest cases reported in other countries and the innovations employed by Police Forces in those countries to handle such cases.

Measures to Prevent Cyber Crime

The Information Technology Act 2000 was passed when the country was facing the problem of growing cyber crimes. Since the Internet is the medium for huge information and a large base of communications around the world, it is necessary to take certain precautions while operating it.

Any person who operates the net should always abide by and following principles:

  • He should not disclose any personal information to any one and especially to strangers.
  • Updated and latest anti-virus software should be used to protect the computer system against virus attacks.
  • While chatting on the net one should avoid sending photographs to strangers along with personal data as it can be misused.
  • Backup volumes of the data should always be kept to prevent loss from virus contamination.
  • Children should be prevented from accessing obscene sites by the parents to protect them from spoiling their mind and career.
  • A credit card number shall never be sent to an unsecured site to prevent fraud or cheating.
  • Effort shall be made to make a security code and program to guard the computer system from misuse.
  • Routers and firewalls can be used to protect the computer network.
  • A check should be kept on the functioning of cyber cafes and any mishappening shall be reported to the concerned authorities.
  • Efforts should be made to discourage misuse of computers and access to unauthorized data.

Conclusions:

Change is the essence of life. What seems impeccable and indestructible today might not remain the same tomorrow. Internet, being a global phenomenon is bound to attract many crimes. India has taken a key step in curbing Cyber Crimes by the enactment of the Information Technology Act and by giving exclusive powers to the police and other authorities to tackle such crimes.

Similar efforts have been made by various countries to fight this menace by enacting national legislations but in the long run, they may not prove to be as beneficial as desired. An effort is still wanted to formulate an international law on the use of Internet to curb this imminent danger of Cyber Crimes and to achieve a crime free Cyber Space. Prevention they say is the best cure. Cyber laws aim to prevent cyber crimes through the use of penal provisions. A great deal however needs to be done before Cyber laws can stand a fair chance to influence the modern world in the much anticipated manner.

Disclaimer

Actual resolution of legal issues depends upon many factors, including variations of fact and laws of the land. Though the firm has taken utmost care in the preparation of this article, the information contained herein is not intended to constitute any legal advice and the firm cannot accept any responsibility towards those who rely solely on the contents of this article without taking further specialist advice. The reader should always consult with legal counsel before taking action on matters covered by this article.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

Authors
 
In association with
Related Topics
 
Related Articles
 
Related Video
Up-coming Events Search
Tools
Print
Font Size:
Translation
Channels
Mondaq on Twitter
 
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
 
Email Address
Company Name
Password
Confirm Password
Position
Mondaq Topics -- Select your Interests
 Accounting
 Anti-trust
 Commercial
 Compliance
 Consumer
 Criminal
 Employment
 Energy
 Environment
 Family
 Finance
 Government
 Healthcare
 Immigration
 Insolvency
 Insurance
 International
 IP
 Law Performance
 Law Practice
 Litigation
 Media & IT
 Privacy
 Real Estate
 Strategy
 Tax
 Technology
 Transport
 Wealth Mgt
Regions
Africa
Asia
Asia Pacific
Australasia
Canada
Caribbean
Europe
European Union
Latin America
Middle East
U.K.
United States
Worldwide Updates
Registration (you must scroll down to set your data preferences)

Mondaq Ltd requires you to register and provide information that personally identifies you, including your content preferences, for three primary purposes (full details of Mondaq’s use of your personal data can be found in our Privacy and Cookies Notice):

  • To allow you to personalize the Mondaq websites you are visiting to show content ("Content") relevant to your interests.
  • To enable features such as password reminder, news alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our content providers ("Contributors") who contribute Content for free for your use.

Mondaq hopes that our registered users will support us in maintaining our free to view business model by consenting to our use of your personal data as described below.

Mondaq has a "free to view" business model. Our services are paid for by Contributors in exchange for Mondaq providing them with access to information about who accesses their content. Once personal data is transferred to our Contributors they become a data controller of this personal data. They use it to measure the response that their articles are receiving, as a form of market research. They may also use it to provide Mondaq users with information about their products and services.

Details of each Contributor to which your personal data will be transferred is clearly stated within the Content that you access. For full details of how this Contributor will use your personal data, you should review the Contributor’s own Privacy Notice.

Please indicate your preference below:

Yes, I am happy to support Mondaq in maintaining its free to view business model by agreeing to allow Mondaq to share my personal data with Contributors whose Content I access
No, I do not want Mondaq to share my personal data with Contributors

Also please let us know whether you are happy to receive communications promoting products and services offered by Mondaq:

Yes, I am happy to received promotional communications from Mondaq
No, please do not send me promotional communications from Mondaq
Terms & Conditions

Mondaq.com (the Website) is owned and managed by Mondaq Ltd (Mondaq). Mondaq grants you a non-exclusive, revocable licence to access the Website and associated services, such as the Mondaq News Alerts (Services), subject to and in consideration of your compliance with the following terms and conditions of use (Terms). Your use of the Website and/or Services constitutes your agreement to the Terms. Mondaq may terminate your use of the Website and Services if you are in breach of these Terms or if Mondaq decides to terminate the licence granted hereunder for any reason whatsoever.

