Cyber Crime Case Studies In India And Their Solutions

Cybercrime case studies in India and their solutions refer to documented real-life incidents where individuals, organizations or government bodies have been victims of cyber attacks, online fraud, data breaches or digital threats, and how these cases were investigated, analyzed and resolved with practical solutions. These case studies serve as detailed records that explain how cybercrimes were committed, what loopholes or vulnerabilities were exploited, what damages were caused and how law enforcement agencies, cybersecurity experts or the judiciary responded to the situation. These are educational examples that illustrate the methods used by cybercriminals, ranging from phishing, identity theft, ransomware, hacking of financial accounts, fake job scams, social media frauds to attacks on government databases and corporate networks.

The definition of cybercrime case studies also includes lessons learned from these incidents, where solutions are highlighted in the form of preventive measures and corrective actions. The solutions may include strengthening the cyber security framework, improving awareness among citizens, training professionals, enforcing strict laws under the Information Technology (IT) Act, increasing digital literacy, and using advanced tools such as firewalls, encryption, and cyber forensic techniques. In simple terms, studying these cases along with their solutions provides a structured approach to understanding both the problem and the solution in the digital environment.

Therefore, “Cyber Crime Case Studies in India and their Solutions” can be defined as a collection of real-world examples of online crimes that have occurred in India, analyzing their causes, consequences, and outcomes as well as the corrective steps taken to prevent recurrence. These case studies serve as practical guides for individuals, businesses, and authorities to recognize cyber threats, adopt safe online practices, and develop strong defense mechanisms against future cyber risks. They ultimately bridge the gap between theory and practice in the field of cyber security.

1: IIT Kharagpur, WB, India (2002) Case: Only for the cooperation and active collaboration of the Federal Bureau of Investigation (FBI), the Central Bureau of Investigation (CBI) in India arrested a 27-year-old software engineer, Mr. Shekhar Verma, for trying to illegally sell the ‘source code’ of a sophisticated software package worth about $70 million. The package was called “Solid Works 2001 Plus”. The criminal IIT Kharagpur graduate was caught red-handed when he was about to sell the same package to two undercover FBI agents at the Ashoka Hotel. He believed that the undercover FBI agents were representatives of a US company. Therefore, he struck a deal with them for $2,00,000 for the wrong source code. He was a former employee of a software company called Geometric Software Solutions Company Limited in Mumbai. When he was in service, he took the entire source code and started contacting other software companies in the US through e-mail after resignation, which was considered a very shameful act. This will also be considered as cyber fraud committed by the hacker.

2: Hacking in Baroda, Gujarat: On 9 June 2005, hackers attacked a website and claimed $10,000 for the restoration of the website. Indian police also got unsure. They did not get any clue to control the incident. The domain name was the issue. The “website” which was kept unlocked with the registrar was fraudulently transferred and controlled by the hackers. So, it is very important to see the standard of the security system of the domain that anyone is going to buy from any company or institution.

3: Hacker Dr. Nerukar: On 5th July 2001 Cyber Crime Investigation Cell Mumbai received an anonymous telephone at around 07:00 PM that their website www.ccicmumbai.com was being attacked by hackers. The police officers immediately found out that it had been hacked. They identified the hackers who had changed the original homepage of the Mumbai Police website and posted obscene comments and abuses for the police officers there. After this the police officers checked their server room i.e. Net4India and took the help of the members of the Advisory and Technical Committees to analyze the log records. They checked the Internet Protocol address which was related to this hacking. It belonged to the Internet provider company Dishnet SSL Ltd., Mumbai and the end user of the same date and time was immediately identified by the Internet provider. It was a cyber cafe i.e. “Osprey Enterprises” in Dadar, Shivaji Park. The police entered that cyber cafe and started searching and investigating the computers; Eventually they found a copy of their homepage in a computer which had been modified and which belonged to the software CuteFTP. Then Mumbai police seized that computer and took the details of the criminals who used the computer. Immediately police made a sketch of the suspected accused.

But, other information could not be received from the cyber cafe as they did not maintain it. By repeated visit to Net4India, the police investigated that from the same Internet Protocol address with Internet Service Provider Dishnet there were another two midnight hacking attacks after 30 days of this incident. They, then took the detailed information from Dishnet about the subscribers of the Nexus cyber cafe, Mumbai. During investigation, they interacted with 3 partners of the said cyber cafe. One of the partners disclosed before the police that one of his partners Mr. Mahesh Mahtre and his friend Mr. Anand Khare had committed the hacking from their cyber cafe. Both the accused were arrested by Mumbai Police Cyber Crime Investigation Cell. Mr. Anand Ashok Khare had assumed the identity as Dr. Neruker and the identity “Da Libran” was assumed by Mr. Mahesh Mhatre. First one is an Engineer in Information Technology fields and the accused is a computer programmer. Though, now so called “Dr. Neruker” is working with Mumbai Police Cyber Crime Investigation Cell for the prevention and control of hacking. In the same way, Mr. Ankit Fadia the famous Indian hacker was turned as security provider.

4: Delhi Hackers’ Case: Delhi Police arrested two hackers on 6th February 2001. It was the most breaking news in India because two people were arrested by the Delhi Police for allegation of hacking a website. This was probably the first case in India where accused were arrested; as said by Police Commissioner Rajan Bhagat. Both the hackers were detained for allegedly blocking the website named goZnextjob.com. This website provides support and information to prospective employers and job-seekers. The accused posted a message on that website declaring that it was closed but actually it was very much open. The hackers were sent to judicial custody for 14 days as they were charged under s. 406 of Indian Penal Code 1860 i.e. criminal breach of trust, and s. 66 of the Information Technology Act 2000 i.e. offense of hacking. Though they were denied bail by the Metropolitan Magistrate on 8th February 2001 after they were arrested on 6th February 2001; on 12th February 2001 Additional Sessions Judge of Delhi, Mr. P.K Gauba granted bail to those two hackers who were the partners of software solutions Mr. Amit Pasani and Mr. Kapil Juneja.

5: Hackers “Phishing”: Hackers around the world are adopting the method of ‘phishing’ to bring spam, junk mails, advertisements and many offers. Bangalore police detected about 10,310 phishing attacks carried out by hackers between July and December 2004 alone. Hackers most of the times prefer to use financial service sites, health care sites, online etc. to make the netizens vulnerable. The semantic blocking per week between July to December 2004 was more than 33 million. However, initially this number was one million per week. Hackers are using spam to steal confidential information like identities, passwords and accounts in the contemporary scenario.

6: Hacking between India and Pakistan: Hacking between India and Pakistan has taken a new form, i.e. net-war by means of defacing and taking control of each other’s websites. In the year 2005 Indian hackers have hacked around 114 Pakistani sites and Pakistani hackers have hacked around 766 Indian sites. In the year 2004 around 288 Indian sites were hacked by Pakistan based hackers. According to Mr. Anubhav Kalia, “For every Pakistani site defaced by Indian hackers, Pakistanis hacked 10 Indian sites. There is a constant gun game going on online”. An analyst of the Pakistani establishment said “A good number of websites have been set up by Indians in the web of deception, the main aim of which is to put the blame on Kashmiris and Muslims.

In December 2001 the Indian websites of AIIMS, Atomic Energy Research Board, Delhi High Court Bar Association etc. were finally hacked. The victims were busy developing their internal systems, anti-virus software and firewalls instead of reporting to the police. Perhaps they wanted to avoid negative publicity and thought it might deter their potential customers. The government was lulled into a false sense of security about companies, netizens and websites. This is the situation across the globe. However, at the same time, systems to detect, investigate, convict and commit cyber crimes are in existence and working across the world. Police personnel in India are being given intensive training on prevention and control of hacking and other cyber crimes. India has set up several cyber crime investigation cells for the same purpose.

