Festive Banner
Festive Banner

Cyber Crimes And Their Solutions In India

Published on 03 Jun 2017 by Team

Practically every day, a new high-profile security breach is reported in the media, revealing the latest distributed denial of service (DDoS), advanced persistent threat (APT) or whatever else it may be that has compromised the data of customers and employees at large organisations. 

But beyond the high-profile attack at large companies, there are hundreds or even thousands of cyber attacks carried out every single day that will not be reported by the media – or, in most cases, the victim. Whether these attacks are carried out on businesses, public sector organisations or entire nations- for reasons of activism, monetary gain or warfare – something needs to change how they are combated. 

Successful attacks on some of the largest and most resourceful organisations in the world are leading a growing number of companies to the same brutal conclusion: no amount of investment in the latest and greatest information security solutions can keep them protected. The hackers, for several years now, have constantly remained one step ahead of security vendors and their solutions.

Types of Cyber Crime

1. Hacking

Hacking is an act performed by an intruder by accessing your computer system without your permission. Hackers are basically computer programmers, who have an advanced understanding of computers and commonly misuse this knowledge for devious reasons. They’re usually technology buffs who have expert-level skills in one particular software program or language. As for motives, there could be several, but the most common are pretty simple and can be explained by a human tendency such as greed, fame, power, etc. Some people do it purely to show-off their expertise- ranging from relatively harmless activities such as modifying the software (and even hardware) to carry out tasks that are outside the creator’s intent, others just want to cause destruction.

1.2 Virus Attacks

Viruses are computer programs that attach themselves to or infect a system or file and have a tendency to circulate to other computers on a network. They disrupt the computer operation and affect the data stored – either by modifying it or by deleting it altogether. “Worms” unlike viruses don’t need a host to cling on to. They merely replicate until they eat up all available memory in the system. The term “worm” is sometimes used to mean self-replicating “malware”.

They masquerade as a legitimate file, such as an email attachment from a supposed friend with a very believable name, and don’t disseminate themselves. The user can also unknowingly install a Trojan-infected program via drive-by downloads when visiting a website, playing online games or using internet-driven applications. A Trojan horse can cause damage similar to other viruses, such as steal information or hamper/disrupt the functioning of computer systems.

1.3 Malware From the Internet

Malware from the Internet is obtained either by downloading free programs (which small-business owners often use) or by browsing the Web with a vulnerable computer. Think your computer isn't vulnerable? If you have ever declined to update Java for any period of time, your computer was probably vulnerable to cyber attack.

Once malware downloads onto the computer from one of these two sources, your computer may now be controlled by a billion-dollar crime industry. These crime organizations sell access to your computer, data acquired from it (credit cards, passwords, SS numbers, email addresses, proprietary company information, addresses, bank account information, access to your bank account, etc.) and they can even lock down your computer to ransom it. They can end up leaving you absolutely helpless by encrypting the data or restricting access and requiring you to pay hundreds of dollars with a MoneyPak card.

1.4 Malware From Email

Crime organizations obtain email lists and send emails that appear to be from legitimate domains and from legitimate companies. Why is this form of attack so successful? Because if you get an email from let's say Flipkart or Amazon about the details of your tracking information or shipped package, you would expect it to come from [email protected]

The fake emails actually come from the Flipkart domain, or so it appears. Crime organizations actually spoof the email to show the legitimate domain. Then they put together a very well-written email about the details of your package and persuade you to open an attachment or follow a link (as companies often request via email).

Emails for this type of attacks are hard to prevent at the moment and may typically appear from well-respected companies which would definitely make you want to check what it is all about. Hence the only real protection from this click-bait of sorts is good password practices and healthy internet practices which means never letting any devices save your password, changing passwords often, doing minimal transactions online and verifying each activity with a phone call or meeting in person. In effect actively fighting this malware is the only true safety net from maybe falling prey to it someday.

