Cybercrime is the most disruptive threat for financial markets, but at the same time is the most underrated by both regulators and businesses. Cyber-attacks have already caused considerable damage to detail retail businesses, mainly through credit card and payment scams. The infrastructures of the markets mostly involve digital systems, thereby coming within the scope of cybercriminals. If losses generated by cyber-fraud in the retail world are capped by the size and the utilization of an account, the potential damage from a cyber-attack on business infrastructures is limitless.

In addition, markets react to new information from traditional (newspapers) and innovative media platforms (social media), the quasi-totality being stored on the Internet. Thus, altering reality and spreading rogue information is another way cybercrime can inflict damage on markets. With the creation of centralized counterparties, a group of a small number of institutions indirectly expose all of the business sector to cyber-risk, with consequences which have not yet been well studied and understood.

Introduction
Cybercrime is already a big problem all over the world, and it's growing fast. The law enforcement world is scrambling to catch up; legislators are passing new laws to address this new way of committing crime, and police agencies are forming special computer crime units and pushing their officers to become more technically savvy.

However, the cybercrime problem is too big and too widespread to leave to politicians and police to solve. The former often don't have the technical expertise to pass effective laws, and the latter lack sufficient training, manpower, and time—not to mention an understanding of the confusing issue of jurisdiction—to tackle any but the most egregious of Internet crimes.

Cybercrime, like crime in general, is a social problem as well as a legal one. To successfully fight it, we must engage people in the IT community (many of whom might be reluctant to participate) and those in the general population who are affected, directly or indirectly, by the criminal activity that has found a friendly haven in the virtual world.

We can use a number of tactics and techniques, including the legal system, peer pressure, and existing and emerging technologies, to prevent cybercrime. Failing that, we can develop formal and informal responses that will detect cybercrime more immediately, minimizing the harm done and giving us more information about the incident, maximizing the chances of identifying and successfully prosecuting the cybercriminal.

Insight to Cyber Crime

By definition, cybercrime involves the use of technology (typically a computer, network, or network-enabled devices) for a variety of criminal activities, such as hacking, identity theft, cyberbullying, online fraud, online harassment, phishing, and many more.

Cybercrime, is the use of a computer as an instrument to further illegal ends, such as committing fraud, trafficking in child pornography and intellectual property, stealing identities, or violating privacy. Cybercrime, especially through the Internet, has grown in importance as the computer has become central to commerce, entertainment, and government.

Because of the early and widespread adoption of computers and the Internet in the United States, most of the earliest victims and villains of cybercrime were Americans. By the 21st century, though, hardly a hamlet remained anywhere in the world that had not been touched by cybercrime of one sort or another.

New technologies create new criminal opportunities but few new types of crime. What distinguishes cybercrime from traditional criminal activity? Obviously, one difference is the use of the digital computer, but technology alone is insufficient for any distinction that might exist between different realms of criminal activity. Criminals do not need a computer to commit fraud, traffic in child pornography and intellectual property, steal an identity, or violate someone's privacy. All those activities existed before the "cyber" prefix became ubiquitous. Cybercrime, especially involving the Internet, represents an extension of existing criminal behaviour alongside some novel illegal activities.

Most cybercrime is an attack on information about individuals, corporations, or governments. Although the attacks do not take place on a physical body, they do take place on the personal or corporate virtual body, which is the set of informational attributes that define people and institutions on the Internet. In other words, in the digital age our virtual identities are essential elements of everyday life: we are a bundle of numbers and identifiers in multiple computer databases owned by governments and corporations. Cybercrime highlights the centrality of networked computers in our lives, as well as the fragility of such seemingly solid facts as individual identity.

Aspects of Cyber Crime
An important aspect of cybercrime is its nonlocal character: actions can occur in jurisdictions separated by vast distances. This poses severe problems for law enforcement since previously local or even national crimes now require international cooperation. For example, if a person accesses child pornography located on a computer in a country that does not ban child pornography, is that individual committing a crime in a nation where such materials are illegal?

Where exactly does cybercrime take place? Cyberspace is simply a richer version of the space where a telephone conversation takes place, somewhere between the two people having the conversation. As a planet-spanning network, the Internet offers criminals multiple hiding places in the real world as well as in the network itself. However, just as individuals walking on the ground leave marks that a skilled tracker can follow, cybercriminals leave clues as to their identity and location, despite their best efforts to cover their tracks. In order to follow such clues across national boundaries, though, international cybercrime treaties must be ratified.

Aside from technology utilization, which is the defining trait, cybercrime has several more defining characteristics, including:

• The global reach: Cybercrime can be committed by someone in one part of the world to target victims in any other corner of it.
• The potential for anonymity: Cybercriminals use a variety of tactics to conceal their identity and location.
• The use of malware: This type of software is commonly used to infect computer systems, steal information, or gain unauthorized access to networks.
• The theft of personal information: The majority of cybercrimes involve some form of personal information stealing, which can later be used for fraudulent purposes.
• The potential for financial gain: This is one of the most common motivators for this type of malicious activity, with the majority of cybercriminals looking to make money through fraud or theft.
• Specialized Knowledge: To commit a cybercrime, a person needs to have good knowledge about computers and the internet. Many times, cybercrimes are committed by highly educated individuals as they possess accurate knowledge about the same. At times, it becomes very hard to trace them.
• Collection of evidence: Collecting evidence in a cybercrime is very difficult as the crime is committed in the virtual world.
• Geographical Challenges: Cybercrimes can be committed globally without physical presence at the location. Distance does not matter in cybercrimes; for example, a person sitting in India can target a person in Australia.

