India: Cyber Crimes “an unlawful act where in the computer is either a tool or a target or both”

– In Indian Legal Perspective
Last Updated: 24 September 2004
Article by Rajkumar Dubey


The glares of radiant brains have overshadowed the artificial bodily shines. An un-ending pursuit for excellence has stretched the dimensions of research to the limits in either direction. The modern world has witnessed successful amalgamation of bright minds and brighter machines making destinations unseen henceforth closer than ever before.

Research is not restricted to working on a fixed path. Science being a sympathetic mother do not deny those who attempted research in the reverse direction. The corollary was emergence of an era of crimes better known as "Cyber Crimes". The challenges before the inventors in the present century changed likewise to finding means to restrict such crimes.

It is worthwhile to note here that the first cyber crime took place as early as in the year 1820. The crimes have however gained momentum in India only in the recent past. As an upshot, the Indian Parliament gave effect to a resolution of the General Assembly of the United Nations for adoption of a Model Law on Electronic Commerce. The consequence was the passing of Information Technology Act 2000. The Act aims to regulate and legalize E-Commerce and take cognizance of offences arising there from.


The Cambridge dictionary defines Cyber Crimes as Crimes committed with the use of computers or relating to computers, especially through the Internet. Universally, Cyber Crime is understood as "an unlawful act where in the computer is either a tool or a target or both".

Cyber Crimes are different from conventional crimes as in cyber crimes; the crime is committed in an electronic medium and here mens rea is not a requirement but is rather a general rule under the penal provisions of the Information Technology Act. The element of mens rea in Internet crimes is that the offender must have been aware at the time of causing the computer to perform the function that the access thus intended to be secured was unauthorized.

Classification of Cyber Crimes:

The Information Technology Act deals with the following cyber crimes along with others:

Tampering with computer source documents:

A person who knowingly or intentionally, conceals (hides or keeps secret), destroys (demolishes or reduces), alters (change in characteristics) or causes another to conceal, destroy, and alter any computer source code used for a computer, computer program, computer system or computer network, when the computer source code is required to be kept or maintained by law is punishable.

For instance, hiding the C.D.ROM in which the source code files are stored, making a C File into a CPP File or removing the read only attributes of a file.


Hacking is usually understood to be the unauthorized access of a computer system and networks. Originally, the term "hacker" describes any amateur computer programmer who discovered ways to make software run more efficiently. Hackers usually "hack" on a problem until they find a solution, and keep trying to make their equipment work in new and more efficient ways. A hacker can be a Code Hacker, Cracker or a Cyber Punk.

Whoever with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person destroys or deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by means is said to commit hacking.

Publishing of information, which is obscene in electronic form:

A person who publishes or transmits or causes to be published in the electronic form, any material which is lascivious, or if its effect is such as to tend to deprave and corrupt persons who are likely to read, see or hear the matter contained or embodied in it, is liable to punishment. The important ingredients of such an offence are publishing (make generally known or issue copies for sale to public), or transmitting (transfer or be a medium for), or causing to be published (to produced the effect of publishing), pornographic material in the electronic form.

Child Pornography:

Child Pornography is a part of cyber pornography but it is such a grave offence that it is individually also recognized as a cyber crime. The Internet is being highly used by its abusers to reach and abuse children sexually, worldwide. The Internet is very fast becoming a household commodity in India. Its explosion has made the children a viable victim to the cyber crime. As more homes have access to Internet, more children would be using the Internet and more are the chances of falling victim to the aggression of pedophiles. The pedophiles use their false identity to trap children and even contact them in various chat rooms where they befriend them and gain personal information from the innocent preys. They even start contacting children on their e-mail addresses. These pedophiles drag children to the net for the purpose of sexual assault or so as to use them as a sex object.

Accessing protected system:

Any unauthorized person who secures access or attempts to secure access to a protected system is liable to be punished with imprisonment and may also be liable to fine.

Breach of confidentiality and privacy :

Any person who, secures access to any electronic record, book, register, correspondence, information, document or other material without the consent of the person concerned or discloses such electronic record, book, register, correspondence, information, document or other material to any other person shall be liable to be punished under the Information Technology Act.

The following is a table showing the various offences under the Information Technology Act, 2000 together with their respective punishments:





Tampering with computer source document

Imprisonment up to 3 years, Fine up to 2 lakh rupees.


