What is cybercrime

Cybercrime is defined as any criminal misconduct carried out through a network,

technical gadgets, or the internet. Although some cybercrimes are intended to
cause harm to the victim, the vast majority are committed for financial gain.

Individuals and corporations are both targets. Individuals are typically part of a
bigger assault in which the hacker tries to distribute malware across machines
for-profit motive. Business assaults, on the other hand, are usually a one-shot
deal. Businesses are also far more prone to be the subject of hacktivist
demonstrations, which constitute a type of cybercrime in their own right.

Origin of cybercrime
Despite the fact that the internet is only roughly 30 years old, experts believe
the 1834 hack to be the first cyberattack in history. Two crooks infiltrated the
French Telegraph System and gained access to financial markets, conducting
data theft.

Some early cyberattacks, which began in the late 1800s and the early 20th
century, saw cybercriminals target telephone infrastructure. Only two years
after the invention of the telephone, adolescent guys stole into Alexander
Graham Bell’s telephone firm and wreaked havoc by misleading calls. Phone
hacking, also known as phreaking, became popular in the 1960s and 1980s.

Rene Carmille, a French computer scientist, broke into the Nazi data registry
in 1940 to disrupt their intentions to identify and monitor Jews.

The introduction of email in the 1980s brought with it phishing schemes and
viruses sent via attachments. Web browsers, like computer viruses, had grown
prevalent by the 1990s.

Because of the nature of these platforms, the broad use of social media in the
2000s only exacerbated cyber crime, particularly data theft. Malware infections
and data theft have surged rapidly over the last 10 years and show no
indications of slowing down anytime soon.
With the evolution of the internet, hackers now have a plethora of novel attack
vectors at their disposal. As more and more ordinary devices — refrigerators,
washing machines, heating systems, light bulbs, and so on — go online,
cybercriminals gain new weaknesses and possibilities.

Types of cybercrimes
The following are the various types of cybercrimes:

 Theft via cyberspace: Cyber theft is a sort of cybercrime that includes

an individual infiltrating another person’s or company’s system in order
to steal wealth, private information, financial information, or
proprietary information. Identity theft and embezzlement are
examples of fraudulent crimes that might be classified as cyber theft
crimes.
 Cyberbullying: Bullying an individual online is referred to as
cyberbullying. Cyberbullying includes any threat to a person’s safety,
coercion of a person to say or do anything, and expressions of hatred
or subjectivity against someone. While children are more likely to be
victims of cyberbullying, adults are not exempt. According to a survey,
40% of polled teens said they had encountered online harassment,
while 24% of adults aged 26–35 said they had experienced
cyberbullying.
 Malware: Malware is a term that refers to any software program that
is meant to infiltrate or harm a device. Viruses are a type of software
that falls under the malware category. Viruses may cause a range of
problems once they enter a device. They may delete files, record your
keystrokes, erase your disk drive, or otherwise corrupt your data.
 Phishing: Phishing happens when fraudsters act as an organisation in
order to dupe victims into disclosing important information. Scare
techniques, such as notifying the victim that their bank account or
personal device is under assault, are frequently used by cybercriminals
to effectively fulfil their phishing aims.

