Cyber Notes Online
Cyber Notes Online
Cyber Notes Online
CHAPTER II
CYBER CRIME AND ITS CLASSIFICATION
1. Introduction
Cyber crime is not an old sort of crime to the world. It is defined as
any criminal activity which takes place on or over the medium of computers or
internet or other technology recognised by the Information Technology Act.
Cyber crime is the most prevalent crime playing a devastating role in Modern
India. Not only the criminals are causing enormous losses to the society and
the government but are also able to conceal their identity to a great extent.
There are number of illegal activities which are committed over the internet by
technically skilled criminals. Taking a wider interpretation it can be said that,
Cyber crime includes any illegal activity where computer or internet is either a
tool or target or both.
The term cyber crime may be judicially interpreted in some judgments
passed by courts in India, however it is not defined in any act or statute passed
by the Indian Legislature. Cyber crime is an uncontrollable evil having its base
in the misuse of growing dependence on computers in modern life. Usage of
computer and other allied technology in daily life is growing rapidly and has
become an urge which facilitates user convenience. It is a medium which is
infinite and immeasurable. Whatsoever the good internet does to us, it has its
dark sides too.1 Some of the newly emerged cybercrimes are cyber-stalking,
cyber-terrorism, e-mail spoofing, e-mail bombing, cyber pornography, cyber-
defamation etc. Some conventional crimes may also come under the category
of cybercrimes if they are committed through the medium of computer or
Internet.
2. History and Evolution of Cybercrime
During the period of 1950’s, it would be an astonished feeling for
everyone who uses palmtops and microchips today, to know that the first
1
Prof. R.K.Chaubey, “An Introduction to Cyber Crime and Cyber law”, Kamal Law House,
2012
Page |2
successful computer was built and the size of the computer was so big that it
takes the space of entire room and they were too expensive to operate. The
functioning of these computer were not understandable to large number of
people and only select people with expertise had direct access to such
computers, and has the knowledge to operate them. For obvious reasons, the
computer technology was extremely expensive and beyond the purchasing
capacity of almost the entire population until IBM’s came into being wherein
it introduced its stand-alone “personal computer” in 1981 and exposing many
to the rewards of quick data access and manipulation that, up to that time, had
been realized by few. The Personal computers become cheaper and become
household item at the start of 21 st century in India. The Internet was first
started by the US department of defence, after World War II with the idea to
have a network which could work in the event of disaster or war and securely
transmit information. The First Network was known as ARPANET, with the
development of Transmission Control Protocol/Internet Protocol, World Wide
Web and Hypertext the internet become rage all over the world. With the
growth of Internet the quality and variety of information grew. However at
that point nobody anticipated the opportunities’ the internet is going to provide
the technology savvy criminals.
In India the internet services started by the state-owned Videsh
Sanchar Nigam Limited in year 1995 and in 1998 the government has ended
the monopoly of VSNL and market is opened to private operators. At that
point, the internet users in India are 0.1% of total population, and now India
has become the 2nd largest country in terms of internet users after china with
33.22% people using internet.2
The process of criminalization of human behaviour judged to be
harmful the public is typically one that builds slowly in common law
jurisdictions. Momentum gained through problem identification and pressures
2
https://en.wikipedia.org/wiki/List_of_countries_by_number_of_Internet_users (Accessed on
3rd February, 2016)
Page |3
exerted mg special interest groups can easily span decades before undesirable
actions are classified as “crime”. In some instances, this process is accelerated
through the occurrence of certain “catalyst events” that capture attention of the
public and the attention of lawmakers.3
The first recorded cyber crime took place in the year 1820. That is not
surprising considering the fact that the abacus, which is thought to be the
earliest form of a computer, has been around since 3500 B.C. in India, Japan
and China. The era of modem computers, however, began with the analytical
engine of Charles Babbage. In 1820, Joseph-Marie Jacquard, a textile
manufacturer in France, produced the loom. This device allowed the repetition
of a series of steps in the weaving of special fabrics. This resulted in a fear
amongst Jacquard’s employees that their traditional employment and
livelihood were being threatened. They committed acts of sabotage to
discourage Jacquard from further use of the new technology. This is the first
recorded cyber crime.4
In the case of computer crime, legislators grew increasingly attentive is
the 1980s as businesses became more dependent upon computerization and as
catalyst event cases exposed significant vulnerabilities to computer crime
violations. Criminals can now easily encrypt information representing
evidence of their criminal acts, store the information and even transmit it with
little fear of detection by law enforcement. Due to the extraordinary impact of
the Internet, a computer crime scene can now span from the geographical
point of the victimization (e.g., the victim’s personal computer) to any other
point on the planet, further complicating criminal investigative efforts. In
effect, computer technology has dramatically altered the criminal justice
terrain such that enterprising and opportunistic criminals have consciously
turned to the computer to commit their illegal acts in situations in which the
computer serves as the instrument of the crime, the means by which the crime
3
Abraham D. Sofaer, Seymour E, .The Transnational Dimension of Cyber Crime Terrorism,
Hoover Institution Press, 2001.
4
http://cybercrime.planetindia.net/intro.htm (Accessed on 4th February, 2016)
Page |4
5
Stambaugh, H., et. al, Electronic Crime Needs Assessment for State and Local Law
Enforcement, National Institute of Justice Report, Washington, Dc: U.S. Department of
Justice, March 2001.Available at : https://www.ncjrs.gov/pdffiles1/nij/grants/198421.pdf
(Accessed at 04th February, 2016)
Page |5
6
http://www.ripublication.com/irph/ijict_spl/ijictv4n3spl_06.pdf (Accessed on 4th January,
2016)
7
http://www.oxforddictionaries.com/definition/english/cybercrime (Accessed on 4th January,
2016)
8
http://www.naavi.org/pati/pati_cybercrimes_dec03.htm (Accessed on 4th January, 2016)
9
http://cybercrime.org.za/definition (Accessed on 4th January, 2016)
Page |6
10
S.T. Viswanathan, The Indian Cyber Laws with Cyber Glossary, 2001, p. 81.
Page |7
situation. The state machinery is not equipped with enough sources and
knowledge to handle the modern crime.
Computers have transformed the modern society beyond expectations
in last three to four decades. It has made life not only convenient but has also
immensely helped different sections of the world come closer socially,
economically and culturally. The Computer technology has made it possible to
have access to all corners of the world while sitting in a room. Modern
technology has put an end to the barriers of time and space. However, unlikely
with the remarkable merits of having computers today, due to this the
jurisdictional issue has been created in legal system.
Jurisdiction is one aspect which is very difficult to determine in
transnational transaction over the internet. There was unmanageable ambiguity
when courts were subjected to questions pertaining to jurisdiction law and
were unable to decide the proper forum to entertain cases involving cyber
crime as the cyberspace or virtual world is borderless if we compare it with
physical world and that is why it is very difficult to control cybercrime.
Through the local machinery we are not able to tackle the problem related
with cyber crime because our machinery is not compatible to deal with
transnational crimes. The law applicable to the territory is not advanced
enough to regulate the cyber crime as their nature is far different from the
existing crime.
Thus, the global dimension of cyber crime is made it difficult to handle
and dealt with. The evolution of internet technology has given us so many
advantages to deal with future problems and grow with rapid rate but also it
has provided the scope for criminals to commit their crime with least chance
of detection. The cyberspace has proved a boon to the deviant behaviour in the
society. The concept of cyber crime has gained speed and we are facing great
threat of its impact on world society. The human society is become vulnerable
to cyber crime due to more and more dependence on technology.
Page |8
11
J.W.C. Turner, Kenney’s Outlines of criminal law (19th Edition University Press, Cambridge
1966) 17. also at Talat Fatima, Cyber Crime (1st Edition, Eastern Book Company, Lucknow
2011 ) p. 64-68
12
R.C. Nigam, “Law of Crimes in India”, Principals of criminal Law, Vol 1, (Asia Publishing
House, 1965) 6.
13
Talat Fatima, Cyber Crime (1st Edition, Eastern Book Company, Lucknow 2011 ) p. 64-68
Page |9
access. But where hacker is already has limited authority as ion the case of the
employee of a company, it becomes difficult establish that he exceeded his
limits and was even aware of the fact that he is exceeding it.
Actus Reus in cybercrimes has become a challenge as the entire act is
committed in intangible surroundings. The perpetrator may leave some
footmarks in the machine itself though it becomes a herculean task for the law
enforcement machinery to prove it in the courts, as it is required to be in
physical form or atleast in such a form where it becomes admissible in
evidence.14
5. Characteristics of Cyber Crime
The Concept of cyber crime is very different from the traditional
crime. Also due to the growth of Internet Technology, this crime has gained
serious and unfettered attention as compared to the traditional crime. So it is
necessary to examine the peculiar characteristics of cyber crime.
1. People with specialized knowledge – Cyber crimes can only be
committed through the technology, thus to commit this kind of crime one has
to be very skilled in internet and computers and internet to commit such a
crime. The people who have committed cyber crime are well educated and
have deep understanding of the usability of internet, and that’s made work of
police machinery very difficult to tackle the perpetrators of cyber crime.
2. Geographical challenges – In cyberspace the geographical
boundaries reduced to zero. A cyber criminal in no time sitting in any part of
the world commit crime in other corner of world. For example a hacker sitting
in India hack in the system placed in United States.
3. Virtual World –The act of cyber crime takes place in the cyber
space and the criminal who is committing this act is physically outside the
cyber space. Every activity of the criminal while committing that crime is
done over the virtual world.
14
Ibid
P a g e | 10
15
http://blog.ipleaders.in/cyber-pornography-law-in-india-the-grey-law-decoded/ (Accessed
on 5th February, 2016)
P a g e | 11
pornography depends how the society, norms and their values are reacting to
the pornographic content.
In the modern world sex sells and sells extremely well, and the fact is
that present pornography industry is larger than any other company or
combination of companies in the world. The advent of internet in the world
has started the new chapter in the porn industry. The porn industry find perfect
place in internet to spread pornographic material all over the world. According
to the internet filter review report of 2010, there are 4.2 million websites
offering porn content to the world. 68 million daily search engine requests are
made and 72 million worldwide user visit adult sites per month. 42.7 percent
of total users who use internet watch pornographic material over the internet.16
In the initial years or we can say before internet available to the public,
DVD’s and Videotapes are the popular medium of distributing pornography.
But after that internet is available to general public and it becomes the most
popular medium to make pornography available to user in the comfort of their
homes. An individual who due to the peer pressure or shame doesn’t have
access to the pornographic material, nowadays easily watch picture or video
on the internet. The rise of pornography websites offering photos, video clips
and streaming media including live web cam access allowed greater access of
16
http://internet-filter-review.toptenreviews.com/internet-pornography-statistics.html
(Accessed on 6th February, 2016)
P a g e | 12
The test of obscenity was first laid down in the case of Regina V.
Hicklin19 as the tendency “to deprave and corrupt those whose minds are open
to such influences and into whose hands a publication of this sort may fall”,
and it was understood that this test would apply only to the isolated passage of
the work.
17
Gorman, L. and Maclean, D. Media and Society in Twentieth Century, Blackwell
publishing, 2003.