7: Arrest of two Indian computer trainers in Chhattisgarh in 2001: Manoj Singhania, head of the local branch of Aptech and Prakash Yadav, in-charge of the training institute were arrested for allegedly sending e-mails in the name of Microsoft and Videsh Sanchar Nigam Limited. (VSNL) India. The e-mail contained a program file named ‘Speed.exe.’ As soon as the exe was opened, it would automatically send the password, data and other information of the user or users to the accused. They had also tried to hack the computers of State Bank of India in a similar way.

8: Arrest of former scientist in 2001: On 21 September 2001, a former scientist was arrested from ISRO for threatening the Department of Atomic Energy through e-mail and hacking the internet service provider Icenet in Ahmedabad, India and sending e-mails threatening the security of the country, which would also be considered cyber terrorism.

9: ATM hacking: A private firm had lodged a complaint that on 30 July money was withdrawn using the passwords hacked by the accused. On Tuesday, 10 August 2004, the New Delhi Police arrested 27-year-old hacker Mr. Rajesh Malhotra. He was accused of hacking an ATM machine in Mayur Vihar and withdrawing Rs 3 lakh. The police seized the same amount from the accused. But after that they were released on bail.

10: Mobile Phone Hacking: In the year 2006 most of the hackers started misusing mobile phones, hacking its software and doing cyber espionage through the contemporary communication convergence technology and mobile commerce. No doubt the world is moving very fast and complexities are also there. To fill the gaps, government law enforcing agencies and non-government organizations are very eager to develop new measures. As ethical hackers i.e. Ankit Fadia, Dr. Nerurkar, Neeraj etc. are working in the government and developing new software to prevent and control cyber hacking but at the same time malicious hackers are accessing those software through the World Wide Web and playing their role in doing crime with new dimensions.

In August 2007, hackers developed a type of virus called Trojan Horse and programmed it to send personal e-mails to Monster.com users which is known as a job opportunity site and the program asked the user to submit bank details. About 1.6 million entries like names, detailed identities, addresses, telephone numbers etc. were stolen by the hackers through this program. The hackers used the same method of phishing in which users are often asked to enter personal details. This year spammers celebrated Valentine’s Day as Cheers Day. On 13 February 2008, TrendMicro country manager Neeraj Kaushik said, “About 2.15% of spam comes from India. There will always be one or two Indian service providers in the list of top 20 spam producers. For example Bharti and BSNL were in the list this month.” He also said that about 15% of spam contains some virus, such as a Trojan horse. The West Bengal National University of Juridical Sciences, Kolkata was forced to take down its website www.nujs.edu on 5 February 2008, after hackers linked it to a pornographic site, causing embarrassment to all the dignitaries who visited there. However, the university suspects that it was not done by a student but by visitors who had logged in to obtain information about the law school’s cultural festival from February 7 to 9, 2008.

11: Shri Bhardwaj Case: In the year 2001 Shri Bhardwaj, Managing Director of IGSP Technology Centre India Pvt. Ltd. lodged an FIR before the police at Chandigarh under Section 66(1) & 66(2) of the Information Technology Act 2000 and Section 380 of the Indian Penal Code 1860 regarding hacking of ‘computer system’. That is, Techno Noble Info Way Ltd. (TNIL) had illegally downloaded some data from its server in the US. The police officials started an immediate search of the TNIL office premises and seized the server, related equipment used in the crime. However, on the other hand the plea of the accused was that IGSP has violated the contract by not providing them the minimum service as agreed.

12: Hacker Kalpesh Sharma Case: On 26th September 2003 a media news revealed about hacker Kalpesh Sharma as he was put behind the bars in Ahmedabad. He was arrested on September 24 by the cyber crime branch of Mumbai police on a complaint filed by a UTI Bank official that the accused hacked UTI, Banks site i.e. www.uti.com on July 11 and sent an e-mail to the bank authority with a message that “the website is vulnerable and they should provide security”. He said he can do good work for security in exchange of Rs. 15 lakh and posted his contact numbers. Police arrested him from Ahmedabad. He was charged under sections 66 and 43 (B) of the Information Technology Act 2000 and sent to police custody till October 6 as Maharashtra government counsel said the culprit has hacked several other websites and is capable of hacking many more.

13: Online Traders Hacked: Online trading of shares is not safe as mentioned in the first case as well. Ghaziabad based online trader’s password was stolen by a hacker which was related to shares and this led to a loss of around Rs 5 lakhs. While investigating the case, CBI reported that this type of loss has reached crores of rupees in Mumbai, Ujjain and other places in India. In this case, traders were cheated by hackers. Hackers were getting the account information of those traders and using the same they bought shares at very high prices. Whereas, then they were selling it at very low prices leading to huge financial losses. In the example case, when a trader was informed about the debit of Rs 5 lakhs in his account then he realized about the ‘cyber break-in’. However, the trader thought that it might be due to a password problem about which he informed the brokers who were the people maintaining his online trading account. But, later he realised that actually Rs 5 lakh was withdrawn and invested in the account of the accused. After this he filed a complaint with CBI for cyber hacking, cyber fraud, cyber cheating and registered under section 419 of Indian Penal Code 1860 and section 66 of Information Technology Act 2000. This is the instance when Pune cyber fraud case and Karan Bahris case were exposed and Prime Minister Dr. Manmohan Singh requested NASSCOM and Department of Information Technology to bring new amendments in Information Technology Act 2000 and increase penalties for cyber crimes.

14: Banks are victims: An employee of Bank of India accessed the computer network of the organisation on November 2003. The alleged accused collected data on all the keys, passwords, monitoring systems and other information after tapping the computer network. He was arrested by the police and released on bail thereafter.

15: Pune Cyber Fraud Case: Around 16 accused were arrested in the Pune cyber fraud case. Young employees of BPO industry Mphasis, Msource were the accused. They defrauded USA-based Citibank customers of more than Rs. 1,000 crores and Rs. 1.5 crores, including loss of data. 31-year-old young Bangkok resident John Varghese returned to Pune with a new car, mobile, jewellery and handy camera. He was the mastermind of the story. The accused viz. Miss Morleen Fernandes (25 years), Ivan Thomas (30 years), Bijoy Alexander (26 years), Stephen Daniel (24 years), Siddhant Mehta (20 years) and others were good friends of J. Varghese. The accused were given access to confidential information of Citibank account holders, as the bank provided e-banking service provider. ‘The two main accused – Unit Supervisor Miss M. Fernandes and former customer service executive Mr. Ivan Thomas – obtained password/PIN information from about five account holders. It was just like thieves taking the house keys from the owner. After this the culprits started their operation by sending and diverting e-mails of e-banking fund transactions. The victims were only getting information about the money transfer, nothing else. After this one of the victims lodged a complaint with Citibank and then Citibank alerted Mumbai and New York City Investigation Services about it. Mumbai Citigroup immediately contacted the recipient banks in Pune and alerted the Cyber Crime Cell of Pune Police to catch the cyber fraud. The accused were caught red handed when they were about to investigate the money transfer at Rupee Sahakari Bank, Pune. One thing is worth mentioning here that Msource, the BPO branch of Mphasis Limited did not lodge any complaint against this major cyber fraud case committed by its employees. The accused were charged under sections 65, 66, 71 and 72 of the Information Technology Act, 2000 and sections 420, 465, 467 and 671 of the Indian Penal Code, 1860.