It is important to note that this is not a comprehensive list, by any means. Even so, these few traits are more than enough to highlight the complexity and seriousness of the issue. For these reasons, it is imperative for individuals and organizations alike to take measures to protect themselves, whether it is through password strengthening, regular software updates, or other more sophisticated security measures.

Fundamental elements of Cyber Crime

Actus Reus and Mens Rea are the two most important element of a crime that is needed to be proved to prove someone guilty of a crime. Actus Reus of cybercrime is very dynamic and varied. In cybercrime it is very difficult to prove Actus Reus. It cannot be proved unless the absence of consent or permission is proven. Whereas, in the case of cybercrime, Mens Rea consists of two main elements, firstly, there must be an intend to get the data from a certain device; secondly, the knowledge of actus reus should be there when committing the crime.

Cyber Crime has no definition in the Information Act, 2000 even after amendments made in 2008.

But different definitions have been given to cybercrime:

• US Department of Justice (1989): "any violations of criminal law that involve a knowledge of computer technology for their perpetration, investigation or prosecution".
• Cambridge Dictionary: crime or illegal activity that is done using the internet.
• The Council of Europe Convention on cybercrime (2001): A wide range of malicious activities, including the illegal interception of data, system interferences that comprise the network integrity and availability and copyrights infringements is known as Cybercrime.

Types of Cyber Crime
Cybercrime ranges across a spectrum of activities. At one end are crimes that involve fundamental breaches of personal or corporate privacy, such as assaults on the integrity of information held in digital depositories and the use of illegally obtained digital information to harass, harm, or blackmail a firm or individual. These new cyber-capabilities have caused intense debate. Pegasus spyware, for instance, according to its creator, the Israeli cyber-intelligence firm NSO Group, is sold exclusively to government security and law enforcement agencies and only for the purpose of aiding rescue operations and battling criminals, such as money launderers, sex- and drug-traffickers, and terrorists.

Yet, the smartphone-attached spyware, which can steal private data without leaving an obvious trace of its activities, has been widely used covertly by governments to track politicians, government leaders, human rights activists, dissidents, and journalists. It was even used to track Saudi journalist and U.S. resident Jamal Khashoggi months before his murder and dismemberment by Saudi agents in October 2018. Also at this end of the spectrum is the growing crime of identity theft.

Midway along the spectrum lie transaction-based crimes such as fraud, trafficking in child pornography, digital piracy, money laundering, and counterfeiting. These are specific crimes with specific victims, but the criminal hides in the relative anonymity provided by the Internet. Another part of this type of crime involves individuals within corporations or government bureaucracies deliberately altering data for either profit or political objectives. At the other end of the spectrum are those crimes that involve attempts to disrupt the actual workings of the Internet.

These range from spam, hacking, and denial of service attacks against specific sites to acts of cyberterrorism—that is, the use of the Internet to cause public disturbances and even death. Cyberterrorism focuses upon the use of the Internet by nonstate actors to affect a nation's economic and technological infrastructure. Since the USA September 11 attacks of 2001, public awareness of the threat of cyberterrorism has grown dramatically.

Classification of Cybercrimes:

Crime against an Individual:

• Gaining access to any computer or network without the permission of the owner.
• Stalking someone, causing them threat, is also a cybercrime.
• Indecent representation of any picture, or pornography, which destroys the minds of youngsters.
• Harassing someone by sending constant texts and messages to an individual.
• Taking over the pass codes of another person without his/her knowledge. The person doing such an act has a guilty mind.

Crime against Individual Property:

• Cyber Vandalism is one of the most common crimes against individual property.
• Intellectual Property Rights violations also come under crimes against individual property. In some cases, the person becomes deprived of his own rights due to this.
• Hacking someone's site or data.
• Getting access to someone's ISP ID and password without the knowledge of the owner. This also comes under hacking.

Crimes against Government or Organizations:

• Password Sniffing: This is an attack stealing the username and password from the network.
• Terrorism attack, which may result in harm to a country.
• Shutting down any network or machine to restrict a person from accessing it.
• Damage or destruction in digital form.
• Possession of any kind of unauthorized information.

Crime against Society:

• Distribution of obsolete material.
• Online gambling.
• Selling of products without permission.
• Human trafficking, drug trafficking, or trafficking of weapons. All of this is illegal.
• Offences like money laundering, corruption, etc.
• Threatening posts against any community, death threats, or rape threats.

