This article is written by Kiran Krishnan, pursuing a Diploma in Cyber Law, Fintech Regulations and Technology Contracts from Lawsikho.com. 

The birth of the internet was a major breakthrough in the 1960s. Although the internet was initially created for military purposes, little did we know that over the years, the internet would expand rapidly and become a mainstay in our lives. Today, we are more connected to the internet than ever. The rapid evolution of the internet has enabled companies to move their businesses online. We can sit in the comfort of our homes and order anything ranging from clothes, food, bags, equipment, electronic gadgets, furniture which will be delivered to our doorstep. The internet has made our lives easier. However, in everything good, there is always something bad. The introduction and development of the internet, and the corresponding increase in the number of users online has led to the rise in cases of cyber-crime. In response to the evolution of the internet, the criminals have adapted and become creative in terms of committing cyber-crimes.

Table of Contents

Toggle

Evolution of Cyber-crime 

What is Cybercrime?

Cybercrime is an offence involving targeting or attacking a computer or computer network with the objective of performing an illegal activity such as committing fraud, trafficking in child pornography, software vulnerability exploits or social engineering.

Evolution of cyber-crime

• The first instance of development in cyber-crime came in the late 1980s which coincided with the rapid increase in use of emails. A host of scams took the world by storm when an email spread across the world in people’s homes. The email was disguised as a genuine request from a Nigerian Prince who asks for financial help so that he can help get millions of people out of Nigeria with a promise that he would return millions of dollars to the email recipient.
• In the late 1980s, a cyber form named “Morris Worm” attacked nearly (within 24 hours) 6000 of the 60000 computers that were connected to the internet back then. The cyber worm caused a slowdown in the computers. The cyber worm infiltrated the computer systems at many colleges and universities including Harvard, Princeton, Stanford, Johns Hopkins, NASA, and the Lawrence Livermore National laboratory.
• With the introduction of internet web browsers in the 1990s, the criminals found new ways to enter a computer system by fraudulent means. The cyber criminals would release viruses on the internet. The virus would infect a website which was later visited by a user. Once the user visits the website, the virus would infiltrate the user’s computer. Another way to infect a user’s computer was by displaying pop-up advertisements on a website the user would visit. On clicking the popup, the user’s computer would be infiltrated by the virus. Other viruses would slow down the user’s computer or redirect the user to a porn site.
• The internet in the early 2000s presented the new age of social media and online entertainment. This period took cyber crime to the next level of evolution. The introduction of social media led to people posting and sharing their personal information online. The flurry of personal information of users caused criminals to commit identity theft. Besides, the information would further be used to access individual bank accounts, commit credit card and financial frauds. 
• The first decade of the 2000s saw plenty of different types of cyber-crimes such as Denial of Service (DDoS) attacks on popular websites, SQL Slammer worm infecting the SQL servers, several malware attacks, among others. 

Evolution of laws governing and regulating cyber-crime in India 

Information Technology Act, 2000

Although cyber-crime is not defined under the Information Act, 2000 (“IT Act”) or the IT Amendment Act, 2008, the IT Act has the power to deal with cyber-crime since provisions related to cyber offences or crime are stated under the IT Act. Since, cyber-crime is an offence involving targeting or attacking a computer or computer network, definitions of terms including computer, computer network, computer resource, data, and information, among others under the IT Act are of essence. The IT Act came into force in 2000 and primarily: 

1. Recognises electronic records, electronic signatures as valid, 
2. Recognises electronic signatures, digital signatures,
3. Deals with computer related offences and other offences through electronic means, contraventions.

Constant criticisms, reviews, and the interpretation of some sections as draconian led to the amendment of the IT Act which came into force in 2008 and was called the IT Amendment Act, 2008 (“IT Amendment Act”). 

 The IT Amendment Act brought in some notable changes such as:

1. Focus on data privacy, 
2. Introduction of information security practices,
3. Definition of cyber café,
4. Responsibility on companies to implement reasonable security practices to protect information from unauthorised access, damage, use, modification, disclosure, or impairment. 

• Section 43 of the IT Act provides recourse in the form of compensation to an owner of a computer or computer system when a person or entity damages or destroys the computer or computer system belonging to such owner (civil liability for data theft). 
• Section 43A of the IT Act provides compensation to a person, if the company dealing with or handling the person’s sensitive personal information in its computer resource, fails to protect the said person’s information. 
• Section 66 of the IT Act punishes the person who dishonestly or fraudulently commits the act referred to in Section 43, with imprisonment for a term extending to 3 years or with fine extending to Rs. 5 lakh or with both (criminal liability for data theft).

Section 66B, 66C & 66D of the IT Act punishes a person who:

• • Section 66B: by dishonest means, receives or retains stolen computer resource knowingly, with imprisonment for a term extending to 3 years or with fine extending to Rs. 1 lakh or with both.
  • Section 66C: by fraudulent or dishonest means uses electronic signature or password of another person, with imprisonment extending to 3 years and with fine extending to Rs. 1 lakh.
  • Section 66D: by means of any communication device or computer cheats by impersonation, with imprisonment extending to 3 years and with fine extending to Rs. 1 lakh.

• Section 66F: (a) intends to threaten the unity, integrity, security, or sovereignty of India or (b) deny access to any person authorised to access a computer or (c) attempt to penetrate or access a computer without authorisation or (d) introduce a computer contaminant like virus, Trojan, malware etc. and cause death or injuries to person or damage to or destruction of property etc. with imprisonment for life. 

POCSO Act, 2012

The Protection of Children from Sexual Offences Act, 2012 (“POCSO Act”) has the power to punish any person who uses a child or children for pornographic purposes including using a child on the internet for sexual gratification. Persons responsible for the aforesaid acts will be imprisoned for a period of up to 5 years and imprisoned in case of second conviction for a period of up to 7 years and fined. The POCSO Act can also punish any person who stores pornographic content involving a child for the purpose of earning money with imprisonment extending to 3 years or with fine or with both.

Indian Penal Code, 1860 (“IPC”)

The IPC also punishes those who are involved in acts of identity thefts and cyber fraud. The concerned sections under the IPC include Section 464 (Making a false document or false electronic record), Section 465 (Punishment for forgery), Section 468 (Forgery for purpose of cheating i.e. forged electronic record), Section 469 (Forgery for purpose of harming reputation i.e. forged electronic record), Section 471 (Using as genuine a forged document or electronic record).

Cyber-crime Case Laws

• The Bank NSP Case: This case was about a management trainee of a bank who was planning to get married. The trainee and his fiance interacted largely using the company’s computers. Eventually, the two went their separate ways. However, the girl set up a fraudulent email address called “indian bar associations” and sent emails to the trainee’s bank’s foreign clients using the bank’s computer. Due to this act, the bank lost many clients and as a result the clients filed a case against the bank in court. It was ordered that the bank had committed the offence and was held liable for sending the said emails to the clients since the source of the emails were the bank. 
• Cosmos Bank Cyber Attack: This case was pertaining to a cyber-attack on Cosmos Bank in Pune. It was an attack that rattled the banking industry in India since the hackers embezzled Rs. 94.42 crores from Cosmos Cooperative Bank Ltd. in Pune. The hackers who attacked the said bank’s ATM server collected information of various visa and rupay debit cardholders. Hacker gangs from across 28 countries emptied money from the accounts by withdrawal as soon as they gained access. 
• Hack of Aadhar Software: In early 2018, hackers hacked into the Aadhar database and accessed the personal information of over 1.1 billion Aadhar cardholders. UIDAI stated that the information leakage of Individual Aadhar card holders included Aadhar, PAN, mobile numbers, IFSC codes, among other things.