The Covid-19 pandemic has been at the center of the world's priorities since 2020 but another inconspicuous pandemic has crept its way and penetrated the world- the pandemic of cybercrimes. With a rampant growth in the number of technology users, the incidents of cyber crimes have increased significantly, now surmounting to $6 trillion in damages.

Every day someone's privacy is intruded, their accounts are hacked, emptied, businesses and various organizations lose their databases exposing their customer data leaving a toxic trail behind.
Cyber Crimes refer to the crimes which revolve around technology and computers.

The computer can be the target or the perpetrator. The word "cyber" is slang for anything relating to computers, information technology, internet and virtual reality. Therefore, "cyber-crimes" are offences relating to computers, information technology, internet and virtual reality.

The Information Technology Act, 2000 ("IT Act") and the Indian Penal Code, 1860 ("IPC") provide guidelines and statutes for cybercrimes. Unsurprisingly, there are many provisions in the IPC and the IT Act that overlap with each other.

According to Kaspersky's telemetry, when the world went into lockdown in March 2020, the total number of bruteforce attacks against remote desktop protocol (RDP) jumped from 93.1 million worldwide in February 2020 to 277.4 million 2020 in March—a 197 per cent increase. The numbers in India went from 1.3 million in February 2020 to 3.3 million in March 2020. In July 2020, India recorded its highest number of attacks at 4.5 million.

In February 2021-nearly one year from the start of the pandemic—there were 377.5 million brute-force attacks—a far cry from the 93.1 million witnessed at the beginning of 2020. India alone witnessed 9.04 million attacks in February 2021. The total number of attacks recorded in India during Jan & Feb 2021 was around 15 million.

More than one in two Indian adults (59 per cent) experienced cybercrime in the last 12 months, as seven in 10 Indian adults (among those surveyed) believed that remote work has made it much easier for hackers and cybercriminals to take advantage of them.

More than 27 million Indian adults experienced identity theft in the past 12 months and 52 per cent of Indian adults admitted they don't know how to protect themselves from cybercrime, according to the '2021 Norton Cyber Safety Insights Report,' by NortonLifeLock.

The main issue behind the rising cybercrimes is the difficulty to track them or even if tracked it is nearly impossible to recover the damages caused to the victim. John F. Kennedy once said that:
Change is the law of life and those who look only to the past or present are certain to miss the future.
Evidently, this is the plight of our legal system, we focus on cure rather than prevention. Technology is advancing at an exponential pace and the law should be one step ahead instead of sitting in an abyss waiting for something at the scale of global or political catastrophe to take place.

History of Cyber Laws in India

The United Nations Commission on International Trade Law embraced the model law on e-Commerce to spearhead legal uniformity globally in 1996. The General Assembly of the UN-endorsed this model law as the backbone of the cyber laws of different countries. Soon, India became the 12th country to legitimize cyber regulations.

The initial draft was then created by the eCommerce Act led by the Ministry of Commerce in 1998; the revised Information Technology Bill was passed in May 2000. This Act intricately traced each trifling activity or transaction on the internet, cyberspace, and the World Wide Web. Each minuscule action, as well as its reaction in the global cyberspace, imposed severe legal implications and penalty angles.

The Act swiftly amended the traditionally-set Indian Penal Code 1860, the Bankers' Books Evidence Act 1891, the Indian Evidence Act 1872, and the Reserve Bank of India Act 1934. These amends aimed to tone up all electronic transactions/communications bringing them under the radar by granting strict legal recognition.

Information Technology Act, 2000

The Information Technology Act, 2000 enacted by the Parliament of India, highlights the grievous punishments and penalties safeguarding the e-governance, e-banking, and e-commerce sectors. Now, the scope of ITA has been enhanced to encompass all the latest communication devices.

The most important provisions of the Act are listed below:

Hacking and Data Theft

1. Section 43:
   Applicable to people who damage the computer systems without permission from the owner. The owner can fully claim compensation for the entire damage in such cases. This section was applied in Avtar Singh V. State of Punjab.
    
2. Section 43(h):
   Section 43(h) read with section 66 of the IT Act penalises an individual who charges the services availed of by a person to the account of another person by tampering with or manipulating any computer, computer system, or computer network. A person who tampers with the computer system of an electricity supplier and causes his neighbour to pay for his electricity consumption would fall under the aforesaid section 43(h) of the IT Act.
    
3. Section 65:
   Section 65 of the IT Act prescribes punishment for tampering with computer source documents and provides that any person who knowingly or intentionally conceals, destroys or alters or intentionally or knowingly causes another to conceal, destroy, or alter any computer source code (i.e. a listing of programmes, computer commands, design and layout and programme analysis of computer resource in any form) used for a computer, computer programme, computer system or computer network, when the computer source code is required to be kept or maintained by law for the time being in force, shall be punishable with imprisonment for up to 3 (three) years or with a fine which may extend to Rs. 3,00,000 (Rupees lac) or with both. ' J. Yashoda v. K. Shobha Rani' case used this section.
    