16: Cyber fraud in West Bengal: In the state of West Bengal, Kolkata police raided around 792 online lottery units and seven district units on 19 December 2004. The state finance department requisitioned police force on 17 December to control the violation of the Lottery Regulation Act 1998, Section IV i.e. the central law. Police seized around 472 electronic lottery devices in Kolkata and on investigation found that most of them did not have a trade license. The vice-president of the play-wing said that they never violated the rules. A website called http://www.sushmitasen.com was misused by an accused in Toronto. Not only this, websites like http://www.amitabhachchan.com, http://www.hrithikrashan.com etc. were misused by cyber intruders and mostly they used those domain names to promote pornography.

17: Click Fraud: It is a type of cyber fraud that deals with clicking on web search ads by users who have no intention of doing business with advertisers. The company that advertises in the web has to pay the websearch providers for each click made by the users, for example, Google, Yahoo and Rediffmail etc. So, these web-search providers use machines and people to make more clicks on the ads, without any intention of doing so and for which they will earn money from the advertisers.

18: Hyderabad Rs. 20 Crore Data Conversion Fraud: Mr. C Suresh, Managing Director of Vinceri Infotech and owner of Infotech Pvt Ltd website had started his business of data conversion in 1997 for giving data entry work; for providing services of data entry, medical transcription, management and e-books etc. in January 2002 he fraudulently obtained Rs. 2.5 Lakhs (approx) non-refundable deposits from each client falsely promising to give data entry work. And in February 2003, when the cheques issued by him to his clients were not paid but dishonoured, as funds were not available; then his clients started demanding either refund of their deposits or payment of their bills and providing work. But the accused Mr. C Suresh kept quiet. Therefore, his clients (approx. 1,500) approached the police and lodged separate complaints. Subsequently, he was arrested from Secunderabad on the charges of cyber fraud i.e. data conversion fraud of about Rs 20 crore. Central Crime Station (CCS) investigators said that six more cases on cyber fraud have been registered and again the police have identified at least 20 fake data conversion companies after this incident. Even in branch offices, brokers falsely collected Rs 10,000 to Rs 50,000 from each customer by making such false promises.

19: Karan Bahri Case: Indian BPO industries were clouded with a lot of dust due to the sting operation conducted by the British tabloid through its newspaper ‘The Sun’ in late June 2005. After this, lawyers and experts became very busy in protecting the security system of Indian BPO industries as they had data transfer contracts with call centers in India.

20: Bangalore Cyber Fraud Case: The case of Sutra Solutions in Bangalore city, which had 42 branch offices working as call centers and more than 400 students and others were promised jobs after a few months. They were taken as trainees. Sutra collected Rs. 6,000 for customer support and Rs. 25,000 for technical support from training. The total amount was Rs. 1.2 crore. After depositing the said amount some trainees found that the website of Sutra www.sutrasolutions.com is shutting down, they are not paying the rent of the building and telephone rent is also pending. After this the victims lodged a complaint against the company. Ajay Shah (CEO) was absconding and the police arrested Mr. Raju Krishnamurthy on charges of cyber fraud, however he was released on bail after that.

21: New Delhi Online Traders Case: A breaking news published by Times News Network has raised suspicion of people getting duped by hackers in online trading of shares. This cyber crime case was handled by the CBI, in which the password of a Ghaziabad-based online trader was hacked by a hacker, leading to a loss of about Rs 5 lakh. Traders were often cheated by such hackers who obtained information of traders’ accounts and misused it by bringing shares at very high prices and later selling those shares at very low prices leading to financial losses. In the Ghaziabad case, ‘cyber-breaking’ was observed when the loan in the traders’ account amounted to Rs 5 lakh. It was registered by the CBI on June 29 under Section 419 of the Indian Penal Code 1860 and Section 66 of the Information Technology Act 2000. The hacker invested Rs 5 lakh from the victims’ account in his own account. CBI’s Cyber Crime Cell arrested 2 accused in Bhavnagar, Gujarat.

22: Bangalore cyber fraud, June 2006: Accused Kashmiri was a resident of Bangalore who joined HSBC on 12 December 2005 by presenting fake certificates. He had links with terrorist groups and underworld groups. He and co-accused Nadeem were arrested on charges of data theft and cyber fraud. They stole data to illegally transfer money from the account of customers of a multinational company and a UK-based bank. HSBC Electronic Data Processing India Pvt Ltd was the BPO branch of Bangalore Bank. They lodged a complaint in Cyber Crime Police Station (CCPS) against that cyber fraud.

23: Kolkata cyber fraud case, September 2006: Sulagna Roy, a 23-year-old NIFT educated call centre employee at Salt Lake Sector V call centre Jayshree Info Tech committed cyber fraud through calcuttaweb.com. The nature of her work was to sell Dish TV to US customers. During her work she collected credit card details of those customers and then started buying items worth more than Rs 52. 1.8 lakh ($4,000) using laptop internet and cyber cafe internet. These items include jewellery, saris, chocolates, air conditioners etc. calcuttaweb.com has provided the details of the purchases to Kolkata’s Detective Department and CID. She used to earn only Rs 8,000 monthly but used to buy valuable things about which her mother was silent. She was arrested from her Behala house in Kolkata and charged with fraud. She confessed that she did this work for fun, but not intentionally to commit any crime. The city court sent him to police custody for 12 days. Gyanwant Singh (DD) said “California-based firm, Sys Soft Corporation told us that they do e-commerce through a portal, calcuttaweb.com, in Kolkata. During July-August, there was a flood of complaints about fraudulent purchases being made through this site. We were also told that all these purchases were made through credit cards of US residents. The US firm had to compensate all the credit card holders”.

24: Lottery fraud and cyber squatters: Most of the times we receive electronic mail information that we are going to win or we have won a prize in the lottery. To receive the lottery money, the letter or e-mail recipients naturally sent their reply. As soon as they send the reply again, they will receive another e-mail asking for information about bank accounts, their preferred transaction method and other confidential information. They take money as processing fees before that fund transfer. But that prize never happened in the recipient’s accounts in the lottery and on the other hand his confidential information, bank accounts etc. can be misused for fraud or other crimes. We can say the same about online lottery fraud. This incident happened in South Africa in November 2004, where about 419 international lottery fraudsters were trying to commit cyber fraud worldwide by sending false e-mails to multi-member recipients. In this regard, Mr. Muller, a member of the World Lottery Association Security and Risk Management Committee, said that about 80% of lottery scam organizations were based in South Africa, which were attempting to commit the said crime. He said that the criminals were not South African but they were using South African e-mail addresses for quick action.

25: Bobby Art International etc vs Omple Singh Hoon: The controversy regarding the film “Bandit Queen” which contained a nude scene attracted the attention of the Supreme Court. The story is based on the life of Phoolan Devi from her childhood to the brutal torture she faced in the village. She was kidnapped, gang-raped and sexually assaulted by dacoits. The film shows how she was raped at a young age and then a two-minute nude scene was shown in front of the villagers standing around and she was paraded naked from head to toe. After this, when she joined the dacoit group, she took revenge by killing 20 Thakurs of her village. The rape scene in that film also showed the obscene rear side of the rapist.

26: K.A Abbas vs Union of India: Supreme Court Chief Justice M. Hidayatullah and other judges held with respect to film censorship that our freedom of expression and speech is not absolute but limited by reasonable restrictions under Article 19(2) in the interest of the general public to maintain public decency and morality. Therefore, film censorship has full jurisdiction in the field of cinematograph film to prevent and control obscenity and pornography.

27: Samaresh Bose vs Shri Amal Mitra: The case was about the ‘Prajapati’ controversy which was published in ‘Sarodiya Desh’ for Bengal written by the petitioner. The respondent was a young lawyer at that time who complained that the novel contained obscene material. The print, sale distribution and exhibition of the same which had a tendency to corrupt public morals as sexual feelings after seeing the private visible body of women were described, close emotional relations with friend’s sister were described. Herein, the Court held that a novel written by a well-known author of novels and stories, by which the author wishes to highlight the various evils and vices prevailing in the society, with particular emphasis on the problems which really affect the society, cannot be treated as obscene writing and is not necessarily obscene.

