No specific definition of cyber-crime is provided under any Act. However, in general, it refers to the crimes done with the help of computer or internet. Thus, it is specifically concerned with the crimes committed in the Cyberworld.
The unusual character of cybercrimes is that the offender and the victim might never come into contact with each other. Cyber Criminals often try to work from the countries which have weak or no cyber laws to avoid detention and prosecution.
Types of Cyber Crimes
Cybercrime can be categorized under two broad heads:
- Crime against People
- Crimes against Property
- Crime against Government
1. Cybercrimes against People
Cybercrimes committed against people include various crimes like email-spoofing, Phishing, Cyberstalking, Cyber Bullying, Voyeurism, Credit Card Skimming, Data Theft in Cyberspace, Cyber Pornography, etc.
These crimes are discussed in detail below:
(I) Email Spoofing
The word spoofing means falsify. When a person alters an email in such a way that it seems to the receiver as if it were written by someone else then such an alteration in the email is termed as email spoofing. Generally, it is the name of the sender, recipient and the body of the email which is changed, so that the recipient of the email believes that it is sent from a legitimate source like the bank, an educational institution or a company the recipient deals with. However, sometimes the IP address may also be changed, this is known as IP Spoofing. This is done to hide the true identity and location before committing cyber crimes. Cybercriminals use the proxy servers based abroad which allow the criminal to reflect false location from which the act was committed.
For Example, Ram has an email ID firstname.lastname@example.org. Shyam uses his ID so that he can derogate his image. He sent obscene messages to Shyam’s business partners. Since it seems that the message was originated from Ram, his friends could be offended and this might ruin their relationship and their business partnership as well.
Phishing is a cybercrime in which the cybercriminals extract personal sensitive information from the victims such as credit card details or net banking details. These cybercriminals make unauthorized debits to the account of victims. Cybercriminals deliberately create phishing websites in order to access personal information. Victims often land on such pages by spam emails, popup window, and phishing messages.
(III) ‘Smishing’ and ‘Vishing’
‘Smishing’ and ‘Vishing’ are two hybrids versions of ‘Phishing’.
Smishing: In Smishing the cybercriminals use text messages to extract the personal information of the victims. Cybercriminals often use social engineering techniques to lure victims to extract sensitive information. These cybercriminals often instruct the victims to go on a link or make a phone call to a specific number. They ask for an urgent action to avoid any loss or take advantage of the offer and this finally leads to stealing of the information.
Vishing: Vishing is the combination of two words “Voice” and “Phishing”. In Vishing the cybercriminals use Voice over Internet Protocol (VOIP) or make phone calls to extract the information. Vishers often create fake Caller ID or profiles so that they may seem legitimate.
The illegally extracted information from victims can be used by these cybercriminals to purchase unauthorised goods, make debts to the victim’s account or transfer funds from the victim’s account to some fake account.
(IV) Cyber Stalking
‘Stalking’ in general means harassing, threatening or intimidating someone by following him/her with an intention to harass or cause inconvenience to such person. When the stalkers use the Internet or any other electronic device to stalk someone then it is known as Cyberstalking. Cyber harassment and Cyber abuse are often used synonymously to Cyberstalking. With the advancement in technology people nowadays can easily conceal their identity and send harassing or threatening messages. The stalker may send obscene content such as nudes, semi-nudes or create a fake profile, website or webpage in the name of the victim, thereby, exhibiting false or personally sensitive information about the victim.
Sometimes a person may stalk someone for some other reasons as well such as kidnapping, wrongful financial gains, and sometimes even murder.
Difference between Offline Stalking and Cyber Stalking
|Basis||Offline Stalking||Cyber Stalking|
|Relationship between Victim and Stalker||There is a direct physical relationship between the victim and the Stalker||Generally, there is no direct relationship between the victim and the Stalker|
|Identity of Stalker||There is clear identification of stalker as he is known to the victim||No clear identity of the stalker as he can easily conceal his identity|
|Threat||Direct physical threat||Indirect threat. A person may post nude or semi-nude photos or use obscene language to harass someone.|
|Enforcement of Law||Enforcement of the law is easier||Enforcement of law may sometimes become difficult and may require extradition|
Kinds of Cyber Stalking
- Email Stalking
- Internet Stalking
- Computer Stalking
Email Stalking involves telephoning, sending mail and actual surveillance. Unsolicited email is one of the most common forms of harassment which includes hate, obscene or threatening emails.