Punishment For Hacking And Damage

According to the Section: 43 of ‘Information Technology Act, 2000’ whoever destroys, deletes, alters and disrupts or causes disruption of any computer with the intention of damaging of the whole data of the computer system without the permission of the owner of the computer, shall be liable to pay fine upto 1 crore to the person so affected by way of remedy.

According to the Section:43A which is inserted by ‘Information Technology(Amendment) Act, 2008’ where a body corporate is maintaining and protecting the data of the persons as provided by the central government, if there is any negligent act or failure in protecting the data/ information then a body corporate shall be liable to pay compensation to person so affected. And Section 66 deals with ‘hacking with computer system’ and provides for imprisonment up to 3 years or fine, which may extend up to 2 years or both.

The contradiction here is that though certain viruses cause temporary interruption by showing messages on the screen of the user but still it’s not really punishable under Information Technology Act 2000 as it doesn’t cause tangible damage. But, it must be made punishable as it would fall under the ambit of ‘unauthorised access’ though doesn’t cause any damage. Harmless viruses would also fall under the expression used in the provision “to ensure the normal operation of the computer, system or network”. This ambiguity needs reconsideration.

2. Denial-of-Service attack

A Denial-of-Service (DoS) attack is an explicit attempt by attackers to deny service to intended users of that service. It involves flooding a computer resource with more requests than it can handle consuming its available bandwidth which results in server overload. This causes the resource (e.g. a web server) to crash or slow down significantly so that no one can access it. Using this technique, the attacker can render a website inoperable by sending massive amounts of traffic to the targeted site.

3. Phishing

This a technique of extracting confidential information such as credit card numbers and username password combos by masquerading as a legitimate enterprise. Phishing is typically carried out by email spoofing. You’ve probably received an email containing links to legitimate appearing websites. You probably found it suspicious and didn’t click the link. The malware would have installed itself on your computer and stolen private information.

The phishing fraud is an online fraud in which the fraudster disguise themselves and use false and fraudulent websites of the bank and other financial institutions, URL Links to deceive people into disclosing valuable personal data, later on, which is used to swindle money from victim account. Thus, essentially it is a cyber crime and it attracts many penal provisions of the Information Technology Act, 2000 as amended in 2008 adding some new provisions to deal with the phishing activity. The following Sections of the Information Technology Act, 2000 are applicable to the Phishing Activity:

Section 66: The account of the victim is compromised by the phisher which is not possible unless & until the fraudster fraudulently affects some changes by way of deletion or alteration of information/data electronically in the account of the victim residing in the bank server. Thus, this act is squarely covered and punishable u/s 66 IT Act.

Section 66A: The disguised email containing the fake link of the bank or organization is used to deceive or to mislead the recipient about the origin of such email and thus, it clearly attracts the provisions of Section 66A IT Act, 2000.

Section 66C: In the phishing email, the fraudster disguises himself as the real banker and uses the unique identifying feature of the bank or organization say Logo, trademark etc. and thus, clearly attracts the provision of Section 66C IT Act, 2000.

Section 66D: The fraudsters through the use of the phishing email containing the link to the fake website of the bank or organizations personate the Bank or financial institutions to cheat upon the innocent persons, thus the offence under Section 66D is attracted as well.

4. Email bombing and spamming

Email bombing is characterised by an abuser sending huge volumes of email to a target address resulting in victim’s email account or mail servers crashing. The message is meaningless and excessively long in order to consume network resources. If multiple accounts of a mail server are targeted, it may have a denial-of-service impact. Such mail arriving frequently in your inbox can be easily detected by spam filters.

5. Cyber stalking

Cyber stalking is a new form of internet crime in our society when a person is pursued or followed online. A cyber stalker doesn’t physically follow his victim; he does it virtually by following his online activity to harvest information about the stalkee and harass him or her and make threats using verbal intimidation. It’s an invasion of one’s online privacy.