28: Sukanto Halder vs State of West Bengal: The case was related to the magazine “Nara Nari” which was considered to be an obscene publication. Therefore, to give effect to public morality above art, literature the court convicted the petitioner under section 292 of the Indian Penal Code 1860 and sentenced him to two months rigorous imprisonment and a fine of Rs 200 in default of two weeks rigorous imprisonment.

29: Raj Kapoor vs State of Maharashtra: The issue was the most controversial film “Satyam, Shivam Sundaram”. Justice Krishna Iyer said that ‘A’ certificate by the high powered censor board with special composition and statutory mandate is necessary and acceptable. But we have to examine whether invoking penal provisions is a violation of public morality and decency. Though the certificate of the board has value as evidence, it does not exclude criminal liability on publication of obscene and pornographic material.

30: Cyber pornography harasses Mumbai housewife 2003: A housewife in Mumbai was receiving repeated obscene telephone calls threatening her with sex from a young boy in the city who had obtained her phone number and name from an advertisement placed on a pornographic website on the Internet. Soon after a complaint was lodged by her husband, the Mumbai police realised that she was not the only woman who was being harassed in this way and was receiving such frightening calls. The Mumbai police traced the young boy who was the accused.

31: In Tamil Nadu vs Suhas Katti: This case was another landmark in Indian law enforcement agencies where conviction was successfully achieved within 7 months of filing of FIR. This was the first case of Cyber Crime Cell Chennai. Naavi.com and Cyber Evidence Archival Centre were greatly assisted in the speedy disposal of this case. In this case Indian police had shown their capability as investigators by presenting satisfactory evidence against the accused. The defendant was accused of sending annoying, obscene and derogatory messages related to a divorced woman in a Yahoo message group. The accused first opened a false account in the name of the victim and then sent the information to her through electronic-mail. This annoyed the victim as she had to face annoying calls. In February 2004 the victim lodged a complaint about this fact before the police. Chennai police traced the accused in Mumbai and promptly arrested him a few days later. The police found out that the accused was a family friend of the victim, knew her and wanted to marry her. But she did not marry the accused. However, he married another woman who he later divorced. After the divorce, the accused again fell in love with her and started contacting her but she refused.

Then the accused started harassing her through internet. A chargesheet was filed against the accused under Sections 469, 509 of Indian Penal Code 1860 and Section 67 of Information Technology Act 2000 before Hon’ble Additional Chief Justice Egmore on 24th March 2004. Chennai Police with great help of Cyber Evidence Archival Centre produced 34 documents and other material objects before the court and examined 18 witnesses out of which 12 witnesses were examined on behalf of the prosecution. On the basis of expert witness the court held that the crime was conclusively proved. On 5th November 2004 the court pronounced the verdict that the accused was found guilty of the offences under Sections 469, 509 of Indian Penal Code and Section 67 of Information Technology Act 2000. Therefore, the accused was convicted and sentenced to undergo rigorous imprisonment for two years under Section 469 of the Indian Penal Code, i.e. forgery with intent to harm reputation and to pay a fine of Rs 500; for the offence under Section 509 of the Indian Penal Code, i.e., word, gesture or act intended to insult the modesty of a woman, to undergo simple imprisonment for one year and to pay a fine of Rs 500; and for the offence under Section 67 of the Information Technology Act 2000 to undergo rigorous imprisonment for two years and to pay a fine of Rs 4,000. The court said that all these sentences should run concurrently. The accused was lodged in the Central Jail in Chennai and he paid the above-mentioned fine.

32: A man posing as a 15-year-old girl: A 30-year-old man from 2002 to 2004 through internet chat rooms presented himself before a 16-year-old boy as if he was a 15-year-old girl. The boy then fled from his house to his girlfriend in Mumbai and she found out the truth. The accused 30-year-old man sexually abused the victim, stole money from her and beat her up. This was the result of a chat room friendship that led to homosexuality which is prohibited under Section 377 of the Indian Penal Code 1860. Section 377 deals with unnatural offence, which is as follows: Whoever voluntarily has carnal intercourse against the order of nature with any man, woman or animal, shall be punished with imprisonment for life or with imprisonment of either description for a term which may extend to ten years and shall also be liable to fine.

33: Air Force Bal Bharti School 2001: Case filed in Juvenile Court, Delhi on charges of cyber pornography. Some jurists say that this is the first Indian cyber pornography case where charges were filed in juvenile court. The brief facts in issue were that a student of Air Force Bal Bharti School, Lodhi Road, New Delhi was arrested by Delhi Police in April 2001. The alleged accused was a student of class XII at that time who created a pornographic website to take revenge for being teased by classmates and teachers. He listed the names of 12 of his school mates’ girls and teachers in a sexually explicit manner on that website. Subsequently, the school authorities suspended him, however the juvenile court accepted his bail plea. However, he was charged under section 67 of the Information Technology Act 2000 and sections 292, 293, 294 of the Indian Penal Code and the Indecent Representation of Women Act. The most significant steps were taken by law enforcement agencies in India.

34: Bhubaneswar case: Xavier Institute of Management lodged a cyber crime complaint with the police in December 2004 that the students and staff of these institutes were receiving many obscene electronic mails. Not only this, the students were also afraid of online threats, hacking and spamming. The police appointed technical experts to investigate the entire matter. At first they considered these obscene electronic mails as spam mails. Gradually, students and staff were facing obscene mails and continuous sexual harassment through the Internet. Bhubaneswar police at that time was weak in fighting cyber crimes. Superintendent of Police Mr. Amitabh Thakur said that the police officers were not trained enough to deal with the matter. However, they can demand expertise from technical persons to deal with the situation as per the instructions of the State Crime Record Board.

35: Aligarh cyber cafe case before National Human Rights Commission, New Delhi: On 23 December 2004, a policeman from Uttar Pradesh was identified as a pornography seeker. He humiliated young school girls in a cyber cafe in Aligarh. A senior officer warned the girls that they should not lose their temper or else they could lose a lot. The dialogues were mostly in Hindi, i.e. “Garmi na likhao… Garmi dikhogi se bahut kuch garam garam… jaay ga”. If that was not enough, the police officer dragged a teenager by her hair and forced her to look into the lens of the news channel’s camera. Using the real name and picture of girls arrested for prostitution in India is also not permitted by law. A policeman used filthy language and said that now you are feeling ashamed but you did not feel so when you decided to skip school and spend time with him… in Hindi i.e. ‘Ab shaam aa rahi hai… jab school se bhaag kar aaye the toh sharam nahi aa rahi thi’. There were no women police at the time when the police raids were conducted on the cyber cafe. This case was a complete violation of the human rights of those students, especially their right to live with honour and dignity. Therefore, the National Human Rights Commission took suo motu cognizance of the reports in the print and media and asked the Chief Secretary and Director General of Police of the Uttar Pradesh government to investigate the allegations by sending their comments within two weeks.

36: NASSCOM vs Ajay Sood & Ors: In a landmark judgment delivered in March 2005 in the case of National Association of Software and Service Companies vs Ajay Sood & Ors, the Delhi High Court declared ‘phishing’ on the Internet as an illegal act requiring injunction and recovery of damages. Discussing the concept of ‘phishing’ in detail to set a precedent in India, the Court stated that it is a form of Internet fraud where a person pretends to be a legitimate organisation such as a bank or an insurance company to extract personal data from a customer such as access codes, passwords etc. The personal data collected by misrepresenting the identity of the legitimate party is usually used for the benefit of the collecting party. The Court also cited examples of common phishing scams involving people who pretend to represent online banks and steal cash from e-banking accounts after deceiving consumers into handing over confidential banking details. The Delhi High Court said that although there is no specific law in India to punish phishing, it considered phishing an illegal act and defined it under Indian law as “misrepresentation made in the course of business which causes confusion about the source and origin of an e-mail, causing serious harm not only to the consumer but also to the person whose name, identity or password is misused.” The court considered the act of phishing as tarnishing the image of the plaintiff. The plaintiff in this case was India’s leading software association, the National Association of Software and Service Companies (NASSCOM).