It involves spending rumours about the victim on the web or tracking the activities of the victim. In this case, the stalker takes on a public platform rather than stalking privately. Generally, the aim of Internet stalking is to slander the victim. The victim may never know that he is being watched by the stalker.
In this case, the stalker hacks the computer of a victim and takes control of it. This form of stalking requires a high level of computer knowledge, however, the instructions are easily available online for the same. The stalker is able to control the actions of the victim whenever the victim connects his computer to the internet.
Right to Privacy v. Freedom of Speech and Expression
Every person has both the rights i.e. Right to privacy and Freedom of Speech and Expression provided that his right does not infringe the rights of others. There are certain limitations upon the rights provided by the Constitution. A person can exercise his Freedom of Speech and Expression as long as he does not exceed his prescribed boundaries. Hence, a person has the right to observe and share the things he likes but his right should not infringe on someone’s right to privacy.
(V) Cyber Bullying
The term cyberbullying denotes an act or series of acts which are directed to harass a person psychologically. Social media has become a platform to interact with people and share information. People often end up sharing personal information to strangers. The strangers can use such information and bully or harass a person by making unwarranted comments.
Trolling is the most common form of cyberbullying where people troll an individual or a community on a public platform. There may be various reasons for which a person may troll others like they may be depressed, attention starved, angry with the person or jealous for some reason. People sometimes troll by making fake profiles.
The term “Voyeur” denotes a person who obtains sexual gratification by observing others when they undress. Voyeurism has surfaced with the advent of the Internet and advancement in technology.
Voyeurism is the act of a person where he watches, distributes or captures the image of a person without his/her permission for the sake of sexual gratification. A camera may be placed in the changing room or public toilets where a person expects a reasonable degree of privacy. Voyeurism is an act which is against both the privacy and dignity of a person.
Cybercriminals often post such videos over the internet which results in disgracing the dignity of the person.
(VII) Credit Card Skimming
The victims of credit card skimming find fraudulent withdrawal of money and charges on their account. It is surprising to note that all this happens while the victim is in possession of the credit card.
It is a type of credit card theft where crooks often use a small device to steal the credit card information which includes credit card number, the expiry date of the card, full name of the cardholder, etc. The information is stolen with the help of a small device called a “skimmer”, when a person swipes his credit card on the skimmer then all his data which was stored in the card’s magnetic strip is captured by the skimmer. Thieves use this information to make fraudulent transactions and to withdraw the money.
Once the information is stolen, the thief can make a cloned credit card to make a number of transactions. Victims of credit card skimming are often unaware of the theft. Thieves can also place a hidden camera to steal the PIN of the ATM card.
(VIII) Data Theft in Cyberspace
Data theft has become a menace in the present world of technology. Data theft refers to the copying of some valuable information of an individual or an organisation without their consent for the same. Data is the most important asset in the present time. Big firms store a large amount of data on their computer and thus, data security becomes really important for them.
IT companies spend a huge amount to collect the data from various sources, therefore, they are under continuous threat and needs to be extra careful to preserve the data. Once the data is leaked in the market it may harm the reputation of the company and may also cause monetary damage to the company because their profits primarily depend upon the data security.
(IX) Cyber Pornography
In simple words, Cyber Pornography means an act of using cyberspace for sharing, viewing, publishing or downloading pornography. Cyber Pornography is illegal in some countries while legal in others. In India, watching porn is not illegal and one cannot be prosecuted for watching porn.
In the year 2005, the Department of Technology (DoT) banned as many as 857 sites to curb cybercrime. However, it received opposition from authorities and thus, banned only the websites that promoted child pornography.
Government has now decided to ban as many as 827 websites that contain pornographic content following the order of Uttarakhand High Court. Many telecom operators like Airtel and Jio have banned porn websites. However, it must be noted that people are resorting to various tricks like VPN, DNS server change or downloading a recent version of Opera browser which has inbuilt VPN, to access such blocked websites.
