TABLE OF CONTENTS

INTRODUCTION 2-3

CONCEPT OF CYBERCRIME 3-4

ORIGIN AND EVOLUTION OF CYBERCRIME 6-11

FACTORS CONTRIBUTING TO THE EVOLUTION OF CYBERCRIME 12

IMPACT OF EVOLVING CYBERCRIME 13

CYBERCRIME INCIDENTS 13-17

LEGAL FRAMEWORK ON CYBERCRIMES 17-22

CONCLUSION 23-24

REFERENCES 25

1
 INTRODUCTION

The rise of digital technology has dramatically reshaped the way we communicate, work, store
information, and conduct business. While this digital transformation has brought countless
benefits, it has also opened the door to a new and growing threat: cybercrime. Cybercrime refers
to any criminal activity involving computers, networks, or digital devices. These crimes can range
from hacking, identity theft, and online fraud to more severe offenses such as cyberterrorism, data
breaches, and child pornography.

The origin of cybercrime dates back to the 1960s and 1970s, when early cases of computer misuse
and unauthorized access to networks were recorded. Initially limited in scope, these acts were often
seen as harmless or experimental. However, with the expansion of the internet in the 1990s and
the increasing use of digital platforms for banking, commerce, and communication, cybercrime
became more organized, targeted, and financially motivated. Over the years, it has evolved into a
global threat that affects individuals, corporations, and even governments.

To combat this growing menace, legal systems across the world began developing dedicated
frameworks. In India, the first major step in this direction was the enactment of the Information
Technology Act, 2000, which specifically addressed crimes committed in cyberspace. The Act
includes provisions related to hacking (Section 66), identity theft (Section 66C), cyber
pornography (Section 67), and cyberterrorism (Section 66F), among others. However, not all
cybercrimes are covered under the IT Act alone. Many are also addressed through the Bharatiya
Nyaya Sanhita erstwhile Indian Penal Code (IPC), 1860, which is applied in conjunction with the
IT Act. For instance, online defamation can be prosecuted under Section 499/356(1) BNS, cheating
by impersonation under Section 419/319 BNS, and criminal intimidation under Section 506/351(1)
BNS.

Given the growing importance of digital security and data protection, it is crucial to understand
the concept, origin, and progression of cybercrime. This assignment explores how cybercrime
began, how it has evolved over the decades, and how legal systems especially in India have
responded to this digital threat. It also highlights important laws, sections of IPC and IT Act, and
real-life case studies that illustrate the changing nature of cybercrime in modern society.

2
Despite the existence of these legal provisions, cybercrime continues to grow rapidly, with
criminals constantly developing new methods to exploit technological vulnerabilities. This has
created a pressing need for continuous updates to legal frameworks, improved cybersecurity
infrastructure, and better coordination between national and international law enforcement
agencies.

This assignment explores the origin and evolution of cybercrime, focusing on how these offenses
have changed over time, the key technological developments that influenced them, and how legal
systems especially in India have adapted to deal with such crimes. Through an analysis of
important laws and real-life case studies, this study aims to provide a comprehensive
understanding of the ongoing battle between cybercriminals and the law.

CONCEPT AND MEANING OF CYBERCRIME

The term cybercrime refers to illegal activities carried out using computers, computer networks,
or digital devices connected to the internet. These crimes may target computer systems directly,
use them as tools to commit traditional crimes in a new way, or aim to exploit digital vulnerabilities
for personal, financial, or political gain.

The word cyber is derived from cybernetics, which is the science of communication and automatic
control systems in both machines and living beings. In the modern context, cyber is broadly
associated with anything related to the internet, computers, or virtual networks. Thus, cybercrime
is crime that takes place in cyberspace an intangible, borderless realm that includes computers,
software, the internet, and digital communication channels. 1

DEFINITIONS OF CYBERCRIME

I. Interpol defines cybercrime as:

Any crime that is committed using a computer, network or hardware device. The device may be
the agent, the facilitator, or the target of the crime.2

1
Europol, “What is Cybercrime?” (2023) available at: https://www.europol.europa.eu/crime-areas-and-trends/crime-
areas/cybercrime(last visited on April 18, 2025)
2
Kaspersky, “What is Cybercrime?” (Kaspersky, 2023), available at: https://www.kaspersky.com/resource-
center/threats/what-is-cybercrime (last visited on April 18, 2025).