 Extortion via the internet: Cyber extortion is a type of blackmail that

takes place through the internet. In these occurrences, cybercriminals
target or try to harm the person and demand pay or a reaction in order
to halt their threats.
 Ransomware: Ransomware is a sort of cyber extortion that uses
malware to achieve its purpose. This software threatens to disclose the
victim’s data or to block the user from retrieving his/her data unless
the cybercriminal gets a predetermined sum of money.
 Cryptojacking: When hackers utilise other people’s processing
resources to mine cryptocurrency without their permission, this is
referred to as cryptojacking. Cryptojacking varies from cyber crimes
that utilise malware to enter the device of a victim to steal data
whereas the cryptojackers are not interested in stealing a victim’s data.
Cryptojackers, on the other hand, employ the computing power of
their victim’s gadget. Despite appearing to be less harmful than other
cybercrimes, cryptojacking should not be taken lightly because falling
prey to it can drastically delay one’s device and render it vulnerable to
further cyber assaults.
 Cyber spying: Cyber spying occurs when hackers target a public or
private entity’s network in order to gain access to classified data,
private information, or intellectual property. Cybercriminals may
utilise the sensitive information they discover for a variety of purposes,
including blackmail, extortion, public humiliation, and monetary gain.
 Spyware: Spyware is a software that cybercriminals employ to monitor
and record their victims’ actions and personal information. Often, a
victim unintentionally downloads spyware onto their device, giving a
cybercriminal unwitting access to their data. Cybercriminals can access
a victim’s credit card data, passwords, web cam, and microphone
depending on the type of spyware employed.
 Adware: Adware is software that you may unintentionally download
and install when installing another program. Every time someone views
or clicks on an advertisement window, the developers of adware
programs profit financially from their actions on people’s computers.
Although some adware software is lawful and innocuous, others are
invasive due to the type and number of ads they display. Many nations
consider some adware applications to be unlawful because they
contain spyware, malware, and other dangerous software.
 Botnets: Botnets are malware-infected computer networks. Malicious
hackers infiltrate and gain control of these machines in order to do
things online without the user’s consent, allowing them to commit
fraudulent crimes while remaining undetected. They may send spam
 emails and conduct targeted hacks into a company’s assets, financial
records, data analyses, and other vital information.
 Dating hoodwinks: Some hackers utilise dating websites, chat rooms,
and online dating apps to pose as possible mates and attract people in
order to have access to their data.
 Hacking: Any illegal access to a computer system is generally referred
to as hacking. When a hacker gains unauthorised access to a company’s
or an individual’s computers and networks, they can obtain access to
important corporate information as well as personal and private data.
Despite this, not all hackers are crooks. Some “white hat” hackers are
employed by software businesses to identify faults and gaps in their
surveillance systems. These hackers get into a company’s network in
order to uncover existing holes in their clients’ systems and provide
fixes to such issues.
Cybercriminals or “black hat” hackers may desire to go clean and abandon their
criminal activities occasionally. In these circumstances, one of the finest
possibilities is to work as a security analyst for the organisations they used to
torture. These individuals have greater expertise and experience with network
intrusion than the majority of computer security specialists.

Cybercrime in India
With approximately 658 million internet users as of February 2022, India has the
world’s second-largest internet population. Cybercrime in India cost Rs.1.25 lakh
crore in 2019, putting India in second place among nations hit by cyber-attacks
between 2016 and 2018. Ransomware assaults are becoming more common,
and many cybercriminals operate from their homes. In other words, cybercrime
in India may be described as unlawful access to a computer system without the
consent of the legitimate owner or location of criminal activity and can range
from online cracking to denial of service assaults.

Phishing, spoofing, DoS (Denial of Service) attacks, credit card fraud, online
transaction fraud, cyber defamation, child pornography, and other forms of
cybercrime are examples.

There are several vulnerabilities in devices such as mobile phones that

individuals use to access services. An examination of the attack vector in a
mobile phone found that other than the programs, there are 15 distinct points
through which a hacker might gain access to it. Bluetooth, communication
modules, microchips, operating systems, CPUs, and Wi-Fi are all examples.

Hackers have devised a number of methods for acquiring user passwords by

leveraging the inadequate IT infrastructure at employees’ residences. Indeed,
the frequency of cyber assaults is growing, with 7 lakh documented intrusions
through August of this year—a stunning 175 percent rise over the same period
last year.

So, let’s take a closer look at India’s current cybersecurity regulations and what
advances and improvements we may expect in the future.

Grounds of cybercrime in India

Even though it is unlawful, cybercriminals frequently select an easier approach

to generate money. They target cash-rich organisations, like banks and other
financial institutions, where large sums of money are handled on a daily basis.
They hack sensitive information by taking advantage of flaws in IT security
mechanisms. The following are the reasons why IT platforms are so vulnerable:

 Accessibility– Due to the complexity of technology, there are several

ways to breach a computer system. Hackers can obtain access codes,
sophisticated voice recorders, retina scans, and other data that can be
used to circumvent security measures.
 Complex codes– Operating systems are used to run computers, and
these operating systems are made up of millions of lines of code.
Because the human mind is flawed, errors can occur at any time and in
such cases, cybercriminals take advantage of every code error.
 Ability to store data in a relatively small space– A computer has the
unique ability to store data in a very tiny space. This makes it easier for
someone to take data from other storage devices and utilise it for
personal gain.
 Carelessness– One of the hallmarks of human behaviour is negligence.
As a result, there is a chance that when securing the computer system,
we may make a mistake that allows cyber-criminal access and control
over the computer system.
  Evidence loss– Data relating to the crime can be readily deleted. As a
result, evidence loss has become a very widespread and evident
problem that paralyses the mechanism behind the cyber-crime
investigation.

Cybercrime cases in India

The following are notable cybercrime incidents that have resulted in massive
losses for well-known Indian firms.