18
http://www.thefreedictionary.com/obscene (Accessed on 7th February, 2016)
19
(1868) 3 QB 360.
20
413 US 15(1973)
P a g e | 13
21
354 US 476 (1957)
P a g e | 14
However, in India miller test was not adopted by the Supreme Court,
instead it has adopted the Hicklin’s Test in leading case of Ranjeet D. Udeshi
v. State of Maharashtra22; the Supreme Court has decided many issues
pertaining to the obscenity. The apex court doesn’t consider obscenity a vague
concept but a word which is well-understood even if persons differ in their
attitude to what is obscene and what is not. The apex court has stated that “In
judging a work, stress should not be laid upon a word here and a word there,
or a passage here and a passage there. Though the work as a whole must be
considered, the obscene matter must be considered by itself and separately to
find out whether it is so gross and its obscenity so decided that it is likely to
deprave and corrupt those whose minds are open to influences of this sort. In
this connection the interests of contemporary society and particularly the
influence of the impugned book on it must not be overlooked. Where,
obscenity and art are mixed, art must so preponderate as to throw the
obscenity into a shadow or the obscenity so trivial and insignificant that it can
have no effect and may be overlooked. It is necessary that a balance should be
maintained between “freedom of speech and expression” and “public decency
or morality”; but when the latter is substantially transgressed the former must
give way.”
The court however, sounded a note of caution that treating with sex
and nudity in art and literature cannot be regarded as evidence of obscenity
without something more. In the words of court “It is not necessary that the
angels and saints of Michelangelo should be made to wear breeches before
they can be viewed. If the rigid test of treating with sex as the minimum
ingredient were accepted hardly any writer of fiction today would escape the
fate Lawrence had in his days. Half the book-shops would close and the other
half would deal in nothing but moral and religious books.”
22
AIR 1965 SC 881
P a g e | 15
In this case the Supreme Court has decided that Hicklin’s test cannot
be discarded, and said “It makes the court the judge of obscenity in relation to
an impugned book etc. and lays emphasis on the potentiality of the impugned
object to deprave and corrupt by immoral influences. It will always remain a
question to decide in each case and it does not compel an adverse decision in
all cases.”
In Samresh Bose v. Amal Mitra, 23 the Supreme Court has held that “A
vulgar writing is not necessarily obscene. Vulgarity arouses a feeling of
disgust and revulsion and also boredom but does not have the effect of
depraving, debasing and corrupting the morals of any reader of the novels,
whereas obscenity has the tendency to deprave and corrupt those whose minds
are open to such immoral influences”. In this case the court differentiated
between vulgarity and obscenity and further held that while judging the
question of obscenity “the Judge should ... place himself in the position of a
reader of every age group in whose hands the book is likely to fall and should
try to appreciate what kind of possible influence the book is likely to have in
the minds of the readers”.
In India, the Indian Penal Code, 186024 deal with the issue of
obscenity. However with the evolution of internet technology, obscenity and
pornography takes electronic form and it becomes impossible to convict the
perpetrator under Indian penal Code, 1860(supra). To deal with this new
technology, the government of India has enacted Information Technology Act
200025. Section 67 of Information Technology Act, 2000; deal with obscenity
and pornographic content on internet. Section 67 of the IT Act provides:
23
AIR 1986 SC 967
24
Act 45 of 1860
25
Act No 21 of 2000.
P a g e | 16
are likely, having regard to all relevant circumstances, to read, see or hear the
matter contained or embodied in it, shall be punished on first conviction with
imprisonment of either description for a term which may extend to two three
years and with fine which may extend to five lakh rupees and in the event of a
second or subsequent conviction with imprisonment of either description for a
term which may extend to five years and also with fine which may extend to
ten lakh rupees.”26
26
Information Technology Act, 2000, S. 67
27
AIR 1965 SC 881
28
Prof. R.K.Chaubey, “An Introduction to Cyber Crime and Cyber law”, Kamal Law House,
2012, p. 440
P a g e | 17
curious about sexuality and sexual explicit material. The parents don’t have
too much control over the children and the children are busy exploring the
internet and other medium to fulfill their wishes through the on-line access.
Sex–offenders exploit these conditions and fulfil the need of children. The
child at this tender age doesn’t understand and recognise the potential danger
of these contacts. The internet is highly used by the abusers to abuse children
sexually worldwide. The children in India become viable victim to the cyber
crime, as internet becomes the household item in India. The children are
becoming victims to the aggression of pedophiles.
In the physical world parents know the dangers, so they warn their
children about the danger and tell me how to avoid or face the problems by
facing simple guidelines. But as far as cyber crime or crime related to internet
is concerned the parents themselves doesn’t know about the problems or
danger posed by various service offered over the internet. The pedophiles take
advantage of these things and lure children and win their confidence and then
exploit them because parents or teachers doesn’t tell them about what is wrong
or right over the internet.
Provided that the provisions of section 67, section 67A and this section
does not extend to any book, pamphlet, paper, writing, drawing, painting,
representation or figure in electronic form- (i) The publication of which is
proved to be justified as being for the public good on the ground that such
book, pamphlet, paper writing, drawing, painting, representation or figure is
in the interest of science, literature, art or learning or other objects of general
concern; or (ii) which is kept or used for bonafide heritage or religious
purposes
Recently Lt. Col. Jagmohan Balbir Singh was arrested by the Cyber
Cell of the Crime Branch police on the charge of uploading sexually explicit
images and clips of children on child pornography websites. Lt. Col. Singh
was charged under Section 67 B (punishment for publishing or transmitting of
material depicting children in sexually explicit act, etc. in electronic form) of
the Information Technology Act. It was the German police who first spotted
the activity from Mumbai on a server located in the United States. They sent a
report to the Interpol, which in turn forwarded it to the CBI Delhi, and
subsequently to the Mumbai Crime Branch. The Cyber Cell tracked the server
activity to the Internet Protocol (IP) address of Lt. Col Singh and subsequently
31
Information Technology Act, 2000, S. 67B
P a g e | 19
he was arrested from his residence and charged with section 292 of IPC and
67B of IT Act 2000.32
In Maqbool Fida Husain v Raj Kumar Pandey 34 the fact of the case is
that famous painter MF Husain painted an art work of a nude lady in grief
without giving it any title. The untitled painting was sold to a private collector
in 2004. In 2006 it was included as part of an online charity auction for
victims of the Kashmir earthquake under the name ‘Bharat Mata.’ Husain had
no role or involvement in this auction. There were large-scale protests against
the painting, which appeared in an advertisement for the auction. There were
multiple complaints filed under section 292, 294, 298 of the Indian Penal
32
http://www.thehindu.com/todays-paper/army-officer-held-for-child-
pornography/article763433.ece (Accessed on 6th February, 2016)
33
The Constitution of India, Art 19(1) and (2)
34
Maqbool Fida Husain v Raj Kumar Pandey, Delhi High Court Crl. Revision Petition No.
114/2007
P a g e | 20
Code, 1860. The question was that whether portrayal of the nude lady in the
painting as “Bharat Mata” should be considered as obscene under section 292
of IPC. The Court held that “…the aesthetic touch to the painting dwarfs the
so-called obscenity in the form of nudity and renders it so picayune and
insignificant that the nudity in the painting can easily be overlooked.” The
nude woman was not shown in any peculiar kind of posture, nor was her
surroundings painted so as to arouse sexual feelings or lust. The placement of
the Ashoka Chakra was also not on any particular part of the body of the
woman that could be deemed to show disrespect to the national emblem.
The Court pointed out that “...the literature of India, both religious and
secular, is full of sexual allusions, sexual symbolisms and passages of such
frank eroticism the likes of which are not to be found elsewhere in world
literature.” It went on to state that “While an artist should have creative
freedom, he is not free to do anything he wants. The line which needs to be
drawn is between art as an expression of beauty and art as an expression of an
ill mind intoxicated with a vulgar manifestation of counter-culture where the
latter needs to be kept away from a civilian society.” The Court also said,
“There should be freedom for the thought we hate. Freedom of speech has no
meaning if there is no freedom after speech. The reality of democracy is to be
measured by the extent of freedom and accommodation it extends.”35
35
http://indiatogether.org/uploads/document/document_upload/2141/blawobscenity.pdf
(Accessed on 7th February, 2016)
36
(1970) 2 SCC 780
P a g e | 21
In Raj Kapoor and Others v State and Others 37, The Supreme court
while deciding whether the movie, “Satyam Shivam Sundaram,” was obscene
and indecent or not has said that “While a certificate issued by the Censor
Board is of relevance, it does not preclude the court from deciding if a film is
obscene or not.”
Justice Krishna Iyer further stated that “An act of recognition of moral
worthiness by a statutory agency is not opinion evidence but an instance or
transaction where the fact in issue has been asserted, recognized or affirmed.
The Court will examine the film and judge whether its public policy, in the
given time and clime, so breaches public morals or depraves basic decency as
to offend the penal provisions. Yet, especially when a special statute (the
Cinematograph Act) has set special standards for films for public consumption
and created a special Board to screen and censor from the angle of public
morals and the like, with its verdicts being subject to higher review, inexpert
criminal courts must be cautious to “rush in” and must indeed “fear to tread”
lest the judicial process become a public footpath for any highwayman
wearing a moral mask holding up a film-maker who has traveled the expensive
and perilous journey to the exhibition of his “certificated” picture. Iyer went
on to state, “Art, morals and laws, aesthetics are sensitive subjects where
jurisprudence meets other social sciences and never goes alone to bark and
bite because state-made strait-jacket is inhibitive prescription for a free
country unless enlightened society actively participates in the administration
of justice to aesthetics.” He observed, “The world’s greatest paintings,
sculptures, songs, and dances, India’s lustrous heritage, the Konarks and
Khajurahos, lofty epics, luscious in patches, may be asphyxiated by law, if
prudes and prigs and state moralists prescribe paradigms and prescribe
heterodoxies.”38
37
AIR 1980 SC 258
38
http://indiatogether.org/uploads/document/document_upload/2141/blawobscenity.pdf
(Accessed on 7th February, 2016)
P a g e | 22
39
The Indecent Representation of Woman Act, 1986, (Act 60 of 1986)
40
Bombay H.C. Writ petition No. 1611 of 2001, ; See also www.cyquator.com /html.vol1.pdf.