The defendants were operating a placement agency involved in headhunting and recruitment. In order to obtain personal data which they could use for head-hunting purposes, the defendants prepared and sent e-mails to third parties in the name of NASSCOM. The High Court recognised the plaintiff’s trademark rights and passed an ex-parte interim injunction restraining the defendants from using the trade name or any other name confusingly similar to NASSCOM. The Court also restrained the defendants from representing themselves as an affiliate or part of NASSCOM. The Court appointed a commission to search the defendants’ premises. Two hard disks of the computers from which fraudulent e-mails were sent by the defendants to various parties were taken into custody by the Court-appointed Local Commissioner. The incriminating e-mails were then downloaded from the hard disks and produced as evidence in the Court. During the progress of the case, it became apparent that the respondents in whose name the offending e-mails were sent were fictitious identities created by an employee on the instructions of the respondents to avoid recognition and legal action. Upon detection of this fraudulent act, the fictitious names were removed from the list of parties as respondents in the case. Subsequently, the respondents admitted their illegal acts and the parties settled the case by entering into a compromise in the suit proceedings. As per the terms of the compromise, the respondents agreed to pay a sum of Rs. 1.6 million as compensation to the plaintiff for infringement of the plaintiff’s trademark rights. The Court also ordered the hard disk seized from the defendants’ premises to be handed over to the plaintiff, who would be the owner of the hard disk. This case achieves clear milestones. It brings the act of “phishing” within the ambit of Indian laws even in the absence of a specific law. It dispels the misconception that there is no “damage culture” for violation of intellectual property rights in India. This case reaffirmed IP owners’ confidence in the ability and willingness of the Indian judicial system to protect intangible property rights and sent a strong message to IP owners that they can do business in India without sacrificing their IP rights.

37: Bazee.com case: The CEO of bazee.com was arrested in December 2004 because a CD containing objectionable material was being sold on the website. The CD was also being sold in Delhi markets. Mumbai City Police and Delhi Police launched a crackdown. The CEO was later released on bail. This raises the question of what kind of distinction do we make between an internet service provider and a content provider. The onus is on the accused to prove that he was the service provider and not the content provider. It also raises a lot of issues about how the police should handle cyber crime cases and a lot of education is needed on these things.

38: Bank NSP case: The Bank NSP case is one in which the marriage of a management trainee of a bank was fixed. The couple exchanged a lot of emails using the company computers. After some time the couple broke up and the girl created fake email IDs like “Indian Bar Association” and sent emails to the boy’s foreign clients.

She used the bank’s computer to do this. The boy’s company lost a large number of customers and took the bank to court. The bank was held liable for the emails sent using the bank’s system.

39: SMC Pneumatics (India) Pvt. Ltd. vs. Jogesh Kwatra: In India’s first case of cyber defamation, a Delhi court assumed jurisdiction over a case where a corporate’s reputation was being maligned through emails and passed a significant ex parte injunction. In this case, the defendant Jogesh Kwatra being an employee of the plaintiff company started sending abusive, defamatory, obscene, lewd, filthy and insulting emails to his employers as well as various subsidiaries of the said company across the world with the aim of defaming the company and its Managing Director Mr. R.K. Malhotra. The plaintiff filed a suit for a permanent injunction to restrain the defendant from committing illegal acts like sending defamatory emails to the plaintiff. It was argued on behalf of the plaintiff that the emails sent by the defendant were clearly obscene, lewd, abusive, intimidating, insulting and defamatory in nature. The counsel further argued that the purpose of sending the said emails was to malign the high reputation of the plaintiff throughout India and across the world. He further argued that the acts of the defendant in sending the emails have resulted in invasion of the legal rights of the plaintiff.

Further, it is the duty of the Defendant not to send the above emails. It is worth noting that when the Plaintiff Company came to know that the said employee may be involved in sending the derogatory emails, the Plaintiff terminated the services of the Defendant. After hearing the detailed arguments of the Plaintiff’s Counsel, the Hon’ble Judge of the Delhi High Court passed an ex-parte interim injunction, holding that a prima facie case had been made out by the Plaintiff. As a result, the Delhi High Court restrained the Defendant from sending any abusive, defamatory, obscene, lewd, abusive and insulting emails to the Plaintiff or its affiliate subsidiaries worldwide, including their Managing Directors and Sales and Marketing Departments. Further, the Hon’ble Judge also restrained the Defendant from publishing, transmitting or causing to be published in real world and in cyberspace any information which is abusive, derogatory or insulting to the Plaintiff. This order of the Delhi High Court holds immense significance as it is the first time that an Indian Court has assumed jurisdiction in a case relating to cyber defamation and granted an ex parte injunction restraining the defendants from defaming the plaintiffs by sending abusive, defamatory, insulting and obscene emails to the plaintiffs or their subsidiaries.

40: Parliament attack case: The Bureau of Police Research and Development in Hyderabad had handled some of the top cyber cases, including analysis and recovery of information from laptops recovered from the terrorist who attacked Parliament. Laptops seized from the two terrorists, who were shot dead during the Parliament siege on 13 December 2001, were sent to the Computer Forensic Division of the BPRD after computer experts in Delhi failed to ascertain much of its contents.

41: Parliament attack case: The Bureau of Police Research and Development in Hyderabad had handled some of the top cyber cases, including analysis and recovery of information from laptops recovered from the terrorist who attacked Parliament. The laptops seized from the two terrorists, who were shot dead during the Parliament siege on 13 December 2001, were sent to the Computer Forensic Division of the BPRD as computer experts in Delhi had failed to ascertain much of its contents. The laptop had many evidences which confirmed the intentions of both the terrorists, the Home Ministry sticker which they had made on the laptop and pasted on their ambassador’s car to gain entry into the Parliament House and the fake identity card which one of the two terrorists had with the emblem and seal of the Government of India. The symbols (of the three lions) were carefully scanned and the seal was also cleverly made with the residential address of Jammu and Kashmir. But careful investigation proved that all this was fake and made on the laptop.

41: Pune Citibank Mphasis call centre fraud: US$ 3,50,000 was fraudulently transferred from the accounts of four US clients to fake accounts. This will give a lot of strength to those lobbying against outsourcing in the US. Such cases happen all over the world but when it happens in India, it is a serious matter and we cannot ignore it. This is a case of sourcing engineering. Some employees won the trust of the client and obtained their PIN numbers to commit fraud. They did this under the guise of helping the clients out of difficult situations. Call centres in India maintain the highest security because they know they will lose their business. This was not a breach of security but a breach of sourcing engineering. Call centre employees are checked while going in and out, so they cannot copy the numbers and hence they cannot note these down. They must have remembered these numbers, they must have immediately gone to the cyber cafe and accessed the Citibank accounts of the clients. All the accounts were opened in Pune and customers complained that money from their accounts was transferred to Pune accounts and thus the culprits were traced. The police have been able to prove the integrity of the call centre and have frozen the accounts where the money was transferred. There is a need for strict background checks of call centre executives. However, even the best background checks cannot prevent bad elements from coming in and breaching security. We must ensure such checks even when a person is hired. There is a need for a national identity card and a national database where a name can be mentioned. Initial investigations in this case did not reveal that the culprits had any criminal history. Customer education is very important so that customers are not cheated. Most banks are guilty of not doing this.”

