Menu
right, advocacy, lex

Cybercrime and Cyberterrorism through the legal perspective

Publications, Research paper

Abstract

Cybercrime is a heinous act of breach of privacy and online harassment of the victim by the criminal. With the advancement of technology, it is impossible to run daily life smoothly without the use of the internet, and we are bound to rely on it for work but as we know development comes with a price, and victims of cybercrime pay it virtually. It does not only harm financially but also causes emotional injury as one can deprive respect in society. It not only involves piracy, breach of privacy, and stealing of documents and information but also indulges sexual harassment, pornography, blackmail, and harassment. With the increase in business and individual work, cybercrimes are rising at an alarming rate because of the rapid increase in the use of technology. Cybercrime is a disruptive threat today and their process of crime commitment is adapting new advanced methods. Cybercrime is not only a social problem in the general sense, it is also a legal issue. Then how does the judiciary combat this burning issue? Here’s how Information Technology Act’s legal provisions play a vital role. The Information Technology Act, of 2000 and the Indian Penal Code, of 1860[1] cover categories of Cyber offenses and their related issues. These work to regulate such cyber activities that violate the rights of a user. The scholar attempts to explain cybercrime and cyberterrorism, how they are different, the motive behind and the categories of such crimes, legal actions and provisions to combat such crimes, elaboration with a few case citations, remedies, and some suggestions as possible precautions. This paper attempts to give its readers a vast knowledge of cybercrime and cyberterrorism through the legal spectrum.

Keyword- cybercrime, cyberterrorism, breach of rights, virtual crime, legal provisions.

Introduction

The term ‘cybercrime’ refers to all the illegal criminal acts performed through a computer or computer network[2] using technology components, cyberspace, World Wide Web (WWW), and the internet to threaten and attack someone’s security, privacy, or finances. There are various forms of cybercrimes like cyberterrorism, cyber extortion, file sharing and piracy, cyber warfare, obscene or offensive content, sabotage, ad fraud, online harassment, and trafficking[3]. Cybercrimes are not only carried out by an individual but also by organizations using advanced technology and skills. This form of crime is quite different and unusual as it does not take place in a physical mode rather it’s a virtual offense involving fundamental breaches of privacy to personal information, assaults on the integrity of information, and blackmail.

Cyberterrorism is a form of cybercrime with a basic difference in the objective of the attack. They usually do not do so for money rather their plan is devastating with uglier motives and broader and maximum impacts on critical infrastructure. Vandalism, circulating propaganda, data collection, attacks to shut down systems, and damages to equipment are a few known methods they use to intrude into systems and perform espionage. It’s no less than terrorism as its main motive is infiltration into the system where it can attack and cause violence and damage. Sometimes these hackers work collaboratively with terrorist organizations to fulfill their political agenda.[4]

There are three major categories of cybercrime. Those are as under:

  1. Cybercrime against the individual- This illegal act by the wrongdoer is carried out against a particular individual targeted like online stalking, distributing pornography or personal information, or trafficking.
  2. Cybercrime against the government- This form of crime is though least committed but is regarded as the most heinous and serious and such crime is referred to as cyberterrorism. Cyberterrorism includes hacking government or military websites
  3. Cybercrime against property- Through this mode of cybercrime, a criminal gets access to an individual’s bank accounts and credit card details by fraud. Such criminals aim for access to confidential information or bank details of the target.

Research Methodology

The present study is descriptive. Both quantitative and qualitative have been used for this research. This study is mainly based on secondary sources for the deep analysis of cybercrime from a legal perspective. Secondary sources of information like websites, articles, journals, and books have been used. Efforts have been put to combine the suitably tabulated data in a way that makes the information way more useful.

Review of literature

Cybercrime is a rising and trending topic deliberated by many people with different perspectives on its subjects and popping up from various angles. It has adapted changes and improvements compared to the conservative crimes intimidating national security to the technologically developed countries. Cyber attacks are more frequent, sophisticated, and widespread. “Cybercrime is any illegal act perpetrated in, on, or through the internet with the intent to cheat, defraud or cause the malfunction of the network device, which may include a computer, a phone, etc” stated Professor Augustine Odinma. Crime as is perceived at this dispensation is a fundamental part of our daily lifestyle. Crime is concomitant with carnage and destruction both intellectually or by communal judgment. Major General Umo states that cybercrime, cyber terrorism, online warfare, and security threats are all the same because cyber offense against an individual or group is the same as a war on the target of the crime. 

The reason behind instances of cybercrimes

The motive behind this could be justified in two narratives,

  1. As an easy way to make money where the criminals target bank accounts, financial firms, and big financial holders or through blackmail.
  2. A criminal mind, a psychopath who feels pleasure in harassing people online or takes it as a fun activity. These criminals mainly attack by circulating pictures, obscene materials, pornography, and things that would harass the victim.