41
http://cyquator.com/Html/vol1.pdf (Accessed on 7th February, 2016)
P a g e | 23
In the first case of this kind, the Delhi Police Cyber Crime Cell
registered a case under section 67 of the IT act, 2000. A student of the Air
Force BalBharti School, New Delhi, was teased by all his classmates for
having a pockmarked face. He decided to get back at his tormentors. He
created a website at the URL www.amazing-gents.8m.net. The website was
hosted by him on free web space. It was dedicated to Air Force BalBharti
School and contained text material. On this site, lucid, explicit, sexual details
were given about various “sexy” girls and teachers of the school. Girls and
teachers were also classified on the basis of their physical attributes and
perceived sexual preferences. The website also became an adult boys’ joke
amongst students. This continued for sometime till one day, one of the boys
told a girl, “featured” on the site, about it. The father of the girl, being an Air
Force officer, registered a case under section 67 of the IT Act, 2000 with the
Delhi Police Cyber Crime Cell.42
www.naavi.org/cl_editorial_04/suhas_katti_case.htm-9k
P a g e | 24
held that the crime is conclusively proved and the accused was convicted and
sentenced to undergo rigorous imprisonment for 2 years and to pay Rs. 500
fine u/s 469 of the IPC i.e. forgery for the purpose of harming reputation; for
the offence u/s 509 of the IPC. This is considered as the first case convicted
under section 67 of Information Technology Act 2000 in India.44
44
http://www.indiancybersecurity.com/case_studies/state_of_tamil_nadu_%20suhas_katti.htm
l (Accessed on 8th February, 2016)
45
http://www.manupatrafast.com/articles/PopOpenArticle.aspx?ID=76985177-567e-48d3-
aa2f-cb67be8da4a0&txtsearch=Subject:%20Miscellaneous
P a g e | 25
fact that the prime accused has already been released on bail. The impact of
the incident was that the Delhi government by its notification dated February
1, 2005 banned the use of mobile phones not only by students but also by
teachers in all government-run or aided schools. The most ironical part of the
story is that it concluded without even knowing what the female student
visible in the clip had to say or confess. Thus, Delhi Public School scandal
was not only the issue of child pornography but also MMS clip in cyberspace.
46
http://timesofindia.indiatimes.com/city/chennai/Porn-doctor-acquitted-in-drugs-
case/articleshow/6088338.cms? (Accessed on 8th February, 2016)
P a g e | 26
comparable to punishing the persons who build roads for the rash and
negligent driving of other persons who operate vehicles on the roads.”
The Supreme Court said, drawing the line on where rights ended and
criminality began has said that “Innocent children cannot be made prey to this
kind of painful situations and a nation cannot afford to carry on any kind of
experiment with its children in the name of liberty,”
Further stated that “The Centre is required to make certain rules and
regulations to initially stop child pornography,”
47
http://www.thehindu.com/news/national/curb-websites-circulating-pornography-says-
cji/article425172.ece (Accessed on 8th February, 2016)
48
Writ Petition No. 177 of 2013, Titled as Kamlesh Vaswani v. Union of India and others
P a g e | 27
49
http://www.thehindu.com/todays-paper/tp-national/prevent-access-to-child-pornography-
centre-told/article8287151.ece (Accessed on 28th February, 2016)
50
https://en.wikipedia.org/wiki/Cyberstalking (Accessed on 10 the February, 2016)
P a g e | 28
51
http://www.sociosite.org/cyberstalking_en.php (Accessed on 10Th February, 2016)
52
S. K. Verma, Raman Mittal, Legal Dimension of Cyberspace, Indian Law Institute, New
Delhi.
P a g e | 29
53
https://www.astrealegal.com/internet-harassment-cyber-stalking-cyber-harassment-and-
cyber/ (Accessed on 11th February, 2016)
54
Verma Amita, ‘Cyber Crimes & Law’, Central Law Publication, p-157-158 also available at
http://www.legalindia.com/cyber-stalking-the-impact-of-its-legislative-provisions-in-india/
(Accessed on 11th February, 2016)
P a g e | 30
The term stalking is not new to the world, in the physical space it
existed for many centuries. The stalking in the physical world is done by the
former friends, employees, or the person who wants to force his will over the
target are the examples of stalkers. But after the advent of cyberspace, the
reach of the stalker is widened, he can reach to any part of the world and
threaten and harass the target. It is not necessary now to disclose his identity,
most of the stalkers are the dejected lover’s, ex-boyfriends, colleagues, who
failed to satisfy their desire and wants to harass the victim. Most stalkers are
man and most victims are women. The common reason behind the cyber
stalking is rejection in love or one sided love, harassment, revenge and show-
off by the offender.
Following are the methods use by the cyber stalker to target the
victim:-
2. The stalker may post all the information on any website related to
sex-services or dating service, and uses filthy and obscene language to invite
P a g e | 31
3. All the people from the world would call the victims on his phone
numbers at home or on mobile asking for sexual services.
6. Sometimes the stalkers send them repetitive e-mails and call them
day and night at his phone numbers and keep track on them. The stalkers
sometimes get the help of third party to harass the victim.
Indian law do recognise cyber stalking but we do not have law to deal
with this issue specifically. The Information Technology act 2000 doesn’t
contain any provision regarding cyber stalking or cyber bullying or cyber
harassment. It is glaring lapse on the part of the government agencies.
The gravity of cyber stalking came into focus in India with Ritu
Kohli’s Case, is the first case in India dealing with cyber stalking. The Delhi
Police arrested Manish Kathuria the culprit of the case. In the said case,
Manish was stalking a person called Ritu Kohli on the Net by illegally
chatting on the website www.mirc.com with the name of Ritu Kohli. Manish
was regularly chatting under the identity of Ritu Kohli on the said Website,
using obscene and obnoxious language, was distributing her residence
telephone number and inviting chatter to chat with her on telephone.
Consequently Ritu Kohli was getting obscene calls from different chatters
from various parts of India and abroad. Ritu Kohli reported the matter to the
police and the Delhi Police swung into action. The police had registered the
case under Section 509 of the Indian Penal Code for outraging the modesty of
Ritu Kohli. But Section 509 of the Indian Penal Code only refers to word,
gesture or act intended to insult modest of a woman. But when same things are
done on internet, then there is no mention about it in the said section. None of
the conditions mentioned in the section cover cyber stalking. Ritu Kohli’s case
was an alarm to the Government, to make laws regarding the aforesaid crime
and regarding protection of victims under the same. As a result Section 66A of
the Information Technology Act, 2008.55
55
http://www.legalindia.com/cyber-stalking-the-impact-of-its-legislative-provisions-in-india/
(Accessed on 11th of February, 2016)
56
Information Technology Amendment Act, 2008, Act no 10 of 2009
P a g e | 33
However critics felt that section 66A would be used as a tool to curb
individual freedom of speech and expression and violative of article 19(1) of
the constitution of India, and in year 2015 in the writ petition titled as Shreya
Singhal v. Union of India58 the Apex court struck down the section 66A of
Information Technology Amendment Act 2008, as it is grossly misused by the
authorities and violative of Article 19(1) of Constitution of India.
57
Ibid, s. 66A
58
WP (Crl.) No. 167 of 2012
P a g e | 34
Save as otherwise provided in this Act or any other law for the time
being in force, any person who, in pursuant of any of the powers conferred
under this Act, rules or regulations made there under, has secured access to
any electronic record, book, register, correspondence, information, document
or other material without the consent of the person concerned discloses such
electronic record, book, register, correspondence, information, document or
other material to any other person shall be punished with imprisonment for a
term which may extend to two years, or with fine which may extend to one
lakh rupees, or with both.
Save as otherwise provided in this Act or any other law for the time
being in force, any person including an intermediary who, while providing
services under the terms of lawful contract, has secured access to any material
containing personal information about another person, with the intent to cause
or knowing that he is likely to cause wrongful loss or wrongful gain discloses,
without the consent of the person concerned, or in breach of a lawful contract,
such material to any other person shall be punished with imprisonment for a
59
http://www.haltabuse.org/resources/laws/india.shtml (Accessed on 12th February, 2016)
60
Information Technology Amendment Act, 2008, s. 72
61
Ibid, s. 72A
P a g e | 35
term which may extend to three years, or with a fine which may extend to five
lakh rupees, or with both.
However, after the December, 2012 Delhi gang rape incidence, the
Indian government has enacted or amended several new laws. In this anti-
stalking law was also passed. The Criminal Law Amendment Act, 2013 added
S.354D to the Indian Penal Code to define and punish the act of stalking. This
is as follows –
(ii) Monitors the use by a woman of the internet, email or any other
form of electronic communication, commits the offence of stalking:
Provided that such conduct shall not amount to stalking if the man who
pursued it proves that—
(i) it was pursued for the purpose of preventing or detecting crime and
the man accused of stalking had been entrusted with the responsibility of
prevention and detection of crime by the State; or
(ii) It was pursued under any law or to comply with any condition or
requirement imposed by any person under any law; or
62
Inserted by Section 7 of ‘The Criminal Law (Amendment) Act, 2013
P a g e | 36
In year 2011 Delhi University law student has been accused of stalking
and threatening a woman online. He also created her fake profiles on social
63
http://timesofindia.indiatimes.com/india/First-cyber-case-conviction-in-
Maharashtra/articleshow/47927461.cms (Accessed on 11th February,
2015)
P a g e | 37
networking sites to defame her. The woman has lodged a complaint with Delhi
Police alleging the accused has been harassing her for over a year now. She
said the law student has been making obscene phone calls and sending
threatening emails. The victim, while working in Delhi last year, became
acquainted with the accused. He asked her to marry him. She alleged that
when she refused, he assaulted her and also threatened to kill her. The victim
also lodged a complaint with the police earlier and after that, the accused
apologized and promised not to bother her in future and also given a written
statement to police that he will not stalk her in future. The victim then moved
to Goa to live with her parents. But soon after she left Delhi, the accused
created her fake profiles on social networking websites. He then uploaded
photographs on these sites and declared her to be his wife. The accused also
impersonated the victim online and made contact with her friends through
these profiles and due to this the girl’s marriage was called off. A case under
Section 66-A of Information Technology Act was lodged in New Delhi.64
In India there are few cases which are coming to limelight but cases
related to cyber stalking are rapidly increasing. There are thousands of cyber
stalking cases talking place in the nation, but only few reported the cases to
the police due the fear or threat. The crime related to cyber stalking is
increasing as its counterpart stalking in physical space as tracking the person is
too difficult task and he can be anyone from billions sitting anywhere.
Few People now about the cyber stalking crime. Some even do not
know that cyber stalking exists in the society or it is termed as crime. Very
few people are aware about the legal aspect of cyber stalking. We need to
aware people about these crimes and how can they avoid these kinds of crime.
The legal provision has to be stringent and the police personnel too need to get
regular education and training regarding the new emerging crime in the world.
64
http://timesofindia.indiatimes.com/city/delhi/DU-law-student-charged-with-cyber-
stalking/articleshow/8917937.cms (Accessed on 11th February, 2016)
P a g e | 38
back- bone would be an ideal strategy for attackers. The United Nations
telecommunications agency warns that the next world war could well be in
cyberspace. This should come as no surprise. Wars have often included attacks
on installations or facilities that are critical to the enemy, delivering a
crippling blow to gain the higher ground. Considering the sheer magnitude of
dependence that the modern world places on technology, it would logically
make a fine target if a war were to ensue.66
Cyber Terrorism becomes an international threat to the global
population as through the terrorism, the terrorist are spreading false
propaganda in line with political and religious ideologies. The word “Cyber
Terrorism” is of recent vintage and was coined by computer whiz Barry C.
Collin67. The Term cyber terrorism is the combination of cyberspace and
terrorism and we do not have any definition of cyber terrorism which can be
accepted worldwide. Every researcher or scholar in the subject gives a
different dimension while defining the term cyber terrorism. In this research
the definition of cyber terrorism is divided into intent based and effect based.
