Work from home has become the new mantra during COVID-19. The method of carrying out the duties changed significantly, as operating from home became the only feasible solution. Therefore, the COVID 19 pandemic triggered physical gesticulation constraints raising one's reliance on the internet in many countries. Owing to a great rise in video calls, seminars, online courses, and chatting, online traffic has grown. There has also been a growth in the use of applications such as Paytm, Google Pay, BHIM, PhonePe, etc. as a payments process.
A drastic change has been made in the modus operandi of the crimes along with modified operating practices during the lockdown. The crime rate has undoubtedly gone down as people have been mostly staying indoors but internet burglary and fraud have been on the rise. The fake sites and apps emerged as new avenues for cybercrimes to target individuals through phishing, e-mail scams, password hacking, snooping, extortion attacks, cyber sexual abuse, etc.
Today’s generation is not armed with arms and ammunitions but with the cameras and internet on their mobile phone. The information available at their fingertips is being widely misused. The problem of cybercrime begins with no clear definition available in the governing laws. Moreover, the laws have so many loopholes that it is nearly impossible to convict a person for cybercrime. The IT Act 2008 did try to address this issue but due to the presence of grey areas, no possible outcome could be achieved.
We must always remember that Cyberspace, through the possibilities of increasing technology, is a shared heritage between us that has been bestowed upon us. This cyberspace is the lifeline of the whole world and now, considering its irreversible place, it is the responsibility of every netizen to pledge to keep the internet free from danger or cybercrime. Simply rephrasing Rabindra Nath Tagore's words in today's context “Where the Cyberspace is without fear of crime and the head is held high, where knowledge is free, where tireless striving stretches its arms towards perfection, into that cyber heaven of freedom, O my father, let our humanity awake.”
Meaning of Cybercrime
Cybercrimes may be described as a crime where the use of computers or electronic media is used to commit crimes such as human trafficking, frauds, spreading pornographic material, stealing intellectual property rights, infringing personal data of individuals, and breaching their privacy through data theft, phishing, snooping, etc. In short, cybercrime is a form of criminal offense that occurs through digital means, but it often involves a wide variety of harmful and malicious acts, such as cyberbullying, planting worms or viruses, hacking into national databases, inciting hate speeches, and terrorist activities. These can be referred to as the most common crimes in the 21st century.
Cyberbullying is a criminal offence whether it concerns coercion or discrimination or racism against other individuals, the transmission of hate messages, and threats to the welfare of an individual. The loss in such cases is mostly not in monetary terms but in terms of their legal rights. Cyberbullying infringes a person’s right to privacy, right to enjoy his life and property and it even damages the person’s reputation in the eyes of society. Therefore, the legal remedy available in such cases is against the infringed right.
Neither the Information Technology Act, 2000 nor the IT Amendment Act, 2008, nor any other law in India has anywhere defined cybercrime. However, the IT Act 2008 covers most of the cybercrimes. But what we need to realise here is that cybercrime is not only protected by the IT Act. The Indian penal law may also be used to punish cybercriminals or to enforce the additional clauses of the IT legislation.
Crime and COVID 19
During this pandemic as work from home became the new normal, computers, laptops, and smartphones were constantly in use for official and unofficial work. The increased use of the internet gave a massive boost to hackers who now started selling important personal details on the dark web and many new fake websites and apps were being formulated to trap the users and extract data from them.
Some of the most common crimes committed during the COVID19 were:
Phishing- The most common crime is phishing. Approximately 90% of cybercrimes can be termed as phishing. In this, fake emails or SMS messages are sent to the user to steal important data such as passwords, account details, ATM pin, personal information such as address contact numbers pictures, etc. During this pandemic, phishing websites soared by 350% as compared to the last year. Many of these used COVID 19 as bait to lure individuals into giving their details and becoming victims of banking frauds, data theft, etc.
Hacking: Due to the pandemic many MNC’s had to restore to VPN to give their employees access to their confidential data and this served as a silver platter for hackers to just hack the VPN servers and extract all the confidential information. As per a recent report, cybercrime in the corporate field increased by manifold times due to disruptions caused by COVID19. The use of the malware AZorult exacerbated phishing in companies and fake emails from well-known companies were sent to individuals to hack into their personal accounts. There have also been attempts to hack the systems of Indian state tax departments to steal sensitive information of Aadhar cards, pan cards, GST tin, etc.
Social Media-related cybercrimes: Apps such as Facebook WhatsApp, Twitter, Instagram have become important tools to spread fake news. As people were severed from the rest of the world during the lockdown, they blindly followed the fake news and started reacting according to it. Moreover, there was a sudden increase in online dating apps which led to offences such as sexual harassment, child pornography, banking frauds, etc.