In 2018, a cyber-attack on the Cosmos bank in Pune startled the whole banking
industry. Hackers stole Rs 94.42 crore by breaking into the bank’s ATM server
and stealing the personal information of numerous debit cardholders. Money
was stolen, and hackers from 28 nations promptly withdrew it.

In 2018 again a massive data breach involving 1.1 billion Aadhar card users
occurred. The hacked data contained personal information such as Aadhar,
cellphone, PAN, and bank account numbers, as well as IFSC codes. Surprisingly,
unknown merchants were quickly selling Aadhar information on WhatsApp for
Rs 500 per individual. In addition, for a meagre Rs 300, one could obtain a
printout of anyone’s Aadhar card.

Canara bank’s ATM servers were attacked in a cyber assault in mid-2018. The
crooks have over Rs 20 lakhs stashed away in several bank accounts. Skimming
devices were used by hackers to acquire information from 300 debit cards. The
imposters targeted 50 people and took money ranging from Rs 10,000 to Rs
40,000.

Pegasus spyware is a type of malicious software that infiltrates a device, collects

data, and then sends it to a third-party provider without the user’s permission.
NSO Group, an Israeli cyber weaponry company, designed it. It mostly needed
links to function. When a consumer clicks on one of these links, Pegasus is
instantly installed on their phone. According to the Indian news portal The Wire,
a leaked global database of 50,000 telephone numbers alleged to have been
provided by different government clients of NSO Group includes over 300
verified Indian mobile telephone numbers, including those used by ministers,
opposition leaders, journalists, the legal community, businesses, government
employees, scientists, rights activists, and others.
Cyber crime legislation and agencies

To combat the threat posed by cybercriminals, the government created

the Information Technology Act of 2000, the primary goal of which is to provide
an enabling environment for successful internet use as well as to report cyber
crime in India. The Information Technology Act (IT Act), which was enacted in
2000, governs Indian cyber legislation. The main goal of this Act is to provide
eCommerce with trustworthy legal protection by making it easier to register
real-time information with the government. However, as cyber attackers
became more cunning, coupled with the human predisposition to manipulate
technology, a number of adjustments were made.

The IT Act, which was passed by India’s Parliament, emphasises the harsh fines
and penalties that protect the e-governance, e-banking, and e-commerce
sectors. The scope of ITA has now been expanded to include all of the most
recent communication devices.

The IT Act is a comprehensive piece of legislation that addresses technology in

the areas of e-governance, e-commerce, and e-banking. In India, the cyber law
also establishes sanctions and punishment for cyber crime.

The IT Act is the most important, as it directs all Indian legislation to strictly
regulate cyber crime:

Section 43 – This section applies to those who destroy computer systems

without the owner’s authorization. In such instances, the owner is entitled to
full recompense for the total loss.

Section 66 – This section applies if a person is determined to have committed

any of the acts listed in section 43 dishonestly or fraudulently. In such cases, the
penalty might be up to three years in prison or a fine of up to Rs. 5 lakh.

Section 66B – Incorporates the penalties for obtaining stolen communication

devices or computers in a dishonest manner, which affirms a possible three-year
sentence. Depending on the severity, this sentence might also be followed by a
fine of Rs. 1 lakh.
Section 66C – This section looks at identity thefts including impostor digital
signatures, password hacking, and other unique identifying elements. If found
guilty, a three-year sentence could be accompanied by a fine of Rs.1 lakh.

Section 66 D – This section was added on the spot to focus on penalising

cheaters who use computer resources to impersonate others.

The Indian Penal Code was also updated to encompass crimes such as fraud,
forgery, theft, and other similar offences committed through the internet or
through electronic media.

Sections 43 and 66 of the IT Act penalise a person who commits data theft,
transmits a virus into a system, hacks, destroys data, or denies an authorised
person access to the network with up to three years in jail or a fine of Rs. five
lacs, or both. Simultaneously, data theft is penalised under Sections
378 and 424 of the IPC, with maximum sentences of three years in jail or a fine,
or both, and two years in prison or a fine, or both. Denying access to an
authorised user or causing damage to a computer system is punishable
under Section 426 of the IPC by imprisonment for up to three months, a fine, or
both.

Section 65 of the IT Act makes it illegal to tamper with computer source

materials. Section 66E specifies the penalty for invasion of privacy. It states that
anyone who captures, publishes, or distributes an image of a person’s private
area without his or her consent has committed a violation of privacy and is
punishable by imprisonment for up to three years or a fine of up to two lacs, or
both.

