The Covid-19 pandemic has been at the center of the world's priorities since
2020 but another inconspicuous pandemic has crept its way and penetrated the
world- the pandemic of cybercrimes. With a rampant growth in the number of
technology users, the incidents of cyber crimes have increased significantly,
now surmounting to $6 trillion in damages.
Every day someone's privacy is
intruded, their accounts are hacked, emptied, businesses and various
organizations lose their databases exposing their customer data leaving a toxic
Cyber Crimes refer to the crimes which revolve around technology and computers.
The computer can be the target or the perpetrator. The word "cyber" is slang for
anything relating to computers, information technology, internet and virtual
reality. Therefore, "cyber-crimes" are offences relating to computers,
information technology, internet and virtual reality.
The Information Technology Act, 2000 ("IT Act") and the Indian Penal Code, 1860
("IPC") provide guidelines and statutes for cybercrimes. Unsurprisingly, there
are many provisions in the IPC and the IT Act that overlap with each other.
According to Kaspersky's telemetry, when the world went into lockdown in March
2020, the total number of bruteforce attacks against remote desktop protocol (RDP)
jumped from 93.1 million worldwide in February 2020 to 277.4 million 2020 in
March—a 197 per cent increase. The numbers in India went from 1.3 million in
February 2020 to 3.3 million in March 2020. In July 2020, India recorded its
highest number of attacks at 4.5 million.
In February 2021-nearly one year from the start of the pandemic—there were 377.5
million brute-force attacks—a far cry from the 93.1 million witnessed at the
beginning of 2020. India alone witnessed 9.04 million attacks in February 2021.
The total number of attacks recorded in India during Jan & Feb 2021 was around
More than one in two Indian adults (59 per cent) experienced cybercrime in the
last 12 months, as seven in 10 Indian adults (among those surveyed) believed
that remote work has made it much easier for hackers and cybercriminals to take
advantage of them.
More than 27 million Indian adults experienced identity theft in the past 12
months and 52 per cent of Indian adults admitted they don't know how to protect
themselves from cybercrime, according to the '2021 Norton Cyber Safety Insights
Report,' by NortonLifeLock.
The main issue behind the rising cybercrimes is the difficulty to track them or
even if tracked it is nearly impossible to recover the damages caused to the
victim. John F. Kennedy once said that:
Change is the law of life and those
who look only to the past or present are certain to miss the future.
this is the plight of our legal system, we focus on cure rather than prevention.
Technology is advancing at an exponential pace and the law should be one step
ahead instead of sitting in an abyss waiting for something at the scale of
global or political catastrophe to take place.
History of Cyber Laws in India
The United Nations Commission on International Trade Law embraced the model law
on e-Commerce to spearhead legal uniformity globally in 1996. The General
Assembly of the UN-endorsed this model law as the backbone of the cyber laws of
different countries. Soon, India became the 12th country to legitimize cyber
The initial draft was then created by the eCommerce Act led by the Ministry of
Commerce in 1998; the revised Information Technology Bill was passed in May
2000. This Act intricately traced each trifling activity or transaction on the
internet, cyberspace, and the World Wide Web. Each minuscule action, as well as
its reaction in the global cyberspace, imposed severe legal implications and
The Act swiftly amended the traditionally-set Indian Penal Code 1860, the
Bankers' Books Evidence Act 1891, the Indian Evidence Act 1872, and the Reserve
Bank of India Act 1934. These amends aimed to tone up all electronic
transactions/communications bringing them under the radar by granting strict
Information Technology Act, 2000
The Information Technology Act, 2000 enacted by the Parliament of India,
highlights the grievous punishments and penalties safeguarding the e-governance,
e-banking, and e-commerce sectors. Now, the scope of ITA has been enhanced to
encompass all the latest communication devices.
The most important provisions of
the Act are listed below:
Hacking and Data Theft
- Section 43:
Applicable to people who damage the computer systems without
permission from the owner. The owner can fully claim compensation for the
entire damage in such cases. This section was applied in Avtar Singh V.
State of Punjab.
- Section 43(h):
Section 43(h) read with section 66 of the IT Act penalises
an individual who charges the services availed of by a person to the account of
another person by tampering with or manipulating any computer, computer system,
or computer network. A person who tampers with the computer system of an
electricity supplier and causes his neighbour to pay for his electricity
consumption would fall under the aforesaid section 43(h) of the IT Act.