Cybercrime: The Indian profile
During this pandemic, digital India has become an easy target for cybercriminals. The National Crime Record Bureau data shows that there has been a dramatic increase of 63.5% in cybercrime cases last year. Karnataka (12,020) followed by Uttar Pradesh (11,416), Maharashtra (4,967), Telangana (2,691), and Assam (2,231) registered the highest number of cases. Within the Union territories alone, Delhi accounts for over 78% of all cybercrimes.
In the middle of India’s unparalleled lockdown due to coronavirus, cybercrime has been on the surge. With COVID-19 incidents continuing to intensify in the region, New Delhi tried to stop the spread of the lethal disease by effectively shutting down the world’s second-most populous nation. Such extreme actions have powered the rapid uptick in cybercrime across the nation. According to a new survey by Reuters, attacks have gone up by 86% in four weeks approximately between March and April. By citing officials from the Indian Ministry of the Home Minister, they also outlined the ‘false promotions’ of offering discounted services during the lockdown by Reliance Industries telecoms arm Jio and the streaming platform Netflix Inc.
A closer analysis of the cybercrime spike shows that both government and private cybercriminals have shown their success at capitalizing on the on-going crisis.
Cybercrimes in the COVID times
The increase in cybercrimes and attacks has most likely targeted private citizen personal information and wallets considering the drastic surge in the portion of working workers of India Inc., which is working remotely as a result of the national lockdown.
India’s National Cyber Security Coordinator (NCSC), Lt. Gen. Rajesh Pant, told the Economic Times that “Cybercriminals have launched thousands of coronavirus fraud portals.” These pages attracted thousands of Indians, willing to make contributions to support the battle against coronavirus. Several of the fake sites are very specialized, almost indistinguishable from their true and genuine peers.
The coronavirus fund created by the office of the Prime Minister for Coronavirus was the main victim of cybercrimes during this pandemic. At least a half dozen false website forms were developed and they successfully extorted a thousand dollars from the common public in the name of charity. India’s Home Ministry senior leaders said more than 8,000 appeals had been submitted by domestically and foreign Indians who got tricked into contributing cash to these false copies of the government’s flagship program PM cares.
Even during the outbreak, personal data still has a ring to it for cybercriminals. Indian officials say that the scale of the malware and phishing schemes conducted under the justification of preventive activities have operated in an increased manner since the pandemic. The so-called “coronavirus malware” is intended to steal information such as Bank account numbers, passwords, and other personal data.
Indian’s abrupt lockdown has also contributed to cybercrime in addition to unscrupulous attacks on individuals. Government cyber actors took the advantage of COVID 19 advisory and launched hidden cyber-attacks on some of the major Indian sectors, particularly defence and national security.
A state-sponsored hacking community of enemies backed by Pakistan last month committed a series of ransomware and phishing attempts to snatch sensitive military data, security, and diplomatic data under the pretext of health alert advice of coronavirus. Indian government officials both in India and embassies across the globe were scrutinizing the cleverly disguised legal pandemic related news and communication.
Indian officials continue to combat not only the coronavirus outbreak but also those who are busy looking for illicit money-making activities. Just a few months back, Indian authorities brought a case against a cyber fraudster after he tried to sell India’s iconic “Statue of Unity” for over 4 billion claiming that the funds will be donated to the Gujarat State Government to help finance its war against COVID-19.
Jamtara, a small town in Jharkhand has emerged as the hub of cybercrimes. The State law enforcement departments around the country are having sleepless nights due to the cybercrime attackers, said Mrs. Göel. As per her, more than 60% of cybercrime is related to Jamtara which has also become a cybercrime hub of Digital India. Online gaming, illegal in Telugu states, has increased significantly for those at the home especially dependent individuals, including youth.
“These days, more children are engaging in online gaming.” The colour prediction offers them quick cash prizes, and as covetousness goes higher, they keep on engaging in newer games and ultimately get their savings wasted. People even sometimes end their lives, in certain situations, she mentioned. This year, she added, 259 abusers have been arrested and apprehended by the cybercrime official for their illegal endeavours.
Conviction in Cyber Crime
Conviction in India is still exceptionally poor in cybercrime incidents, even though cybercrime has more than doubled over the last two years, according to new data from the Home Ministry. Whilst the precise conviction figures for 2015 cannot be determined, since the information does not disclose the statistics where trials have been carried out, the numbers available create a bleak picture, according to analysts.
In the last year, 11,592 cases of cybercrime were identified across the country - increased by around 20 percent over the previous year, according to data recently released by the minister of home affairs Hansraj Ahir. During the same period, charge sheets were filed in 3,206 cases while convictions were obtained in a mere 234 cases. Some of the cases that saw charges and arrests had possibly spilled over in 2014, 9,622 cases were reported - and in the 2016 cases in which they filed charges, investigation officers were able to secure just 76 convictions.
