Cyber Crimes in India
By Chandra Pathivada
Understanding Cybercrimes
A cybercrime is any criminal activity that involves a computer, networked device, or a network. Cybercrimes can be categorized based on the target of the offence:
Crimes against individuals: Cyberstalking, identity theft, online harassment, phishing.
Crimes against property: Hacking, virus attacks, intellectual property theft, cybervandalim.
Crimes against the State: Cyber terrorism, cyber warfare, attacks on critical infrastructure.
Types of Cybercrimes and Applicable Sections
1. Hacking (Section 66, IT Act)
Definition: Unauthorized access to a computer system or network with the intent to cause damage, disruption, or to steal information.
Punishment: Imprisonment up to 3 years or fine up to Rs. 5 lakh, or both.
Elements: The prosecution must prove (i) unauthorized access, (ii) dishonest or fraudulent intention, and (iii) the act falls within Section 43 categories.
2. Identity Theft (Section 66C, IT Act)
Definition: Fraudulently or dishonestly making use of the electronic signature, password, or any other unique identification feature of another person.
Punishment: Imprisonment up to 3 years and fine up to Rs. 1 lakh.
Examples: Using someone's login credentials, stealing Aadhaar details for fraudulent purposes, creating fake social media profiles using someone's identity.
3. Cyber Stalking (Section 354D IPC / BNS Section 78)
Definition: Repeated monitoring, pursuing, or contacting a person through electronic means despite clear indication of disinterest by the victim.
Punishment: First offence - up to 3 years imprisonment; subsequent offence - up to 5 years imprisonment.
Note: While the IT Act does not have a specific provision for cyberstalking, it is covered under the Indian Penal Code/Bharatiya Nyaya Sanhita and can also invoke Section 67 of IT Act if obscene content is involved.
4. Phishing and Online Fraud (Section 66D, IT Act)
Definition: Cheating by personation by using a computer resource - creating fake websites, sending deceptive emails, or impersonating legitimate entities to steal financial or personal information.
Punishment: Imprisonment up to 3 years and fine up to Rs. 1 lakh.
Also applicable: Section 420 IPC (Cheating) / Section 318 BNS, and Section 468 IPC (Forgery for cheating) / Section 336 BNS.
5. Cyber Terrorism (Section 66F, IT Act)
Definition: Acts done with intent to threaten the unity, integrity, security, or sovereignty of India or to strike terror in the people by (a) denying access to authorized persons, (b) attempting to penetrate critical infrastructure systems, or (c) introducing contaminants to cause death, injuries, or damage to property.
Punishment: Imprisonment which may extend to life imprisonment.
Scope: This is the most severe cybercrime under the IT Act and covers attacks on critical information infrastructure like defence, banking, and power systems.
6. Publishing Obscene Content (Sections 67, 67A, 67B, IT Act)
Section 67: Publishing obscene material - up to 3 years and Rs. 5 lakh fine (first conviction).
Section 67A: Publishing sexually explicit material - up to 5 years and Rs. 10 lakh fine (first conviction).
Section 67B: Publishing child sexual abuse material - up to 5 years and Rs. 10 lakh fine (first conviction); up to 7 years and Rs. 10 lakh fine (subsequent). Also covered under POCSO Act, 2012.
7. Data Theft (Sections 43 and 65, IT Act)
Section 43(b): Civil liability for downloading, copying, or extracting data without permission.
Section 65: Criminal liability for tampering with computer source documents - up to 3 years imprisonment or Rs. 2 lakh fine.
Corporate espionage: When trade secrets or proprietary data is stolen, additional remedies under the Copyright Act, 1957 and common law may apply.
8. Ransomware Attacks (Sections 43, 66, 66F, IT Act)
Definition: Malicious software that encrypts victim's data and demands ransom for decryption.
Applicable sections: Section 43 (damage to computer system), Section 66 (criminal hacking), Section 383-389 IPC (extortion) / Section 304-308 BNS, and Section 66F if it targets critical infrastructure.
Landmark Cybercrime Cases in India
1. State of Tamil Nadu v. Suhas Katti (2004)
India's first conviction under the IT Act. The accused posted obscene messages about a divorcee on a Yahoo message group. Convicted under Section 67 of IT Act and Section 469 IPC. This case established the precedent that online defamation and obscenity would be actively prosecuted.
2. Pune Citibank Mphasis Call Center Fraud (2005)
Former employees of a BPO obtained customers' PINs and transferred Rs. 1.5 crore to fraudulent accounts. The police used Section 43(a), Section 66, and Section 420 IPC to prosecute the accused. It highlighted vulnerabilities in the outsourcing industry.
3. Bazee.com Case (Avnish Bajaj v. State, 2005)
An obscene MMS clip was listed for sale on Bazee.com (eBay India). CEO Avnish Bajaj was arrested. The Delhi High Court later granted bail, noting the distinction between intermediary liability and direct involvement. This case influenced the development of Section 79 (safe harbour) in the 2008 amendment.
4. Bank NSP Case (2013)
An employee of a bank created a fictitious website similar to the bank's official website and collected sensitive information from customers. Prosecuted under Sections 66, 66C, and 66D of the IT Act. Highlighted the growing menace of phishing in India.
Reporting Cybercrimes in India
Students should be aware of the mechanisms available for reporting cybercrimes:
National Cyber Crime Reporting Portal: cybercrime.gov.in - allows citizens to report cybercrimes online, especially those related to women and children.
Cyber Crime Cells: Dedicated cybercrime police stations exist in major cities.
Helpline 1930: The national cybercrime helpline for immediate assistance, especially for financial fraud.
Local Police Station: FIR can be filed at any police station as cybercrimes are cognizable offences.
CERT-In: Organizations can report cybersecurity incidents to CERT-In (cert-in.org.in).
Jurisdictional Note: Under Section 75 of the IT Act, if any person outside India commits a cybercrime that involves a computer, computer system, or computer network located in India, they can be prosecuted under the IT Act regardless of their nationality. Under Section 48 of the Bharatiya Nagarik Suraksha Sanhita (BNSS), the FIR for cybercrime can be registered at the place where the victim resides.
Challenges in Cybercrime Prosecution
Technical complexity: Investigating officers often lack technical expertise.
Evidence volatility: Digital evidence can be easily destroyed or altered.
Anonymity tools: VPNs, Tor, and encrypted communications make tracing difficult.
Cross-border issues: Mutual Legal Assistance Treaties (MLATs) are slow and cumbersome.
Low reporting rates: Many victims don't report due to shame or lack of awareness.
Outdated laws: Technology evolves faster than legislation.
Key Takeaways for Students
Cybercrimes are classified as crimes against individuals, property, and the State.
Section 66F (Cyber Terrorism) carries the most severe punishment - life imprisonment.
The IT Act works alongside the IPC/BNS for comprehensive cybercrime prosecution.
Shreya Singhal v. UOI (2015) struck down Section 66A as unconstitutional.
India's first cybercrime conviction was in the Suhas Katti case (2004).
Cybercrime.gov.in and helpline 1930 are key reporting mechanisms.
Section 75 gives the IT Act extra-territorial jurisdiction.
Stay Updated
Get the latest cyberlaw insights straight to your inbox