This article is written by Vishwa, a student of SRM School of Law, Tamil Nadu. It seeks to elucidate the classification and types of cyber crimes, and their punishments prescribed under the Indian Penal Code, 1860 and the Information Technology Act, 2000. It also discusses various case laws relating to all types of cyber crimes. 

It has been published by Rachit Garg.

Introduction

Computers and the internet are arguably the most influential inventions the world has ever seen. Computers multiplied the speed of humans to accomplish any task. On the other hand, the internet revolutionalised our connectivity to each other. The introduction of computers and the internet have transformed our lives so tremendously that we can not imagine our daily lives without them now.  

Nevertheless, like every coin has two faces, computers and the internet have numerous cons which can adversely affect the peace and stability of human lives. Technology is vulnerable to misusage. Its advantages and disadvantages largely depend on the person using it. Cyberspace (which is the virtual space connecting various computer systems) is susceptible to allowing anyone to access the lives of others without their consent or knowledge. To a large extent, it conceals the true identity of cybercriminals and prevents them from being punished for their crimes. 

The impact of cyber crimes is similar to that of conventional ones; however, cyber crimes involve a lot of intricacies relating to jurisdiction, the identity of the criminal, etc. Cyberspace is a space vulnerable to different interesting varieties of crimes. To know what cyber crimes are, let’s dive into this article. 

What are cyber crimes

Cyber crimes are crimes that involve criminal activities done through cyberspace by devices connected to the internet. At times, cyber crimes are also called ‘computer crimes’. Most cybercriminals commit cyber crimes with mainly three motives- monetary, personal, or political. 

Though cyber crimes do not physically affect anyone, they tend to seriously harm the reputation, finances, and privacy of the targetted persons. Further, another crucial characteristic of cyber crimes is the determination of jurisdiction. Since the identity of the cybercriminal can be completely erased and mostly stays concealed in cyberspace, it is very difficult to identify him/ her. Also, cybercriminals may launch cross-border cyber attacks. For instance, a person situated in a country that prohibits pornography may access pornographic content that is located on a computer in a country where it is not banned at all. In such cases, it is very difficult to determine the liability of the person.

As far as India is concerned, the term cybercrime is not defined under any legal provision. However, different types of cyber crimes are illustrated under the Information Technology Act, 2000 (hereinafter referred to as ‘the IT Act’.) Further, certain provisions of the Indian Penal Code, 1860 (hereinafter referred to as ‘the IPC’) are applicable to various cyber crimes also. These cyber crimes-related legal provisions under the IT Act and IPC apply to different types of cyber crimes, though their specific names are not mentioned therewith. 

Classification of cyber crimes

Thanks to the expanding cyberspace, various types of cyber crimes are committed worldwide. The major objective of committing such crimes is to gather confidential data from people and use it for monetary, political, or personal motives. 

Generally, almost all cyber crimes can be classified under three heads, depending on the groups they are targetted at. The heads are:

• cyber crimes against individuals,
• cyber crimes against organizations, and
• cyber crimes against society at large.

Different types of cyber crimes that fall under the above-mentioned categories are explained below.  

Cyber crimes against individuals

Generally, ordinary individuals are the most vulnerable targets of cybercriminals. This is due to various reasons like lack of information, guidance, and cyber-security. As per a recent report published by Norton, 44% of individuals consider themselves as ‘worthwhile targets’ for hackers. 

The following are some of the main cyber crimes committed targeting individuals. 

Cyberbullying

The term cyberbullying is not defined under any Indian law. However, in general parlance, cyberbullying refers to bullying someone by threatening, harassing or embarrassing the victim using technology digital device. Generally, cyberbullying includes the following activities on the internet: 

• Humiliating/embarrassing content posted online about the victim of online bullying,
• Hacking social media accounts
• Posting vulgar messages on social media 
• Threatening the victim to commit any violent activity
• Child pornography or threatening someone with child pornography

In India, a whopping amount of almost 85% of children experiences cyberbullying. There are no specific provisions that deal with cyberbullying. Section 67 of the IT Act is the closest legal provision relating to cyberbullying. It penalises anyone who transmits obscene materials in electronic form. The punishment for such transmission is imprisonment for a term which may extend to five years and a fine which may extend to ten lakh rupees.

Also, Section 66E of the IT Act provides the punishment for violating any person’s privacy through the internet. Under this section, any person who intentionally violates anyone’s privacy by transmitting, capturing or publishing private pictures of others shall be punished with imprisonment up to three years imprisonment or a fine of up to three lakhs.

Further, Section 507 of IPC provides that any person who threatens anyone through anonymous communication shall be punished with imprisonment for up to two years. 