The reason for which such criminals choose online and computers to commit crimes is because there are many possibilities of breach of authority due to complex technology which also helps the criminal to store data in comparatively small space. As the devices operate through codes, the hackers take advantage of such mistakes and loopholes in code generation and such negligence favors them. Lastly, data can be easily destroyed and loss of evidence paralyzes the system behind the investigation giving the hackers a boost of confidence.

Cybercrime laws in India

India have extremely extensive use of the internet and cyber laws are crucial. India’s cyber laws that govern and regulate have helped the country to flourish by safeguarding maximum connectivity and minimizing security threats. The system incorporated in Cyberlaw legally handles and manages all the matters related to cyberspace and information technology to prevent such crimes. The Computer Fraud and Abuse Act, of 1986 was the first cyber law that was enacted to deal with these virtual offenses and handle such crimes and criminals. The following are a few other cybercrime laws[5]

  • Information Technology Act, 2000

Indian Parliament approved and passed this act with the objective to recognize transactions done through electronic data exchange or any other electronic communication. It also highlights the penalties and legal sanctions of such crimes. The important provisions of this act are-

  1. Section 43: This section applies to the criminal who damages the computer of the victim without consent and makes the victim eligible for a full payback for the harm caused. In the case, Poona Auto Ancillaries Pvt. Ltd., Pune v. Punjab National Bank, HO New Delhi & Others (2018), a dodger transferred Rs. 80.10 lakhs from Matharu’s account at Punjab National Bank, Pune after he responded to a phishing email. Rajesh Aggarwal of Maharashtra’s IT department ordered Punjab National Bank to pay 45 lakhs to Manmohan Singh Matharu who is an MD of a Pune-based firm named Poona Auto Ancillaries.
  2. Section 66: This section applies to any conduct that is dishonest or fraudulent and as a penalty, imprisonment can be imposed for up to 3 years or a fine of Rs 5 lakhs or both imprisonment and fine.

In the case of Kumar vs. Whiteley (1991), through unauthorized access, the accused infiltrated to the Joint Academic Network and tampered with the files and documents. As a result of the investigation, he was found guilty and the Magistrate ordered him to go to a rigorous One-year imprisonment with a fine of Rs. 5000 as per stated in  Section 420 of the Indian Penal Code, 1860, and Section 66 of the Information Technology Act, 2000.

  1. Section 66B: This section applies when someone receives stolen devices or computers fraudulently. On confirmation of the crime, imprisonment of up to 3 years or a fine of up to 1 lakh may be imposed on the criminal as the penalty for the offense.
  2. Section 66C: It applies to the criminal who is guilty of having stolen or hacked a signature, password, or identity, and as a penalty, 3 years imprisonment and a 1 lakh fine can be imposed.
  3. Section 66D: This section is applicable in case someone cheats by personation through the use of computer devices and on confirmation of the crime, 3 years of  imprisonment and up to 1 lakh fine can be imposed.
  4. Section 66 E: Under this section publishing or taking pictures without someone’s consent is a breach of its privacy and if found blameworthy,  3 years imprisonment and  2 lakhs fine may be imposed.
  5. Section 66F: This section is liable to cyber offenses that involve the publishing of obscene materials. The convict is accountable for up to 5 years of rigorous imprisoned and up to 10 lakhs fine.
  6. Indian Penal Code, 1860

The identity of thefts and associated cyber frauds are embodied in this code with the following primary relevant sections-

  1. Section 292: This section deals with the crime related to the sale of obscene materials, erotic, foul-mouthed, bawdy, or any such thing that sexually exploits children that are either produced and published or electronically transmitted or circulated. 2 years of rigorous imprisonment and Rs. 2000 fine shall be imposed on the culprit as penalty and for the repeat offenders of the crime, up to 5 years of imprisonment and up to Rs. 5000 fine may be charged.
  2. Section 354C: This section is applicable when there is a breach of privacy by producing or publishing pictures of private parts, pudenda, or such activity of a woman that may harm her reputation without consent or permission. It elaborates on surveillance as it includes watching a woman’s copulation or intimate video as a crime and as a penalty, offenders may face 3 years of rigorous imprisonment and for a repeat of the offense, 7 years of imprisonment.
  3. Section 354D: This section holds physical and cyberstalking as an offense and punishable with imprisonment or fine or both and for a repeat of the offense 5 years imprisonment with a fine.

In the case of Kalandi Charan Lenka v. the State of Odisha (2017), the victim received a series of indecent and bawdy messages and emails from an unrecognized number and a fake Facebook account that had her morphed images and these damaged her reputation. On investigation and interrogation, the accused was found prima facie guilty of the cyberstalking charges by the High Court.