Hacking with computer system

- DO -


Failure to comply with direction of the controller

- DO -


Breach of confidentiality or privacy

Imprisonment up to 2 years, Fine up to one lakh rupees.


Publishing false digital certificate

- DO -


Publishing digital certificate for fraudulent purposes

- DO -


Misrepresentation or suppression of material facts

- DO -


Failure to assist to decrypt information

Imprisonment up to 7 years


Securing access to protected system

Imprisonment up to 10 years and fine


Publishing Information which is obscene

1st conviction – imprisonment up to 5 years and fine up to one lakh rupees.
2nd conviction – imprisonment up to 10 years and fine up to two lakh rupees.

Cyber crimes other than those mentioned under the IT Act


Although there is no universally accepted definition of cyberStalking, it is generally defined as the repeated acts of harassment or threatening behavior of the cyber criminal towards the victim by using Internet services. Stalking in General terms can be referred to as the repeated acts of harassment targeting the victim such as following the victim, making harassing phone calls, killing the victims pet, vandalizing victims property, leaving written messages or objects. Stalking may be followed by serious violent acts such as physical harms to the victim. It all depends on the course of conduct of the stalker.


Cybersquatting is the obtaining of a domain name in order to seek payment from the owner of the trademark, (including business name, trade name, or brand name), and may include typosquatting (where one letter is different).

A trademark owner can prevail in a cybersquatting action by showing that the defendant, in bad faith and with intent to profit, registered a domain name consisting of the plaintiff's distinctive trademark. Factors to determine whether bad faith exists are the extent to which the domain name contains the registrant's legal name, prior use of the domain name in connection with the sale of goods and services, intent to divert customers from one site to another and use of false registration information and the registrant's offer to sell the domain name back to the trademark owner for more than out-of -pocket expenses.

Data Diddling

This kind of an attack involves altering the raw data just before a computer processes it and then changing it back after the processing is completed.

The NDMC Electricity Billing Fraud Case that took place in 1996 is a typical example. The computer network was used for receipt and accounting of electricity bills by the NDMC, Delhi. Collection of money, computerized accounting, record maintenance and remittance in the bank were exclusively left to a private contractor who was a computer professional. He misappropriated huge amount of funds by manipulating data files to show less receipts and bank remittances.

Cyber Defamation

Any derogatory statement, which is designed to injure a person's business or reputation, constitutes cyber defamation. Defamation can be accomplished as libel or slander. Cyber defamation occurs when defamation takes place with the help of computers and / or the Internet. E.g. someone publishes defamatory matter about someone on a website or sends e-mails containing defamatory information to all of that person’s friends.

Trojan Attack

A Trojan, the program is aptly called an unauthorized program which functions from inside what seems to be an authorized program, thereby concealing what it is actually doing.


Counterfeit currency notes, postage and revenue stamps, mark sheets etc can be forged using sophisticated computers, printers and scanners. It is very difficult to control such attacks. For e.g. across the country students buy forged mark sheets for heavy sums to deposit in college.

Financial crimes

This would include cheating, credit card frauds, money laundering etc. such crimes are punishable under both IPC and IT Act. A leading Bank in India was cheated to the extent of 1.39 crores due to misappropriation of funds by manipulation of computer records regarding debit and credit accounts.

Internet time theft

This con notes the usage by an unauthorized person of the Internet hours paid for by another person. This kind of cyber crime was unheard until the victim reported it. This offence is usually covered under IPC and the Indian Telegraph Act.

Virus/worm attack

Virus is a program that attaches itselves to a computer or a file and then circulates to other files and to other computers on a network. They usually affect the data on a computer, either by altering or deleting it. Worms, unlike viruses do not need the host to attach themselves to. They merely make functional copies of themselves and do this repeatedly till they eat up all the available space on a computer's memory.

E-mail spoofing

It is a kind of e-mail that appears to originate from one source although it has actually been sent from another source. Such kind of crime can be done for reasons like defaming a person or for monetary gain etc. E.g. if A sends email to B’s friend containing ill about him by spoofing B’s email address, this could result in ending of relations between B and his friends.

Email bombing

Email bombing means sending large amount of mails to the victims as a result of which their account or mail server crashes. The victims of email bombing can vary from individuals to companies and even the email service provider.

Salami attack

This is basically related to finance and therefore the main victims of this crime are the financial institutions. This attack has a unique quality that the alteration is so insignificant that in a single case it would go completely unnoticed. E.g. a bank employee inserts a programme whereby a meager sum of Rs 3 is deducted from customers account. Such a small amount will not be noticeable at all.

