Menu

THE PRESENT SCENARIO OF CYBERCRIME IN INDIA AND HOW IT CAN BE PREVENTED

Publications, Research paper

ABSTRACT

The exponential growth of the internet and digital infrastructure in India has led to a notable surge in cybercrime, presenting a considerable menace to individuals, businesses, and government entities. This paper delivers a comprehensive analysis of the current status of cybercrime in India, highlighting significant patterns, weaknesses, and difficulties. The paper also highlights the limitations of existing cyber laws, particularly the Information Technology Act 2000, and underscores the need for comprehensive reforms. It thoroughly examines the current legal and technical frameworks for addressing cybercrime and proposes strategies to strengthen the nation’s cybersecurity defences.

KEYWORDS

Cybercrime, Cybersecurity, India, Prevention, Digital landscape, Cyber Laws, Cyber Threats.

INTRODUCTION

Cybercrime is a relatively new type of crime in the world and has been a major concern globally, with India being no exception. The recent rapid growth of the internet as well as the digital landscape has created new opportunities/revolutionised every aspect of life form communication to commerce and has also given rise to new opportunities for criminals to exploit the vulnerabilities and commit cybercrimes. India has witnessed a significant increase in cybercrime cases in the recent years, with the majority being related to hacking, identity theft, financial fraud, prising and cyber terrorism. 

As of now (2024 May), India has over 751.5 million internet users, making it one of the largest online markets globally. Having such a massive user base with the government’s push for a digital economy with the schemes like Digital India, has made cybersecurity a critical concern for the people as well as the country itself.

Cyber-attacks in India have been rising steadily in India affecting individuals, businesses and Government entities, for example, Jamtara, Hacked, and Asur etc are some of the series/movies which have the basic context of Cyber Hacking/Theft in them by which the common man gets to know about such events. 

RESEARCH QUESTION

“How effective are the current legal frameworks and preventive measures in mitigating cybercrime in India, and what reforms are needed to address the evolving cyber threat landscape?”

RESEARCH METHODOLOGY

This research paper has a mixed method approach, combining analytical, qualitative and quantitative data. Primary data sources consist of official reports from government agencies, cybersecurity firms, and law enforcement agencies. Secondary data is sourced from academic journals, industry publications, and news articles. Both theses forms of sources are used for the research.

REVIEW OF LITERATURE

Shubham Kumar et al. (2015) and Jigar Shah (2016) offer a thorough analysis of the cybercrime situation in India, delving into its various forms, the legal consequences involved, and the preventive measures that can be taken. Kumar et al. discuss India’s prominent position in global cybercrime statistics and delve into different types of cybercrimes such as email spoofing and identity theft. They delve into the latest trends, cyber laws, and practices aimed at prevention.

Shah emphasizes the importance of increasing awareness about cyber laws among Indian youth and proposes a conceptual model for implementing educational programs. Both studies criticize the IT Act 2000 for its lack of clarity, particularly regarding jurisdiction. They highlight the importance of computer forensics in managing digital evidence and the need for thorough cyber laws, E-courts, and online dispute resolution. 

These kinds of studies indicate that phishing, ransomware, and financial frauds are the most prevalent forms of cybercrimes in India. Research by some cybersecurity firms such as Kaspersky and Symantec highlight the increasing sophistication of these attacks and their evolving nature. Some of the most targeted sectors the banking and the financial services sector as the provide high value of financial data.

The ease of committing and detecting cybercrime requires strong cybersecurity measures and cooperation between regulators, service providers, and users. They call for ongoing legal reforms, increased awareness, and advancements in technical and forensic capabilities to effectively address cyber threats.

METHOD

The study takes a methodical approach to examine the present state of cybercrime in India and the measures in place to prevent it. The method consists of:

  • Data Collection: Acquiring data from authoritative sources like the National Crime Records Bureau (NCRB), Ministry of Home Affairs, and reports from cybersecurity firms.
  • Examining notable cyber incidents such as the Wannacry ransomware attack, data breaches in major corporations, and recent cases of cyber fraud.
  • Expert Interviews: Conducting interviews with cybersecurity experts, law enforcement officials, and legal professionals to gain valuable insights into the challenges and solutions.
  • Comparative Analysis: Examining India’s cybersecurity measures in comparison to those of other countries to identify best practices and areas for improvement.

UNDERSTANDING CYBERCRIME: CATEGORIES, CASES, AND LEGAL FRAMEWORKS

Cybercrime can be defined as any malefactor or other offences were electronic communications or information systems, including any device or the Internet or both or more of them are involved.