- Section 65:
Section 65 of the IT Act prescribes punishment for
tampering with computer source documents and provides that any person who
knowingly or intentionally conceals, destroys or alters or intentionally or
knowingly causes another to conceal, destroy, or alter any computer source
code (i.e. a listing of programmes, computer commands, design and layout and programme analysis of
computer resource in any form) used for a computer, computer programme, computer
system or computer network, when the computer source code is required to be kept
or maintained by law for the time being in force, shall be punishable with
imprisonment for up to 3 (three) years or with a fine which may extend to Rs.
3,00,000 (Rupees lac) or with both. ' J. Yashoda v. K. Shobha Rani' case used
- Section 66:
Applicable in case a person is found to dishonestly or
fraudulently committing any act referred to in section 43. The imprisonment
term in such instances can mount up to three years or a fine of up to Rs. 5 lakh.
Receipt of Stolen Property
- Section 66B:
Incorporates the punishments for fraudulently receiving stolen communication
devices or computers, which confirms a probable three years imprisonment.
This term can also be topped by Rs. 1 lakh fine, depending upon
Identity Theft and cheating by personation
- Section 66C:
This section scrutinizes the identity thefts related to
imposter digital signatures, hacking passwords, or other distinctive
identification features. If proven guilty, imprisonment of three years might
also be backed by Rs.1 lakh fine.
- Section 66 D:
This section was inserted on-demand, focusing on punishing
cheaters doing impersonation using computer resources.
Violation of Privacy
- Section 66E:
It prescribes punishment for violation of privacy and
provides that any person who intentionally or knowingly captures, publishes or
transmits the image of a private area of any person without his or her consent,
under circumstances violating the privacy of that person, shall be punished with
imprisonment which may extend to 3 (three) years or with fine not exceeding Rs.
2,00,000 (Rupees two lac) or with both.
- Section 66F:
It prescribes punishment for cyber terrorism. Whoever, with intent to
threaten the unity, integrity, security or sovereignty of India or to strike
terror in the people or any section of the people, denies or causes the
denial of access to any person authorized to access a computer resource, or
attempts to penetrate or access a computer resource without authorisation or
exceeding authorised access, or introduces or causes the introduction of any
computer contaminant, and by means of such conduct causes or is likely to cause
death or injuries to persons or damage to or destruction of property or disrupts
or knowing that it is likely to cause damage or disruption of supplies or
services essential to the life of the community or adversely affect critical
information infrastructure, is guilty of 'cyber terrorism'.
- Sections 67:
This section deals with the publisher or transmitter of any
obscene content or material sexual or otherwise in nature. The punishment
prescribed for an offence under section 67 of the IT Act is, on the first
conviction, imprisonment of either description for a term which may extend to 3
(three) years, to be accompanied by a fine which may extend to Rs. 5,00,000
(Rupees five lac), and in the event of a second or subsequent conviction,
imprisonment of either description for a term which may extend to 5 (five)
years, to be accompanied by a fine which may extend to Rs. 10,00,000 (Rupees ten
- Section 67A:
Whoever, publishes or transmits or causes to be published or
transmitted in the electronic form, any material which contains sexually
explicit act or conduct, shall be punished on first conviction with imprisonment
of either description for a term which may extend to five years and with fine
which may extend to Rs 10 lakhs and in the event of second or subsequent
conviction with imprisonment of either description for a term which may extend
to seven years and also with fine which may extend to Rs 10 lakhs.
- Section 67B:
It extends and lays down guidelines and punishment for the
publisher and transmitter of any lascivious content including children. This
includes facilitating child abuse, enticing children to online relationship with
one or more children in a sexually explicit act and context text or images
depicting the same. Under this section, imprisonment of either description for a
term which may extend to 5 (five) years, to be accompanied by a fine which may
extend to Rs. 10,00,000 (Rupees ten lac) and in the event of second or
subsequent conviction, imprisonment of either description for a term which may
extend to 7 (seven) years and also with fine which may extend to Rs. 10,00,000
(Rupees ten lac).
Indian Penal Code, 1980
Identity thefts and associated cyber frauds are embodied in the Indian Penal
Code (IPC), 1860 - invoked along with the Information Technology Act of 2000.
The primary relevant section of the IPC covers cyber frauds:
- Forgery (Section 464)
- Forgery pre-planned for cheating (Section 468)
- False documentation (Section 465)
- Presenting a forged document as genuine (Section 471)
- Reputation damage (Section 469)
Companies Act of 2013
The corporate stakeholders refer to the Companies Act of 2013 as the legal
obligation necessary for the refinement of daily operations. The directives of
this Act lay down all the required techno-legal compliances, putting the less
compliant companies in a legal fix.