It refers to attacks on the computers, networks and network grids of the
country which heavily depend on networks and create havoc or fear among the
minds of its citizens.
6.3.1 Definition of Cyber Terrorism
The definition of cyber terrorism cannot be made extensive as the
nature of crime is such that it must be left to be comprehensive in nature. The
nature of “cyberspace” is such that new mode and tools are invented regularly;
Hence it is not wise to put the definition in a straightjacket formula or pigeons
hole. In fact, the first effort of the judiciary should be to understand the
66
Dr. Sirohi M. N., Cyber Terrorism and Information Warfare, Alpha Editions Delhi
67
Barry Collin, “The Future of Cyber Terrorism,” Proceedings of the 11th Annual
International Symposium on Criminal Justice Issues, the University of Illinois at Chicago,
1996.
P a g e | 40
68
http://www.naavi.org/cl_editorial_04/praveen_dalal/pd_cyber_terrorism_oct25_04_02.htm
(Accessed on 13the February, 2016)
69
http://www.usip.org/sites/default/files/sr119.pdf (Accessed on 13the February, 2016)
70
NATO, (2008). Cyber defence concept MC0571. Brussels, Belgium.
71
http://resources.infosecinstitute.com/cyberterrorism-distinct-from-cybercrime/(accessed on
12th February, 2016)
P a g e | 41
72
H. M. Hendershot, ‘Cybercrime 2003 – Terrorists’ Activity in Cyberspace and also at
http://www.ijiee.org/papers/126-I149.pdf (accessed on 12th February, 2016)
73
http://cii.in/WebCMS/Upload/Amaresh%20Pujari,%20IPS548.pdf (accessed on 12th
February, 2016)
74
http://intelligencebriefs.com/what-is-cyber-terrorism-defination/ (accessed on 12th
February, 2016)
75
K. Coleman, ‘Cyber Terrorism’ (2003) Directions Magazine,
http://www.directionsmag.com/articlephp?article also at http://www.ijiee.org/papers/126-
I149.pdf (accessed on 12th February, 2016)
P a g e | 42
76
Wilson, C. (2005). “Computer Attack and Cyber terrorism: Vulnerabilities and Policy
Issues for Congress”. CRS Report for Congress.
also at http://www.history.navy.mil/library/online/computerattack.htm and
http://resources.infosecinstitute.com/cyberterrorism-distinct-from-cybercrime (Accessed on
13th February, 2016)
P a g e | 43
77
Brickey, J. (2012). Defining Cyber terrorism: Capturing a Broad Range of Activities in
Cyberspace. Combating Terrorism Center at West Point also at
http://www.ctc.usma.edu/posts/defining-cyberterrorism-capturing-a-broad-range-of-activities-
in-cyberspace and also at http://resources.infosecinstitute.com/cyberterrorism-distinct-from-
cybercrime/ (Accessed on 13th February, 2016)
78
Ibid
79
Ibid
80
Gabriel Weimann, Cyber terrorism: How Real Is the Threat? Special Report No.119,
United States Institute of Peace, December, 2004.also at
https://thepeacemission2013.files.wordpress.com/2013/03/study-guide-united-nations-
counter-terrorism-committee.pdf (Accessed on 14th February, 2016)
P a g e | 44
Just how real is the threat that cyber terrorism poses? Because most
critical infrastructure in today’s world is networked through computers, the
potential threat from cyber terrorism is very alarming. cyber terrorist through
the help of Hackers can gain access to sensitive information and to the
operation of crucial services and can cripple or at least disable the military,
financial, and service sectors of advanced economies.81
The growing reliance of our societies on computers and internet has
created a new form of vulnerability, giving terrorists the chance to approach
targets that would otherwise be utterly watertight, such as national defense
systems and air traffic control systems. The more technologically developed a
country is, the more vulnerable it becomes to cyber attacks against its
infrastructure. Concern about the potential danger posed by cyber terrorism is
thus well founded.82
The Crime related to cyberspace has been increasing rapidly; however
there is no cyber terrorist attack in Indian public facilities, transport systems,
nuclear power plants, power grids, or other key machinery of the national
infrastructure. Cyber attacks are regular, but they have not been carried out by
terrorists and they have not sought to inflict the kind of damage that would
qualify them as cyber terrorism.
6.3.4 Recent Incident of Cyber Terrorism in World
The following are the number of incident which has created problems
for nations or which can be termed as terrorist attack by the terrorist group
with the help of information technology in the world –
Cyber Attacks in Middle East
With the Middle East Conflict at a very heated moment between
bordering countries Pro-Palestinian and Pro-Israel Cyber Groups have been
launching an offensive against websites and mail services used by the political
sectors the opposing groups show support for. The attacks had been reported
81
Terror on the Internet: The New Arena, the New Challenges USIP Press Books, 2006. also
at http://www.usip.org/sites/default/files/sr119.pdf (Accessed on 14th February, 2016)
82
Ibid
P a g e | 45
83
“Middle East E-mail Flooding and Denial of Service (DoS) Attacks” – National
Infrastructure Protection C enter – October 26, 2000 and also at
http://www.nipc.gov/warnings/assessments/2000/00-057.htm and
https://www.sans.org/reading-room/whitepapers/threats/conventional-terrorismthe-cyber-
assault-931 (Accessed on 14th February, 2016)
84
“Cyber Attacks during the War on Terrorism" India/Pakistan Conflict, Institute for Security
Technology Studies - Dartmouth College Vatis, Michael A - September 22, 2001. also at
http://www.ists.dartmouth.edu/docs/cyber_a1.pdf (Accessed on 14th February, 2016)
P a g e | 46
continual e-mail bombing. Although the attack was rather random and brief
and affected a small number of U.S. sites, the effects could have been worse.85
Cyber attack by Tamil Tigers
In 1998, with surges of violence committed in Sri Lankan over Several
years, attacks in cyber-space were the next area to target. The group known as
the Tamil Tigers, a violent guerrilla organization bombarded Sri Lankan
embassies with over 800 e-mails a day. This was carried out over a two week
period. The attack by the e-mail message conveyed the message, “We are the
Internet Black Tigers and we are doing this to disrupt your communications.”
After the messages created such major disruption the local Intelligence
authorities were dispatched to investigate. The authorities declared the attack
as the first known attack on the Sri Lankan by the terrorists on any computer
system in the nation.86
Yugoslavia Conflict
When NATO87 air strikes hit Former republic of Yugoslavia in Kosovo
and Serbia, NATO web servers were subjected to sustained attacks by hackers
employed by the Yugoslav military. All NATO’s 100 servers were subjected
to “ping saturation”, Distributed Denial Of service assaults and bombarded
with thousands of e-mails, many containing viruses. The attacks on NATO
servers coincided with numerous website defacements of American military,
government, and commercial sites by Serbian, Russian, and Chinese
sympathizers of Yugoslavia. These attacks cause serious disruption of NATO
communications infrastructures.
85
Cyber Protests: The Threat to the U.S. Information Infrastructure, October 2001. Also
available at https://www.sans.org/reading-room/whitepapers/threats/conventional-
terrorismthe-cyber-assault-931 (Accessed on 14th February, 2016)
86
Cyber Terrorism – “Testimony before the Special Oversight Panel oil Terrorism”- Dorothy
E. Denning - May 23, 2000. also at https://www.sans.org/reading-
room/whitepapers/threats/conventional-terrorismthe-cyber-assault-931 (Accessed on 14th
February, 2016)
87
The North Atlantic Treaty Organization, also called the North Atlantic Alliance, is
an intergovernmental military alliance based on the North Atlantic Treaty which was signed
on 4 April 1949. The organization constitutes a system of collective defence whereby its
member states agree to mutual defense in response to an attack by any external party. (Source
Wikipedia accessed on 16th February, 2016)
P a g e | 47
88
See “Attack of the cyber terrorists” by MICHAEL HANLON Available at:
http://www.dailymail.co.uk/sciencetech/article-457504/Attack-cyber-terrorists.html (Accessed
on 16th February, 2016)
P a g e | 48
89
See “Is Cyber-Terrorism the New Normal?” Available at
http://www.wired.com/insights/2015/01/is-cyber-terrorism-the-new-normal/ (Accessed on 16th
February, 2016)
P a g e | 49
Earlier there was no specific provision in the IT Act, 2000 which deals
specifically with Cyber terrorism due to this, a new section 66F has been
inserted by Information Technology (Amendment) Act, 2008. It is a welcome
change brought by the IT Amendment Act, 2008 in view of increasing terrorist
activities in India and neighbouring nations.
Punishment for cyber terrorism90 - (1) whoever, -
(A) With intent to threaten the unity, integrity, security or sovereignty
of India or to strike terror in the people or any section of the people by –
(i) denying or cause the denial of access to any person authorized
to access computer resource; or
(ii) attempting to penetrate or access a computer resource without
authorisation or exceeding authorised access; or
(iii) introducing or causing to introduce any computer contaminant,
and by means of such conduct causes or is likely to cause death or injuries to
persons or damage to or destruction of property or disrupts or knowing that it
is likely to cause damage or destruction of supplies or services essential to the
life of the community or adversely affect the critical information infrastructure
specified under section 70; or
(B) knowingly or intentionally penetrates or accesses a computer
resource without authorisation or exceeding authorised access, and by means
of such conduct obtains access to information, data or computer database that
is restricted for reasons of the security of the State or foreign relations; or any
restricted information, data or computer database, with reasons to believe that
such information, data or computer database so obtained may be used to cause
or likely to cause injury to the interests of the sovereignty and integrity of
India, the security of the State, friendly relations with foreign States, public
order, decency or morality, or in relation to contempt of court, defamation or
incitement to an offence, or to the advantage of any foreign nation, group of
individuals or otherwise, commits the offence of cyber terrorism.
90
Information Technology Act, 2000, s., 66F
P a g e | 50
91
Article by Praveen Dalal, Cybercrime and cyber terrorism: Preventive defence for
cyberspace violations, Computer Crime Research Center, March 10, 2006.
92
http://gadgets.ndtv.com/internet/news/india-must-wake-up-to-cyber-terrorism-349274
(Accessed on 16th February, 2016)
P a g e | 51
93
Ibid
P a g e | 52
http://www.ndtv.com/india-news/al-qaeda-hacks-into-indian-railways-website-leaves-
94
96
Indian Penal Code, 1860., s. 441
97
Indian Penal Code, 1860., s. 447
98
http://www.funonthenet.in/forums/index.php?topic=1260.0;wap2 (Accessed on 20th
February, 2016)
99
Ibid
100
Ibid
101
Ibid
P a g e | 55
102
Ibid
103
Indian Penal Code, 1860., s. 448
104
Indian Penal Code, 1860., s. 449
105
Indian Penal Code, 1860., s. 450
106
Indian Penal Code, 1860., s. 451
107
Indian Penal Code, 1860., s. 452
108
Indian Penal Code, 1860., s. 453
109
Indian Penal Code, 1860., s. 454
110
Indian Penal Code, 1860., s. 456
P a g e | 56
111
Indian Penal Code, 1860., s. 459
112
Indian Penal Code, 1860., s. 460
113
Indian Penal Code, 1860., s. 425-440
P a g e | 57
hackers had ‘web-jacked’ her web-site. ‘Web-jacking’ has been equated with
hijacking an aeroplane, as forcibly assuming control of a web-site, for diverse
motives. The hackers had altered a part of the web-site which said “How to
have fun with goldfish”. The word “goldfish” was replaced with “piranhas”.