We lack a precise definition of cybercrime, but the Oxford Dictionary provides the following definition: “Criminal activities committed via computers or the Internet.”
“Cybercrime can be defined as those species whose genus is traditional crime and where the computer is either an object or a subject of the criminal conduct.”

4 major categories of Cyber Crimes

“Cyber-trespass: encompasses the crossing of salient, but invisible, boundaries of ownership online so if an individual tries to access a computer system, network, data source, w/o the permission of the system owner, they are violating a recognized boundary of ownership”. E.g.: hacking someone’s email.

The studies tell us that around 10-15% of the individuals engage in password guessing but <5% engage in more serious crimes like malware creation. The studies tell us the numbers, but not the reason why the numbers are so, because they are quantitative in nature. Additionally, these samples may not be true representations as qualitative investigators have interviewed people who self-identify as hackers, but that doesn’t tell us the number interview analysis is qualitative in nature. Therefore, mixed methods (quantitative + qualitative) are necessary to understand the occurrence of cyber-trespassing.

“Cyber-deception/theft: This includes the use of the internet to steal information or illegally acquire items of value, whether from individuals or corporations. Moreover, digital piracy is the most widely studied form of cybercrime”. Cyber-deception includes 

  • Adoption of fraud schemes: the Nigerian Prince Scam (phishing)
  • Piracy: copying digital media without the permission of the copyright holder. E.g.: songs, movies, books, academic article.

“Cyber-porn/obscenity: This encompasses the range of sexual expression enabled by computer-mediated communication and the distribution of sexually explicit materials on-line. This also includes the use of internet for the sex trade often includes the discussion and sharing of obscene material enabled by anonymity”. E.g.: paedophilia, bestiality.

Predictors of this kind of offending are still being investigated and not well-established as the anonymity offered by CMCs (Computer-mediated computers) allow offenders to anonymously engage in socially unacceptable proclivities. Ultimately most of the research around the Cyber-porn/obscenity is exploratory in nature as the researchers use open-source data sets. 

Cyber-violence: The final category, includes the various ways that individuals can cause harm in real or virtual environments. This includes both real and virtual environments (online harassment/bullying). Moreover, cyber-violence also covers the use of IT for social unrest and prospective acts of terror. Additionally, there is also a dearth of research that investigates the lack of reporting of the bullying victimizations to peers, parents and authorities. Moreover, Cyber-Terrorism relies on cyber methods to instil fear or intimidate a specific population in order to advance political objectives. The definition can be broadened to encompass any activity that induces anxiety and panic in the general public.

 With cyber-terrorism, the only consistent predictive factor was a willingness to engage in these activities in the real world. 

There are majorly 6 components of Cyber Terrorism:

  • Someone who performs or acts with three distinct characteristics: nonstate, terrorist, and secret. 
  • A motive can encompass various factors such as politics, sociology, economics, or ideology. 
  • An intention to convince or motivate someone to take action, accomplish a goal, or create disruption. 
  • The technique for executing the offense involves utilizing a computer and a network to gain access to cyberspace and transcend borders in order to perpetrate acts of cyber warfare or engage in cyberattacks and threats of attacks. 
  • A few of the most common consequences include violence, interruptions in service, physical damage, psychological and social harm, financial loss, or data breaches. 
  • “A target can include civilians, information and communication technology (ICT), data sources, government organizations, non-government organizations, or physical in nature infrastructure”.

An example of Cyber-warfare is the Cyber-war between Russia and The Anonymous Group in 2022, where the anonymous group disabled websites like the RT.com and the Defence Ministry, and some other state-owned websites, leaked over 200gb worth of emails from a Belarusian weapons manufacturer and hacked multiple Russian TV channels and Pages and played Ukrainian National Anthem and uncensored news of Ukrainian war.

The 4 above mentioned cybercrimes have many subparts such as Cyber-Defamation, Trojan Attacks, Email bombing, Cyber-Stalking, Threatening and what not. 

Cyber Law refers to the legal issues that arise from the use of communication or computer technology. Cyber Law, also known as IT Law, encompasses the legal aspects of Information Technology, which includes computers and the internet. This field is closely tied to legal informatics and oversees the digital flow of data, software, security of information, and e-commerce. It can be defined as the legal issues that are related to utilize of communications technology, concretely “cyberspace”, i.e. the Internet. The overall idea of Cyberlaw is to stop any person from violating the rights of other persons in Cyberspace. 