Causes of Cyber Crimes:

• The computers have a high capacity for storing data in a little space. This helps criminals store a large amount of data at once and get access to more information.
• Easy Access: Though most apps now use high-security passwords, sometimes a security flaw is missed, allowing hackers to take advantage.
• Negligence on the part of users gives cybercriminals an advantage to gain illegal access to systems.
• Collection of evidence is one of the most difficult tasks in cybercrime cases, allowing criminals to commit more crimes without leaving a trace.
• Cybercrime does not have demographical restrictions. Criminals feel more confident since tracking them internationally is difficult due to a lack of a recognized legal framework.
• Youths today lack proper knowledge about cyberspace and cybercrimes, leading them to commit acts without understanding their legal obligations.

How to Prevent Cyber Crime?

• Enable two-factor authentication to prevent unauthorized access.
• Keep data virus-protected at all times.
• Ensure that device software is always updated to prevent security breaches.
• Use different passwords for different apps and change them regularly.
• Keep personal information confidential to ensure security.
• Children should be educated about cyberspace and cybercrime to prevent unintentional violations.
   

International Convention on Cyber Crimes:

The Council of Europe's Cybercrime Convention was opened in 2001 and came into force in 2004. It is the only legal international multilateral treaty on Cybercrime. This convention is also known as the Budapest Convention on Cybercrime.

Features of the Convention:

• It facilitates the detention, investigation, and prosecution of cybercrimes.
• Implemented by an additional protocol adopted in 2003, which made the online publication of racist propaganda a punishable offence.
• The convention works on three dimensions:
  • Certain conducts are criminalized.
  • States are provided with procedural tools to be followed.
  • States are obligated to cooperate in mutual investigations.

Offences Criminalized under the Convention:

• Illegal Access - Article 2
• Illegal Interception - Article 3
• Data Interference - Article 4
• System Interference - Article 5
• Misuse of Devices - Article 6
• Computer-related Forgery - Article 7
• Computer-related Fraud - Article 8
• Offences related to Child Pornography - Article 9
• Offences related to Copyright Infringements - Article 10
• Attempt, Aiding, or Abetting - Article 11

India did not participate in the drafting of the treaty and was concerned about the sharing of data with foreign law enforcement agencies as it is matter of infringement of national sovereignty and the mutual legal assistance regime of the convention is not effective. So, India is not a part of the treaty.

Case Laws:

• Sharat Babu Digumarti v. Government of NCT of Delhi
  In this case there was a conflict between the provisions of IPC and IT Act. The Supreme Court in this case upheld that if an electronic media is included in an offence then in that case IT Act alone would apply, as that was the legislative intent. It is a settled principal that special laws would prevail over the general laws and latter laws will over rule the prior legislation.
   
• Gagan Harsh Sharma v. State of Maharashtra
  Employees were accused of data theft by the employer and sections 408 and 420 of the Indian Penal Code and also under Sections 43, 65 and 66 of the IT Act. The Bombay High Court ruled that charges against the employees under IPC will be dropped.

Conclusion
Data plays an integral role in the commission of many cybercrimes and vulnerabilities to cybercrime. Even though data provides users of it (individuals, private companies, organizations, and governments) with innumerable opportunities, these benefits can be (and have been) exploited by some for criminal purposes. Specifically, data collection, storage, analysis, and sharing both enables many cybercrimes and the vast collection, storage, use, and distribution of data without users' informed consent and choice and necessary legal and security protections.

What is more, data aggregation, analysis, and transfer occur at scales that governments and organizations are unprepared for, creating a slew of cybersecurity risks. Privacy, data protection, and security of systems, networks, and data are interdependent. In view of that, to protect against cybercrime, security measures are needed that are designed to protect data and user's privacy.

Key Recommendations
In order to ensure the best protection against fraud and cybercrime, special attention should be paid to the following:

• Consistent use of data analytics, monitoring, interface and key system logging, and full control of data analysis within all the relevant divisions.
• Planning and implementation of scenario-based, interactive sessions in order to assess fraud risk in the context of the sector and company. Risks must be identified and quantified as specifically as possible, and management must be informed of the risks posed to the organization and trained in the appropriate countermeasures.
• Establishment of key controls in crucial business divisions with preventative and deductive measures in place, including continuous monitoring of effectiveness. Further, automated technical solutions should also be implemented for support: Automated evaluation tools are increasingly significant for prevention, detection, and reaction (particularly in light of climbing rates of computer and cyber criminality). This is the case not least because of their efficiency (big data), versatility, and potential to lower the costs of forensic or deductive analysis, which otherwise would have to be carried out manually and laboriously by specialists.
• Formation of coordinated and targeted strategies, systems, guidelines, procedures, and processes for active defense against fraud.
• General awareness of and concrete training programs on fraud at all levels.

Bibliography:

1. www.sciencedirect.com
2. www.toppr.com
3. www.cybsafe.com
4. www.yourdictionary.com
5. Searchsecurity.techarget.com
6. www.coe.int
7. AIR 2017 SC 150
8. AIR 2019 CriL J 1398
9. https://cybertalents.com/blog/what-is-cyber-crime-types-examples-and-prevention