Internet Stalking: Here the stalker harasses the victim via the internet. Unsolicited email is the most common way of threatening someone, and the stalker may even send obscene content and viruses by email. However, viruses and unsolicited telemarketing email alone do not constitute cyber stalking. But if an email is sent repeatedly in an attempt to intimidate the recipient, they may be considered as stalking. Internet stalking is not limited to email; stalkers can more comprehensively use the internet to harass the victims.

Computer Stalking: The more technologically advanced stalkers apply their computer skills to assist them with the crime. They gain unauthorised control of the victim’s computer by exploiting the working of the internet and the Windows operating system. Though this is usually done by proficient and computer savvy stalkers, instructions on how to accomplish this are easily available on the internet.

6. Identity Theft and Credit Card Fraud

Identity theft occurs when someone steals your identity and pretends to be you to access resources such as credit cards, bank accounts and other benefits in your name. The imposter may also use your identity to commit other crimes. “Credit card fraud” is a wide ranging term for crimes involving identity theft where the criminal uses your credit card to fund his transactions. Credit card fraud is identity theft in its simplest form. The most common case of credit card fraud is your pre-approved card falling into someone else’s hands.

7. Software Piracy

Thanks to the internet and torrents, you can find almost any movie, software or song from any origin for free. Internet piracy is an integral part of our lives which knowingly or unknowingly we all contribute to. This way, the profits of the resource developers are being cut down. It’s not just about using someone else’s intellectual property illegally but also passing it on to your friends further reducing the revenue they deserve. This affects the whole global economy as funds are relayed from other sectors which result in less investment in marketing and research.

9. Publishing Pornographic Material

Section 67 of the Information Technology Act, 2000 in parallel to Section 292 of Indian Penal Code, 1860 makes publication and transmission of any material in electronic that’s lascivious or appeals to the prurient interest a crime, and punishable with imprisonment which may extend to 5 years and fine of 1 lakh rupees and subsequent offence with an imprisonment extending to 10 years and fine of 2 lakhs.

Various tests were laid down gradually in course of time to determine the actual crime in case of obscene material published in electronic form on the net. Hicklin test was adopted in America in the case of Regina v. Hicklin wherein it was held that “if the material has a tendency to deprave and corrupt those whose minds are open to such immoral influences, and into whose hands a publication of this sort may fall”. In Indian scenario, the case of Ranjeet D. Udeshi v. State of Maharashtra the Supreme Court admitted that Indian Penal Code doesn’t define obscenity though it provides punishment for publication of obscene matter. There’s very thin line existing between a material which could be called obscene and the one which is artistic.

The following constitute software piracy:

  • Loading unlicensed software on your PC
  • Using single-licensed software on multiple computers
  • Using a key generator to circumvent copy protection

Cyber Crime- Investigations And Search Procedures

Section 75 of Information Technology Act, 2000 takes care of the jurisdictional aspect of cyber crimes, and one would be punished irrespective of his nationality and place of commission of the offence. Power of investigation is been given to police officer, not below the rank of Deputy Superintendent of police or any officer of the Central Government or a State Government authorised by Central Government. He may enter any public place, conduct a search and arrest without warrant person who is reasonably expected to have committed an offence or about to commit computer-related crime. Accused has to be produced before Magistrate within 24 hours of arrest. Provisions of Criminal Procedure Code, 1973 regulate the procedure of entry, search and arrest of the accused.

Some Noteworthy Provisions Of The Information Technology Act, 2000.

Sec.43 Damage to Computer system etc.
Sec.66 Hacking (with intent or knowledge)
Compensation for Rupees 1crore.
Fine of 2 lakh rupees, and imprisonment for 3 years.
Sec.67 Publication of obscene material in e-formFine of 1 lakh rupees, and imprisonment of 5years, and double conviction on second offence
Sec.68 Not complying with directions of controller
Sec.70 attempting or securing access to computer
Sec.72 For breaking confidentiality of the information of computer
Sec.73 Publishing false digital signatures, false in certain particulars
Sec.74 Publication of Digital Signatures for fraudulent purpose
Fine upto 2 lakh and imprisonment of 3 years.
Imprisonment upto 10 years.
Fine upto 1 lakh and imprisonment upto 2 years
Fine of 1 lakh, or imprisonment of 2 years or both.
Imprisonment for the term of 2 years and fine for 1 lakh rupees.

