Cybercrime has evolved over the years. The era of the “lone wolf” hacker, who breaks into systems for shits and giggles, has long since given way to a landscape in which organized crime syndicates and even nation-states conduct cyberattacks for for-profit and political ends. The world’s second-most populous country, India, is no exception to this trend. In the past few years, the subcontinent has seen an uptick in cybercrime, with Indian hacker groups targeting banks and financial institutions and even the government itself.
It has come to this extent that the question around now is ‘If the next 9/11 attack is a cyber attack’. Cyber Crimes in India have become so rampant that they have become a national security concern. In this article, we will explore the various forms of cybercrime prevalent in India, the measures being taken to combat them, and the future trends likely to emerge in this dangerous yet lucrative arena.
What is a Cybercrime?
Cybercrime is an umbrella term for crimes committed using computers, the Internet, and other digital systems. In the past, most such offenses were considered computer-related – hacking, virus creation and spread, password cracking, phishing, malware, etc. – but today, the scope of the term has expanded to include online scams, data theft and sharing, online harassment, online fraud, data breaches, and much more. Organized cybercrime gangs and even nation-states conduct cyberattacks for for-profit and political ends. Cybercrimes now extend far beyond the confines of the computer screen. Social media, the Internet of Things, and other emerging technologies have only added to how criminals can now commit their offenses.
What are the Most Common Forms of Cybercrime in India?
The following are some of the most common forms of cybercrime in India:
It refers to malicious software. Malware can range from the seemingly innocent to the outright dangerous. Malware can take such forms as keyloggers, ransomware, adware, spyware, rootkits, and worms. Ransomware and other forms of malware can be used by hackers to generate revenue from unsuspecting victims. Malware attacks usually come in the form of phishing.
Phishing: Phishing is a form of malware that tries to trick victims into revealing sensitive information. The most common form of phishing involves fake emails that look like they’re from reputable companies such as PayPal or Amazon. In these emails, the hackers try to trick the users into revealing sensitive information such as credit card numbers, banking passwords, or Social Security numbers. The most common way to avoid being a victim of a phishing scam is to never click links or download attachments unless you’re 100% sure that they’re legitimate.
The Internet of Things (IoT): The Internet of Things (IoT) refers to the network of physical devices – ranging from automobiles to home appliances – that are connected to the Internet. Criminals have begun leveraging the IoT for several purposes, including theft of data, distribution of malware, and disruption of critical infrastructure. For instance, criminals can use the IoT to steal data from traffic cameras, smart homes, and other physical devices. They can also use the IoT to distribute malware, which can then be used to infect additional devices.
Data Breaches: Data breaches are when hackers steal personal data from databases. Data breaches can happen in any industry, including healthcare, finance, public administration, and education. It’s not uncommon for organizations to have to pay to have their data stolen, especially when the data is valuable. The most common way that data breaches occur is through the hacking of databases. Criminals will often target large corporate databases that contain the personal information of employees and customers. Once they’ve stolen this data, the criminals can use the data to commit identity theft or engage in other forms of financial fraud. In some cases, data breaches are the result of the failure of company security measures.
Online Scams: Online scams involve the creation and distribution of fake websites, emails, and texts that attempt to trick victims into sending money to scammers. In many cases, the scammers will claim that they’re affiliated with a legitimate company to gain the trust of the victim.
Got overwhelmed reading these crimes? Well, these are just a few to name! Many other cybercrimes take place in many forms. And for that purpose, we have The Information Technology Act, 2000 Law in India.
The Information Technology Act, 2000 is the primary legislation governing the operation of Information Technology (IT) in India. The Act defines information technology as “any technology having intelligence for facilitating information processing, control or management, in any form or behavior, in any environment.” The Act establishes the IT Secretary as the apex authority on matters relating to IT.
Under the Act, all organizations operating in India – whether individuals, private companies, or public institutions – are required to comply with the provisions of the IT Act. The Act also empowers the IT Secretary with the ability to issue directions to organizations regarding the implementation of specified provisions of the Act. The IT Act also provides for the registration of information technology agents and information technology service providers, and the grant of licenses to such agents and service providers. The penalties for violation of the Act range from a fine to imprisonment of up to three years and with no option for a fine in the latter. The Act also establishes the National Informatics Center (NIC) as the national agency responsible for the coordination, direction, and policy formulation with IT.
Cyber Crimes and their Penalties–
List of offenses and the corresponding penalties:
|65||Tampering with computer source documents||Imprisonment up to three years, or/and with fine up to ₹200,000|
|66||Hacking with computer system||Imprisonment up to three years, or/and with fine up to ₹500,000|
|66B||Receiving stolen computer or communication device||Imprisonment up to three years, or/and with fine up to ₹100,000|
|66C||Using the password of another person||Imprisonment up to three years, or/and with fine up to ₹100,000|
|66D||Cheating using computer resource||Imprisonment up to three years, or/and with fine up to ₹100,000|
|66E||Publishing private images of others||Imprisonment up to three years, or/and with fine up to ₹200,000|
|66F||Acts of cyberterrorism||Imprisonment up to life.|
|67||Publishing information that is obscene in electronic form.||Imprisonment up to five years, or/and with fine up to ₹1,000,000|
|67A||Publishing images containing sexual acts||Imprisonment up to seven years, or/and with fine up to ₹1,000,000|
|67C||Failure to maintain records||Imprisonment up to three years, or/and with fine.|
|68||Failure/refusal to comply with orders||Imprisonment up to 2 years, or/and with fine up to ₹100,000|
|69||Failure/refusal to decrypt data||Imprisonment up to seven years and possible fine.|
|70||Securing access or attempting to secure access to a protected system||Imprisonment up to ten years, or/and with fine.|
|71||Misrepresentation||Imprisonment up to 2 years, or/and with fine up to ₹100,000|
|72||Breach of confidentiality and privacy||Imprisonment up to 2 years, or/and with fine up to ₹100,000|
|72A||Disclosure of information in breach of lawful contract||Imprisonment up to 3 years, or/and with fine up to ₹500,000|
|73||Publishing electronic signature certificate false in certain particulars||Imprisonment up to 2 years, or/and with fine up to ₹100,000|
|74||Publication for a fraudulent purpose||Imprisonment up to 2 years, or/and with fine up to ₹100,000|