An important question that arises, in this case, is that can a person be prosecuted for accessing banned sites? The answer to the question is both Yes and No. If a person accesses a site which contains child pornographic content then he can be prosecuted for the same, in this case, it does not matter whether the site was blocked or not. However, if a person accesses the site which does not contain child pornographic content then it is not illegal to watch such content and he can not be prosecuted for the same.
Child pornography means to depict a child or a minor to engage in sexual activity or sexual content. It includes the possession and distribution of videos, pictures, and computer-generated content related to child pornography. However, if a person uses an image for education or scientific purpose then the same does not come under child pornography. For example, using the image of a child to explain the anatomy of a child.
A conviction for child pornography requires that a person should intentionally possess the content. If the person unintentionally or unknowingly possesses some content related to child pornography then he can not be convicted for the same. Since it is an online crime, it becomes quite difficult to ascertain the intention of a person, therefore, the deciding factor for the intention is the number of times a person has visited an illegal site. Say for example, if a person has visited an illegal site a number of times and downloaded hundreds of videos and pictures then, the intention of a person can be inferred from it, which shows that a person was not in possession of the content by mistake.
2. Cybercrimes against Property
Some cybercrimes occur against the property, such as a computer or server of the victim. Crimes covered under this head are, Software piracy, Cyber Squatting, Copyright Infringement, Internet time theft, Plagiarism, Identity theft, Hacking, Denial of Service Attack (DoS).
All these cybercrimes are discussed below:
(I) Software Piracy
It refers to the unauthorised copying of software. A person who buys a software becomes a licensee and only the buyer is authorised to use the software i.e. he is not authorised to share the software with his friends. A buyer of the software does not become an owner but is only a licensee. He can only use its copy for backup purpose and not for the purpose of distributing it.
Types of Software Piracy
Softlifting: This is the most common type of software piracy. It means to share software with someone who is not authorised to use it. For example, a person buys a single copy of the software and then gives it to his colleagues. Here, the colleagues were not authorised to use the software according to the license agreement and thus violated the agreement.
Hard-disk loading: This form of piracy is often committed by the hard disk providers. To make the deal more attractive the seller often loads an unauthorized copy of the software onto the computer being sold to the end user.
Renting: A person may rent the software for temporary use without the permission of the copyright holder.
Counterfeiting: Sometimes the fake copies of the software which often seems to be authentic is sold in the market. These fake copies are made with the help of CD burner and are sold much below the market price of the software. These fake copies are often sold at the street corners but are sometimes sold by the retailers as well.
Online Piracy: Currently there are numerous sites on the internet which allows the users to download the software from their site. Online piracy is the fastest growing form of Software piracy.
(II) Cyber Squatting or Domain Squatting
A Domain name is nothing but a web address by which the internet users can have access to a particular website, for example, www.goggle.com or www.yahoo.com. A domain name can be a combination of numbers and letters.
Every website has a unique domain name. No two websites can have the same domain name.
Cybersquatting refers to the registration of names, especially of well-known companies or brands, as Internet domain with an intention to earn profit by reselling the domain.
Cybersquatting is a crime against Intellectual Property. Sometimes cybersquatters register a name which is identical or confusingly similar to some other domain name. This is done to divert the traffic and receive profit. This practice of registering the domain name is known as Cybersquatting or Domain Squatting.
Yahoo Inc. v Akash Arora & Anr.
Facts: The plaintiff filed a lawsuit against the defendant for permanent injunction thereby restricting the defendant from carrying any business under the domain name “yahooindia.com”. The plaintiff’s contended that Yahoo was their well-known trademark and thus, it can not be used by anyone else. Defendant, on the other hand, contended that the Plaintiff’s domain name was not registered at that time in India and thus, the plaintiff can not bring an action against the defendant.
Held: The court held in favour of the Plaintiff and granted a permanent injunction against the defendant.
(IV) Copyright Infringement through Internet
Copyright is the set of rights granted to the creator or producer of an original work of authorship such as literary works, artistic works, music or cinematography. This right provides the owner or the producer to have control over his intellectual property. The primary motive behind providing the copyright was to reward the creator for his work. It was believed that providing rights to the creators over their property will promote them to work for the development of science and useful arts.