Use of www.mondaq.com

To Use Mondaq.com you must be: eighteen (18) years old or over; legally capable of entering into binding contracts; and not in any way prohibited by the applicable law to enter into these Terms in the jurisdiction which you are currently located.

You may use the Website as an unregistered user, however, you are required to register as a user if you wish to read the full text of the Content or to receive the Services.

You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these Terms or with the prior written consent of Mondaq. You may not use electronic or other means to extract details or information from the Content. Nor shall you extract information about users or Contributors in order to offer them any services or products.

In your use of the Website and/or Services you shall: comply with all applicable laws, regulations, directives and legislations which apply to your Use of the Website and/or Services in whatever country you are physically located including without limitation any and all consumer law, export control laws and regulations; provide to us true, correct and accurate information and promptly inform us in the event that any information that you have provided to us changes or becomes inaccurate; notify Mondaq immediately of any circumstances where you have reason to believe that any Intellectual Property Rights or any other rights of any third party may have been infringed; co-operate with reasonable security or other checks or requests for information made by Mondaq from time to time; and at all times be fully liable for the breach of any of these Terms by a third party using your login details to access the Website and/or Services

however, you shall not: do anything likely to impair, interfere with or damage or cause harm or distress to any persons, or the network; do anything that will infringe any Intellectual Property Rights or other rights of Mondaq or any third party; or use the Website, Services and/or Content otherwise than in accordance with these Terms; use any trade marks or service marks of Mondaq or the Contributors, or do anything which may be seen to take unfair advantage of the reputation and goodwill of Mondaq or the Contributors, or the Website, Services and/or Content.

Mondaq reserves the right, in its sole discretion, to take any action that it deems necessary and appropriate in the event it considers that there is a breach or threatened breach of the Terms.

Mondaq’s Rights and Obligations

Unless otherwise expressly set out to the contrary, nothing in these Terms shall serve to transfer from Mondaq to you, any Intellectual Property Rights owned by and/or licensed to Mondaq and all rights, title and interest in and to such Intellectual Property Rights will remain exclusively with Mondaq and/or its licensors.

Mondaq shall use its reasonable endeavours to make the Website and Services available to you at all times, but we cannot guarantee an uninterrupted and fault free service.

Mondaq reserves the right to make changes to the services and/or the Website or part thereof, from time to time, and we may add, remove, modify and/or vary any elements of features and functionalities of the Website or the services.

Mondaq also reserves the right from time to time to monitor your Use of the Website and/or services.

Disclaimer

The Content is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements or provide advice on which reliance should be placed. Mondaq and/or its Contributors and other suppliers make no representations about the suitability of the information contained in the Content for any purpose. All Content provided "as is" without warranty of any kind. Mondaq and/or its Contributors and other suppliers hereby exclude and disclaim all representations, warranties or guarantees with regard to the Content, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. To the maximum extent permitted by law, Mondaq expressly excludes all representations, warranties, obligations, and liabilities arising out of or in connection with all Content. In no event shall Mondaq and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of the Content or performance of Mondaq’s Services.

General

Mondaq may alter or amend these Terms by amending them on the Website. By continuing to Use the Services and/or the Website after such amendment, you will be deemed to have accepted any amendment to these Terms.

These Terms shall be governed by and construed in accordance with the laws of England and Wales and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms. If you live outside the United Kingdom, English law shall apply only to the extent that English law shall not deprive you of any legal protection accorded in accordance with the law of the place where you are habitually resident ("Local Law"). In the event English law deprives you of any legal protection which is accorded to you under Local Law, then these terms shall be governed by Local Law and any dispute or claim arising out of or in connection with these Terms shall be subject to the non-exclusive jurisdiction of the courts where you are habitually resident.

You may print and keep a copy of these Terms, which form the entire agreement between you and Mondaq and supersede any other communications or advertising in respect of the Service and/or the Website.

No delay in exercising or non-exercise by you and/or Mondaq of any of its rights under or in connection with these Terms shall operate as a waiver or release of each of your or Mondaq’s right. Rather, any such waiver or release must be specifically granted in writing signed by the party granting it.

If any part of these Terms is held unenforceable, that part shall be enforced to the maximum extent permissible so as to give effect to the intent of the parties, and the Terms shall continue in full force and effect.

Mondaq shall not incur any liability to you on account of any loss or damage resulting from any delay or failure to perform all or any part of these Terms if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control of Mondaq. Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, server and network failure, riots, acts of war, earthquakes, fire and explosions.

By clicking Register you state you have read and agree to our Terms and Conditions