One of the prime cases in which cyberbullying was discussed was Shreya Singhal v. Union of India (2015). In this case, the Hon’ble Supreme Court struck down Section 66A of the IT Act. The said Section dealt with the transmission of objectionable messages via a computer resource. The court held that the said Section was a violation of Article 19(1)(a) of the Indian Constitution, which deals with citizens’ right to freedom of speech and expression. The court further held that other legal provisions like Sections 66B and 67C of the IT Act and several Sections of the IPC were sufficient enough to deal with cyberbullying. 

Cyberstalking

Browsing anyone’s internet history or online activity, and sending obscene content online with the help of any social media, software, application, etc. to know about that particular person is called cyberstalking. Cyberstalkers take advantage of the inconspicuousness provided by the internet. They are generally not detectable by the victim, as it is very easy for cyberstalkers to open spam accounts just to stalk any person; once the stalker deletes the account, his/ her identity completely vanishes. 

In India, in the year 2020, the state of Uttar Pradesh witnessed the highest number of cyberstalking incidents against women and children, with around 11 thousand registered cases.  

Section 67 of the IT Act punishes cyber stalkers who send, cause to send, or publish obscene posts or content on electronic media with imprisonment of up to three years and a fine. 

Section 354D of IPC deals with stalking. But it is relevant to cyberstalking as well. Under the Section, any cyber stalker is punishable with imprisonment up to three years and a fine.

Cyber defamation

Cyber defamation means injuring the other person’s reputation via the internet through social media, Emails etc. There are two types of Cyber defamation: libel and slander.

• Libel: It refers to any defamatory statement which is in written form. For instance, writing defamatory comments on posts, forwarding defamatory messages on social media groups, etc. are a part of cyber defamation in the form of libel.
• Slander: It refers to any defamatory statement published in oral form. For instance, uploading videos defaming someone on YouTube is a part of cyber defamation in the form of slander.  

Punishment for Cyber defamation is provided under Section 67 of the IT Act; whoever publishes or transmits a defamatory statement about a person shall be punished with 2 years imprisonment and a fine up to ₹25000.

Phishing

Phishing refers to the fraudulent practice of sending emails under the pretext of reputable companies to induce individuals to reveal personal information, such as passwords, credit card numbers, etc., online. Phishing refers to the impersonation of a legitimate person and fraudulently stealing someone’s data. Through phishing attacks, cybercriminals not only exploit innocent individuals but also spoil the reputation of well-known companies. 

Section 66C of the IT Act penalises any offender committing phishing-related activities. It provides that anyone who fraudulently uses an electronic signature, password or any other unique identification feature of any other person is punishable with imprisonment of up to three years and a fine of up to rupees one lakh.

Cyber fraud

As the name suggests, cyber fraud refers to any act of fraud committed with the use of a computer. Any person who dishonestly uses the internet to illegal deceive people and gets personal data, communication, etc. with a motive to make money is called a cyber fraud.  

Examples of cyber fraud include sending emails containing fake invoices, sending fake emails from email addresses similar to the official ones, etc.

There is no specification for cyber fraud. But Section 420 of IPC which deals with cheating applies to cyber fraud also. Punishment for cyber fraud under Section 420 of IPC is imprisonment of up to seven years with a fine.

Cyber theft 

Cyber theft is a type of cybercrime which involves the unauthorized access of personal or other information of people by using the internet. The main motive of the cyber criminals who commit cyber theft is to gather confidential data like passwords, images, phone numbers, etc. and use it as leverage to demand a lumpsum amount of money. The unauthorized transmission of copyrighted materials, trademarks, etc. over the internet is also a part of cyber theft. Cyber thefts are committed through various means, like hacking, email/ SMS spoofing, etc. 

Yahoo!, Inc. v. Akash Arora (1999), which was one of the initial cases related to cyber theft in India. In this case, the defendant was accused of using the trademark or domain name ‘yahooindia.com,’. The Court ordered a permanent injunction under Order 39 Rules 1 & 2 CPC in this case.

Under the IT Act, data theft is defined under Section 43(b) as downloading, copying, or extracting any data, computer database or information from such computer, system, or network without the permission of its owner.  Punishment for cyber theft (specifically, identity theft) is provided under Section 66C of the IT Act. The punishment for the same is imprisonment of up to three years and/or up to Rs 2 lakh fine. 

Spyware

Spyware is a type of malware or malicious software, when it is installed it starts accessing and computing the other person’s device without the end user’s knowledge. The primary goal of this software is to steal credit card numbers, passwords, One-Time Passwords (OTPs), etc. 