  1. Section 379: This section is applicable for theft involving the hijacking of electronic devices, data, or computers stolen with up to 3 years of rigorous imprisonment with an additional fine as punishment.
  2. Section 420: This section imposes 7 years of imprisonment in addition to a fine on cybercriminals for delivery of property by cheating, dishonesty, fraud, or fake website.
  3. Section 463: This section imposes 7 years of rigorous imprisonment and/or fine for spoofing emails, or falsifying documents or records by using electronic methods.
  4. Section 465: This section deals with forgery, spoofing of email, and preparation of incorrect and untrue documents imposing imprisonment ranging up to 2 years, fine, or both.
  5. Section 468: This section not only punishes email spoofing but also imposes imprisonment for 7 years for committing fraud intentionally to cheat.
  6. Information Technology Rules

This rule mandates social media platforms in the broader aspect to exercise greater diligence concerning the content on such social media platforms. The following are a few aspects of data collection, processing, and transmission as covered by this Information Technology Act-

  1. The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011[6] states about maintaining certain security standards prescribed to protect an individual’s sensitive personal information.
  2. The Information Technology (Guidelines for Intermediaries and Digital Media Ethics Code) Rules, 2021 were formulated to prevent the harmful transmission of content and to govern the role of intermediaries, these rules were made.
  3. According to the Information Technology (Guidelines for Cyber Cafe) Rules, 2011, cybercafes need to officially list and appropriately maintain records of end users’ identity and internet utilization.
  4. Through the Information Technology (Electronic Service Delivery) Rules, 2011, the government has the authority to deliver certain acts of assistance like applications, authentications, and granting licenses and certificates.
  5. Information Technology (The Indian Computer Emergency Response Team and Manner of Performing Functions and Duties) Rules, 2013 (the CERT-In Rules) provides a 24-hour help desk. Victims can report their incidents of cybersecurity and require all the intermediaries to disclose the relevant information about such cybersecurity incidents.
  6. Companies Act, 2013

Corporate workers and stakeholders find this act to be most pertinent for it manages its operations properly.As a part of this act,SFIO (Serious Fraud Investigation Office) is entitled to the authority to inquire into and litigate heinous offenses perpetrated by the company or its board members.

  • Cybersecurity Framework (NCFS)

The National Institute of Standards and Technology has approved the ‘Cybersecurity Framework’ as the most credible global body of certification as an incredible framework for the cybercrime approach. It considers pliability and accessibility  of paramount importance to aim at fostering, stimulating, and protecting infrastructure with the following methods-

  1. Understanding, managing, and reducing the related risks of cybercrime.
  2. Helps to prevent loss of data, misuse of information, and restoration cost.
  3. Recognition of censorious activities and functioning to be safe and secure.
  4. Providing confirmation of reliability to organizations for the protection of critical assets.
  5. By prioritizing investments, it optimizes the cybersecurity Return On Investment (ROI).
  6.  The regulatory and contractual requirements must be responded to.
  7. Assisting in the broad and wider statistics and data of the security program.

Cybercrime laws have much highlighting importance like-

  1. It helps to prosecute cyber abuse, online assaults and harassment, theft of records or documents, disruption in online working, and other cyber crimes effectively.
  2. It helps in the prosecution of those who undertake illegal activities with the use of the Internet.
  3. Action is taken against the accused based on his location and the way he is involved in the crime causing a violation of cyber law.
  4. As cybercrimes are beyond the reach of felonies, prosecuting or retracting the hackers is most important.
  5. The rules and laws are designed to address cyber-related threats and issues by protecting internet businesses and users from unwanted unauthorized access and malicious attacks.

Case Laws on Cybercrime

  1. Shreya Singhal v. Union of India (2015)[7]: Section 66A of the Information Technology Act, 2000 was imposed and the two women were taken into custody for objectionable social media posts regarding the shutdown of Mumbai after some political incident. Through the judgment, section 66A was struck down but Indian Penal Code was applicable.
  2. Shamsher Singh Verma v. State of Haryana (2015)[8]:  The Supreme Court ruled that Compact Disc is like a document and is admissible. There was no need to deny a document under Section 294(1) of the Code of Criminal Procedure, 1908.
  3. SMC Pneumatics (India) Pvt. Ltd. v. Jogesh Kwatra (2014)[9]:  was India’s first cyber defamation case where the Court passed an ex-parte ad interim injunction observing prima facie case had been made by the plaintiff.
  4. State of Tamil Nadu v. Suhas Katti (2004)[10]: This case which dealt with the posting of obscene, defamatory, and annoying messages about a divorcee is known to be the primary convict case according to  Section 67 of the Information Technology Act, 2000. Emails were forwarded to the victim who was being harassed through social media. The accused was convicted under Sections 469 and 509 of the Indian Penal Code, 1860, and Section 67 of the Information and Technology Act, 2000. He had to undergo 2 years of rigorous imprisonment and a Rs. 500 fine as per  Section 469 of the Indian Penal Code, 1860, and imprisonment of 1 year and a Rs 500 fine under Section 509 of the Indian Penal Code, 1860, and 2 years of rigorous imprisonment with a  fine of Rs 2000 as prescribed in Section 67 of the Information and Technology Act, 2000.