Piranhas are tiny but extremely dangerous flesh eating fish. Many children
visiting the web-site, purchased ‘piranhas’ from pet shops and tried playing
with them, thereby hurting themselves badly. 114
Hacking in various forms is already part of several offences, either as
the means to their commission or as a consequence. For instance, hacking
could be a tool and means to commit cheating, misappropriation, criminal
breach of trust, theft, copyright violations, spying into official secrets, or as
part of the conspiracy to wage war against the State, that are all well defined
offences. Some of the species of hacking have been defined as contraventions
as well as criminal offences in the LT. Act, 2000 as amended by the I.T.
(Amendment) Act, 2008. In the original version of the I.T. Act, 2000, section
66 defined and punished hacking in the following terms:
“Hacking with Computer System - (1) Whoever with the intent to cause
or knowing that he is likely to cause wrongful loss or damage to the public or
any person destroys or deletes or alters any information residing in a
computer resource or diminishes its value or utility or affects is injuriously by
any means, commits hacking.
(2) Whoever commits hacking shall be punished with imprisonment up
to three years, or with fine which may extend upto two lakh rupees, or with
both”.115
The title of the aforesaid section 66 was a misnomer, which created
confusion. It was widely believed as if section 66 was the only legal provision
that dealt with the offence of hacking a computer system. This confusion has
114
“Hack Attack” by Shuchi Nagpal, Asian School of Cyber Laws in Indian Express Vigil,
March 2002. also available at http://www.asianlaws.org/press/hack_attack.htm (Accessed on
20th February, 2016)
115
Information Technology Act, 2000., s. 66
P a g e | 59
been done away with, by certain amendments made by the I.T. (Amendment)
Act, 2008. The words “Hacking with Computer System” have been deleted
from section 66, the scope of which has been substantially widened:
“If any person, dishonestly or fraudulently, does any act referred to in
section 43, he shall be punishable with imprisonment for a term which may
extend to three years or with fine which may extend to five lakh rupees or with
both”.116
The various species of the offence of hacking that are provided (even
though not called ‘hacking’ specifically) for or may have elements of hacking,
in the amended version of the I.T. Act, 2000 are:
Access to a computer.
Downloading, copying or extraction of data from a computer.
Introducing computer virus and contaminants.
Causing damage to a computer.
Causing disruption of a computer.
Causing denial of access to a computer.
Affecting critical information infrastructure.
Cyber terrorism.
116
Sec. 66 of the I.T. Act, 2000 as amended by the I.T. (Amendment) Act, 2008.
117
A computer virus is a program or piece of code that is loaded onto your computer without
your knowledge and runs against your wishes. Viruses can also replicate themselves.
All computer viruses are man-made. A simple virus that can make a copy of itself over and
over again is relatively easy to produce. Even such a simple virus is dangerous because it will
quickly use all available memory and bring the system to a halt. An even more dangerous type
of virus is one capable of transmitting itself across networks and bypassing security systems.
P a g e | 60
118
http://www.infoplease.com/ipa/A0872842.html (Accessed on 01 March, 2016)
P a g e | 61
false ‘.txt’ extension, luring recipients to welcome it. The year 2000 was also
the year when the ‘distributed denial-of-service’ attacks knocked out leading
web-sites such as ‘Yahoo’, ‘eBay’, ‘Amazon’ etc, for several hours.
Shortly after the ‘9/11’ attacks in 2001, the ‘Nimda’ virus infected
hundreds of thousands of computers in the world. This virus has been amongst
the most sophisticated ones, with five different methods of replicating and
infecting computer systems. The ‘Anna Kournikova’ virus mailed itself to
people enlisted in the victim’s Microsoft Outlook address book. Several
worms were also born this year such as ‘Sircam’, ‘CodeRed’ and ‘BadTrans’.
‘Sircam’ spread personal documents over the Internet through e-mail, while
‘Code Red’ attacked vulnerable web-pages. It infected about 359,000
computers in the first twelve hours or so. ‘BadTrans’ captured passwords and
credit card information.
In 2002, the creator of the ‘Melissa’ virus, David C. Smith was
sentenced to twenty months in the federal prison. Several viruses named after
celebrities like ‘Shakira’, ‘Britney Spears’ and ‘Jennifer Lopez’ also spread
during this year. In 2003, the ‘Slammer’ worm, the fastest spreading worm till
date, infected about 75000 computers in ten minutes. This year, the ‘Sobig’
worm became amongst the first few worms to make the infected computer
systems spam relay points. In the year 2004, a computer worm called
‘MyDoom’ or ‘Novarg’ spread through e-mails and file-sharing software
faster than its earlier cousins. ‘MyDoom’ enticed e-mail recipients to open an
attachment that allowed hackers to access the hard-drive of the afflicted
computer system. The objective of the worm was to make a ‘denial of service’
attack on the ‘SCO Group’ that was suing various groups for using an open-
source version of its ‘Unix’ programming language. SCO offered a reward of
US $2, 50,000 to anyone giving information leading to the arrest and
conviction of the worm’s authors. Also, the ‘Sasser’ Worm affected about one
million computers using Windows. An 18-year-old German high school
student confessed to developing this worm. The year 2005 ‘welcomed’ the
P a g e | 62
119
http://www.infoplease.com/ipa/A0872842.html (Accessed on 01 March, 2016)
P a g e | 63
Section 43 imposes a strict liability upon the person who plants any
computer virus or contaminant. All the violations stipulated in section 43
including clause (c) that covers the violation of introduction or causing the
introduction of any computer contaminant or computer virus into any
computer, have also been made criminal offences.120 Hence, dishonestly or
fraudulently introducing or causing the introduction of a computer virus or
computer contaminant into another’s computer, would also constitute a
criminal offence entailing an imprisonment of two years. Even with mens rea,
to penalize the introduction of computer contaminant or virus into another’s
computer, in the present state of information technology in our country, is
totally unjustified. Our law makers should have at least asked themselves
certain fundamental questions before criminalizing the planting of computer
virus and contaminants:-
What is the level of general awareness in our country about computer
contaminants and virus?
How many people in our country, who use computers, are aware of
anti-virus software and how many out of them use the same?
What is the general level of consciousness amongst people, that
before sending a computer file to another through a CD, floppy, pen-drive or
the Internet, it should be checked whether there is virus in it or not?
With computer contaminants and virus floating everywhere in
floppies, CDs, pen-drives and the Internet, how will it be proven prima facie
or otherwise, as to who introduced/transmitted the contaminants or virus in
question?
Are our law enforcement agencies and the judiciary equipped to
determine the source of the computer contaminant and virus?
120
Sec. 66 of the I.T. Act, 2000 as amended by the I.T. (Amendment) Act, 2008.
P a g e | 64
121
As defined in the Global Economic Crime Survey 2011 by PwC in conjunction with our
survey academic partner, Professor Peter Sommer
122
http://www.trai.gov.in/
P a g e | 66
respondents found that the perpetrators were among their own staff. In most
cases, perpetrators of fraud were male, between the ages of 31 and 40, and
educated to degree level or higher. 80% of respondents said their organization
terminated the individual who committed the fraud and more than half of the
respondents ceased to conduct business with outsiders who engaged in
fraudulent conduct. Despite the growing confidence that organizations
surveyed have in their risk management systems most fraud (35 %) is still
detected by chance.123
The cyber crime offers low risks and high rewards as compared to
traditional crimes. For example, in an externally perpetrated cyber crime, a
fraudster infiltrates a banking system, remotely, to steal money or personal
information. The fraudster is at a lesser risk when compared to someone who
physically steals assets from an organization. There are fewer risks when
committing cyber crime. The fraudster is not present at the location; hence the
chances of getting caught are less. It is difficult for law enforcement agencies
to follow traditional investigative steps to prosecute the perpetrator owing to
the different location and jurisdiction of the perpetrator. The perpetrators can
return to the scene of the crime with relatively minimal fear of detection.124
The Financial Cybercrime includes cheating, credit card frauds, money
laundering, forgery, online investment frauds etc. such crimes are punishable
under both IPC and IT Act. A leading Bank in India was cheated to the extent
of 1.39 crores due to misappropriation of funds by manipulation of computer
records regarding debit and credit accounts. Most cases involving computer-
related fraud have been prosecuted under existing criminal legislation and this
has been adequate to cope with these offences. However applying traditional
criminal concepts to acts involving intangible information has meant that some
123
Economic Crime in India: an ever increasing phenomenon, Global Economic Crime Survey
2011, India, Price Waterhouse Coopers, 2011. also available at
https://www.pwc.in/assets/pdfs/publications-2011/economic-crime-survey-2011-india-
report.pdf (Retrieved on 17th February, 2016 )
124
Ibid
P a g e | 68
125
Indian Penal Code (Act No. 45 of Year 1860).
P a g e | 69
126
The Indian Contract Act, 1872 (Act No. 9 of 1872)
127
The Information Technology Act, 2000 (No. 21 of 2000)
P a g e | 70
Many took the bait and made online purchases but the laptops never reached
them. He had made several lakhs in the bargain. After complain was made he
was arrested by tracing his IP address, on the charge of Online Fraud.128
2. In May 2006: In a landmark judgment, the Delhi High Court passed
an injunction order against four lawyers including a Nigerian national,
restraining them and their representatives from using in any manner the
proprietary data and confidential information stolen from their erstwhile
employer Titus & Co. Advocates. In this Data theft case that involved law
firm Titus & Co, its four employees had illegally copied and removed
electronic records including protected and confidential information from
computers belonging to Titus & Co. These lawyers later formed a new
organization relying on the pilfered data. Thereby action was brought by Titus
& Co against these former employees to restrain them from using the “copied
material” from their erstwhile employer firm.129
3. Chennai Cyber Crime Police arrested four persons last week, who
formed part of a UK-based gang. For withdrawing money from ATMs through
the use of forged credit cards, whose data was stolen through the Cyber Crime
of Skimming.130 They had cheated people of over 20 lakhs rupees three days
prior to their arrest. And police recovered 160 fake credit cards from their
possession.131
4. In 2011, two persons who fraudulently made online transactions
with credit cards of other customers were arrested by Central Crime Station
sleuths. According to police, the duo used to call up people randomly and
collect credit card data of cardholders, their phone numbers and other personal
128
Bangalore MBBS student held for internet fraud Express News Service Delhi Newsline,
New Delhi, March 21, 2005.
129
India Cyber Law and Cases, one of the largest Database of Cyber Law and Cases from
India. Available at: http://cybercases.blogspot.com/.
130
Skimming: Fake card entry slots are used by criminals who perpetuate this crime. The
information on the card is recorded on a device hidden in the card entry slot. In it the criminal
use a small machine called a skimmer that reads the data on the magnetic strip of the card and
clones it.