Punishment for spyware is provided under Section 43 of the IT Act. It states that if any person damages the computer, system, etc. of any other person without his/ her permission, he/ she shall be liable to pay damages by way of compensation to the person so affected. 

Cyber crimes against organizations

The cyber crimes mainly targeting individuals may help cybercriminals get only a meagre amount of ransom, depending on the financial status of the targeted individuals. On the other hand, cyber-attacking large companies or organisations can help them get their hands on extremely confidential data of both private and public institutions or entities. Cyber attacks on organizations are generally launched on a large scale to get a lump sum amount of ransom. Since such attacks drastically damage the companies’ daily operations, most companies try to resolve them as fast as possible. The following are the kinds of cyber crimes launched targeting organizations.  

Attacks by virus

A computer virus is a kind of malware which connects itself to another computer program and can replicate and expand when any person attempts to run it on their computer system. For example, the opening of unknown attachments received from malicious emails may lead to the automatic installation of the virus on the system in which it is opened. These viruses are extremely dangerous, as they can steal or destroy computer data, crash computer systems, etc. The attackers program such malicious viruses to get hold of organisations’ official or confidential data. The illegally retrieved data is then used as leverage to extort ransom from the organisations. 

There are no specific provisions as to virus attacks in India. Nevertheless, Section 383 of IPC, which deals with extortion, is applicable to virus attacks. The Section states that whoever intentionally puts any person in fear of any injury to him or anyone else, and dishonestly induces the person so put in fear to deliver to any property or valuable security, or anything signed or sealed which may be converted into a valuable security, commits ‘Extortion’. The punishment for extortion under Section 384 of IPC is imprisonment for up to three years, or fine, or both. 

Salami attack

It is one of the tactics to steal money, which means the hacker steals the money in small amounts. The damage done is so minor that it is unnoticed. Generally, there are two types of Salami attacks- Salami slicing and Penny shaving. In Salami slicing, the attacker uses an online database to obtain customer information, such as bank/credit card details. Over time, the attacker deducts insignificant amounts from each account. These sums naturally add up to large sums of money taken from the joint accounts invisibly.

Any person convicted of a Salami attack shall be punished under Section 66 IT Act with imprisonment up to three years or a fine up to 5 lakhs or maybe both

Web Jacking 

Web Jacking refers to the illegal redirection of a user’s browser from a trusted domain’s page to a fake domain without the user’s consent. By using the method of Web Jacking, people visiting any well-known or reliable website can be easily redirected to bogus websites, which in turn lead to the installation of malware, leak of personal data, etc. Web jackers intend to illegally collect confidential information of users by enticing them to click on any link which may seem genuine at the first glance.  

There are no specific provisions dealing with web jacking under any Indian law. However, it can be punished under Section 383 of IPC, which primarily deals with extortion. The punishment for web jacking under Section 383 of IPC is imprisonment of up to three years or with a fine, or both. 

Denial of Service Attack

Denial of Service Attack or DoS, is a cyber attack on computer devices or systems, preventing the legal users or accessors of the system from accessing them. The attackers generally attack systems in such a manner by trafficking the targeted system until it ultimately crashes. DoS attacks cost millions of dollars to the corporate world, as it curbs them from using their own systems and carrying out their activities. The attack may be also used to incorporate ransomware into corporate systems. 

Cyber attackers who launch DoS in India are punishable under Section 66F of the IT Act, which deals with cyber terrorism. As per the said Section, any person who disrupts the authorised access to a computer resource or gets access to a computer resource through unauthorised means or causes damage to a computer network is liable for imprisonment which may extend for life. 

Data diddling

Data diddling is a cyber crime which involves the unauthorized alteration of data entries on a computer. It may be done either before or during the entry of such data. It is generally committed by way of computer virus attacks. At times, to conceal the alteration, the altered data is changed to its original data after retrieving the required information. Usually, the strategic or statistical data of large companies. 

In India, data diddling is an offence under Section 65 of the IT Act. The said Section provides that knowingly or intentionally concealing, destroying, altering or causing another to conceal, destroy, or alter any computer source code used for a computer, computer programme, computer system or computer network is punishable with imprisonment of up to three years or with fine of up to two lakhs. 

Cyber crimes against society at large

Apart from the cyber crimes committed targeting individuals in society, various other cyber attacks are launched against the community at large. Such cyber crimes may be aimed either against any particular section of society or the entire country. The following are a few types of cyber crimes against the community at large.   

Cyber pornography

As per Merriam-Webster Dictionary, pornography is the depiction of erotic behaviour (as in pictures or writing) intended to cause sexual excitement. Accordingly, cyber pornography refers to using the internet to display, distribute, import, or publish pornography or obscene materials. 