However, technological advancement has posed a threat to copyright. People can now easily copy and transfer the copyrighted data. The Internet has posed a threat to the person’s right to control over his intellectual property. Internet subscribes often misuse the copyrighted material thereby causing huge monetary losses to the creators.
(V) Internet time theft or Bandwidth theft
Internet time theft is a crime where an unauthorised person uses an Internet connection of the victim. This is usually done by getting the internet account details of the victim such as a username and password. A person may sometimes knowingly share his password with someone for a time period.
Wi-fi has made the problem more prevalent. The problem is more serious where the user keeps his network open rather than setting a strong password for the same. This may sometimes lead to serious consequences and get the victim into unwarranted trouble. An unauthorised person may use the Internet for illegal purposes and under such circumstances, it is the IP address of the owner or victim which will be found in the activity log and it could become quite difficult to prove his innocence in such cases.
Plagiarism refers to copying someone’s words or work without citing their work. With the popularity of the internet, people can get access to a number of articles and research papers with just a click. This has resulted in an increase in the number of cases related to plagiarism. Plagiarism is a serious offence related to the intellectual property of a person. Sometimes the plagiarism may be accidental. Plagiarism may ruin the career of a professional or may lead to expulsion. It is important to acknowledge the person when you use someone’s work. Changing a few words of a sentence also amounts to plagiarism.
Types of Plagiarism
1. Paraphrasing Plagiarism
When a person rephrases someone’s idea in one’s own words without citing the source then such rephrasing amounts to plagiarism. It is important to note that rephrasing in itself is not plagiarism as long as one cites the source from where he took the idea.
2. Mosaic Plagiarism:
This type of plagiarism is also known as Patchwork plagiarism. In this case, a person uses various sources in a single text while keeping the structure of the document the same.
3. Copy and Paste Plagiarism
When a person copies the text in his work without rephrasing the most of the part of the text then it is known as Verbatim plagiarism or Copy and Paste Plagiarism. When someone copies such text then it is important that he quotes the text copied by him and provide the internal citation for the same.
4. Incorrect Citation
If a person inappropriately cites the source then it amounts the plagiarism. To avoid such type of plagiarism it is important to follow a uniform citation format.
A person’s research paper may have been published at someplace and if he uses some part of it in some other research paper then it also amounts to plagiarism. Some institutions prescribe the limit for plagiarism. It is important to note that in self-plagiarism the work from where a person has copied should be published. If the work is not published then it doesn’t amount to plagiarism.
6. Global Plagiarism
When the article is written by someone else, for example, a friend or colleague and is not the original idea of the person on whose name the article has been submitted then it is known as global plagiarism.
(VII) Identity theft
When a cybercriminal gains access to someone’s personal information (name, address, date of birth or bank account details) for stealing the money or for other gains then it is termed as Identity theft. Sometimes a person may think that a thief has very little information about him but the thief may be clever enough to access other important information with the help of such trivial information. He may be able to get the information about the victim by various means like social media, hacking the victim’s computer or phishing.
Cybercriminals may use such information to get access to the victim’s bank account or they may create fake documents in the victim’s name or use the victim’s personal information to get an original document but with a photograph of some different person. Cybercriminals may claim the government benefits or file for the Income-tax return in the name of the victim. Sometimes these criminals may also plan some criminal activity in the victim’s name.
(VIII) Cyber Hacking
Before discussing Cyber Hacking it is important to discuss two important terms i.e. hackers and crackers. These terms are often used interchangeably but they have different meanings altogether.
Hackers: Hackers are the programmers who work legitimately for the government. They help government agencies to track the criminal details, provide electronic evidence. They also help the government in protecting the data of national importance. To sum up, hackers are the programmers who use their skills constructively and positively.
Crackers: A cracker is a person who breaks into someone else’s computer system. They may be expert in breaking the passwords and often intentionally breaches computer security. The crackers are basically the cybercriminals who commits the crime maliciously either for some monetary benefit or some other cause.
Cracking refers to “illegal access”. Cyber cracking rather than cyber hacking is cybercrime. Even big companies face trouble while dealing with crackers. Hackers are appointed to deplore the Crackers.
