Author: Mayur Shrestha

Student at Presidency University, Bangalore

KEY TAKEAWAYS

• To learn about the meaning specificities of Cyber-Crime in India.
• To understand Identity Theft and what are the common ways to steal private data.
• To know about various means of Data theft like hacking, phishing, and Emal Spoofing.
• To potentially discover a recourse towards developing stringent laws for protection of general parlance from Cyber Crime.
• To know how to file a Cyber Complain online and register your complaint with regards to cyber fraud or other types of financial frauds.

INTRODUCTION

Living in a modern society where each and everybody is profiled as a prerequisite for everyone that lives in the society, needs to administer personal information and details of themselves to the authorities so that they can be verified to avail benefits of residing in that society, however in doing so people sign up for providing the requisite information, that sequentially empowers the authorities and there occurs second-hand trading of their personal information, which results in increase in risk of using that personal data for malicious and illegitimate use and purposes.

Personal information linked to the individual consisting of various personal information regarding the individual’s date/place of birth, religion, social media presence, and whereabouts including IP addresses of their electronic devices can be procured easily and can be used to trace the person or even use it for harming the person maliciously. The dissemination of personal data to the wrong person or a criminal can be used to blackmail, defame, and damage the person physically this can have a detrimental impact on the concerned person be it psychologically as well as economically.

This article aims to study the types of cybercrime, the use of technology especially AI, who are the victims of the same and how can it be prevented along with how to file a cyber crime complaint in case of a cyber injury.

MEANING/DEFINITION OF CYBERCRIME

Cybercrime refers to criminal activities carried out using computers, networks, or digital devices. These crimes can include hacking, identity theft, online fraud, cyberbullying, malware distribution, etc.

Cybercrime at its core is a digital manifestation of traditional criminal activities, encompassing a range of illegal actions using computer networks, digital devices or these modern crimes transcend geographical boundaries, operating on computers so the thick fabric Starting from shams it encompasses a multifaceted array of crimes from unsuspecting individuals used for nefarious purposes.

At its core, cybercrime is a collection of illegal activities that exploit digital systems and their internal networks Hacking that affects unauthorized computer systems or networks with the intent to gain access, manipulate, or remove sensitive information stands as a prime example of fraudulent misuse of your personal information for other malicious purposes or purposes and it happens, and causes victims if they do not think or behave cautiously.

WHAT IS IDENTITY THEFT

Identity theft occurs when someone intentionally steals your personal information and utilises that information without your permission for his own benefit resulting in wrongful loss to your, Personal information such as name, national ID number, credit card information is considered to be very sensitive and integral to an Individual but with advance in tech, 21st century is experiencing its biggest crises in the form of hacking, phishing, identity theft and most important of all “Data Breaches”.

There several ways in which these forms of Identity thefts take place and each of them usually affect peoples on a different scale, because sometimes data and ID theft takes place on a massive scale affecting users on large scales and in numbers greater than thousands, these massive breaches usually occur in places where a significant amount of personal information and data is stored in places such as public welfare offices, social media servers, corporate office, and Banks. Here, we can clearly observe that not only private individuals are at risk of their data being stolen for malicious and fraudulent purposes but huge corporate offices and data storage centres are also susceptible to breaches and theft of public data.

Identity theft is a punishable offence in India, under Section 66C of The Information Technology Act 2000 (IT Act) provides for punishment for identity theft as; “whoever, fraudulently or dishonestly make use of the electronic signature, password or any other unique identification feature of any other person, shall be punished with imprisonment or either description for a term which may extend to three years and shall also be liable to fine which may extend to rupees one lakh.”

But here comes the most and challenging part, to trace the wrong doer or the person on the other end of the line, who committed the offences? Is a question that possesses a lot ambiguity, since these crimes are committed from a remote location not within the reach of a layman and even from a different country or a continent, these thefts can take place anywhere in the world where data is present in electronic form and is accessed by peoples. Most importantly how do these Identity thefts take place and how they are used by perpetrators to gain wrongfully from people’s personal data.

HOW DOES IDENTITY THEFT HAPPEN? AND WHAT ARE THE MOST COMMON WAYS TO STEAL PRIVATE DATA.

Identity theft occurs when an unauthorized party uses your personally identifying information, such as your name, address, SSN numbers, credit/debit card information, and bank account information to assume your identity to commit fraud or other criminal acts. Basically, perpetrators dig into spam and trash folders of an organization’s mail or servers to obtain sensitive data pertaining to private users to use for personal gain. Here, are the three most common sought methods to commit data breaches and data theft in India:

DATA BREACHES

This is the most popular term used everywhere relating to data breaches in social media giants like, Facebook, Byte Dance, and Google; Basically, a Data breach takes place when someone gains access to an organization’s data without authorization, the most common type of information that is procured in data breaches is – Full names, social security numbers, National id numbers, and credit card numbers. These types of information are very sensitive for a private individual and create a liability on the part of the organization to keep data taken consensually by people secure from any sort of data breaches. In India there has been a 37% increase in data breach cases as compared to the first quarter of 2019, the minimum total cost of leaks in India reached Up to Rupees 14 crore in 2020-21.