Web Jacking

This term has been taken from the word hijacking. Once a website is web jacked the owner of the site looses all control over it. The person gaining such kind of an access is called a hacker who may even alter or destroy any information on the site.

The Concept of Cyber Terrorism

Cyber crime and cyber terrorism are both crimes of the cyber world. The difference between the two however is with regard to the motive and the intention of the perpetrator.

While a cyber crime can be described simply as an unlawful act wherein the computer is either a tool or a target or both, cyber terrorism deserves a more detailed definition. One can define cyber terrorism as a premeditated use of disruptive activities or the threat thereof, in cyber space, with the intention to further social, ideological, religious, political or similar objectives, or to intimidate any person in furtherance of such objectives.

Tools of Cyber Terrorism:

Cyber terrorists use various tools and methods to unleash their terrorism. Some of the major tools are as follows:

  1. Hacking
  2. Cryptography
  3. Trojan Attacks
  4. Computer worms
  5. Computer viruses
  6. Denial of service attacks
  7. E-mail related crimes

Motives behind any Attacks are:

  1. Putting the public or any section of the public in fear; or
  2. Affecting adversely the harmony between different religious, racial, language or regional groups or castes or communities; or
  3. Coercing or overawing the government established by law; or
  4. Endangering the sovereignty and integrity of the nation.

Cyber Criminals

Any person who commits an illegal act with a guilty intention or commits a crime is called an offender or a criminal. In this context, any person who commits a Cyber Crime is known as a Cyber Criminal. The Cyber Criminals may be children and adolescents aged b/w 6-18 years, they may be organized hackers, may be professional hackers or crackers, discontented employees, cheaters or even psychic persons.

Target of Cyber Crime

Cyber Crime being a serious threat not only targets the person and property but the organization at large;




|                                                                                   |

               Person                                                                          Property

|                                                                                   |

   Defamation, email                                                    Intellectual Property Crimes

spoofing, unauthorized                                                   Netrespass, transmitting

      access/control.                                                                       Virus etc.






|                                                |                                                 |

           Government                                Firm/Company                                    Society

|                                                |                                                 |

Cyber Terrorism                     Distribution of pirated                     Pornography, Financial

Etc                                     software etc                                    Crimes etc

Adjudicating Authorities:

The Information Technology Act provides for appointment of a Controller of Certifying Authorities as also the Deputy and Assistant Controllers. The main functions of the Controller are to license, certify, monitor and oversee the activities of the certifying authorities. Also, failure to comply with the direction of the Controller would lead to serious consequences.

The Information Technology Act also provides for the establishment of appellate tribunals known as Cyber Regulations Appellate Tribunal (CRAT). It provides that any person who is aggrieved by an order made by the Controller or Adjudicating officer may file an appeal with the CRAT. The CRAT is required to follow the principles of natural justice in deciding matters and has the same powers as are vested in the civil court under the Code of Civil Procedure, 1908. Any person who is aggrieved by the decision or the order of the CRAT may file an appeal to the High Court on any question of fact or law. The CRAT and the Adjudicating officer have the exclusive jurisdiction to entertain any suit and no injunction can be granted by any court or other authority against the action taken by them under the Act.

Jurisdictional Procedure

Jurisdiction is the power of the court to hear and determine a case, in the absence of which the judgment is impotent and ineffective. The basic problem with the Internet Jurisdiction is the presence of multiple parties in different parts of the world. Therefore in Internet it is difficult to establish with certainty as to the place where the defendant resides or where the cause of action took place. The popular contention is for the establishment of the ‘Law of Cyber Space’ thereby making Earth as the Jurisdictional venue for all Internet Crimes and related matters.

The Information Technology Act, 2000 extends to whole of India and also envisages any offence or contravention there under committed outside India by any person. Thus it confers extra-territorial jurisdiction on Indian courts and empowers them to take cognizance of offences committed outside India even by foreign nationals provided that such offence involves a computer, computer system on computer network located in India.

Further, any person irrespective of his territorial location and nationality using a computer located in India to commit an offence or contravention outside India is also liable under the Information Technology Act.

Cyber Crime Investigation Cell

The Central Bureau of Investigation (C.B.I) in India set up a ‘Cyber Crime Investigation Cell’ and "Cyber Crime Research &Development Unit" (CCRDU) to collect and collate information on cyber crimes reported from different parts of the country.