42: Andhra Pradesh tax case: The dubious tactics of a prominent businessman of Andhra Pradesh were exposed when department officials seized the computers used by the accused person. The owner of a plastic firm was arrested and vigilance department detectives recovered Rs 22 crore in cash from his house. They sought an explanation from him regarding the unaccounted cash within 10 days. The accused person had submitted 6,000 vouchers to prove the legitimacy of the business and thought that his crime would not be detected, but after careful scrutiny of the vouchers and the contents of his computer, it was found that all these were fabricated after the raid. It was later found that the accused was running five businesses under the guise of one company and was using fake and computerised vouchers to show sales records and evade tax.

43: Sony.Sambandh.com case: An Indian was recently convicted for the first time for cyber crime. It all started after a complaint was lodged against non-resident Indians targeting Sony India Private Limited, which runs a website called www.sony.sambandh.com. This website enables NRIs to send Sony products to their friends and relatives in India after making online payments. The company undertakes to deliver the products to the respective recipients. In May 2002, someone logged on to the website under the identity of Barbara Campa and placed an order for a Sony colour television set and a cordless head phone. She gave her credit card number for payment and requested that the products be delivered to Arif Azim in Noida. The payment was duly cleared by the credit card agency and the transaction was processed. After following the relevant procedures of due diligence and investigation, the company delivered the goods to Arif Azim. At the time of delivery, the company took digital photographs showing the delivery being accepted by Arif Azim. The transaction was then completed, but a month and a half later the credit card agency informed the company that it was an unauthorised transaction, as the actual owner had denied making the purchase. The company filed a complaint of online fraud with the Central Bureau of Investigation, which registered a case under Sections 418, 419 and 420 of the Indian Penal Code. The case was investigated and Arif Azim was arrested. Investigation revealed that while working at a call centre in Noida, Arif Azim got access to the credit card number of a US citizen, which he misused on the company’s site.

The CBI recovered the colour television and cordless headphones. The CBI had evidence to prove its case in this case and hence the accused confessed his crime. The court convicted Arif Azim under Sections 418, 419 and 420 of the Indian Penal Code — this is the first time that a cybercriminal has been convicted. However, the Court felt that since the accused was a young boy of 24 years and convicted for the first time, a lenient approach was required. Hence the Court released the accused on probation for one year. This judgment is of utmost importance for the entire nation. Apart from being the first conviction in a cybercrime case, it has also shown that the Indian Penal Code can be effectively applied to certain categories of cybercrimes, which do not fall under the Information Technology Act 2000. Secondly, this type of judgment sends a clear message to everyone that the law cannot be circumvented.

44: Infinity E-Search BPO Case: The Gurgaon BPO fraud has created an embarrassing situation for Infinity E-Search, the company in which Mr. Karan Bahri was employed.” A British newspaper had reported that one of its undercover reporters had bought personal information of 1,000 British customers from an employee of an Indian call centre. However, employees of New Delhi-based web designing company Infinity E-Search, who were allegedly involved in the case, have denied any wrongdoing. The company has also said that it has nothing to do with the incident. In this case, the journalist took the help of an intermediary, offered a job, requested a presentation on a CD and later claimed that the CD contained some confidential data. The fact that the CD contained such data is not certified by the journalist himself. In such a situation we can only say that the journalist has used “bribery” to induce an employee to “deviate from normal behaviour”. This is not an observation of a fact but the creation of a factual event by interference. Investigations are still on in this case.

45: Cyber terrorism on Indian Parliament: The attack on Indian Parliament on 13 December in the year 2001 was carried out with the help of information technology. The accused used cyber terrorism to attack the Parliament. forged the gate pass with the official logo of the Home Ministry and the layout of the Indian Parliament among other details. Police recovered a laptop computer of the prime accused Mohammed Afzal and S Hussain Guru and also found out that they had done this work through a Pakistani internet service provider. They used to control the identity and e-mail system of the Indian Army.

46: 11 July 2006 Terrorist Attack: Information Technology became an easy tool in the hands of terrorists-beyond imagination. The world witnessed the devastating terrorist attack on India on 11 July 2006. In the age of communication convergence terrorists are using computers, wireless and mobiles to communicate with each other and simplify their activities with quick action. So, on almost the same day, almost at the same time, serial bomb blasts were their target; first Srinagar and then Mumbai. Electronic media broke the news on 12 July 2006 that Lashkar-e-Taiba, Al Qaeda, SIMI etc. were the culprits behind the serial blasts in Srinagar and Mumbai, as suspected by Maharashtra Police. Maharashtra Police had recovered explosives from Aurangabad and Nasik just a month before the Mumbai blasts. Police also found a suspicious resident of Malegaon in Maharashtra who had left India and gone to Pakistan soon after the blasts.

47: Cyber Terrorism—Cyber War: Net-war or cyber-war and cyber terrorism is prevalent not only in the USA, UK, Australia, France etc. but also in Bangladesh, Pakistan and India. Nowadays most of the Indian departments are defaced and attacked by Pakistani hackers and terrorist groups. Information and communication technology (ICT) is also used extensively by terrorists in Bangladesh, Pakistan and India. In the year 2000, about 132 Indian websites were defaced within four months and in the year 2001 this number increased to 161. “The hackers group called Silver Lords hacked around 23 Indian websites within 6 days demanding freedom of Kashmir. A Pakistani website called “Global Net.pk” was also hacked by “Silver Lords”. Most of the Indian websites are hacked and defaced by pesani hackers e.g. G-Force Pakistan, Harkat-ul-Mos.etc. They are generally popular for anti-Indian hacking after Pokhran II tests in 2001. Western hackers attacked Bhaba Atomic Research Center to steal nuclear test data. Another anti-Indian hackers group is Fantabulous Defenders. The Pakistani hackers group was detected by an Indian ethical hacker Mr. Anand Khare popularly known as Dr. Nerukar.

48: Indian Legislation: Indian Parliament passed the Information Technology Act 2000 in pursuance of the United Nations Model Law, 1997 but it does not define the terms “cyber terrorism”, “cyber crime” etc. However, Section 66 prohibits and prescribes punishment for cyber hacking and Section 65 prohibits and prescribes punishment for tampering with source code. Terrorist activities have been prohibited several times in India by several laws such as the Preventive Detention Act. The Prevention of Terrorism Act 2000 repealed the Terrorist and Disruptive Activities Act (TADA) etc. The Prevention of Terrorism Act 2000 was passed for 3 years, however it was mentioned that the penalties, confiscations, sentences and proceedings under the Act will continue even after its expiry. The Act prohibits terrorist and disaster-related activities, using any property, weapon or giving shelter for terrorist activities. The Prevention of Terrorism Ordinance (POTO) 2001 (No. 9 of 2001, dated 24.10.2001) was enacted for the prevention of terrorist and related activities. Investigators were empowered to seek information from any suspect and non-disclosure of information was punishable with imprisonment up to 3 years. Possession of property received from terrorists or acquired from terrorist funds was also a punishable offence without information. Not only this, if a person is found to be possessing weapons unauthorisedly in any special or notified area, it will be presumed that he is linked to terrorist activities under POTO.

49: Ayodhya incident: Indian police found mobile phone link between Unani doctor Irfan Khan and Ayodhya terrorist Amin @ Zuber. Just an hour after the Ayodhya incident, police found out through a mobile ID that Ghazi Misbah-ud-Din, the operational chief of Kashmir’s biggest indigenous terrorist, was linked to the incident. The conversation on the short message service (SMS) went like this: “Hello, I am Ghazi. Note this down, we did not do this.”