Steps every individual must take on a Personal Level to guard against cyber crimes

Actively Protect all your Personal Information

Exercise caution when sharing personal information such as your name, home address, phone number, and email address online. To take advantage of many online services, you will inevitably have to provide personal information in order to handle billing and shipping of purchased goods. Since not divulging any personal information is rarely possible, the following list contains some advice on how to share personal information safely online: 

  • Keep an eye out for phoney email messages-Things that indicate a message may be fraudulent are misspellings, poor grammar, odd phrasings, Web site addresses with strange extensions, Web site addresses that are entirely numbers where there are normal words, and anything else out of the ordinary. Additionally, phishing messages will often tell you that you have to act quickly to keep your account open, update your security, or urge you to provide information immediately or else something bad will happen. Don't take the bait.
  • Don't respond to email messages that ask for personal information- Legitimate companies will not use email messages to ask for your personal information. When in doubt, contact the company by phone or by typing in the company Web address into your Web browser. Don't click on the links in these messages as they make take you to a fraudulent, malicious Web site.
  • Steer clear of fraudulent Web sites used to steal personal information- When visiting a Web site, type the address (URL) directly into the Web browser rather than following a link within an email or instant message. Fraudsters often forge these links to make them look convincing. A shopping, banking or any other Web site where sensitive information should have an "S" after the letters "http" (i.e. https://www.yourbank.com not http://www.yourbank.com)/. The "s" stands for secure and should appear when you are in an area requesting you to login or provide other sensitive data. Another sign that you have a secure connection is the small lock icon in the bottom of your web browser (usually the right-hand corner).
  • Pay attention to privacy policies on Web sites and in software- It is important to understand how an organization might collect and use your personal information before you share it with them.
  • Guard your email address- Spammers and phishers sometimes send millions of messages to email addresses that may or may not exist in hopes of finding a potential victim. Responding to these messages or even downloading images ensures you will be added to their lists for more of the same messages in the future. Also be careful when posting your email address online in newsgroups, blogs or online communities.
  • Strong Passwords- use a combination of letters, numbers, and special characters to create a mental image or an acronym that is easy for you to remember. Create a different password for each important account, and change passwords regularly.

Brief Guide to Online Protection software-

Security software essentials include firewall and antivirus programs. A firewall is usually your computer's first line of defence- it controls who and what can communicate with your computer online. You could think of a firewall as a sort of "policeman" that watches all the data attempting to flow in and out of your computer on the Internet, allowing communications that it knows are safe and blocking "bad" traffic such as attacks from ever reaching your computer. 

The next line of defence many times is your antivirus software, which monitors all online activities such as email messages and Web browsing and protects an individual from viruses, worms, Trojan horse and other types malicious programs. More recent versions of antivirus programs, such as Norton AntiVirus, also protect from spyware and potentially unwanted programs such as adware. Having security software that gives you control over software you may not want and protects you from online threats is essential to staying safe on the Internet. Your antivirus and antispyware software should be configured to update itself, and it should do so every time you connect to the Internet.

Legistify connects you with the best lawyers in India and top Chartered Accountants in India with simple telephonic conversation or email. Call us at 846-883-3013 or send us an email at [email protected] to get started.

Top Legal Queries

Get answers from the best experts within minutes!

Most Consulted Advocates

Choose from our most consulted lawyers across India and get instant legal advice.

Top Consulted Advocates

Choose from our most consulted lawyers across India and get instant legal advice.


© Legistify Services Pvt. Ltd.