Under the IT Act, provisions as to cyber pornography are given under Section 67 of the IT Act. It states that the following activities are punishable with imprisonment of up to 3 years and a fine of up to 5 lakhs: 

1. Uploading pornographic content on any website, social media, etc. where third parties may access it.
2. Transmitting obscene photos to anyone through email, messaging, social media, etc. 

Cyber terrorism

Cyber terrorism means using cyberspace to hurt the general public and damage the integrity and sovereignty of any country. The IT Act defines cyber terrorism under Section 66F as any acts done by a person with the intent to create a threat to the unity, integrity, sovereignty and security of the nation or create terror in minds of people or section of people by way of disrupting the authorised access to a computer resource or getting access to a computer resource through unauthorised means or causing damage to a computer network. 

Cyber terrorism is generally carried out in the following ways: 

1. Hacking government-owned systems of the target country and getting confidential information.
2. Destructing and destroying government databases and backups by incorporating viruses or malware into the systems.
3. Disrupting government networks of the target nation. 
4. Distracting the government authorities and preventing them from focusing on matters of priority. 

The punishment for cyber terrorism as provided under Section 66F of the IT Act is imprisonment of up to 3 years and/or up to Rs 2 lakh fine. 

Cyber Espionage

According to Merriam-Webster Dictionary, espionage is “the practice of spying or using spies to obtain information about the plans and activities especially of a foreign government or a competing company.” Similarly, cyber espionage refers to the unauthorized accessing of sensitive data or intellectual property for economic, or political reasons. It is also called ‘cyber spying’. 

In most cases of cyber espionage, spies in the form of hackers are deliberately recruited to launch cyber attacks on the government systems of enemy nations to stealthily collect confidential information. The cross-border exposure of sensitive data related to any country can continue as long as it stays undetected. The information gathered through cyber espionage is then used by the gathering country to either combat or launch military or political attacks on the enemy country. 

Generally, the following data are gathered through cyber espionage: 

• Military data
• Academic research-related data
• Intellectual property
• Politically strategic data, etc. 

Though cyber espionage has serious consequences, unfortunately, there are no specific provisions related to it under any Indian law. However, cyber spies may be punished under Section 120A of IPC, which deals with criminal conspiracy. It provides that when two or more per­sons agree to do, or cause to be done, –

• an illegal act, or
• an act which is not illegal by illegal means, such an agree­ment is designated a criminal conspiracy.

The punishment of criminal conspiracy is provided under Section 120B of IPC as a death sentence, imprisonment for life, and rigorous imprisonment for at least 2 years. 

Further, any Indian who abets cyber espionage against India can be also punished under Section 121 of IPC, which deals with waging, attempting, or abetting waging war against the Government of India. The punishment prescribed for the same is the death sentence, imprisonment for life, and a fine.  

Conclusion

Cybercrime is a massive threat to any country. It has the threatening potential to trigger national unrest, financial crisis, the shutdown of services, etc. In 2020 alone India witnessed a whopping number of fifty thousand registered cyber crimes. These cyber crimes adversely affect the lives of thousands of innocent individuals, companies, and governments. Also, several cyber attack cases go unreported due to a lack of awareness or infrastructure. 

Cyberspace is a wonderful space to stay connected, no matter how physically far people are. However, it is also a grey area when it comes to the enforcement of cyber laws. There are multiple challenges involved in legislating and implementing cyber laws because of the dynamic nature of cyberspace. Nevertheless, the government must strive to spread cyber-awareness to people to help them steer away from cyber-attacks and stay cyber-safe.   

Frequently Asked Questions (FAQs)

Can a person be legally punished for watching pornographic content? 

No, watching pornographic content in India is not legally punishable, as long as it does not involve child pornography and is watched privately. 

Is there any software to detect spyware?

Yes, there are various anti-malware software and diagnostic tools that can be installed in computers to detect spyware. 

References 

• Cyber Crimes Under The IPC And IT Act – An Uneasy Co-Existence – IT and Internet – India (mondaq.com)
• DETAILED OVERVIEW: WEB JACKING | Lawsisto Legal News
• Punishments for cyber crimes in IPC – iPleaders
• [CYBER CRIME] An Overview of cyber crimes in India: Definition, Types, Impact, and Legal Provisions – Lawstreet Journal
• Denial-of-Service (DoS) Attack Definition (investopedia.com)
• Offences & Penalties under the IT Act, 2000 (legalservicesindia.com)
• Munawar Faruqui case: When comedy becomes crime and bail is the exception (barandbench.com)

---

Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skills.

LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various opportunities. You can click on this link and join:

https://t.me/lawyerscommunity

Follow us on Instagram and subscribe to our YouTube channel for more amazing legal content.