Section 66F addresses a critical issue, cyber terrorism, and sets penalties for it.
It defines cyber terrorism as acts such as denial of access, breaching a network,
or transmitting a virus/malware with the intent of causing death or injury to any
person, all with the intent of undermining India’s integrity, sovereignty, unity,
and security or instilling fear in the minds of its citizens.

The offence of deceitfully obtaining stolen computer resources or devices is

dealt with under Section 66B of the IT Act and Section 411 of the IPC.

Section 66C of the IT Act specifies penalties for identity theft, stating that
anybody who uses another person’s identification credentials for fraud or in a
dishonest manner faces imprisonment for up to three years and a fine of up to
Rs. three lacs. Cheating by impersonating another person while utilising a
computer resource is a violation of Section 66D of the IT Act. Sections
419, 463, 465, and 468 of the IPC include similar prohibitions for these offences.
The IT Act penalises not only individuals but also corporations, if they fail to build
and implement a reasonable and attentive procedure to secure any person’s
sensitive data in their control. Such a corporation is obligated to compensate
the individual who has sustained a loss as a result of the corporation’s
carelessness.

In addition to the measures for punishment, the IT Act authorises the Central
Government to give orders to prevent access to any material on an intermediary
or computer resource for the public if it deems it essential in the interests of the
state. It can also intercept, decode, and monitor such data.

Protection against cybercrime

In order to protect ourselves from the perils of cybercrime, the following
preventative actions can be taken:

1. It is required to install an antivirus program. An antivirus program is

designed to safeguard users against cybercrime. Modern programs
monitor the machine’s data for harmful content and give real-time
security against dangers like phishing.
2. Making use of a Virtual Private Network. A VPN connection will protect
your online privacy. It’s an important tool for privacy, which protects
people from identity theft.
3. Unsolicited emails, text messages, and phone calls should be avoided,
especially if they utilise the crisis to coerce people into circumventing
standard security safeguards.
4. Change the Wi-Fi network’s default password to something more
secure. Limit the number of devices that may connect to the Wi-Fi
network and only allow trustworthy devices to connect.
5. Use lengthy and complicated passwords that incorporate numbers,
letters, and special characters.
6. Make sure to update all the systems and programs, as well as to install
and maintain an antivirus software up to date.
 7. Data backup should be a routine procedure since data may be quickly
destroyed, infected, or manipulated.

Prevention against cybercrime

To effectively combat cybercrime, multidimensional public-private alliances
involving authorities, the digital tech industry, information security groups,
internet firms, and financial institutions are required. Cyber thieves, unlike their
counterparts in the physical world, do not compete for dominance or control.
Instead, they collaborate to enhance their talents and even assist one another
with new chances. As a result, traditional crime-fighting strategies cannot be
employed to combat cyber crime in India. Mentioned below are some steps to
prevent cyber crime:

 Use complex passwords: Use various login details combinations for

separate accounts and avoid writing them down.
 Keeping online profiles secret: Make sure to keep your social
networking profiles (Facebook, Twitter, YouTube, and so on) private.
Make sure to double-check your security settings. Take caution with
the information you put on the internet. Once it’s on the Internet, it’s
there for good.
 Safeguard mobile devices: Many individuals are unaware that their
mobile devices are exposed to dangerous software such as computer
viruses. An individual should only download software from reputable
sites. It is also critical that your operating system is kept up to date.
Install anti-virus software and utilize a secure lock screen in addition.
Otherwise, if you misplace your phone or lay it down for a few seconds,
anyone may see all of your personal information on it. Someone may
even install malicious software that uses GPS to follow your every step.
 Safeguarding data: Encrypt sensitive files such as financial documents
and tax returns, to protect your data.
 Secure online identity: When it comes to protecting one’s identity
online, an individual should be vigilant. When providing personal
information such as your name, address, phone number, and/or
financial information on the Internet, you must exercise extreme
caution. While making an online purchase, etc., be sure to check
whether the websites are safe. This includes turning on your privacy
settings while using or visiting social networking sites.
 Safeguarding computers with security software: For basic internet
security, several types of security softwares are required. Firewall and
antivirus software are key pieces of security software. A firewall is
typically the first line of defence for your computer. It governs who can
communicate, and access the computer via the internet. Assume a
firewall to be a type of ‘policeman’ who monitors all data attempting
to flow to and from the computer via the Internet, permitting
transactions that it knows are secure while preventing ‘bad’ traffic such
as cyber attacks.