The function of this is to liaise with State Police and other enforcement agencies and to collect information on cases of Cyber Crime reported to them for investigation and also find out about the follow-up action taken in each case. The Unit liaises with software experts to identify areas that require attention of State Police for prevention & detection of such crimes with a view to train them for the task. It collects information on the latest cases reported in other countries and the innovations employed by Police Forces in those countries to handle such cases.

Measures to Prevent Cyber Crime

The Information Technology Act 2000 was passed when the country was facing the problem of growing cyber crimes. Since the Internet is the medium for huge information and a large base of communications around the world, it is necessary to take certain precautions while operating it.

Any person who operates the net should always abide by and following principles:

  • He should not disclose any personal information to any one and especially to strangers.
  • Updated and latest anti-virus software should be used to protect the computer system against virus attacks.
  • While chatting on the net one should avoid sending photographs to strangers along with personal data as it can be misused.
  • Backup volumes of the data should always be kept to prevent loss from virus contamination.
  • Children should be prevented from accessing obscene sites by the parents to protect them from spoiling their mind and career.
  • A credit card number shall never be sent to an unsecured site to prevent fraud or cheating.
  • Effort shall be made to make a security code and program to guard the computer system from misuse.
  • Routers and firewalls can be used to protect the computer network.
  • A check should be kept on the functioning of cyber cafes and any mishappening shall be reported to the concerned authorities.
  • Efforts should be made to discourage misuse of computers and access to unauthorized data.


Change is the essence of life. What seems impeccable and indestructible today might not remain the same tomorrow. Internet, being a global phenomenon is bound to attract many crimes. India has taken a key step in curbing Cyber Crimes by the enactment of the Information Technology Act and by giving exclusive powers to the police and other authorities to tackle such crimes.

Similar efforts have been made by various countries to fight this menace by enacting national legislations but in the long run, they may not prove to be as beneficial as desired. An effort is still wanted to formulate an international law on the use of Internet to curb this imminent danger of Cyber Crimes and to achieve a crime free Cyber Space. Prevention they say is the best cure. Cyber laws aim to prevent cyber crimes through the use of penal provisions. A great deal however needs to be done before Cyber laws can stand a fair chance to influence the modern world in the much anticipated manner.


Actual resolution of legal issues depends upon many factors, including variations of fact and laws of the land. Though the firm has taken utmost care in the preparation of this article, the information contained herein is not intended to constitute any legal advice and the firm cannot accept any responsibility towards those who rely solely on the contents of this article without taking further specialist advice. The reader should always consult with legal counsel before taking action on matters covered by this article.

To print this article, all you need is to be registered on

Click to Login as an existing user or Register so you can print this article.

In association with
Related Video
Up-coming Events Search
Font Size:
Mondaq on Twitter
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
Email Address
Company Name
Confirm Password
Mondaq Topics -- Select your Interests
 Law Performance
 Law Practice
 Media & IT
 Real Estate
 Wealth Mgt
Asia Pacific
European Union
Latin America
Middle East
United States
Worldwide Updates
Check to state you have read and
agree to our Terms and Conditions

Terms & Conditions and Privacy Statement (the Website) is owned and managed by Mondaq Ltd and as a user you are granted a non-exclusive, revocable license to access the Website under its terms and conditions of use. Your use of the Website constitutes your agreement to the following terms and conditions of use. Mondaq Ltd may terminate your use of the Website if you are in breach of these terms and conditions or if Mondaq Ltd decides to terminate your license of use for whatever reason.

Use of

You may use the Website but are required to register as a user if you wish to read the full text of the content and articles available (the Content). You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these terms & conditions or with the prior written consent of Mondaq Ltd. You may not use electronic or other means to extract details or information about’s content, users or contributors in order to offer them any services or products which compete directly or indirectly with Mondaq Ltd’s services and products.


Mondaq Ltd and/or its respective suppliers make no representations about the suitability of the information contained in the documents and related graphics published on this server for any purpose. All such documents and related graphics are provided "as is" without warranty of any kind. Mondaq Ltd and/or its respective suppliers hereby disclaim all warranties and conditions with regard to this information, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Mondaq Ltd and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use or performance of information available from this server.

The documents and related graphics published on this server could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Mondaq Ltd and/or its respective suppliers may make improvements and/or changes in the product(s) and/or the program(s) described herein at any time.


Mondaq Ltd requires you to register and provide information that personally identifies you, including what sort of information you are interested in, for three primary purposes:

  • To allow you to personalize the Mondaq websites you are visiting.
  • To enable features such as password reminder, newsletter alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our information providers who provide information free for your use.

Mondaq (and its affiliate sites) do not sell or provide your details to third parties other than information providers. The reason we provide our information providers with this information is so that they can measure the response their articles are receiving and provide you with information about their products and services.

If you do not want us to provide your name and email address you may opt out by clicking here .

If you do not wish to receive any future announcements of products and services offered by Mondaq by clicking here .

Information Collection and Use

We require site users to register with Mondaq (and its affiliate sites) to view the free information on the site. We also collect information from our users at several different points on the websites: this is so that we can customise the sites according to individual usage, provide 'session-aware' functionality, and ensure that content is acquired and developed appropriately. This gives us an overall picture of our user profiles, which in turn shows to our Editorial Contributors the type of person they are reaching by posting articles on Mondaq (and its affiliate sites) – meaning more free content for registered users.

We are only able to provide the material on the Mondaq (and its affiliate sites) site free to site visitors because we can pass on information about the pages that users are viewing and the personal information users provide to us (e.g. email addresses) to reputable contributing firms such as law firms who author those pages. We do not sell or rent information to anyone else other than the authors of those pages, who may change from time to time. Should you wish us not to disclose your details to any of these parties, please tick the box above or tick the box marked "Opt out of Registration Information Disclosure" on the Your Profile page. We and our author organisations may only contact you via email or other means if you allow us to do so. Users can opt out of contact when they register on the site, or send an email to with “no disclosure” in the subject heading

Mondaq News Alerts

In order to receive Mondaq News Alerts, users have to complete a separate registration form. This is a personalised service where users choose regions and topics of interest and we send it only to those users who have requested it. Users can stop receiving these Alerts by going to the Mondaq News Alerts page and deselecting all interest areas. In the same way users can amend their personal preferences to add or remove subject areas.


A cookie is a small text file written to a user’s hard drive that contains an identifying user number. The cookies do not contain any personal information about users. We use the cookie so users do not have to log in every time they use the service and the cookie will automatically expire if you do not visit the Mondaq website (or its affiliate sites) for 12 months. We also use the cookie to personalise a user's experience of the site (for example to show information specific to a user's region). As the Mondaq sites are fully personalised and cookies are essential to its core technology the site will function unpredictably with browsers that do not support cookies - or where cookies are disabled (in these circumstances we advise you to attempt to locate the information you require elsewhere on the web). However if you are concerned about the presence of a Mondaq cookie on your machine you can also choose to expire the cookie immediately (remove it) by selecting the 'Log Off' menu option as the last thing you do when you use the site.

Some of our business partners may use cookies on our site (for example, advertisers). However, we have no access to or control over these cookies and we are not aware of any at present that do so.

Log Files

We use IP addresses to analyse trends, administer the site, track movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.


This web site contains links to other sites. Please be aware that Mondaq (or its affiliate sites) are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of these third party sites. This privacy statement applies solely to information collected by this Web site.

Surveys & Contests

From time-to-time our site requests information from users via surveys or contests. Participation in these surveys or contests is completely voluntary and the user therefore has a choice whether or not to disclose any information requested. Information requested may include contact information (such as name and delivery address), and demographic information (such as postcode, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the functionality of the site.


If a user elects to use our referral service for informing a friend about our site, we ask them for the friend’s name and email address. Mondaq stores this information and may contact the friend to invite them to register with Mondaq, but they will not be contacted more than once. The friend may contact Mondaq to request the removal of this information from our database.


This website takes every reasonable precaution to protect our users’ information. When users submit sensitive information via the website, your information is protected using firewalls and other security technology. If you have any questions about the security at our website, you can send an email to

Correcting/Updating Personal Information

If a user’s personally identifiable information changes (such as postcode), or if a user no longer desires our service, we will endeavour to provide a way to correct, update or remove that user’s personal data provided to us. This can usually be done at the “Your Profile” page or by sending an email to

Notification of Changes

If we decide to change our Terms & Conditions or Privacy Policy, we will post those changes on our site so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.

How to contact Mondaq

You can contact us with comments or queries at

If for some reason you believe Mondaq Ltd. has not adhered to these principles, please notify us by e-mail at and we will use commercially reasonable efforts to determine and correct the problem promptly.