The Companies Act 2013 vested powers in the hands of the SFIO (Serious Frauds
Investigation Office) to prosecute Indian companies and their directors. Also,
post the notification of the Companies Inspection, Investment, and Inquiry
Rules, 2014, SFIOs has become even more proactive and stern in this regard.
The legislature ensured that all the regulatory compliances are well-covered,
including cyber forensics, e-discovery, and cybersecurity diligence. The
Companies (Management and Administration) Rules, 2014 prescribes strict
guidelines confirming the cybersecurity obligations and responsibilities upon
the company directors and leaders.
The Cybersecurity Framework (NCFS), authorized by the National Institute of
Standards and Technology (NIST), offers a harmonized approach to cybersecurity
as the most reliable global certifying body. NIST Cybersecurity Framework
encompasses all required guidelines, standards, and best practices to manage the
cyber-related risks responsibly.
This framework is prioritized on flexibility and cost-effectiveness.
the resilience and protection of critical infrastructure by:
- Allowing better interpretation, management, and reduction of cybersecurity risks – to mitigate data loss, data misuse, and the subsequent
- Determining the most important activities and critical operations - to
focus on securing them
- Demonstrates the trust-worthiness of organizations who secure critical
- Helps to prioritize investments to maximize the cybersecurity ROI
Addresses regulatory and contractual obligations
- Supports the wider information security program By combining the NIST
CSF framework with ISO/IEC 27001 - cybersecurity risk management becomes
- It also makes communication easier throughout the organization and
across the supply chains via a common cybersecurity directive laid by NIST.
Latest Cyber Crime Incidents
- Air India Data Breach:
A cyber-attack on the servers of national carrier Air India resulted in a
massive data breach on Friday and affected around 4.5 million customers of
the airline. Details, including passport and credit card information of
these passengers, were compromised in the attack
- Harris Federation:
In March 2021, the London-based Harris Federation
suffered a ransomware attack and was forced to temporarily disable the devices
and email systems of all the 50 secondary and primary academies it manages. This
resulted in over 37,000 students being unable to access their coursework and
- Cyber gangsters demand payment from Travelex after Sodinokibi attack:
Foreign exchange company Travelex faced demands for payment to decrypt critical
computer files after it was hit by one of the most sophisticated ransomware
attacks, known as Sodinokibi, which disabled its IT systems on New Year's Eve.
According to security specialists, criminals are demanding a six-figure sum to
supply Travelex with decryption tools that will allow it to recover the contents
of files across its computer network that have been encrypted by the virus.
- Cyber gangsters hit UK medical firm poised for work on coronavirus with
Maze ransomware attack:
Cyber gangsters attacked the computer systems of a
medical research company on standby to carry out trials of a possible future
vaccine for the Covid-19 coronavirus. The Maze ransomware group attacked the
computer systems of Hammersmith Medicines Research, publishing personal details
of thousands of former patients after the company declined to pay a ransom.
- UIDAI Aadhaar Software Hacked:
1.1 billion Indian Aadhaar card details
were leaked and this is one of the massive data breaches that happened in 2018.
UIDAI released the official notification about this data breach and mentioned
that around 210 Indian Government websites were hacked. This data breach
included Aadhar, PAN, bank account IFSC codes, and other personal information of
the users and anonymous sellers were selling Aadhaar information for Rs. 500
over Whatsapp. Also, one could get an Aadhaar card printout for just Rs.300.
The increasing no. of cyber attacks have created a serious problem which needs
immediate global attention. The Indian IT Act was last amended in 2008 after
which technology has progresses by leaps and bounds. It is imperative that law
stays afoot with the changing technological advancements. Cyber terrorism is a
global concern and the damage that can be harnessed from a single global
incident would be irreplaceable.
Considering the ramifications of a lax system, the law must be continuously
amended and new laws must be introduced to keep up with the crimes of the modern
world. The volume of these attacks is also fed by the increased employment, lost
job security due to the pandemic and the financial strain due to the volatile
- Avtar Singh Vs. State Of Punjab - Supreme Court Of India (From: Punjab &
Haryana) - August 25, 1964.
- Casemine: 'J. Yashoda v. K. Shobha Rani'