131
http://www.ibnlive.com/news/credit-card-cloning-swipes-india/10923-3.html(Retrieved on
17th February, 2016 )
P a g e | 71
details by posing as agents of banks. “Once they received the data, they
created a fake email ID in name of the credit card holder and register the same
on EBay”. Before creating the ID, they change the card holder’s phone
number to their phone number by contacting the customer care of the bank by
furnishing all details of the actual card holder. By misusing the above data, the
fraudsters did online shopping. While making online purchases, they give false
delivery address and their phone number. Once the courier agent calls them
for delivering the goods, they insist they come to their office to deliver. To get
the goods, they prepared fake ration cards, voter ID cards and PAN cards in
name of the actual card holder with help of Photoshop software on their laptop
and by producing the same, they get the goods.132
5. In 2013, A con man from Maharashtra who cheated ICICI Bank
customers by obtaining their credit card data has fallen into the Delhi Police
net after illegal online transactions of over Rs 1 crore in the past one year. He
was misusing the data of around 4,500 credit card holders for the last one-and-
half years, police said, adding that employees of the bank could be involved in
leaking the data to him. He, claiming to be an ICICI Bank employee, assured
the victim to refund their money. But just after getting the card details, he
made an electricity bill payment of Rs 44,911 to Maharashtra district
electricity board, there is a strong possibility of the involvement of employees
of the ICICI Bank,” said SBS Tyagi, deputy commissioner of police.133
132
http://www.ibnlive.com/news/india/two-persons-held-for-online-credit-card-fraud-
425297.html(Retrieved on 17th February, 2016 )
133
http://www.ibnlive.com/news/india/delhi-police-arrests-con-man-for-credit-card-frauds-
623798.html (Retrieved on 17th February, 2016 )
P a g e | 72
instant message.134 The term phishing arises from the use of increasingly
sophisticated lures to “fish” for ‘users’ financial information and passwords.
The act of sending an e-mail to a user falsely claiming to be established
legitimate enterprises in an attempt to scam the user into surrendering private
information that will be used for identity theft. The e-mail directs the user to
visit a Website where they are asked to update personal information, such as
passwords, credit card, social security, and bank account numbers, that the
legitimate organization already has. The Website, however, is bogus and set
up only to steal the user’s information.135
The motive behind phishing is that people will share their credit card
information, passwords, bank account numbers and other information thinking
that they are sharing their information to the legitimate organization but in real
they are sharing their information with bogus website or organization which is
going to steal their money.
Vishing is also alike phishing; it is the criminal practice of using social
engineering and Voice over IP (VoIP) to gain access to private .personal and
financial information from the public for the purpose of financial reward. The
term is a combination of “voice” and phishing. Vishing exploits the public’s
trust in landline telephone services, which have traditionally terminated in
physical locations which are known to the telephone company, and associated
with a bill-payer. The victim is often unaware that VoIP allows for caller ID
spoofing, inexpensive, complex automated systems and anonymity for the bill
payer. Vishing is typically used to steal credit card numbers or other
information used in identity theft schemes from individuals.136
Recently in a landmark judgment in India in the case of Uma Shankar
v. ICICI Bank, the Adjudicator of Tamil Nadu has passed an award for
134
Lance James, “Phishing Exposed”, Elsevier 2005. also at
https://en.wikipedia.org/wiki/Phishing (Retrieved on 17th February, 2016 )
135
http://www.crimedoctor.com/phishing-scam.htm (Retrieved on 17th February, 2016)
136
Dr. B. Muthukumaran, “Cyber Crime Scenario in India” Criminal Investigation
Department Review- January2008 also at http://www.gcl.in/downloads/bm_cybercrime.pdf
(Retrieved on 17th February, 2016)
P a g e | 73
137
http://www.governancenow.com/news/regular-story/icici-bank-gets-rs-1285-lakh-lesson-e-
security and also at http://www.naavi.org/ (Retrieved on 17th February, 2016)
138
“Phishing, n.” OED Online, March 2006, Oxford University Press. Oxford
English Dictionary Online. and also at https://en.wikipedia.org/wiki/Phishing (Retrieved on
17th February, 2016 )
P a g e | 74
The Banks are basically being held liable under the age old Banking
law that “Forgery cannot be held against the customer, however clever or
undetectable the forgery is”. Additionally, Banks are ignoring the law of the
land through IT Act 2000 as well as the Guidelines of RBI and not using
digital signatures for authentication of Internet transactions. This makes them
negligent under Sections 79 and 85 making them liable for any offence
attributable to a computer belonging to the Bank. Recently Bank of India has
set precedence by accepting liability for Phishing in one the cases filed in
Bangalore and repaying the amount along with interest to the customer who
was a victim of a Phishing fraud.139
This is an act by the criminal, who floods the bandwidth of the victim’s
network or fills his e-mail box with spam mail depriving him of the services
he is entitled to access or provide Short for denial-of-service attack, a type of
attack on a network that is designed to bring the network to its knees by
flooding it with useless traffic. Many DoS attacks, such as the Ping of Death
and Teardrop attacks, exploit limitations in the TCP/IP protocols.140
In a typical connection, the user sends a message asking the server to
authenticate it. The server returns the authentication approval to the user. The
user acknowledges this approval and then is allowed onto the server. In a
denial of service attack, the user sends several authentication requests to the
server, filling it up. All requests have false return addresses, so the server can’t
find the user when it tries to send the authentication approval. The server
139
http://www.naavi.org/cl_editorial_09/edit_dec_23_09_boi_phishing.htm (Retrieved on
18th February, 2016)
140
Understanding Denial-of-Service Attacks (US CERT) http://www.us-
cert.gov/cas/tips/ST04-015.html. also at http://www.cybercellmumbai.gov.in/html/cyber-
crimes/denial-of-service-attack.html (Retrieved on 18th February, 2016)
P a g e | 75
waits, sometimes more than a minute, before closing the connection. When it
does close the connection, the attacker sends a new batch of forged requests,
and the process begins again tying up the service indefinitely.141
Attacks can be directed at any network device, including attacks on
routing devices and Web, electronic mail, or Domain Name System servers. A
DoS attack can be perpetrated in a number of ways. There are three basic
types of attack:
1. Consumption of computational resources such as bandwidth, disk
space or CPU Time;
2. Disruption of configuration information, such as routing
information;
3. Disruption of physical network components.
Distributed denial of service attack (DDoS) occurs when multiple
compromised systems flood the bandwidth or resources of a targeted system,
usually one or more web servers. These systems are compromised by attackers
using a variety of methods. Malware can carry DDoS attack mechanisms; one
of the more well known examples of this was MyDoom. Its DoS mechanism
was triggered on a specific date and time. A system may also be compromised
with a Trojan, allowing the attacker to download a zombie agent. Attackers
can also break into systems using automated tools that exploit flaws in
programs that listen for connections from remote hosts. This scenario
primarily concerns systems acting as servers on the web. It is important to note
the difference between a DDoS and DoS attack. If an attacker mounts a smurf
attack from a single host it would be classified as a DoS attack. In fact, any
attack against availability would be classed as a Denial of Service attack. On
the other hand, if an attacker uses, a thousand zombie systems to
141
Manthan M Desai,“Hacking For Beginners: a beginners guide to learn ethical hacking”
also at http://www.cnet.com/news/how-a-denial-of-service-attack-works/ (Retrieved on 18th
February, 2016)
P a g e | 76
142
Internet security by Wikipedians, Pediapress, p. 29 also at
https://www.mywot.com/wiki/Denial_of_Service_Attack (Retrieved on 18th February, 2016)
143
Ibid
144
https://www.sans.org/security-resources/idfaq/distributed-denial-of-service-attack-tools-
trinoo-and-wintrinoo/9/10 (Retrieved on 18th February, 2016)
145
http://www.wsj.com/articles/SB125053669921337753 (Accessed on 01 March, 2016)
P a g e | 77
credit card numbers from TJX Cos and others, causing the parent company of
TJ Maxx retail chain, losses of about US$ 200 million.
Data and information are valuable assets in this digital age. Business
secrets, technical knowhow, designs, music, films, books, personal data
including usernames, credit card numbers and passwords, are some forms of
property that drive the information economy. Money, time, effort and
creativity go into the creation and compilation of data and information.
Stealing of data and information through hacking and other means, is the most
prevalent cyber crime.146
Data is like a chameleon that plays comedy with our traditional law
relating to theft. Theft is a crime that has existed in our law since time
immemorial. Section 378 of the Indian Penal Code defines ‘theft’ in the
following words:-
“378. Theft. - Whoever, intending to take dishonestly any moveable
property out of the possession of any person without that person’s consent,
moves that property in order to such taking, is said to commit theft.”
As per the aforesaid definition, there can be theft in law of only
moveable property, which is required to be moved. The term ‘moveable
property’ is intended to include corporeal property of every description except
land and things attached to the earth or permanently fastened to anything
which is attached to the earth.147 Theft has been held to be an offence that
applies only to tangibles. Electricity, for instance, has been held as not covered
within the ambit of ‘moveable property’. The Supreme Court in Avtar Singh v.
State of Punjab148 held that stealing of electricity is theft because of section 39
of the Electricity Act, not section 378 I.P.C. The Court said:
146
Vivek Sood, Cyber Crimes, Electronic Evidence & Investigation – Legal Issues 137-139
(NABHI Publications, New Delhi, 2010) also at http://thegiga.in/LinkClick.aspx?
fileticket=KX1_Imk_gDs%3D&tabid=589 (Accessed on 01 March, 2016)
147
Indian Penal Code, 1860., s. 22
148
AIR l965 SC 666
P a g e | 78
“With regard to the first reason that Section 39 of the Act extended the
operation of Section 378 of the Code, it seems to us beyond question that
Section 39 did not extend Section 37 8 in the sense of amending it or in any
way altering the language used in it. Section 378, read by itself even after the
enactment of section 39, would not include a theft of electricity for electricity
is not considered to be moveable property. The only way in which it can be
said that Section 39 extended Section 378 is by stating that it made something
which was not a theft under Section 378, a theft: within the meaning of that
section. It follows that if Section 39 did so, it created the offence itself and
Section 378 did not do so. In this view of the matter we do not think it possible
to say that the thing so made a theft and an offence, became one by virtue of
Section 378”.
Applying the law of theft to information and data is a comedy of sorts.
When information and data are encapsulated in a tangible form, for instance,
stored in a floppy, CD, or pen-drive, they are part of moveable property and
hence can be said to be stolen if the medium (floppy, CD, or pen-drive) is
moved without the consent of the person in possession. Also, if the computer
itself is stolen, since data and information are a part thereof, they too can be
said to be stolen. However, in the online environment, where data and
information are intangible i.e. mere combinations of binary numbers, the legal
definition of ‘theft’ falls short. Stealing of data and information online is no
‘theft’ in the eyes of section 378 I.P.C.
In this sense, the expression ‘data theft’ is a misnomer from the legal
perspective. It is an expression of common parlance. For instance, if an
employee dishonestly and without the consent of his employer sends/transmits
critical data through e-mail to an e-mail account belonging to him or another,
it would not amount to theft under the I.P.C. However, if he were to store the
data in a CD and take it away, it would amount to theft.
