LEGAL ASPECTS OF CYBERCRIME INCIDENTS: PREVENTION AND RESPONSE

ABSTRACT

Cybercrime has emerged as a significant threat in today’s world, with its impact spanning across individuals, businesses, and governments. This abstract delves into the intricate landscape of cybercrime and the corresponding measures of cybersecurity aimed at mitigating its risks. It explores the various forms of cyber threats, including malware, phishing, ransomware, and identity theft, highlighting their detrimental effects on privacy, financial security, and societal trust. Additionally, the abstract examines the evolving tactics employed by cybercriminals, such as advanced persistent threats (APTs) and social engineering techniques, emphasizing the importance of proactive defence strategies. In response to these challenges, cybersecurity measures encompass a multifaceted approach, encompassing technological solutions, regulatory frameworks, and user awareness campaigns. The abstract also discusses the role of artificial intelligence (AI) and machine learning in enhancing cybersecurity defences, while acknowledging the ethical considerations and potential limitations associated with these technologies. Furthermore, the abstract addresses the growing significance of international cooperation and information sharing in combating cyber threats, underscoring the necessity of collaborative efforts among stakeholders at the global level. Ultimately, this abstract advocates for a holistic approach to cybersecurity that integrates technical innovation, policy initiatives, and behavioural change to safeguard against the ever-evolving landscape of cybercrime.

KEYWORDS

Cyber, cybercrime, cyber security, hacking, prevention, data, offences.

INTRODUCTION

Today, with the rise of technology, computers are being used in every field. Everyone is dependent on computers, laptops, mobile phones for their day to day tasks. Nowadays, everything we do is done via internet only, whether it is personal or office related. Even the government work is connected with the internet. Due to this increased use of internet and dependence on internet our devices, laptops, computers are somewhere always connected to the internet. As per the forbes report on statistics of Internet usage in 2024, there are more than 5.35 billion users of internet around the globe.

Cybercrime is an illegal activity involving various networks, websites, internet, computers. It is an unauthorised access to someone else’s data in order to harm their reputation or for personal gain. Cybercrime can be committed against an individual as well as a group. The major threat to cybercrime is on government’s data and people’s financial security.

With the rise in such number of internet users, people become victims of fraud, hacking, phishing, identity theft, online harassment. It becomes really important to protect people from such crimes and a attention should be paid on user’s security. 

Cyber security is used to protect internet users from cybercrimes in which security is provided to protect user’s data, personal information, etc. Everything related to internet, technology, devices, applications comes under cyber for which information & internet security is provided. Today, cybersecurity is used worldwide to provide security to person’s data, government’s documents, etc. 

People basically hackers hacks user’s devices and get access to important documents, data, pictures, personal information for which they later demand money. These hackers usually do these things to earn money by threatening others by hacking their devices. Cybercrime also includes stalking which people does not take seriously and stalks other person just for fun.

Acc to TIDIO, over 2.14 billion people shop online, this is a huge number and is increasing. This increasing numbers give rise to cybercrimes as when a person shops online their personal information including their address, card details get stored online which be later hacked and can be used against them only. 

On daily basis people get prey to cybercrimes, during the period of 1.1.2023 to 31.12.2023, 1128265 number of complaints were reported in INDIA according to press information bureau. To stop such increasing number of crimes it is the duty of the state to take necessary actions against cyber criminals and the government must introduce legal bills to stop cybercrime.

RESEARCH METHODOLOGY

The paper is descriptive in nature and relies on secondary sources to conduct an in-depth analysis of cybercrime and its security. For the research, secondary sources such as newspapers, journals, and websites are used to gather information.

REVIEW OF LITERATURE

  1. Anupreet Kaur Mokha. A Study on Awareness of Cyber Crime and Security. Research J. Humanities and Social Sciences (2017): The author has covered about the increased use of internet and cybercrimes. The author also mentioned about how people take a cybercrime as and how they are unaware of various cyber crimes happening around the world. The paper has also included that it is the duty of people to be aware of such incidents around and has also mentioned about ways to prevent such cybercrimes the author has highlighted about the laws that the government has introduced against such crimes.
  2. V Krishna Viraja and Pradnya Purandare, 2021: This paper has presented the application of technology by cyber crime groups as how criminals take help of Information Technology to their advantage. This paper is mainly based on youth’s perception on cybercrime. It discusses the threat of cybercrimes on business groups and its impact. The author covers various types of cybercrimes and the challenges that are faced by various organisations and how to overcome these threats or challenges.

TYPES OF CYBER CRIMES

There are number of cybercrimes, some of them are:

  1. Email scams – Fraud that includes intentional deception for some gain or to damage other’s property by using email as it’s means.
  2. Data Breaches – This includes unauthorized access to someone’s personal data which includes sensitive as well as confidential information to tarnish reputation or for personal gain.
  3. Identity Theft – It includes stealing of personal information in order to impersonate a person to gain from his property.
  4. Online Harassment – One of the most prevalent in today’s world. In social media, it takes place by bullying, stalking, threatening to post private pictures of people.
  5. Malware – A software attack that damages a computer system by introducing viruses, spyware or torjans into PCs.
  6. Hacking – illegal activity where the hacker breaches the security of a others computer.