One of the major reasons for the low conviction rate is not the paucity of resources. The government indeed is working towards it. Recently the agency on cybercrime “the Computer Emergency Response Team” has started training officers to combat cybercrime and the government also has set up 36 cybersecurity centres to specifically deal with issues related to cybercrime.
Why the slip-ups?
Frequent transfer of officials who are trained in this field leads to low conviction as cases do not reach their final conclusive stage. Moreover, the government officials who are exclusively trained for this purpose are not even aware of their “adjudicating powers under the Information Technology Act, 2008.” This was stated by an official of the Data Security Council of India (DSCI) which is also involved in training prosecution lawyers, law enforcement agencies, and judiciary members. The official also highlighted that “Not many state IT secretaries are exercising the quasi-judicial powers they possess under the IT act. The adjudication cases are also routed to police stations.”
Secondly, there exists no efficient information-sharing model. There is a lack of communication between agencies while working on cases. This hampers the investigations on a wide scale. Moreover, the lack of collaboration and communication leads to a lack of preparedness in tackling crimes and thus allowing the slip-ups to happen.
Thirdly no system to handle digital evidence is in place. Often, carelessness and lack of knowledge or expertise lead to mishandling of evidence which further contaminates it. The official also pointed out - “There is no standard documented procedures for searching, seizing of digital evidence and standard operating procedures for forensic examination of digital evidence.”
The next impediment that arises is the unavailability of a common extradition treaty related to cybercrimes. Many times, after putting a lot of effort and hard work the investigation agencies do come to a final result but the criminal has already fled to another country. Obtaining legal orders from the country’s court is a very technical and time exhausting process that often leads to unsolved cases.
Another reason is the lack of manpower while dealing with such cases. As per deputy superintendent of police in Bengaluru’s cybercrime police station in the Criminal Investigation Department (CID), M.D. Sharath, says that the courts often fail to notice the importance of digital evidence. Sharath, recipient of the prestigious “India Cyber Cop Award for Excellence in cybercrime Investigation” last year said, “Conviction happens when the investigating agency, the prosecution, and judiciary come together.” Through this, he meant that there still exists a shortage of trained officers in this field.
Moreover, in cases of banking fraud, it is mostly the bank that is at fault. KYC norms are often breached by the intermediaries and banks for the privileged customers and due to this, the crime becomes even more difficult to crack. Still, there is no official notification from the government regarding the rules and regulations for these intermediaries. There is no limitation on the time frame and no uniform format is present for storing customer information.
Rakshit Tandon, a cyber expert tries to analyse the reasons for the low conviction rate. He says “While the lack of knowledge among most investigating agencies in collecting digital evidence is an obvious stumbling block towards more convictions, the fact that forensic validation of evidence takes time also adds to people getting off the hook. Plus, the judicial system of the country is notoriously slow – and in cases of cybercrimes, where evidence is extremely volatile and time-bound, a waiting period of six months means evidence is destroyed and unusable.”
Digital India currently is an ailing system full of worms, viruses, and hackers. Phishing scams and banking frauds have become the permanent headlines in newspapers and the lack of investigation agencies is quite evident. Criminals are no more on the run but have opened profitable businesses during this pandemic. To be on the brighter side Rajnath Singh, the home minister acknowledged the problem and assured the citizens that they are working in that direction. It is said “The first step to solving a problem, is recognising there is one.”- the minister definitely seems to be believing in that.
Cyberlaw is a concept used that describes the legal problems in association with technological usage in networking and cyberspace as well as the Internet. The jurisdiction is not only limited to the internet but to all other legal fields as it is an interaction of several legal fields such as real estate, privacy, freedom of expression, contracts, Intellectual property, etc. Simply Cyberlaw is an effort to incorporate the issues presented due to human activity over the Internet into a legal collection of rules that are valid for the real world.
Why cyberlaw is needed in India?
The founders of the internet did not seek to turn the internet into an all-pervasive revolution that could be misused for crimes instead it was created to make the world a large global village where knowledge would be accessible to all. This idea is not possible without reasonable restrictions and requires control. Today in cyberspace there are a lot of alarming events taking place. Because of the Internet’s anonymous nature, it is feasible to carry out a wide range of illegal acts without being able to be caught, and those with intelligence have misused cyberspace to carry on criminal activities. Therefore, the need arises in India for Cyber laws.
Cyber-Law is significant because it encompasses virtually everything involved with a linked mechanism to function through a network called the internet. Cyberspace is vital for transactions. At first, it can sound as if cyber laws are a highly specialized area, which does not concern most cyberspace activities at first. But the actual truth is that every action taken and every reaction given has a place in cyberspace. And whether we recognize this or not, every move and response trigger some legal response.