Data/information theft can be said to be committed in six ways, in
other words, it has the following species:
P a g e | 79
Another form of data breach is breach of trust with respect to data and
information. The I.T. industry primarily deals with data and information in
some form or the other. A call center uses data to answer queries of customers
of banks, telecom service providers etc. A software company develops
software using data and information. A web-site compiles information and
presents it online.
Data and information drive the I.T. industry. They are the inputs, raw
material and outputs for the I.T. industry. Data and information may be
entrusted to employees of the organization, its business associates, service
providers, agents and other parties for specific purposes. Incidents of breach of
data and information, by such trusted parties frequently confront the I.T.
industry. Misappropriation of data / information by a person who holds it in
trust would amount to criminal breach of trust under the Indian Penal Code.
In 2010, the two cases of data theft have come to light, first is
Travelocity.co.in v. ClearTrip.com and second is JustDial v. Infomedia. In the
first case Travelocity has filed an FIR with Gurgaon Police against CEO,
Cleartrip and former MD of Desiya alleging criminal breach of trust, data
theft, cheating, criminal misappropriation and criminal conspiracy. It was
alleged that MD Desiya has pass on the company’s intellectual property, trade
secrets, sensitive data, proprietary technology source codes, their entire hotel
business model and projections to the CEO of Cleartrip. In the second case it
is reported that JustDial has obtained injunction against Infomedia 18 Limited
for running website www.askme.in, as it was alleged that Infomedia 18
Limited had copied JustDial database onto its newly launched website:
www.askme.in, thereby violating JustDial’s database copyrights. The
injunction was granted exparte by the Hon’ble High Court and further order
has been made for search and seizure to be carried out at Infomedia’s Delhi
P a g e | 81
and Mumbai offices, as prima-facie case was made out by the Just Dial
officials.149
6.10 Data Diddling
149
http://www.cyberlawtimes.com/indian-web-portal-wars-travelocity-cleatrip-justdial-
infomedia-askme-data-theft/(Retrieved on 18th February, 2016)
150
http://www.niagarapolice.ca/en/community/computercrimeprevention.asp (Retrieved on
18th February, 2016)
151
http://indiaforensic.com/compcrime1.htm (Retrieved on 18th February, 2016)
P a g e | 82
difficult to detect and trace. These attacks are used for the commission of
financial crimes. The key here is to make the alteration so insignificant that in
a single case it would go completely unnoticed. A bank employee inserts a
program, into the bank’s servers, that deducts a small amount of money (say
Rs. 5 a month) from the account of every customer. No account holder will
probably notice this unauthorized debit, but the bank employee will make a
sizable amount of money every month.152
To cite an example, an employee of a bank in USA was dismissed
from his job. Disgruntled at having been supposedly mistreated by his
employers the man first introduced a logic bomb into the bank’s systems. The
logic bomb was programmed to take ten cents from all the accounts in the
bank and put them into the account of the person whose name was
alphabetically the last name of Ziegler. The amount being withdrawn from
each of the accounts in the bank was so insignificant that neither the account
holders nor the bank official noticed the fault. It was brought to their notice
when a person by the name of Ziegler opened his account in that bank. He was
surprised to find a sizable amount of money being transferred into his account
every Saturday.153
6.12 E-mail Bombing
In internet usage, an e-mail bomb is a form of net abuse consisting of
sending huge volumes of e-mail to an address in an attempt to overflow the
mailbox or overwhelms the server. Mail bombing is the act of sending an e-
mail bomb, a term shared with the act of sending actual exploding devices.
Mail bombing is sometimes accomplished by giving the victim’s e-mail
address to multiple spammers. In the Russian internet community, there is
Smith RG, Grabosky PN and Urbas GF 2004. Cyber criminals on trial, Cambridge
153
University Press.
P a g e | 83
another sense for mail bomb. There, mail bomb is a form of denial of service
attack against a computer system.154
E-mail bombing refers to sending a large number of e-mails to the
victim resulting in the victim’s e-mail account(In case of Individual ) or mail
servers (in case of a company or an e-mail service provider) crashing. In one
case, a foreigner who had been residing in Shimla, India for almost thirty
years wanted to avail of a scheme introduced by the Shimla Housing Board to
buy land at lower rates. When he made an application it was rejected on the
grounds that the scheme was available only for citizens of India. He decided to
take his revenge. Consequently he sent thousands of mails to the Shimla
Housing Board and repeatedly kept sending e-mails till their servers crashed.
E-mail bombing is characterized by abusers repeatedly sending an e-mail
message to a particular address at a specific victim site. In many instances, the
messages will be large and constructed from meaningless data in an effort to
consume additional system and network resources. Multiple accounts at the
target site may be abused, increasing the denial of service impact.155
E-mail spamming is a variant of bombing; it refers to sending e-mail to
hundreds or thousands of users. E-mail spamming can be made worse if
recipients reply to the e-mail, causing all the original addressees to receive the
reply. It may also occur innocently, as a result of sending a message to mailing
lists and not realizing that the list explodes to thousands of users.156
154
A general overview of e-mail bombing is available at
https://www.cert.org/historical/tech_tips/email_bombing_spamming.cfm? and also at
http://www.worldwizzy.com/library/E-mail_bomb (Retrieved on 18th February, 2016)
155
Atul Jain (ed.), Cyber Crime: Issues Threats and Management, Isha Books, 2005.
http://cybercrime.planetindia.net/frequently_used.htm (Retrieved on 18th February, 2016)
156
https://www.cert.org/historical/tech_tips/email_bombing_spamming.cfm? (Retrieved on
18th February, 2016)
P a g e | 84
spoofing is a technique commonly used for spam e-mail and phishing to hide
the origin of an e-mail message. By changing certain properties of the e-mail,
such as the From, Return-Path and Reply-To fields (which can be found in the
message header), ill-intentioned users can make the e-mail appear to be from
someone other than the actual sender. It is often associated with website
spoofing which mimic an actual, well-known website but are run by another
party either with fraudulent intentions or as a means of criticism of the
organisation’s activities.”157
It is the forgery of an e-mail header so that the message appears to
have originated from someone or somewhere other than the actual source.
Distributors of spam often use spoofing in an attempt to get recipients to open,
and possibly even respond to, their solicitations. Spoofing can be used
legitimately. Classic examples of senders who might prefer to disguise the
source of the e-mail include a sender reporting mistreatment by a spouse to a
welfare agency or a “whistle-blower” who fears retaliation. However,
spoofing anyone other than you is illegal in some jurisdictions.158
E-mail spoofing is possible because Simple Mail Transfer Protocol
(SMTP), the main protocol used in sending e-mail, does not include an
authentication mechanism. Although an SMTP service extension allows an
SMTP client to negotiate a security level with a mail server, this precaution is
not often taken. If the precaution is not taken, anyone with the requisite
knowledge can connect to the server and use it to send messages. To send
spoofed e-mail, senders insert commands in headers that will alter message
information. It is possible to send a message that appears to be from anyone,
anywhere, saying whatever the sender wants it to say. Thus, someone could
157
Deb Shinder, Understanding E-mail Spoofing, www.windowsecurity.com, April 6 2005
also available at http://searchsecurity.techtarget.com/definition/email-spoofing (Retrieved on
18th February, 2016)
158
Tom Merritt, What is E-mail Spoofing?
http://www.g4tv.com/techtvvault/features/17167/What_is_Email_Spoofing.html (Retrieved
on 18th February, 2016)
P a g e | 85
send spoofed e-mail that appears to be from you with a message that you
didn’t write.159
Recently Flipkart CEO Binny Bansal’s email account was spoofed.
The Official statement from the company has stated that the CEO’s e-mail
account has been spoofed and the spoofed email does not originate from the
real source but from a different source falsifying the name and address with an
ulterior motive. The company also filed a police complained and released the
statement that they have filed a case of email spoofing which involves use of a
forged email header to make it look like a legitimate email. This case of email
spoofing was immediately detected and a report was filed with police.160
159
E-mail Spoofing is a new form of spam, FAQ’s on e-mail spoofing and Phishing, Available
at http://www.mailsbroadcast.com/e-mail.broadcast.faq/46.e-mail.spoofing.htm (Retrieved on
18th February, 2016)
160
http://indianexpress.com/article/technology/tech-news-technology/flipkart-ceo-binny-
bansal-email-account-spoof-hack/ (Retrieved on 18th February, 2016)
161
M. E. Kabay, Logic bombs, Part 1, Network World Security Newsletter, 08/12/02.
162
Julian Layton, How does a Logic bomb work? available at
http://computer.howstuffworks.com/logic-bomb.htm (Retrieved on 18th February,
2016)
P a g e | 86
163
Meaning of Logic bombs at http://en.wikipedia.org/wiki/Logic_bomb. (Retrieved on 18th
February, 2016)
164
Information Technology Act, 2000., s. 43
165
Cyber Crimes - Technical Issues, Internet Time Theft, Available at
http://www.asianlaws.org/cyberlaw/library/cc/what_cc.htm (Retrieved on 18th February,
2016)
P a g e | 87
causing wrongful loss of 100 hours to Col. Bajwa. Delhi police arrested the
accused for theft of Internet time.
On further inquiry in the case, it was found that Krishan Kumar, son of
an ex army officer, working as senior executive in M/s Highpoint Tours &
Travels had used Col Bajwa’s login and passwords as many as 207 times from
his residence and twice from his office. He confessed that Shashi Nagpal, from
whom he had purchased a computer, gave the login and password to him. The
police could not believe that time could be stolen. They were not aware of the
concept of time-theft at all. Colonel Bajwa’s report was rejected. He decided
to approach The Times of India, New Delhi. They, in turn carried a report
about the inadequacy of the New Delhi Police in handling cyber crimes. The
Commissioner of Police, Delhi then took the case into his own hands and the
police under his directions raided and arrested Krishan Kumar under sections
379, 411, 34 of IPC and section 25 of the Indian Telegraph Act. In another
case, the Economic Offences Wing of Delhi Police arrested a computer
engineer who got hold of the password of an Internet user, accessed the
computer and stole 107 hours of Internet time from the other person’s account.
He was booked for the crime by a Delhi court during May 2000.166
6.16 Cyber Crime related to Intellectual Property Rights
actions of passing off. As held by courts, the purpose of this tort is to protect
commercial goodwill to ensure that people’s business reputations are not
exploited. It is based on economic policy, the need to encourage enterprise and
to ensure commercial stability.
There is a difference between statute law relating to trademarks and the
passing off action; for, while registration of relevant mark itself gives title to
the registered owner, the onus in a passing off action lies upon the plaintiff to
establish the existence of the business reputation which he seeks to protect.
The asset protected is the reputation the plaintiffs business has to the relevant
mark. It is not always necessary that there must be in existence goods of that
other man with which the defendant seeks to confuse his own. Passing off may
occur in cases where the plaintiffs do not in fact deal with the offending
goods.