4. Section 66:
   Applicable in case a person is found to dishonestly or fraudulently committing any act referred to in section 43. The imprisonment term in such instances can mount up to three years or a fine of up to Rs. 5 lakh.

Receipt of Stolen Property

• Section 66B:
  Incorporates the punishments for fraudulently receiving stolen communication devices or computers, which confirms a probable three years imprisonment. This term can also be topped by Rs. 1 lakh fine, depending upon the severity.

Identity Theft and cheating by personation

1. Section 66C:
   This section scrutinizes the identity thefts related to imposter digital signatures, hacking passwords, or other distinctive identification features. If proven guilty, imprisonment of three years might also be backed by Rs.1 lakh fine.
    
2. Section 66 D:
   This section was inserted on-demand, focusing on punishing cheaters doing impersonation using computer resources.

Violation of Privacy

• Section 66E:
  It prescribes punishment for violation of privacy and provides that any person who intentionally or knowingly captures, publishes or transmits the image of a private area of any person without his or her consent, under circumstances violating the privacy of that person, shall be punished with imprisonment which may extend to 3 (three) years or with fine not exceeding Rs. 2,00,000 (Rupees two lac) or with both.

Cyber Terrorism

• Section 66F:
  It prescribes punishment for cyber terrorism. Whoever, with intent to threaten the unity, integrity, security or sovereignty of India or to strike terror in the people or any section of the people, denies or causes the denial of access to any person authorized to access a computer resource, or attempts to penetrate or access a computer resource without authorisation or exceeding authorised access, or introduces or causes the introduction of any computer contaminant, and by means of such conduct causes or is likely to cause death or injuries to persons or damage to or destruction of property or disrupts or knowing that it is likely to cause damage or disruption of supplies or services essential to the life of the community or adversely affect critical information infrastructure, is guilty of 'cyber terrorism'.

Obscenity

1. Sections 67:
   This section deals with the publisher or transmitter of any obscene content or material sexual or otherwise in nature. The punishment prescribed for an offence under section 67 of the IT Act is, on the first conviction, imprisonment of either description for a term which may extend to 3 (three) years, to be accompanied by a fine which may extend to Rs. 5,00,000 (Rupees five lac), and in the event of a second or subsequent conviction, imprisonment of either description for a term which may extend to 5 (five) years, to be accompanied by a fine which may extend to Rs. 10,00,000 (Rupees ten lac).
    
2. Section 67A:
   Whoever, publishes or transmits or causes to be published or transmitted in the electronic form, any material which contains sexually explicit act or conduct, shall be punished on first conviction with imprisonment of either description for a term which may extend to five years and with fine which may extend to Rs 10 lakhs and in the event of second or subsequent conviction with imprisonment of either description for a term which may extend to seven years and also with fine which may extend to Rs 10 lakhs.
    
3. Section 67B:
   It extends and lays down guidelines and punishment for the publisher and transmitter of any lascivious content including children. This includes facilitating child abuse, enticing children to online relationship with one or more children in a sexually explicit act and context text or images depicting the same. Under this section, imprisonment of either description for a term which may extend to 5 (five) years, to be accompanied by a fine which may extend to Rs. 10,00,000 (Rupees ten lac) and in the event of second or subsequent conviction, imprisonment of either description for a term which may extend to 7 (seven) years and also with fine which may extend to Rs. 10,00,000 (Rupees ten lac).

Indian Penal Code, 1980

Identity thefts and associated cyber frauds are embodied in the Indian Penal Code (IPC), 1860 - invoked along with the Information Technology Act of 2000.

The primary relevant section of the IPC covers cyber frauds:

• Forgery (Section 464)
• Forgery pre-planned for cheating (Section 468)
• False documentation (Section 465)
• Presenting a forged document as genuine (Section 471)
• Reputation damage (Section 469)

Companies Act of 2013

The corporate stakeholders refer to the Companies Act of 2013 as the legal obligation necessary for the refinement of daily operations. The directives of this Act lay down all the required techno-legal compliances, putting the less compliant companies in a legal fix.

The Companies Act 2013 vested powers in the hands of the SFIO (Serious Frauds Investigation Office) to prosecute Indian companies and their directors. Also, post the notification of the Companies Inspection, Investment, and Inquiry Rules, 2014, SFIOs has become even more proactive and stern in this regard.