Initially, there were no separate cyber laws in India. With time as misuse of technology became more prominent along with a surge in the number of cases, new laws were enacted to protect the virtual world growing parallel to the real world. To prevent cybercrimes “INFORMATION TECHNOLOGY ACT, 2000” was enacted to protect the citizens in the field of e-banking, e-commerce, e-governance, and subsequently new fines and punishments were introduced. Later this act was amended and IT Amendment Act, 2008 [ITAA-2008] came into force.
As per the INFORMATION TECHNOLOGY ACT, 2000 Computer shall mean any electronic magnetic, optical or other high-speed systems of processing of data which carry out logical, arithmetic, and memory operation by managing electronic, magnetic or optical impulses and comprise of all inputs, outputs, processing, storage, computer software, or communications devices attached or correlated to computers in a network. The term "computer and computer system" has been designed and understood to mean "any electronic system with information processing capability, executing information functions such as mathematical, arithmetic and memory functions with input capacities, storage, and output capabilities and any high-end programmable resources" such as washing machines, switches, and routers used for a network can all be brought under the ambit of this definition.
Ransomware attacks are punishable on the grounds of Section 66 E and Section 66 F of the Information Technology Act 2000. Hacking is a civil offence under section 43 of the IT Act, but if it is committed dishonestly the person can be convicted under section 66 B of the IPC. Under Section 66 C of the IT Act, the crime of phishing is punishable with imprisonment of up to three years and a penalty of up to 1 lakh. Sections 72 and 66 of the IT Act deal with cyber-stalking and online harassment.
Other than the IT Act 2000, the 1986 Indian Penal Code also allows for certain disciplinary action against cybercrime: IPC Section 419 is designed to provide redressal for fraud. IPC Section 354 regulates and punishes cyber-stalking and internet violations with imprisonment of up to 2-3 years. Persons who propagate false information will be arrested under Section 505 of the IPC and Section 54 of the Disaster Management Act and may be penalized with a jail term of up to 3 years and a fine of 1 lakh or both.
Strengthening India’s Cyber Defences
Even beyond disasters, cybercrime poses an immense challenge for India. India has become one of the top five countries in the world to be targeted by cybercriminals. This portrays the amount of work that is needed to strengthen cybersecurity in the countries.
More than 550 million indigenous people who linked in recent years to the internet have been driven by rural development. Nevertheless, the exponential surge of Internet usage and the Internet of Things (IoT) has, in fact, made the country’s public and private sectors precarious to cyberattack.
“Development will strengthen clients through the transformation of companies.” Purnima Thacker, Head of the IP Practice Group at the Mumbai based law firm of Mulla & Mulla & Craigie Blunt & Caroe says the secret to lowering cybercrime danger for private companies is to “acquire a domain and develop a user-friendly internet policy as well as implement a safe system” This involves “training customers, controlling the program and real-time response to where a client requires assistance in operating the secured network.”
On the government’s part, reinforcing frameworks for sharing, improving capacities for dissemination, and reinforcing the organization of structures of disclosure, are some of the measures that New Delhi should take to further secure the nation from cyber assaults.
It remains doubtful whether these policies will actually be implemented and when.
The present society is much more dependent on technology as compared to the one 5 decades ago. This has led to a surge in cybercrime. There has been an unequal advancement in technology. For some sectors, it has served as a boon whereas for the rest it has been a bane. A new virus is made almost every day, a new cybercrime happens in 39 seconds and we still do not have effective measures to protect us from these digital criminals. Although we are winning in the race of technology advancement at a galloping pace, there are still some major lacunas that need to be addressed. The judiciary is age-old and still works on papers and files. The law-making agency needs to be in time with the real as well as the virtual world. It should not only act as the guardian of rights and liberties for citizens but also for netizens. This can only be made possible with the persistent effort from all three organs of the government along with the media and vigilant citizens. New laws and policies need to be formulated along with proper enactment and then a rapid judicial process should follow in case of a violation. There is also a need for a special task force armed with the necessary weapons for dealing with cybercrimes.
Simply put cybercrime occurs when a computer acts as a tool or a target. It includes all sorts of criminal activities like theft, trafficking, mischief, forgery, defamation when they are committed through digital means. In this digital era, our safety is in our own hands therefore, we should be aware of the Do’s and Don’ts of web surfing and internet banking.
After all, as rightly said, “One single vulnerability is all an attacker needs.”
Written By- Deshna Jain, 1st year B.A.LL.B.(Hons.) student at Maharashtra National Law University Nagpur.