With the advancement and progress in technology, services rendered in
the Internet has also come to be recognised and accepted and are being given
protection so as to protect such provider of service from passing off the
services rendered by others. In an Internet service, a particular Internet site
could be reached by anyone anywhere in the world who proposes to visit the
said Internet site. As a matter of fact in a matter where services rendered
through the domain name in the Internet, a very alert vigil is necessary and a
strict view is to be taken for its easy access and reach by anyone from any
corner of the globe. It is also observed that considering the vastness of the
Internet and its relatively recent availability to the general public, many
Internet users are not sophisticated enough to distinguish between the subtle
difference in the domain names of the parties.
The degree of the similarity of the marks usually is vitally important
and significant in an action for passing off.
The two marks/ domain names ‘Yahoo’, and ‘Yahooindia’ are almost
similar except for use of the suffix ‘India’ in the latter. There is every
possibility of an Internet user being confused and deceived in believing that
P a g e | 90
both the domain names belong to one common source and connection,
although the two belong to two different concerns. As held by the Supreme
Court, the word ‘India’ added to one mark is of no consequence. Thus there is
every possibility of the Internet users to believe that ‘Yahooindia’ is another
name in the series of Yahoo marks/ names and thereby there is every
possibility of confusion being created and thereby preventing these users from
reaching the Internet site of plaintiff, ‘Yahoo.com’.169
In another case, the defendants were found manufacturing, selling or
offering for sale the products like Supari and Chewing Tobacco under the
trademark ‘Yahoo’.170
Under the trademark INFOSYS, the plaintiff company was
incorporated in the year 1981 and has earned a very high degree of goodwill
having acquired the status of one of the leading exporters of computer
software. Defendants use of trade mark/ name INFOSYS, also engaged in
computer business, amounts to infringement of the plaintiffs registered trade
mark numbers. Defendants hosted a website www.blitzerinfosys.com and
mark INFOSYS was posted on such website prominently.171
Pen Books Pvt. Ltd. got registered the domain name ‘penbooks.com’
in 1999 but, due to some technical snags could not launch the website. The
validity period of registration of the said name expired on 2-3-2001. When the
plaintiff sought to launch the website again in 2002, it found that the domain
name ‘penbooks.com’ stood registered in the name of defendant and it was
advertised on the Internet for sale. The Court found such a registration in the
name of the defendant to be an abusive registration of domain name in
violation of the rights of trademarks and service marks. Considering the
Uniform Domain Name Disputes Resolution Policy, the Court found that the
domain name having been registered by the defendant for the purpose of
169
Yahoo! Inc. v. Akash Arora, 1999 PTC (19) 201 : 1999 II AD (Del) 229 : 78(1999) DLT
285 also in Ruston Hornby Ltd. v. Zamindara Engineering co., AIR 1970 SC 1649
170
Yahoo! Inc. v. Sanjay V. Shah), 2006(32) PTC 263 (Del)
171
Infosys Technologies Ltd. v. Akhil Gupta, Decided on 21-11-2006 (Del)
P a g e | 91
172
Pen Books Pvt. Ltd. v. Padmaraj, 2004(29) PTC 137
173
Pfizer Products Inc. v. Altamash Khan, 2006(32) PTC 208 (Del);
P a g e | 92
174
Microsoft Corporation v. Deepak Raval, 2006( 33) PTC 122 (Del)
P a g e | 93
courts have frowned upon the conduct of the violators wilfully calculated to
exploit the advantage of an established work and held that in such
circumstances, the plaintiff would be entitled to compensation. In India also a
positive trend has started. Here also courts are becoming sensitive to the
growing menace of piracy and have started granting punitive damages even in
cases where due to absence of the defendant’s exact figures of sales under the
infringing copyright and / or trade mark, exact damages are not available. The
courts in India have followed the same path and applied the same principles as
applied by the US, UK and Australian courts in awarding the damages.175
175
Aktiebolaget Volvo v. A.K. Bhuva, decided on 5-5-2006 (Del); Hero Honda Motors Ltd. v.
Shree Assuramji Scooters, 2006(32) PTC 117 (Delhi); Time Incorporated v. Lokesh
Srivastava, 2005( 30) PTC 3.
P a g e | 94
176
114 F. Supp 2d 896 (N.D. Cal 2000)
P a g e | 95
177
533 U.S. 483(2001)
P a g e | 98
178
280 F. 3d 934 (9th Cir. 2002)
P a g e | 99
Ling Rich, The Mobile Connection: The Cell phone’s impact on society, 2004
179
180
Prof. R.K.Chaubey, “An Introduction to Cyber Crime and Cyber law”, Kamal Law House,
2012. p. 569
P a g e | 100
181
http://academickids.com/encyclopedia/index.php/Phreaking (Accessed on 17th February,
2016)
182
Ibid
P a g e | 101
183
Preliminary Consultation Paper On Mobile Phone Theft, Telecom Regulatory Authority Of
India, New Delhi, January, 2004. also available online at
http://trai.gov.in/WriteReaddata/ConsultationPaper/Document/mobile%20theft%20rev.1.pdf
(Accessed on 17th February, 2016)
184
Ibid
P a g e | 102
only just begun and are at an early stage. Further actions to address mobile
phone theft have therefore not yet been agreed.
7. In some countries all network operators have joined the global
database of stolen and lost phones whilst in others no network operators are
participating in the Central Equipment Identifying Register (CEIR).
8. Discussions have either not taken place or are only just beginning.
No forward actions have been agreed yet, either in terms of making the
International Mobile Station Equipment Identity (IMEI) tamperproof/tamper-
resistant or in enhancing mobile phone handset security in other ways.
The issue of mobile phone theft needs to be addressed through a
concerted effort made globally. The more countries take action, the greater the
combined impact of this action. Countries need to work together
collaboratively to tackle this shared problem as lasting change can only be
secured through effective multi-country co-operation, such as the process
initiated among European countries. During the period when efforts are being
made for such collaboration, we should begin certain efforts within our own
jurisdiction and look for various possible solutions.185
6.17.4 Use of mobile and wireless technology in Terrorist activities
Along with other crimes one of the most dangerous applications of the
wireless technologies and mobile phones is their use by the terrorists in
performing their activities. With the help of these latest technologies the
terrorists were keeping in contact with their peers more easily than in the past
when communication is the biggest barrier in successful implementation of a
plan. Now the terrorist groups around the world is well equipped with the
latest technology communication gadgets such as ‘Satellite Phone’, the
communication on which is very hard to trace. Advanced mobile technology,
cooperation between international mobile communications providers and
185
Preliminary Consultation Paper On Mobile Phone Theft, Telecom Regulatory Authority Of
India, New Delhi, January, 2004. p. 4-5 also available online at
http://trai.gov.in/WriteReaddata/ConsultationPaper/Document/mobile%20theft%20rev.1.pdf
(Accessed on 17th February, 2016)
P a g e | 104
186
The flip Side - Terrorists use mobile payment systems to transfer money, Available at
http://www.mgovworld.org/topstory/the-flip-side-terrorists-use-mobile-payment-systems-to-
transfer-money/. (Accessed on 17th February, 2016)
P a g e | 105
information technology, USA is not able to catch him even when they tried
fully and spend millions of dollars for this.187
6.17.5 Rechipping and cloning of mobile phones
The electronic serial number (ESN) of an analogue, or the International
Mobile-Electronic Identity number (IMEI) of a digital, mobile phone is its
unique identity and was originally intended to be inviolably incorporated into
the phone. However, the security features which protect the number can be
overcome and a new set of numbers installed. The change of identity is called
‘re-chipping’ and can be achieved on analogue phones in a number of ways.
Sometimes, the ESN can be altered directly from the keypad using supposedly
secret combinations of keystrokes; in other cases, connection to a computer
can allow the phone chip to be re- programmed. The software to do this is
available via advertisements in specialist magazines or even available free
over the Internet. Re-chipping is not illegal and was started to bypass the
service providers when reconnecting a secondhand phone, replacing a faulty
one or upgrading to a new phone. Once available, however, the equipment
could be readily applied to give a stolen phone a new identity so it can be
connected to a network, and to clone another mobile phone.188
A clone is an analogue mobile phone which has been programmed to
impersonate one owned by a legitimate subscriber by using its ESN and
telephone number (these numbers are usually obtained by interception with a
‘scanner’ radio, theft of a dealer’s or service provider’s records or directly
from the impersonated phone). New types are coming to the UK from the
USA and Hong Kong: ‘tumbling’ phones automatically seek an identity from
187
Jim Boulden, Mobiles used in high-tech terror, CNN, Apr 4, 2004
http://www.cnn.com/2004/TECH/04/04/mobile.terror/index.html. (Accessed on 17th
February, 2016)
188
“mobile telephone crime” available at http://www.parliament.uk/documents/post/pn064.pdf
(Accessed on 17th February, 2016)
P a g e | 106
a preprogrammed list, and the most recent ‘magic’ phones act as their own
scanners copying identities from nearby phones in use.189
Mobile cloning is copying the identity of one mobile telephone to
another mobile telephone Mobile cloning is also known as cell phone piracy
and has been taking place throughout the world since decades. Mobile phones
have become a major part of our everyday life. On the one hand, India’s
mobile phone market has grown rapidly in the last decade on the back of
falling phone tariffs and handset prices, making it one of the fastest growing
markets globally. On the other the number of mobile phone subscribers is
exceeding that of fixed-line users.190
Today millions of mobile phones users, be it Global System for Mobile
communication (GSM) or Code Division Multiple Access (CDMA), run the
risk of having their phones cloned. And the worst part is that there isn’t much
that you can do to prevent this. Such crime first came to light in India in
January, 2005 when the Delhi police arrested a person with 20 cell phones, a
laptop, a SIM scanner, and a writer. The accused was running an exchange
illegally where ii he cloned CDMA based phones. He used software for the
cloning and provided cheap international calls to Indian immigrants in west
Asia. A similar racket came to light in Mumbai resulting in the arrest of four
mobile dealers. Each year, the mobile phone industry loses millions of dollars
in revenue because of the criminal actions of persons who are able to
reconfigure mobile phones so that their calls are billed to other phones owned
by innocent third persons. Often these cloned phones are used to place
hundreds of calls, often long distance, even to foreign countries, resulting in
thousands of dollars in air time and long distance charges. Cellular telephone
companies do not require their customers to pay for any charges illegally made
to their account, no matter how great the cost. But some portion of the cost of
189
Duggal Pawan, Mobile Law, Universal Law Publishing Co. Pvt. Ltd. 2nd Edition available
at https://pavanduggalonmobilelaw.wordpress.com/kinds-of-mobile-crimes/ (Accessed on 18 th
February,2016)
190
http://articles.economictimes.indiatimes.com/2005-05-18/news/27482396_1_phone-
number-sim-subscriber (Accessed on 18th February,2016)
P a g e | 107
191
What is mobile phone cloning?, Laxmi Devi, India Times News Network
http://articles.economictimes.indiatimes.com/2005-05-18/news/27482396_1_phone-number-
sim-subscriber (Accessed on 18th February, 2016)
192
The new phony crime: SMS spoofing, PTI, Jul 11, 2004
http://timesofindia.indiatimes.com/The-new-phony-crime-SMS-
spoofing/articleshow/773923.cms (Accessed on 18th February,
2016)