Unfortunately, in India we do not have laws that specifically address cases of Data Breach, or leakage of Private data, the only reference to codified law existing today is Section 63B of the Indian Copyright ACT 1957 provides “that any person who knowingly makes use on a computer of an infringing copy of computer program shall be punishable for a minimum period of six months and a maximum of three years in prison”.

PHISHING AND HACKING

Phishing is a cybercrime in which a target or targets are contacted by email, telephone, or text messages by someone posing as a legitimate institution to provide sensitive data such as personally identifiable information, banking, and credit card details, and even passwords.8 It is the most identifiable and best-sought method to commit data theft in India as it is usually done by small organizations with the help of remote proctors and administrator which supplies necessities to these small groups to commit data thefts by making fraudulent phone calls and sending text messages and emails to targeted groups in order to get sensitive personal information that will be used in order to gain wrongfully either by selling the gathered data or by using it for his own benefit. Phishing is an internet-age crime, and it is born out of technological advances in the age of the internet. It is a newer form of social engineering, and it has become a rampant practice in these times.

The term “Phishing” is recognized worldwide as it is also recognized by the Oxford English Dictionary by adding it to their yearly publications; According to the American Bankers Association, “Phishing attacks use ‘Spoofed’ e-mails and fraudulent websites designed to fool the recipient into divulging personal financial data such as account usernames, credit/debit card details and passwords. These practices in the preliminary steps involve hacking the trusted brands of well-known banks, online retailers, and credit card companies and on the pretext of being a representative of these brands, online retailers and credit card companies’ perpetrators and cons can convince the recipient and innocent consumers to pay them a significant amount of money or even sensitive information.

There are major factors that have led to the increase in cases of ‘Phishing’ and ‘Theft’ and there are several factors behind the recent spurt in Phishing attacks worldwide especially in India: because there is –

1. lack of awareness amongst the majority, the holders of personal data are unaware of the fact is that their personal data is being actively targeted by the perpetrators and is prone to data theft because they do not take proper precautions when they use online services and leave their personal data unprotected or compromised for other to use or take unfair advantage out of it.
2. Unawareness of policies framed by Public and Banking institutions and procedures for contacting customers, particularly for issues relating to account maintenance and fraud investigations, these basic unawareness leads to the data being more susceptible to Phishing scams.
3. Technical unawareness or technical sophistication, since we cannot expect a layman to be well-equipped with technical jargon such as DDoS10, URL obfuscation, and Scripted Websites, so the average person is more prone to fall for providing details to Hostile banking sites and fake phishing websites/pages which appears legitimate by looking but are not in actuality they are coded in such a way to disillusion the customer or a private individual to trust and provide sensitive information to these fake sites.
4. But thankfully, phishing is a cyber-crime, under the provisions of the Information Technology Act, 2000; Section 66 of the IT Act, 2000: “The account of the victim is compromised by the phisher which is not possible unless & until the fraudster affects some changes by way of deletion or alteration of information/data electronically in the account of the victim residing in the bank server.” Thus, this act is appropriately covered and punishable u/s 66 IT Act. Also, other sub-sections of the Information Technology Act cover minor details such as – 66(C) – relating to phishing by the means of E-mail, 66(A) – relating to fake links of the bank used to deceive and mislead the recipient, and finally, 66(D) – relating to fake links of the websites cross-scripted to under the pretext of being an authentic website for a bank or an organization.

WIFI HACKING AND MALWARE ACTIVITY

There are several possibilities that the network you are connected to right now is being sniffed or being eavesdropped on by a hacker, there are several ways in which a hacker or a perpetrator can gain access to your device IP (Internet Protocol) address and infiltrate connected devices to steal data. This method of stealing data is called “sniffing,” this method allows a hacker to hijack any packet of data that is being used to transmit data between a device and a router/broadband.

Supposedly you are using your phone/Pc on a public or a private network, such as – airports, coffee shops, train stations or even your own router at home, Wi-Fi hackers may be able to “eavesdrop” on your connection very easily if it is not protected advanced forms of protection such as – Ipv6 or Ipv4. This means that if you type in a password, bank account details or credit card number, SSN numbers or anything else that is personal to you and it is private data, and eavesdropper can easily get hold of your data and intercept it to use it for their own purposes.