Suggestions

We need to establish multidimensional legal enforcement agencies in collaboration with the private and public sectors with the information technology industry, security organizations, and companies that deal with the Internet working to tackle cybercrime effectively. Since the usual methods cannot be used against cybercrimes, Cross-domain solutions can be the need of the hour. Through its unified system using software and hardware authenticating both manually and automatically would detect the transfer and access to information taking place. Since this works within specific security classification, it cannot reveal the user who is not a part of the security classification and so in that case, some adaptive precautions and steps can be taken as follows[11]

  1. Using a strong password with a combination of numeric, alphabets and symbols can make it a bit tough to crack,
  2. Keeping social media private could be helpful along with a two-step verification generated that enables one to keep a double check on one’s profile.
  3. Download apps from trusted sources as phones are vulnerable and their security is highly crucial. Mobile is a daily essential containing documents and bank account details, a breach of whose privacy can prove to be hell havoc for the victim.
  4. Encryptions can be used to secure the most sensitive files and documents.
  5. One must be cautious when giving personal details and information to someone over the Internet.
  6. Mobiles and other electronic gadgets like laptops and computers must also be kept updated with the latest security software.
  7.  Parents must keep a check on the online activity of their children.

Conclusion

Criminal behavior on the internet resulting in cybercrimes is one of the major challenges faced by countries with developed technologies. With the advancement of technology, the pattern of cybercrime is also leveling up with disturbing elements. The Internet is being used as a tool for the evil deed of the devils for filthy motives and financial gains. Since cyberspace is a difficult territory to deal with, crimes and grey activities cannot be governed by the usual law. Cyber laws need to be constantly reformed as crimes keep upgrading with the advancement of technology. Legal agencies are working to develop partnerships, forensic methods, and new ways to respond to such crimes to ensure the safety and security of internet usage. Cybercrimes are the reality checks of what is happening in the real world. For instance, the boy’s locker room case or the case of bulli bai is no exception. This is the need of the hour to take demanding steps along with the existing laws and rules. Digital literacy, the development of data security, and the enactment of laws to keep it updated with advancing technology are a few steps that can be taken. 

Name- Rukshat Taslim

College- Department of Law, Calcutta University

[1] Nikunj Arora, Cyber crime laws in India, IPLEADERS (Apr. 21, 2023, 15:21 PM), https://blog.ipleaders.in/cyber-crime-laws-in-india/ – :~:text=In%20India%2C%20cyber%20crimes%20are,cyber%20crimes%20and%20electronic%20commerce..

[2]Michael Aaron Dennis, The Editors of Encyclopaedia Britannica, (April 5, 2023, 4: 46 PM)

https://www.britannica.com/topic/cybercrime.

[3] Cybercrime (Apr. 17, 2023), WIKIPEDIA , https://en.wikipedia.org/wiki/Cybercrime.

[4] MacKinnon, L., Bacon, L., Gan, D., Loukas, G., Chadwick, D., & Frangiskatos, D. (2013), Cyber Security Countermeasures to Combat Cyber Terrorism, STRATEGIC INTELLIGENCE MANAGEMENT, 234-257, https://doi.org/10.1016/B978-0-12-407191-9.00020-X.

[5] MINISTRY OF COMMUNICATIONS AND INFORMATION TECHNOLOGY (Department of Information Technology) NOTIFICATION (Apr. 11, 2023), https://www.meity.gov.in/writereaddata/files/GSR313E_10511%281%29_0.pdf.

[6] Anurag SriRML, An Overview of Cybercrimes and Cyber Laws In India, LEGAL SERVICES INDIA (Apr. 15, 2023), https://legalserviceindia.com/legal/article-9498-an-overview-of-cyber-crimes-and-cyber-laws-in-india.html#:~:text=The%20Information%20Technology%20Act%20of,out%20online%20or%20through%20computers.

[7] Shreya Singhal v. Union of India AIR 2015 SC 1523.

[8] Shamsher Singh Verma v. State of Haryana 2015 SCC Online SC 1242.

[9] SMC Pneumatics (India) Pvt. Ltd. v. Jogesh Kwatra (Suit No. 1279/2001, District Court of Delhi).

[10] State of Tamil Nadu vs. Suhas Katti, CC No. 4680 of 2004.

[11] Ahmad Showkat and Naseer Ahmad Lone, Cyber Crime In India, RESEARCH GATE (Apr. 13, 2023), https://www.researchgate.net/publication/357839318_CYBER_CRIME_IN_INDIA.