The legislature ensured that all the regulatory compliances are well-covered, including cyber forensics, e-discovery, and cybersecurity diligence. The Companies (Management and Administration) Rules, 2014 prescribes strict guidelines confirming the cybersecurity obligations and responsibilities upon the company directors and leaders.

NIST Compliance

The Cybersecurity Framework (NCFS), authorized by the National Institute of Standards and Technology (NIST), offers a harmonized approach to cybersecurity as the most reliable global certifying body. NIST Cybersecurity Framework encompasses all required guidelines, standards, and best practices to manage the cyber-related risks responsibly.

This framework is prioritized on flexibility and cost-effectiveness.

It promotes the resilience and protection of critical infrastructure by:

• Allowing better interpretation, management, and reduction of cybersecurity risks – to mitigate data loss, data misuse, and the subsequent restoration costs
• Determining the most important activities and critical operations - to focus on securing them
• Demonstrates the trust-worthiness of organizations who secure critical assets
• Helps to prioritize investments to maximize the cybersecurity ROI Addresses regulatory and contractual obligations
• Supports the wider information security program By combining the NIST CSF framework with ISO/IEC 27001 - cybersecurity risk management becomes simplified.
• It also makes communication easier throughout the organization and across the supply chains via a common cybersecurity directive laid by NIST.

Latest Cyber Crime Incidents

1. Air India Data Breach:
   A cyber-attack on the servers of national carrier Air India resulted in a massive data breach on Friday and affected around 4.5 million customers of the airline. Details, including passport and credit card information of these passengers, were compromised in the attack
    
2. Harris Federation:
   In March 2021, the London-based Harris Federation suffered a ransomware attack and was forced to temporarily disable the devices and email systems of all the 50 secondary and primary academies it manages. This resulted in over 37,000 students being unable to access their coursework and correspondence.
    
3. Cyber gangsters demand payment from Travelex after Sodinokibi attack:
   Foreign exchange company Travelex faced demands for payment to decrypt critical computer files after it was hit by one of the most sophisticated ransomware attacks, known as Sodinokibi, which disabled its IT systems on New Year's Eve. According to security specialists, criminals are demanding a six-figure sum to supply Travelex with decryption tools that will allow it to recover the contents of files across its computer network that have been encrypted by the virus.
    
4. Cyber gangsters hit UK medical firm poised for work on coronavirus with Maze ransomware attack:
   Cyber gangsters attacked the computer systems of a medical research company on standby to carry out trials of a possible future vaccine for the Covid-19 coronavirus. The Maze ransomware group attacked the computer systems of Hammersmith Medicines Research, publishing personal details of thousands of former patients after the company declined to pay a ransom.
    
5. UIDAI Aadhaar Software Hacked:
   1.1 billion Indian Aadhaar card details were leaked and this is one of the massive data breaches that happened in 2018. UIDAI released the official notification about this data breach and mentioned that around 210 Indian Government websites were hacked. This data breach included Aadhar, PAN, bank account IFSC codes, and other personal information of the users and anonymous sellers were selling Aadhaar information for Rs. 500 over Whatsapp. Also, one could get an Aadhaar card printout for just Rs.300.

Conclusion
The increasing no. of cyber attacks have created a serious problem which needs immediate global attention. The Indian IT Act was last amended in 2008 after which technology has progresses by leaps and bounds. It is imperative that law stays afoot with the changing technological advancements. Cyber terrorism is a global concern and the damage that can be harnessed from a single global incident would be irreplaceable.

Considering the ramifications of a lax system, the law must be continuously amended and new laws must be introduced to keep up with the crimes of the modern world. The volume of these attacks is also fed by the increased employment, lost job security due to the pandemic and the financial strain due to the volatile financial markets.

References:

• https://www.business-standard.com/article/technology/india-becomes-favourite-destination-for-cyber-criminals-amid-covid-19-121040501218
• https://www.computerweekly.com/news/252493515/Top-10-cyber-crime-stories-of-2020
• https://www.livelaw.in/tags/Cyber%20Crimes
• https://indiankanoon.org/doc/176300164/
• https://www.business-standard.com/article/current-affairs/one-in-two-indian-adults-fell-prey-to-cybercrime-in-last-12-months-report-121041900177_1.html
• Avtar Singh Vs. State Of Punjab - Supreme Court Of India (From: Punjab & Haryana) - August 25, 1964.
• Casemine: 'J. Yashoda v. K. Shobha Rani'
• https://www.mondaq.com/india/it-and-internet/891738/cyber-crimes-under-the-ipc-and-it-act--an-uneasy-co-existence
• https://www.appknox.com/blog/cybersecurity-laws-in-india
• https://securityboulevard.com/2021/04/10-major-cyber-attacks-witnessed-globally-in-q1-2021/