The next important method is called “Malware and viruses,” these are malicious programs such as worms, Trojan horses, and spyware, that performs a variety of functions such as stealing, encrypting, and deleting sensitive data, these viruses can also alter or hijacking core computing functions and can also monitor user’s online presence and behaviors by being completely hidden in small scripted word documents and mainly in the form of software’s. However, Section 65, of the Information Technology Act, of 2000 it explicitly states that –

“A person who intentionally conceals, destroys or alters any computer source code (such as programs, computer commands, design, and layout), when it is required to be maintained by laws commits an offense and can be punished with 3 years of imprisonment or a fine of 2 lakhs INR or both”. Under Section 65 of the IT Act, 2000 a person could be made liable for hacking into your computer by the means of malicious software and applications, but since Cyber Crime has become a common occurrence there are many ways in which we can become a victim of illegal cyber activities, and the IT Act, 2000 which is the only law in India to protect recipients and consumers from various ambit of cyber crimes committed in the world of information and data, as it is highly inadequate and insufficient to protect peoples private data in case of a Cyber Crime is archaic in nature as it is not only outdated but also is insufficient to cover the various ambit of cyber-crimes committed in the world of Information and data, as it highly inadequate and insufficient to protect peoples private data in case of cybercrime. Such as in India we do not have laws that specifically address cases of Data Breach, or leakage of Private data so if someone’s data gets leaked to a non-authorized person or entity, he or she does not have any sort of recourse or laws to help retrieve his or her leaked data.

RECOURSE TOWARDS DEVELOPING A STRINGENT LAW TO PROTECT PUBLIC INTEREST

There are multiple ways in which an accused can get bailed out in cases of Phishing and data theft; The Information Technology Act,2000 makes its penal provisions under Chapter XI of the act and further, Section 81 of the IT Act, 2000 contains a non-obstante (overruling effect over that particular provision either in that same act only, or any other act as mentioned in the non-obstante clause16) “the provisions of this act shall have effect notwithstanding anything inconsistent therewith contained in any other law for the time being in force”.

The non-obstante clause gives an overriding effect to the provisions of the IT Act over the other Acts including the Indian Penal Code. The aforesaid provisions of the IT Act, 2000 which is made bailable by the virtue of Section 77B IT Act intentionally in view of the fact that there is always an identity conflict as to the correct or accurate identity of the person behind the alleged phishing and data theft scam, because of the identity conflict and possible misuse of the identity of a person by the perpetrators to commit data theft as there always exists series of questions relating to the actual identity of the wrongdoer and existing penal and IT Act is not capable of ascertaining the correct identity of the accused so, therefore, the offense is made bailable.

This is a serious question in contention whether we can properly identify the actual wrongdoers and simultaneously give adequate punishments to them for the offences of Phishing and data theft and is present Information Technology Act is sufficient for the everevolving and growing world of Information science and Technology.

Therefore, we should develop and adopt different models and laws from other countries such as the United States and the European Union (EU).

CRITICAL AND COMPARATIVE AND ANALYSIS OF CYBER LAW ACROSS THE GLOBE( THE EU AND US)

In the US, there exist vertically focused data federal privacy laws for finance (GLBA), Children’s data (COPPA), as well as state privacy laws including the California Consumer Privacy Act (CCPA) these are the most significant types of laws present in the US to deal with a wide variety of Data protection against theft and breaches18 but in the US there exists no Federal level privacy law as in EU’s General Data Protection Regulation (GDPR). Data protection laws in the US are consumer-oriented held by private entities and vary from state to state; There are three major Data laws in the states of California, Nevada, and Virginia that have comprehensive data protection laws and have several other provisions such as (i) right to access and (ii) delete personal information.

Similarly, in the EU there exists the EU General Data Protection Regulation (GDPR), which governs how personal data of individuals in the EU may be processed and transferred; It strictly monitors how sensitive data of private individuals is being transported and shared and offers wide ambit of protection to private data and is very stringent in proctoring and managing the use of personal to avoid data breaches. The GDPR is a comprehensive privacy legislation that applies across various sectors and to companies of all sizes.

However, India’s approach to cybercrime is not impossible. The establishment of specialized agencies such as the Cybercrime Fund and the National Cybercrime Reporting Portal underscore the government’s relentless commitment to tackling digital threats. Moreover, recent legislative amendments such as the Information Technology (Intermediary Guidelines and Code of Digital Media Policy) Rules, 2021 indicate a proactive stance on online forum regulation and mitigation of emerging cyber risks.

Moreover, in India, the initial efforts of cyber-craft are bound by infrastructure and information, and although introducing the Budapest agreements has been advanced to provide international cooperation of cybercrime such as multi-lateral treaties, which further posits challenges and effort from the government, industry, and society’s stakeholders.