CASE LAW: Binod Sitaram Agarwal v. State of Maharashtra (hacking as cyber crime)

FACTS: This application was basically for a bail. The individual was taken into custody for offenses outlined in section 43 and section 66C of the Information Technology Act 2000.

Background for the same: A complaint was files by the Assistant Development Commissioner with M/s Seepz, Sez in Mumbai. There was an email id i.e. ddcseepz-mah@nic.in which was only authorised to Deputy Development Commissioner or any individual given authorization by him for carrying day to day formalities and undertakings. From the past few days, the above mentioned email id was misused by some unknown personality and the same was informed to the Deputy Commissioner. An inquiry was issued in this regard and it was claimed that the applicant had hacked and accessed the above mentioned email address belonging to the Deputy Development Commissioner of Seepz, Sez. Therefore, the applicant was further arrested for the crime of unauthorised hacking. The applicant’s defence is based on the argument that he has been wrongly implicated in a hacking case because he had lodged complaints about corruption involving the Deputy Development Commissioner. They claim that the FIR filed against the applicant was a retaliatory action in response to their efforts to expose misconduct in the office.

JUDGEMENT: The applicant was granted bail with the condition that they must not interfere with the evidence and must regularly appear in the Trial Court on the specified hearing dates, unless the Court excuses them.

The applicant has the option to provide a cash deposit of Rs. 50,000/- for a duration of 6 weeks.

CYBER CRIME SECURITY

It is a practice to secure computer networks, system, data from unauthorized access and cyber attacks. It provides security at personal as well as government level. It is a well-designed technique to provide data and network security from unauthorised access. Every kind of data requires cyber security whether it is government data, corporate data or personal data. In India, the defence system, financial system, corporate system are highly confidential and hence no negligence can take place in its security. 

In INDIA, around 8.5 million endpoints detected over 400 million threats in 2023. 

Recent cybersecurity data breaches in INDIA:

  • Aadhaar data breach of 815 million citizens

This sent a shockwave in the country. This data breach into the dark web served as an important lesson for the government. This shows that how a government fails to provide security to the data of millions of people.

  • Boeing data leaked after ransomware attack
  • boAt suffered breach of data where personal information of 7.5 million users was leaked on the dark web. To which company responds as “boAt is aware of recent claims regarding a potential data leak involving customer information. We take these claims seriously and have immediately launched a comprehensive investigation. At boAt, safeguarding customer data is our top priority”.

Steps to cyber security

An organisation, companies should focus on these steps in order to protect their data, information for cyber attacks:

  1. NETWORK SECURITY: Protection of network from internal as well as external threat. Filter out unauthorized access and attacks.
  2. MONITORING: Introducing a monitoring strategies to control ICT system and networks. Installation of such applications that can indicate unusual activity and attacks.
  3. INCIDENT MANAGEMENT: A proper team should be there to investigate the attack or threat and report such incidents to legal authorities.
  4. USER AWARENESS: Educate the users about the risks and cyber attacks and how to manage in such incidents. A proper awareness program should be conducted.
  5. SECURE CONFIGURATION: A secure configuration of all ICT system should be maintained. Create a security network to protect the system.
  6. REMOVE APPLICATIONS THAT ARE NOT PROTECTED
  7. INFORMATION RISK MANAGEMENT REGIME: Establish an effective management team to tackle such situations of cyber crime.

LEGAL ASPECT OF CYBER SECURITY INCIDENTS

Legal measures plays an important role in prevention and combating of cybercrimes. In Europe, many countries believe that their legislation is adequate, but in Africa, Asia, and America, more countries consider their laws to be only partially sufficient or not sufficient at all.

INFORMATION TECHNOLOGY ACT, 2000

Under this act, the offences are

  • Section 65 – Tampering
  • Section 66 – Hacking
  • Section 67 – Obscenity
  • Section 70 – Unauthorised access

1. Section 43 of IT Act, 2000[Penalty and compensation] for damage to computer, who is in charge of a computer, computer system or computer network,-

The following actions are prohibited: 

(a) gaining access to a computer, computer system, or computer network, or securing access to such; 

(b) extracting, copying, or downloading any data, computer database, or information from a computer, computer system, or computer network, including data stored in removable storage media;

(c) introducing or facilitating the introduction of any computer virus or contaminant into any computer, computer system, or computer network; 

(d) causing damage to any computer, computer system, computer network, data, computer database, or any programs within such computer, computer system, or computer network.