50: Cyber Terror in Kolkata: An encrypted message was stored in Kolkata on December, 2002 by Mr. S. Kundas Cyber Cafe technician found a computer file named “PAKI-G. BABA 0241” in D-drive. Out of curiosity he opened it and found that it was a sinister message with misspellings of some famous buildings of Kolkata like “Raiters Building”, “Bikash Bhawan” “Second Hooghly Bridge” etc with possible dates and time of the terrorist attack. But due to extra vigilance and security measures of Kolkata police no incident took place. Similar message was found on a webpage before Durga Puja 2005 and people in Kolkata were alerted by the government. Cyber terrorism was perpetrated by Aftab Ansaris network from Dubai and New Delhi to attack the American Center in Kolkata.

51: Cyber terrorism by hackers: In May 2001 Indian government and e-business sectors raised voice to take action against anti-India hacking especially against Pakistani hackers and government formed a force on cyber security. So, unlocking the source code of Pakistani websites was taken as a way to prevent and control cyber terrorism like, defacing Indian website for showing disrespect to Indian flag in June 2000, defacing www.knitwear.com.etc on June 27, 2001. Thus, Indian Pakistan cyber was going on every moment.

52: Cyber terrorism in India linked to UK blast: Al Qaeda linked terrorist and London blast accused 29 year old Mohammed Afozol was sentenced to 7 years rigorous imprisonment by the Prevention of Terrorist Activities Court in India, Special Judge AP Bhargale pronounced the sentence on 22 July 2005 for hatching a conspiracy with his uncle named MM in UK. Nizam was accused of causing terror and destruction in England, Australia and the United States by hijacking planes, crashing them into important places. He was also accused of “forgery of preparing fake certificates of Pune College to get admission in a pilot training institute in Mumbai and abroad”. The court also directed to bring his uncle to India, police seized international credit cards, global roaming mobile phones and passports etc from him. Al Qaeda influenced India origin HR. Aswat called the terrorist several times and was arrested from Islamabad, though he had left the UK just hours before the blasts in London on 7 July 2005 in tube train and bus. At the time of arrest he was armed with explosives and was wearing a belt and had £17,000 and a British passport. He is the cousin of the terrorist who died in the 2002 Gujarat riots in India.

53: Cyber terrorism in Jammu and Kashmir: Websites and networks in Jammu and Kashmir are used by terrorists for communication between senior commanders in Kashmir valley and control stations. There were line of sights (LoS) to provide network facilities between Kashmir valley and Doda-Udhampur-Rajouri areas and north – south Pir Panjal range. Earlier terrorists used high frequency radio network as a means of communication. In April – May 2003, three cellular phones and one satellite phone were recovered in Surankat area in an army action. Terrorists in India are users of STD and ISD facilities as well as BSNL network to connect with Pakistan and other countries.

54: Use of telephone and mobile by terrorists: Since 1999, the use of mobile phones and electronic mail is increasing day by day with the use of internet as a convenient means of communication, control and surveillance among terrorist groups. Terrorists often use various cyber cafes to avoid detection and investigation. They are using remote controlled improvised explosive devices to cause death and destruction. They are communicating with other terrorist groups across the world through the internet. A chargesheet was filed by the Delhi Police against Abu Salem Ansari and others in the year 2002. Mr. Ashok Gupta lodged a complaint stating that a person named Abu Salem Ansari on telephone called him to call on any one of the three numbers mentioned by him, these are as follows: 1. 00971507367248 (roaming), 2. 0060193034859 (roaming) and 3. 00871665341860 (satellite phone) in Dubai. The alleged accused threatened the complainant and his family. His son also received another call from the same mobile phone. Police found that total six mobile phones in Delhi were linked to Abu Salem’s group and other landline phones of Pawan Kumar Mittal @ Raja Bhai and Sajjan Kumar Soni @ Babu Bhai of Chandni Chowk were also found linked to Abu Salem Ansari. Through these phones the accused threatened the complainant, Abu Salem Ansari’s shooter Mr. Ashraf @ Bablu also made possible threats. After this they were trying to change the SIM card of the mobile phone, police traced them with the help of International Mobile Equipment Identity (IMEI) which is unique to a hand set and is transmitted over the air before setting up the call.

55: Information Technology Act 2000, 2006 Amendment Bill and terrorism: Following the United Nations’ Model Law 1997, Computer Fraud and Abuse Act 1986 of the United States, Computer Misuse Act 1990 and Data Protection Act 1984 of the UK, and international conventions and treaties, the Indian Parliament enacted and passed the Information Technology Act 2000, which was amended twice in the year 2006 and 2008, with the aim to regulate the cyber world and develop world standard security measures to prevent and control cyber crimes, but it has not been implemented yet. In India cyber crimes are dealt with under our traditional legal system and we do not have a special court to deal with this case. So far cyber crimes are dealt with as per the Code of Criminal Procedure, Indian Penal Code and Information Technology Act 2000. Though there is provision for Information Technology (Appellate) Tribunal in the Information Technology Act 2000 and Rules were framed accordingly in 2000, these have not been implemented till date. We do not have any law dealing specifically with cyber crimes like Malaysia. However, NASSCOM Chairman Kiran Karnik also expressed his view towards setting up of fast track courts to deal with cyber terrorism. The term ‘cyber crime’ is not defined under the present Act. A possible definition of cyber crime could be: “Human conducts which are prohibited by the State under criminal law and which relate to information technology as a target or tool.” But the definition of crime should also be specific for the specific concept of cyber crime. We can define crime as human conduct, which is prohibited by the State through criminal law.

56: Propensity of terrorists for hacking: Terrorists in India are prone to hacking and defacement of websites. Anti-Indian Crew (AIC), Pakistani Hackers’ Club (PHC), G-Force Pakistan, Pro-Pak Hackers are terrorist groups working with Al Qaeda and Bin Laden. Some of these groups are represented by Dr. Nerukar who hacked the website of Zee News. Dr. Nerukar along with co-accused Mr. Mahesh Mhatre also attacked the website of Indian Cyber Crime Cell in Mumbai and posted objectionable content on that website abusing the police administration. Police arrested him but he was released on bail. After release he repeated the cyber crime commission, i.e. credit card theft affecting many American and other victims, however he was appointed by Mumbai Police and CBI for technical assistance to prevent and control cyber crimes. He was recognized as ethical hackers.

In the year 2001 Mr. Manoj Singhania and Mr. Prakash Yadav of Chhattisgarh were arrested for attempting to hack into the computers of the State Bank of India. They sent e-mails containing Speed.exe file in the name of Microsoft and Vaidesh Sanchar Nigam which had the capability to send e-mails back to the accused with users’ passwords and other information. One of the anti-India messages posted on the Internet was as follows: “…This message is for the innocent people being killed in Jammu Kashmir and do you know what is the reason behind this killing? Piece of land. I will keep distorting and spreading this word all over the world proving my point. How lame Indians are and their network security is even worse!” On 10 January 2001 Mr. R.K. Ragavan, Director of CBI told Info Sec News that many cases of hacking of Indian Internet sites have been found to be linked to Pakistan, but it would be difficult to trace them. In the year 2005, July, there were 635 incidents of breaking into Indian Internet sites. The Pakistani hackers group was founded by Dr. The hacking was done by an Indian hacker named Nerurkar whose real name is Mr. Anand Khare. He said that the aim of the Pakistani hackers group was to hack the injustice happening around the world, especially with [sic] Muslims. In May 2001, the Indian government and e-business sectors raised their voice to take action against anti-India hacking, especially by Pakistani hackers. To achieve this goal the government formed a force on cyber security.

According to former NASSCOM chairman Devang Mehtia, about 635 Indian websites were hacked during the year 2000. Awareness about e-security was very low in India. Companies here were spending only 0.8% of their information technology expenditure annually, while the world average was 5.5%.