HOW TO FILE CYBER CRIME COMPLAINT (IN INDIA)

The Victims of cyber-crime can file complaints through the National Cyber Crime Reporting Portal, (https://cybercrime.gov.in/), which serves as a centralized platform for reporting cyber incidents and seeking assistance from law enforcement agencies The porta provides step-by-step guidance on how to file a complaint, including the necessary information and evidence required to initiate an investigation, additionally, the victims in this instance can seek legal assistance from cyber-crime experts, advocacy groups, or legal aid organizations to navigate the complaint filing process and pursue legal remedies against perpetrators.

Now, let’s see how to file a Cyber Complaint in Real-time basis –

HOW TO REPORT A COMPLAINT –

• Firstly, report other cyber-crime, if you want to report an online cybercrime opt for the “Report Other Cyber Crime” option if you have been a victim of online malfeasance. This includes a spectrum of offenses such as online financial scams, social media misdemeanors, hacking endeavors, cryptocurrency looters, deceptive online job offers, matrimonial fraud also a host of other cyber transgressions.

• Secondly, begin the process, kindly Provide your mobile number to start the registration process. The one-time password (OTP) will be sent to your mobile device temporarily, acting as a verification code. This OTP is valid for 30 minutes. If you register your mobile number correctly on our secure portal, you will be given access to submit a complaint. This includes completing mandatory fields for login validation:

1. Enter your name in the specified field.
2. Give me your mobile number.
3. Click “Get OTP” to purchase a One Time Password.
4. Enter the OTP received on your mobile device.
5. Provide security answers for authentication.
6. Complete your submission by clicking on the “Submit” button.

Rest assured that your information is protected throughout the reporting process and treated with the utmost confidentiality.

• Thirdly, mention under the incidents tab i.e. what kind of complaint you want to register.? There exists a menu from which you can select 8 to 10 options and select whichever deems fit to your case. It could be an Online or social media scam or a financial fraud.

• Fourthly, you will have to provide a brief detail of the incident like you have to
• Identify the likely “date and time” of the event (required).
• Explain the reason for the delay in the reporting time.  
• “Where did the incident happen?” After selecting from the drop-down menu. Options include social media platforms (such as Facebook, Twitter, and Instagram), messaging platforms (such as WhatsApp, and Hike), email, websites, URLs, and other resources (optional).
• Provide an email ID (optional), unless “Others” is selected, in which case you do not need to use an email ID. (Note: Please refer to Annex B Support, Section 10, for outdistance in placing the evidence).
• Upload any evidence you have, with a maximum allowable limit of 5 MB (mandatory).
• Include any additional information about the incident that you think should be included in the complaint and could help with the investigation (mandatory).
• Click “Save and Next” to continue.

Completing these fields correctly ensures a complete report, and makes our inspection process very simple.

• Fifthly, if you have information about the suspect, please provide their details to investigate the matter: Fill in the “suspicious information” section:

1. Enter a “Suspect Name” (click “Add More” if there are multiple suspects).
2. Select the type of identification from the drop-down menu (e.g., driving license, email, government-issued card, mobile number, PAN card, electoral card, and others), then click “Add” to add details.
3. Upload any available photos of the suspect.
4. You can also upload the suspect’s address if you have any details about it.

• Sixthly, you must provide details about yourself such as:

1. You must provide your Bio-data.
2. The present relation with the suspect.
3. Your official Email ID along with;
4. National ID (such as Votes, Aadhar or DL).
5. Also, your residential details with your correspondence and permanent address.

• Lastly, you have previewed the columns and see whether all the information you have provided is correct and to the best of your knowledge, and then agree to all the terms & conditions, then click on the confirm and submit.

CONCLUSION

Cybercrime poses a serious threat to India’s digital economy, national security, and social well-being. Meeting this challenge requires a concerted effort by government officials, regulators, private companies, and individual citizens. By implementing strong cyber security policies, enacting appropriate laws, and creating awareness, India can effectively protect itself against cyber threats and promote a secure digital environment for everyone.

The only way forward Is through modifications of the old laws and the introduction of newer and stringent ones to deal with a wide variety of crimes committed digitally, this modification can only be developed through the trial-and-error method by studying data and protection laws of other countries and taking adequate steps to involve some creative parts of it in Indian judiciary’s mechanism to deal with crimes related to IT and personal data.

To protect the personal data and identity of a private individual should be of genuine priority because the majority of individuals have a significant amount of online presence, especially in this digitalized world, it is imperative for the government to ensure the data safety of individuals and provide appropriate legal redressal forum in cases of data theft and breach.