(e) causing disruption of any computer, computer system, or computer network; 

(f) preventing authorized access to any computer, computer system, or computer network by any means; 

(g) assisting any person to gain access to a computer, computer system, or computer network in violation of the provisions of this Act, rules, or regulations made thereunder; 

(h) tampering with or manipulating any computer, computer system, or computer network to charge the services availed of by one person to the account of another person.

2. SECTION 66 OF IT ACT, 2000Computer related offences.  Anyone who, through dishonest or fraudulent means, engages in any action mentioned in section 43, may face a maximum of three years in prison, a fine of up to five lakh rupees, or both penalties.

  • Sending offensive messages through communication service, etc., can lead to imprisonment for up to three years and a fine, as per Section 66A
  • Dishonestly receiving stolen computer resource or communication device can result in imprisonment for up to three years, a fine of up to one lakh rupees, or both, under Section 66B.
  •  Committing identity theft can lead to imprisonment for up to three years and a fine of up to one lakh rupees, according to Section 66C.
  • The punishment for violating privacy under Section 66E may include imprisonment for up to three years, a fine not exceeding two lakh rupees, or both. 
  • Under Section 66F, the punishment for cyber terrorism may extend to life imprisonment.

3.  SECTION 70 B OF IT ACT, 2000 -Indian Computer Emergency Response Team to serve as national agency for incident response.

4. SECTION 69A OF IT ACT, 2000 Power to authorise to monitor and collect traffic data or information through any computer resource for cyber security

The Central Government is permitted to authorize any government agency to monitor and gather traffic data or information from computer resources through an official Gazette notification to improve cyber security and to identify, analyse, and prevent intrusions or the spread of computer contaminants within the country.

5. DATA PROTECTION

Firstly, data can only be collected if it for lawful purpose only by government or other organisation and there must be consent of the party whose data is being collected. Further, it’s the government’s or organisation’s duty to keep that data secured and not to disclose it with any 3rd party. If disclosed:

 Article 72A of IT ACT, 2000.  [Penalty] for disclosure of information in breach of lawful contract.— Subject to any other provisions in this Act or any other prevailing law, any individual, including an intermediary, who, while rendering services under a legitimate contract, has obtained access to any content containing personal information about another individual, intending to cause or knowing that they are likely to cause wrongful loss or wrongful gain, and discloses such content to any other individual without the consent of the person concerned or in violation of a lawful contract, shall be subject to a penalty of up to twenty-five lakh rupees.

FUTURE OF CYBERCRIME AND CYBERSECURITY

The future of cybercrime is of utmost importance with the increasing demand of technology and its uses. It’s a complex and ever evolving threat. It becomes really important to stay up to date when it comes to the matters of computer networking. The masterminds sitting behind these crimes are almost impossible to catch by law. Hence, our primary duty is to secure the device before any one can illegally access its data. This research has showed how important cyber security is. One of the most important thing we must focus on is AI, it is a well known fact that AI is the future and these smart algorithms can even predict the future cyber threat on examining the past activities of the device. Hence to tackle all such situations different organisations came into the light to increase awareness of cybercrime and helps people to be safe from such threats

HOW TO PREVENT?

  • Secure your devices
  • Keep devises up to date
  • Make sure to not open unwanted emails
  • Do no share your password, passwords must be strong
  • Don’t trust 3rd party 
  • Only share your personal data if necessary
  • Use anti-virus software
  • Contact the organisations immediately after you suspect something fishy 
  • Keep a check on your bank statements

SUGESTIONS 

Cyber security requires a great attention from world wide organisations, companies and also individuals so that their data is being protected from external access. In recent times, cybercrime has become an important topic that needs awareness. Here, education becomes an effective way to combat cybercrime by educating and raising awareness among individuals, government and organisations. Cybersecurity must be implemented by the organisations to ensure their data, networks, and system’s security. Law plays a crucial role here, that provides punishment for such offences. Also, human error is the biggest cause that leads to cyber breaches, so educating employees about such threats is essential for cyber security.

CONCLUSION

This study reveals the ways people can protect their devices from cyber attack in order to protect their sensitive information, data and suggest them the methods to secure their devices. While internet offer you various opportunities to grow, but at the same time it is crucial as to what extent one must share their personal information on internet. It is a great means of connectivity today, but a single attack on cyber platforms can lead to great destructions. Hence, it becomes really important to have a secure network that can protect one’s data that can also include personal information. Cyber crime poses a significant threat to various organisations.

Even if you use social media, you must be careful about what to post. Over sharing of personal data and information will only lead to one’s own destruction. Cybersecurity is a must practice that one need to implement while using internet. Crimes such as hacking, identity theft, online harassment, email scams leads to illegal practices to destroy other’s reputation for personal gain. Prioritizing cyber security measures is essential for all to decrease the risks and ensure resilience of digital infrastructure in the face of growing cyber threats. Therefore, countries must look into its cyber security protocols and focus on its networking and cybercrime awareness.

SALONI

ARMY INSITUTE OF LAW, MOHALI