EVOLUTION OF CYBERLAWS

The “Computer Fraud and Abuse Act (CFAA)” was passed in 1986 in the United States to tackle the issue of hacking and computer-related crimes by imposing criminal penalties. The Morris worm incident in 1988 which infected thousands of computers and let to the denial-of-service attacks, later he was convicted under CFAA 1986. This case emphasized the necessity for more extensive cybercrime legislation. In the case of R v Gold and Schifreen, Robert and Stephen were found guilty of unauthorized access to British Telecom’s computer.The Computer Misuse Act 1990 established legal measures to address unauthorized access to computer systems and data including hacking and other cybercrimes.

The UNCITRAL Model Law on Electronic Commerce (1996) is a legal framework developed by the United Nations which seeks to tackle the legal obstacles linked to conducting business electronically, acknowledge electronic records, and encourage electronic transactions. The core principles of UNCITRAL highlight the importance of fairness, neutrality towards technology, and functional equivalence. These principles underscore the idea that electronic communications and signatures should be regarded as equal to their paper-based counterparts, as long as they fulfil specific functional requirements.

EVOLUTION OF CYBER LAWS IN INDIA

The evolution of cyber law in India started with the implementation of the UNCITRAL model law on E-commerce in 1996. India, a member of UNCITRAL, introduced the first IT bill in 1999, which was enacted in 2000 as the Information Technology Act 2000. This act acknowledges the importance of E-commerce and E-records, in line with the principles set forth by UNCITRAL.

INFORMATION AND TECHNOLOGY ACT, 2000

The Information Technology Act, 2000 was signed on 9th May 2000, was enacted on 9th June 2000 and was commenced on 17th October 2000. This Act is a significant legislation in India that governs the use of computers, computer systems, computer networks, as well as data and information in the electronic format.

The Act underwent amendments through the Information Technology Amendment Bill, 2008, which received approval in the Lok Sabha on December 22, 2008, and in the Rajya Sabha on December 23, 2008.
“The Preamble to the Act highlights its purpose of granting legal recognition to transactions conducted through electronic data interchange and other forms of electronic communication, commonly known as “electronic commerce””.The Act aims to streamline communication and information storage by promoting alternatives to traditional paper-based methods. Additionally, it seeks to simplify the process of electronically filing documents with Government agencies.

Here are some of the points which are important from the information and technology act:

  • E-mail is now recognized as a legitimate and legally binding method of conversation.
  • The Act acknowledges the legal validity of digital signatures.
  • The Act has resulted in the rise of fresh business prospects for companies to offer electronic certificates as the certification of the Authorities.
  • With e-governance made possible by this Act, the government can now post notices online.
  • The internet can be used to facilitate information sharing between businesses or between a business and the government.
  • Highlighting the significance of security is crucial within this Act. It presented the notion of digital signatures, which are used to verify the identity of a person on the internet.
  • If the company suffers any harm or loss caused by the criminals, the Act offers a solution in the form of financial compensation.

Following are some Important Sections under the IT Act, 2000:

  • Section 43 – Penalty and Compensation.
  • Section 65- Temping with the computers source documents.
  • Section 66 – Computer Related Offences.
  • Section 66C – Identify theft.
  • Section 66E – Privacy or violation.
  • Section 66F – Cyber terrorism.
  • “Section 67 – Transmitting or publishing obscene materials in electronic form”.
  • “Section 69 – Power to issue direction for monitor, decryption or interception of any information through computer’s resources”.

It is important to familiarize oneself with various sections of the IT Act, 2000. Here are a few significant sections:

Offences Sections Under IT Act, 2000
“Un-authorized access toprotected system.”Section 70
“Penalty for misrepresentation.”Section 71
“Breach of confidentiality andprivacy.”Section 72
“Publishing False digitalsignature certificates”Section 73
“Publication for fraudulentPurpose”Section 74
“Act to apply for contraventionor offence that is committedoutside India.”Section 75
“Compensation, confiscation orpenalties for not to interferewith other punishment.”Section 77
“Compounding of Offences.”Section 77A
“Offences by Companies”Section 85
“Sending threatening messagesby e-mail”Section 503 IPC
“Sending defamatory messagesby e-mail.”Section 499 IPC
“Bogus websites, Cyber Frauds.”Section 420 IPC
“E-mail Spoofing.”Section 463 IPC
“Web Jacking”Section 383 IPC
“E-mail Abuse.”Section 500 IPC
“Criminal intimidation byanonymous communications.”Section 507 IPC
“Online sale of Drugs.”NDPS Act
“Online sale of Arms”Arms Act

PREVENTIVE MEASURES

Considering the borderless nature of cybercrimes, it is crucial to implement innovative measures to effectively address the issue of hi-tech crime. It is important to consider the following points for safety in Cyberspace while browsing the web, in addition to Cyber Laws: 

  • Awareness needs to be raised among students at the grassroot level regarding cybercrimes and cyber laws. It is essential to provide cyber literacy to students in the Computer Centres, Schools, Colleges, and Universities. An awareness program on Cyber Law can be set up in any type of educational centre to provide students with a basic understanding of the Internet and its security. 
  • Regularly reviewing the bank and the credit card statements is crucial to minimize the chances of falling victim to identity theft and online criminal acts. 
  • It is crucial to ensure that your operating system is regularly updated in order to prevent unauthorized access to your computer. 
  • It is highly recommended to maintain unique and robust passwords consisting of eight characters, incorporating a mix of symbols, words, and numbers, particularly for online activities such as online banking. 
  • Activate Two-step Authentication in the webmail and at any other place where there is an option to enhance the security of your webmail or social media account.
  • Please ensure that you add your mobile number to your mail account to receive notifications in the event of any unauthorized access attempts. However, for personal security reasons, an OTP (verification code) is sent to your registered mobile number in the event that you do not remember your passcode. 
  • It is essential to prioritize online security by ensuring that your computer is equipped with reliable security software such as an antivirus and firewall protection. This software plays a crucial role in safeguarding your system against various online threats. 
  • The firewall controls which entities have the ability to communicate with your computer over the internet. Antivirus software provides protection against Trojan horses, worms, viruses, and other types of harmful applications by closely monitoring activity on the internet, including messages sent through email and browsing the web. 
  • Integrated security programs like Norton Internet Security have gained popularity due to their comprehensive features. These programs combine Firewall, Antivirus, Antispyware, Antispam, and parental controls, providing all the necessary online protection in one convenient package. 
  • Prior to submitting your data with a company, it is advisable to carefully review the privacy policies outlined on their webpage and software. Reputable corporations do not typically send emails requesting personal or confidential information.

SUGGESTIONS

As cyber law continues to evolve globally, many nations are realizing the importance of aligning their laws and adopting best practices and standards for effective implementation. Further development of cyber legislation is necessary in the courts. Revised explanations of both substantive and procedural laws would be necessary to account for the knowledge gained from technical complexity. The courts must establish a cyber-jurisprudence that aligns with our constitutional protections.

However, it is possible to predict some significant Cyber law developments that may arise by a careful examination of the current state of jurisprudence and the ever-changing trends. One of the major focuses in the field of cyber law is anticipated to revolve around the rise in network attacks and the necessity for effective legislative frameworks to enhance, maintain, and advocate for cyber security.

With the anticipated increase in data security attacks and vulnerabilities, the policymakers worldwide will face the task of establishing legal frameworks that effectively protect and maintain cyber security. These frameworks should also aim to cultivate a sense of cyber security responsibility among internet users. Numerous current cyber laws worldwide fail to adequately tackle crucial cyber security challenges.


CONCLUSION

What appears perfectly organized and impenetrable at present may not remain that way in the future. Given the global reach of the internet, it is inevitable that it will attract a range of criminal activities. India has made a substantial move towards decreasing cybercrime by implementing the Information Technology Act and empowering the police, cyber-cell, and other agencies with exclusive authority to combat cybercrime.

The human mind possesses incredible capabilities. Eliminating cybercrime from the internet is an incredibly challenging task. One can indeed analyse them. Throughout history, it has become evident that no policy has been able to completely eliminate crime on a global scale. One effective approach to reducing crime is through educating individuals about their rights and duties, such as the importance of reporting crime as a shared responsibility to society. Additionally, stricter enforcement of laws can also play a crucial role in deterring criminal behaviour. Undoubtedly, the Act signifies a significant turning point in the evolution of cyberspace. Moreover, it is undeniable that certain amendments to the Information Technology Act are necessary to enhance its effectiveness in addressing cybercrime. I would like to conclude with a cautionary note for those in favour of legislation: it is crucial to bear in mind that the regulations of cyber law should not be overly stringent, as this could hinder the growth of the industry and ultimately prove to be counterproductive.

Prajjwal Sehgal 

O.P. Jindal Global University