(IX) Denial of Service Attack (DoS)
Denial of service attack is an attack on computer networking which disables a server from serving its clients. This can be done by flooding the server with traffic or sending requests to the server with an invalid or spoofed IP address.
Types of Denial of Service Attack
(a) Ping of Death
It means that an attacker sends oversized ping packets to the server in order to crash it. The maximum limit that a server can handle is 65,536 bytes, when an attacker sends data limits exceeding the maximum limit that a server can handle then it results in server freezing or crashing due to which the server cannot serve its clients.
(b) TCP SYN Flood Attack
TCP SYN flood attack or half-open attack aims to make the server unavailable for the legitimate user by sending SYN packets often by using a fake IP address to the server. The SYN packets are sent to every port, the attacker sends connection requests faster than the targeted machine can respond, making the server unresponsive.
(c) Application layer attacks
Application layer attack or Layer 7 attack is a type of DDoS attack which is designed to attack the “top layer” in the OSI model. As the name suggests the Application layer attacks, attacks the application layer itself. These attacks are more difficult to detect.
The phlashing attacks or permanent denial of service attacks are designed to target the network devices so that the hardware needs to be replaced.
3. Cybercrimes against Government
Cyber terrorism is an example of cybercrime against the government.
(I) Cyber Terrorism
Cyber Terrorism means using cyberspace to disrupt the integrity and sovereignty of the nation.
Modes of Cyber Terrorism
Cyber terrorism can be committed in the following ways:
- Hacking the computer system of the targeted country government and appropriating the sensitive information of national importance.
- Destructing the entire database along with the backup belonging to the government by introducing virus in the software.
- Temporarily causing disturbances in the computer network of the government.
- Distributed Denial of Service Attack (DDoS)
 Animesh Sarmah et al, A brief study on Cyber Crime and Cyber Law’s of India ,04 IRJET 1633, 1633(2017).
 Kunal Pandove et al, Email Spoofing, 5 IJCA 27, 27(2010).
 Dr.Radha Damodaram, STUDY ON PHISHING ATTACKS AND ANTI PHISHING TOOLS, 03 IRJET 700, 700(2016).
 Ezer Osei Yeboah-Boateng & Priscilla Mateko Amanor, Phishing, SMiShing & Vishing: An Assessment of Threats against Mobile Devices, 5 JETCIS 297, 297(2014).
 G. Ollmann, “Understanding X-morphic Exploitation,” 2007.
 Phishing, SMiShing & Vishing: An Assessment of Threats against Mobile Devices (supra), 300.
 H. M. Shambhavee, Cyber-Stalking: Threat to People or Bane to Technology, 3 IJTSRD 350, 351(2019).
 Pittaro, Michael. (2007), Cyber stalking: An Analysis of Online Harassment and Intimidation. 1.10.5281/zenodo.18794.
 Mr. Ankush Bhadoriya, Child Pornography:- National And Global Prespective, A Menace. http://www.manupatrafast.com/articles/PopOpenArticle.aspx?ID=867f45cd-7a2e-4369-a966-f4b4898c38be&txtsearch=Source:%20www.mightylaws.in
 Ishwor Khadka, Software piracy: A study of causes, effects and preventive measures, https://www.theseus.fi/bitstream/handle/10024/87274/Khadka_Ishwor.pdf?sequence=1
 Id., Pg 4.
 Id., Pg 4
 Id., Pg 5.
 Id., Pg 4.
 Id., Pg 4.
 Zohaib Hasan Khan et al., Cybersquatting and its Effectual Position in India, 6 IJSER, 880, 880(2015).
 1999 IIAD Delhi 229.
 Copyright Act, 1957, Section 13.
 Anjaneya Reddy N M & Lalitha Aswath, Understanding Copyright Laws: Infringement, Protection and Exceptions, 2 IJRLS 48, 49 (2016).
 Deepansh Kumar et al., TOWARDS THE IMPACT OF HACKING ON CYBER SECURITY, https://www.researchgate.net/publication/326812925_TOWARDS_THE_IMPACT_OF_HACKING_ON_CYBER_SECURITY
 Khaled M. Elleithy et al., Denial of Service Attack Techniques: Analysis, Implementation and Comparison, Journal of Systemics, Cybernetics and Informatics. 3. 66-71.