57: Encryption of message: In December 2002, an encrypted message was stored by Mr. S. Kundu’s cyber cafe in Kolkata, which contains information about the possibility of a terrorist attack in the city. The cyber cafe owner said that his technician found a computer file. The file name in the D-drive was “<PAKI_ G.BABA0241”. Out of curiosity he opened the file. It contained misspellings of some famous buildings of Kolkata like Ratters Building, Bikash Bhavan, Farakka Bridge, 2nd Hooghly Bridge, along with the possible date and time of the attack. The Kolkata Police was then alerted and no subsequent incidents occurred due to additional security measures.

58: Some of the new tools used by terrorists: New technology is also producing many new weapons, such as E-bombs, high energy radio frequency (HERF) guns, high altitude nuclear explosions, high power microwave bombs, nano-devices, microelectromechanical devices coupled with robotics that give terrorists access to security systems and high radiation explosions that destroy even low earth orbit satellites within a month. These weapons are used by terrorists all over the world. More than 50 websites tell internet users all over the world how to make RDX bombs. Not only this, electronic mail system is a more reliable way for terrorists to communicate; they also have their own websites to express and publish their views. They often use encrypted data to transfer huge amounts of money and data. They use denial of service attacks, sabotage, computer espionage, cryptography and other forms of unauthorized use, misuse and abuse of new multimedia technology. Three school boys disrupted a train from North Bengal to Sealdah on the night of February 26 by making fake calls. They were class XI students of McWilliam High School. They made the calls from their mobile phones while returning home from private tuition in the evening, taking advantage of the unlimited free call offer.

Since it was the last day of the offer, they made 22 calls within an hour, threatening to explode, loot houses, call an MLA’s assistant from Jharkhand who claimed to be an extremist, etc. With the help of people and the MLA’s assistant, the Calcutta Police Control Room at Lalbazar immediately traced the accused. Due to these terror calls, the train was stopped at several destinations and checked, though nothing came to light. The police arrested the boys but said “We questioned the boys for three hours. They had caused the nuisance unintentionally. We have warned them against doing so in future. After that, they were given a free hand on the ground that they were youngsters. However, the school’s headmaster said he would not allow students to carry mobile phones inside the campus”.

59: Ayodhya Terrorist Incident June 2005: On 23 July 2005 Indian police found a mobile phone link of Unani doctor Irfan Khan and Ayodhya terrorist incident. In this connection one of the terrorists was identified as Amin@zuber a person from Dr. Khan’s native village. During this search police also found two terrorists in Akbarpur who had rented a room where police found a torn hand sketch of Ayodhya incident and newspapers of 4 July. On Tuesday, just an hour after the attack on Ayodhya temple, it was revealed through a caller identifying mobile phone system that Ghazi Misbah-ud-Din was the operational head of Kashmir’s largest indigenous terrorist organization. As claimed, the conversation on the mobile phone was as follows “Hello, I am Ghazi. Take note that we have not done this. In fact, we condemn this attack. This is the work of Hindu extremists and right wing political parties. Because, no one has benefited from this attack except them”. It is not only Ghazi who picks up BSNL or Airtel phones, but all terrorists use them for terrorist activities.

Another terrorist in the Kashmir Valley, Al-Nasreen, called a local news agency from his mobile phone to claim responsibility for the May 11 blast in Jawahar Nagar, in which one person was killed and 45 injured. Not only this, a spokesperson of the pro-Pakistan organization said on mobile phone, “By carrying out the car bomb blast, we have exposed the security loopholes in Srinagar and we will continue these activities until India withdraws its troops from Kashmir”. On 11 July 2005, while returning to New Delhi from the G-8 summit, Indian Prime Minister Dr. Manmohan Singh said, “This (London blasts) is a vivid example of the fact that terrorism is a global phenomenon. We have been suffering from this crisis for about 20–25 years. These blasts are a demonstration of the fact that we all have to work together to develop a collective strategy to free the world from this crisis.”

60: Indian links with Al Qaeda: An Al Qaeda-linked group claimed responsibility for the suicide bombing and attempted bombing in London. Al Qaeda-linked suspected terrorist and London blast accused Mohammad Afzal, 29, was sentenced to 7 years rigorous imprisonment by Special Court Judge for Prevention of Terrorist Activities AP Bhangale on 22 July 2005. He was accused of conspiring with his uncle Mubarak Muslim Nizam in Britain to spread terror and destruction by hijacking aircrafts, crashing them at strategic locations in England, Australia and the US. He was also accused of forgery for preparing fake higher secondary mark sheets and certificates of Pune College to get admission in pilot training institutes in Mumbai and abroad. The court therefore directed to take steps to bring his uncle to India. Police seized international credit cards, global roaming mobile phones, passports bearing immigration stamps of several countries from the accused.

British security agencies found that network links between the Pakistani suicide bombers in London and Al Qaeda influenced Haroon Rashid Aswat, the son of Indians who had migrated to Britain in the 1950s. He reportedly made several phone calls to the terrorists. He was arrested in Sargodha, 90 miles from Islamabad. He had left Britain just hours before the 7 July 2005 blasts on the London Tube train and bus network. At the time of his arrest he was armed with explosives and was wearing a belt and had £17,000 in explosives along with a British passport. According to the Federal Bureau of Investigation, he had links with Al Qaeda and once traveled to the United States on an Air India flight to a jihadist training camp in Oregon. He is a cousin of terrorists who died in the 2002 Gujarat riots in India. The London blasts were an example of cyber terrorism in which we can find India’s links with Al Qaeda. Al Qaeda used the Internet and networks to carry out its operations easily and quickly. For example, the al-Qaeda group Abu Hafs al-Masri Brigades has claimed in an internet statement that the train bombings in Madrid in 2004, the internet attack on Istanbul in 2003 were part of their campaign to create the ultimate threat to Iraq, the US, the UK and other countries so that those countries change their policy towards Islam and Muslims. Apart from this, they also gave a deadline on the internet for other countries to stop following the US. Even in September 2005, Osama bin Laden had threatened India through the internet to attack big shopping malls and other places. PTI reported that the date of 15 August 2005 was announced by terrorists through new information technology that there could be a terrorist attack on temples, airports, government places by ‘Jangri’. So the government published a security announcement.

The Red Fort, from where the Prime Minister would deliver a speech, was to be specially secured and the initiative was taken with about 1000 security forces. The government had to ban airlines or helicopters around the Red Fort until the end of the 15 August event and also announced the cancellation of trains to the Red Fort. Bombings, airstrikes and suicide attacks were planned by terrorists from the North East, Lashkar-e-Taiba, Jaish-e-Mohammed, Babbar Khalsa, ULFA and others using new technology. Kolkata, Mumbai, Ahmedabad and other cities in India including metro trains were probably the key places where terror was spread and for which special security forces were appointed.

61: Use of Trojan Horses and Viruses by Terrorists: In the same week, on 16 July 2005, breaking news came in India that a Trojan virus had posted exclusive video footage of a terrorist attack masquerading as CNN newspaper online, with the words “Terror Hits London” and invited recipients to view the video shot attachment. As soon as recipients started downloading the program, it started copying the user system and accessing e-mail servers to send spam and junk mails. Anti-virus companies called it ‘Dawn Bomb’, ‘Spam SPM’, ‘Spexsta’ etc. The spam mails contained the story of the death of Osama Bin Laden or Saddam Hussein and other data. More than 53,000 computers were affected. In June 2005, just a month earlier a Trojan also gave information about the suicide of Michael Jackson and Arnold Schwarzenegger, which infected more than 1000 personal computers. The ‘Don Bomb’ came out just an hour after the 7 July London bombings.

Read Also: