Prevention, Detection and Prosecution of Cyber Criminals

The Author, Noor Sachdeva is a 4th Year, B.Com.LLB student of University Institute of Legal Studies, Panjab University, Chandigarh. She is currently interning with LatestLaws.com.

The humans in this 21^st century are surrounded by electronic gadgets and the introduction of internet has changed our lifestyles. Social media platforms such as WhatsApp, Facebook, Twitter, etc. have become the mediums for the young generations to raise their voice and express their opinions. With everything becoming online from basic education to digital banking and e-commerce, the internet has become the source for everything one can imagine. The life has become so easy and everything can be done by just a click away. However, the technological advancements and the dependency on internet have brought in new challenges of securing the identity, data and privacy of an individual.

The cyber crime is on increase from past few years and it has thus led to the emergence of cyber laws in India. The credit card frauds, hacking, phishing, online transaction fraud, spoofing, denial of service attacks, child pornography, cyber stalking and cyber defamation are among the most common cyber crimes taking place in the country. The internet, now-a-days is also used for terrorism activities. These crimes pose a threat to the nation’s security and health. Thus, India has a well designed legislative authority to deal with the cyber crimes, i.e. Information Technology Act, 2000 and Indian Penal Code, 1860 (hereinafter referred to as ITA, 2000 and IPC respectively).

Cyber crimes are the crimes involving the use of modern technological infrastructure such as computer or internet itself as a weapon to commit crime or a means to it. It has not been defined in ITA, 2000. The National Cyber Crime Reporting Portal has defined “cyber crime” to “mean any unlawful act where a computer or communication device or computer network is used to commit or facilitate the commission of crime”. Cyber crimes are not limited to the boundaries of the nation.

The courts in India have recognized cybercrime to mean ‘the offences   that   are  committed   against   individuals   or   groups   of  individuals   with   a   criminal   motive   to  intentionally   harm   the   reputation   of   the   victim  or cause physical or mental harm, or loss, to the  victim   directly   or   indirectly,   using   modern  telecommunication   networks   such   as   Internet  (networks   including   but   not   limited   to   Chat  rooms,   emails,   notice   boards   and   groups)   and  mobile   phones   (Bluetooth/SMS/MMS)’.

With the ever increasing menace of cyber crimes and people becoming the victims of these internet crimes, it becomes necessary to categorize the cyber crimes under the following four heads:

• Cyber crime against persons: The cyber crimes which are directed at affecting the individual includes harassment via emails, cyber defamation, cyber stalking, dissemination of obscene content, malware, hacking, cracking, e-mail spoofing, credit card frauds, cheating, child pornography, phishing and many others.
• Cyber crime against person’s property: The increase in online business and international trade have posed a threat to intellectual property rights of the businesses, cyber squatting and cyber vandalism.
• Cyber Crime against Government: In this category, cyber warfare and cyber terrorism are included.
• Cyber Crime against Society: Online Gambling is one of the cyber crime which affects the whole society. 

In State of Punjab and Others v. M/s Amritsar Beverages Ltd. and Others[i], the Supreme Court gave its comments on the problems faced by the enforcement agencies and the judiciary in dealing with the internet related crimes. The Court observed that “Internet and other information technologies have brought with them the issues which were not foreseen by law. It also did not foresee the difficulties which may be faced by the officers who may not have any scientific expertise or not have the sufficient insight to tackle with the new situations. Various new developments leading to various kinds of crimes unforeseen by our legislature came to immediate focus. Information Technology Act, 2000, although was amended to include various types of cybercrimes and punishment for them, does not deal with all problems which are faced by the officers enforcing the Act.”

Cyber crimes involving the use of information technology are a new class of crimes. To deal with such offences and promoting the atmosphere of e-commerce and trade, the Information Technology Act, 2000 was brought into existence. The IPC was also amended to include in its ambit cyber crimes. Chapter-XI, sections 65 to 78 deals with the offences related to information and technology. The following offences have been made punishable under the IT Act:

1. Tampering with computer source documents (Section 65, ITA): This section prescribes the punishment for the person who knowingly or intentionally alters or destroys the computer source code. The person guilty of tampering with computer system shall be punished with the imprisonment up to 3years or with fine which may extend up to 2 lakh rupees, or with both.

Syed Asifuddin and Ors. v. The State of Andhra Pradesh[ii]

 In this case, few employees of Tata Indicom were arrested for manipulating the electronic 32- bit number (ESN) programmed into cell phones and theft was exclusively franchised to Reliance Infocom. The Court held that tampering with computer source code invokes Section 65 of the Information Technology Act and hence the employees are liable to punishment.

State v. Mohd. Afzal and Others (Parliament Attack Case 2001)[iii]

On 13 December, 2001, there was a terrorist attack on Parliament House and during the prosecution of the accused in this case, the digital evidence was of utmost importance. The accused contended that computers and evidence can easily be tampered and therefore they should not be relied upon. The several smart device storage disks and devices, a Laptop were recovered from the truck which was seized from Srinagar after the information given by two suspects. The laptop contained the evidence of fake identity cards and the video files containing clips of the political leaders with the background of Parliament in the background shot from T.V. news channels. The design of car sticker of Ministry of Home Affairs, game “wolf pack” with user name of “Ashiq”, the name in one of the fake identity cards used by the terrorist was found in the laptop. No backup was taken from the laptop and therefore it was challenged in the Court and the Court thereby held that the challenges to the accuracy of computer evidence should be established by the challenger. Mere theoretical and generic doubts cannot be cast on the evidence.

2. Hacking and Data Theft (Section 43 and 66, ITA): Hacking is been defined in Section 43 of the ITA, 2000. It provides that if any person access to the computer system of another person in an unauthorized manner and thereafter alters, downloads, or deletes the data without permission of the owner of the device, he shall be liable to punishment under Section 66 of the IT Act with imprisonment up to 3 years or the fine which may extend to five lakh rupees or with both. Indian Penal Code also contains provisions under Section 378, 424 and 425 for hacking and data theft.

In R vs. Whiteley[iv], the accused accessed to the Joint Academic Network (JANET) without permission of the owner and thereafter deleted, added files and changed the passwords to deny the access to authorized users of the network. During investigation it was revealed that Kumar was logging on to the BSNL broadband Internet connection as if he was the authorized genuine user and ‘made alteration in the computer database pertaining to broadband Internet user accounts’ of the subscribers. The case was registered by CBI against Kumar and he was convicted under Section 420 of IPC and Section 66 of the ITA.

3. Punishment for sending offensive messages through communication service, etc. (Section 66A, ITA): This section covers the offences like sending offensive messages through communication service, causing annoyance etc. through an electronic communication or sending an email to mislead or deceive the recipient about the origin of such messages (commonly known as IP or email spoofing). Punishment for these acts is imprisonment up to three years or fine.

Fake profile of President posted by imposter on September 9, 2010, the imposter made a fake profile in the name of the Hon’ble President Smt. Pratibha Devi Singh Patil. A complaint was lodged by Additional Controller, President Household, President Secretariat regarding the four fake profiles created in the name of Hon’ble President on social networking website, Facebook. The complaint stated that president house has nothing to do with the facebook and the fake profile is misleading the general public. The First Information Report under Sections 469 IPC and 66A Information Technology Act, 2000 was registered based on the said complaint.

Bomb Hoax Mail case[v]: In this case, a 15-year-old boy from Bangalore was arrested by the Cyber Crime Investigation Cell (CCIC) in 2009 for sending an email to a private news company saying, “I have planted 5 bombs in Mumbai, you have two hours to find them”. The concerned authorities were contacted immediately, in relation to the cyber case in India, who traced the IP address (Internet Protocol) to Bangalore.

4. Receiving stolen computer resource (Section 66B, ITA): This section provides that whoever dishonestly or knowingly received or retains any stolen computer resource or communication device shall be punished with imprisonment of either description for a term which may extend to three years or with fine which may extend to rupees one lakh or with both.
5. Identity Theft (Section 66C, ITA): The section provides that whoever fraudulently or dishonestly makes use of electronic signature, password or any other unique identification feature of any other person, he shall be punished with imprisonment up to three years and fine which may extend to one lakh rupees.

In Delhi Credit Card Fraud Case[vi], the Court of Metropolitan Magistrate, Delhi found a 24 year old engineer working in a call centre guilty of fraudulently gaining the details of Campa‘s credit card and bought a television and a cordless phone from Sony website. The accused named Azim was convicted for cheating under sections 418, 419, 420 of the IPC, but was not imprisoned. He was asked to furnish a personal bond of Rs. 20,000 and was released on a year’s probation.

6. Cheating by impersonation using computer (Section 66D, ITA): The section states that whoever is guilty of cheating by personation by using computer resource shall be sentenced to imprisonment up to three years and shall also be liable to fine which may extend up to one lakh rupees.

In Samdeep Vaghese vs. State of Kerala[vii], a petrochemicals company’s representative filed a complaint filed by the representative of a Company, against Sandeep Varghese and 8 others for offenses under Sections 65, 66, 66A, C and D of the ITA along with Sections 419 and 420 of the IPC. The accused setup a forged website in the name of company and published the defamatory and malicious matters about the company and its directors on the website and also sent the fake e-mails to the customers, suppliers and bank impersonating the company. The company incurred huge losses due to the acts of the accused.

7. Punishment for Violation of Privacy (Section 66E, ITA): This section punishes the persons guilty of intentionally publishing or transmitting images of private area of any person without his or her consent for violating the privacy of an individual. Such person shall be liable to imprisonment up to three years or with fine which shall not exceed two lakh rupees or with both.

Jawaharlal Nehru University MMS scandal case[viii]: In 2011, a pornographic video was leaked from the campus of JNU. The two accused firstly tried to extort money from the girl in the video, failing which they posted the video on the internet and was even sold it in the blue film market. The accused in this case was charged under Section 292 of IPC and Section 66E and 67 of the IT Act.

8. Cyber Terrorism (Section 66F, ITA): Cyber Terrorism is a very new type of cyber crime which threatens the unity, integrity and sovereignty of India. It is punishable with imprisonment which may extend to imprisonment for life.

Threat Mail to BSE and NSE case

On May 5, 2009, the Mumbai police have registered a case of ‘cyber terrorism’— the first in the state since an amendment to the Information Technology Act— The threat email was sent to the BSE and NSE on May 4, 2009 and thereafter Mumbai police registered the case of ‘cyber terrorism’. In this case, the accused sent e-mail to the security agencies and challenged them to prevent a terror attack. The IP address of the sender Shahab Md was traced to Patna in Bihar. Thus he was charged under Section 66F of the IT Act and for cheating and criminal intimidation under IPC. 

9. Publishing obscene material in electronic form (Section 67, ITA): Section 67 of the IT Act punishes the publication or transmission of obscene content or material containing sexually explicit act in electronic form. Section 67B specifically deals with the publication or transmission of material depicting children in sexually explicit act in electronic form and prescribes the punishment for the same which may be imprisonment up to five years and fine up to ten lakh rupees.

State of Tamil Nadu v. Suhas Katti[ix]

The accused in this case posted the obscene, defamatory and annoying message about the divorced lady in the yahoo message groups and e-mails received in fake e-mail accounts were then forwarded to victim. The victim started getting phone calls in the belief that she was soliciting. The victim then complained to Police and the accused was tracked and arrested. The accused was known to the victim and wanted to marry the victim but she denied. The accused thereafter harassed her through internet. This was the first case in India where a person was convicted under Section 67 of IT Act for posting obscene content. He was also charged under Section 469 and 509 of IPC. He was sentenced to 2 years of rigorous imprisonment and was made to pay fine also.

Bois Locker Room case[x]: Recently in the period of nation-wide lockdown in India to contain the spread of Covid-19, the instagram group named “Bois Locker Room” came into limelight. The screenshots of the chats of this group revealed that the adolescent boys were sharing the morphed images of their girl classmates and other underage girls and objectified them and passed derogatory remarks on girls. The matter was taken up by Delhi Commission for Women (DCW) and then subsequently a notice was sent to instagram and Delhi police. Thereafter, Delhi Police Cyber Cell took up suo moto cognizance of the matter and registered the case against these boys under Section 67 and 67A of the Information Technology Act, 2000 and Section 465, 469, 471 and 509 of the Indian Penal Code.

Airforce Bal Bharti School Case[xi]: The case related to child pornography. In this case, the student of Air Force School Bharti School, New Delhi was accused of creating a pornographic website as a revenge of being teased by classmates and teachers. He listed in that website the name of his 12 schoolmates and teachers in sexually explicit manner. He was charged under Section 67 of the ITA and Section 292, 293, 294 of IPC.

Avnish Bajaj v. State[xii]

In this case, the CEO of Bazee.com was arrested in December 2004 because a CD containing objectionable material was being sold on the website and Delhi market.
The Mumbai Police and the Delhi Police got into action. The CEO was later released on bail. This opened up the question as to what kind of distinction we draw between Internet Service Provider and Content Provider. The burden rests on the accused that he was the Service Provider and not the Content Provider. It also raises a lot of issues regarding how the police should handle.

Conclusion

The use of internet in every small sphere of our life have made it easy to do any task with little cost and no time. However, as we know that everything which gives numerous advantages has certain disadvantages as well. The introduction of computer and internet has brought in new kind of challenges for securing the cyberspace along with digitalizing everything. So, one should be cautious of using the technology and should protect themselves from data theft, financial frauds and obscene content. Since the cyber crime is on rise, it becomes essential to establish the effective collaboration with law enforcement agencies, IT industry, information security organizations and the financial institutions. However, Indian legal system is not so well equipped to deal with the virtual or internet crimes hence it becomes the duty of the individuals to protect themselves from being the prey of cyber criminals. We should use strong password of different characters and the social media accounts should be private and we should be careful of the information we post online. Mobile and other computer devices should be properly secured from viruses and hackers by using anti-virus software and screen locks. The sensitive data such as financial records must be protected by using encryptions and one should be sure about the authenticity of the websites before giving any personal details on the websites or shopping apps. Another way to protect ourselves from cyber crime is to keep our device updated and free from all vulnerabilities. These things can help us from using the information technology uninterruptedly and in a beneficial manner.

It is very important for us to file a complaint if we do become the victim of cyber crime. Every police station has a Cyber Crime Investigation Cell and we can also complaint by directly mailing to the cyber cell. Thus, the cyber crime being on increase, we should be aware of what we can do to protect ourselves from cyber crime. 

References:

Picture Source :