3
 II. The Information Technology Act, 2000 (India) does not define cybercrime specifically, but
it provides a legal framework for addressing offenses involving computer systems and
digital data.3

III. U.S. Department of Justice categorizes cybercrime into:

a) Crimes in which the computer is the target (e.g., hacking, viruses)

b) Crimes in which the computer is used as a tool (e.g., online fraud, cyberstalking)
c) Crimes in which the computer is incidental (e.g., using email to plan a terrorist act) 4

CHARACTERISTICS OF CYBERCRIME

1. Non-physical: It does not require the physical presence of the offender.

2. Anonymous: Criminals can mask their identity, location, and intent using digital tools.
3. Global in nature: Cybercrimes often cross-national borders, making jurisdiction a
challenge.
4. Evolving rapidly: As technology changes, so do the methods used by cybercriminals. 5

TYPES OF CYBERCRIME

The kind of activities usually involves a modification of conventional crime by using informational
technology. Here is the list of prevalent cybercrimes, some of them widely spread and some are
not prevalent on larger scale. Cybercrime is classified on the basis of the subject of the crime. The
cybercrimes are discussed below

1. Cybercrime against Individuals

2. Crime against Organizations

3. Crime against society

3
Ministry of Electronics and Information Technology, “Information Technology Act, 2000” (MeitY, 2023), available
at: https://www.meity.gov.in/content/information-technology-act-2000 (last visited on April 18, 2025).
4
The Evolution of Cybercrime: What You Need to Know, available at: https://us.norton.com/blog/emerging-
threats/evolution-of-cybercrime (last visited on April 18, 2025).

4
CYBERCRIME AGAINST INDIVIDUALS

These types of crime such crimes are committed against a person or his property. Following are
the examples of the main offenses covered under it.

A. Unauthorized Access

B. Online fraud

C. Cyber Stalking

D. Hacking

E. Plastic Card Fraud

F. Spoofing

G. Identity theft

CYBER CRIME AGAINST ORGANIZATIONS

In contemporary era, almost all big companies and organizations are more back on their online
growth. In such a situation, they also have to deal with cybercrime. Some examples of the main
cybercrimes committed against institutions or organizations are:

A. Data breach

B. Cyber terrorism

C. Warez distribution

D. Denial of service (DoS) attack

CYBER CRIME AGAINST SOCIETY

These types of cybercrimes that effect of the entire society, in which the number of young men &
women and children are more affected. Also, which are banned websites and products in the

5
society and illegal materials are made available to the people through the internet. 6 Following are
the examples of the cybercrimes against society.

A. Child pornography

B. Online gambling

C. Selling illegal article

D. Forgery

E. Spamming

ORIGIN AND EVOLUTION OF CYBERCRIME

Human civilization came a long way from abacus to modern highspeed computers. This transition
is one of the crucial developments witnessed by humanity because it has changed the ways of
living and except select few remotely located people, it has affected everybody’s life. Although
this transition took its time and it was long enough to make evolution in cyber- crimes quite visible.
Cyber criminals evolved with time, they changed their strategies in consonance with advancement
in technology to commit cyber-crimes. The technically skilled criminals prefer to work in cyber
space because there’s not much physical exertion involved and seemingly cyber-crimes yield
maximum financial rewards with minimal risk of being caught, given the anonymity factor
involved in cyber- crimes. The cyber criminals have made use of developing or developed nation’s
propaganda of computerization as means for sustainable growth for the country. In past few
decades, there has been a continuous upsurge in recorded number cyber- crimes across the world.
The more people are connected to the e-world networking, the more are chances of victimization
from malwares, viruses and phishing.7

The origin and evolution of cybercrime is divided into five phases which are as following:

6
National Crime Records Bureau, “Cyber Crimes Against Women and Children” (NCRB, 2023), available at:
https://ncrb.gov.in/en/crime-india (last visited on April 18, 2025).
7
History Computer, “The Evolution of Computers: From the Abacus to Modern Machines” (2023), available at:
https://history-computer.com/computers-through-history (last visited on April 18, 2025).

6
PHASE 1: THE EXPERIMENTAL ERA (1960S–1980S)

Cybercrime had its nascent beginnings in the early computer age, when computers were large,
isolated systems used primarily by government agencies, universities, and major corporations. The
concept of cybercrime was not yet recognized; instead, what occurred were unauthorized
intrusions driven by curiosity or intellectual challenge.

In this era, the famous activity called phreaking emerged in the United States, where individuals
such as John Draper (aka Captain Crunch) manipulated analog telephone systems using whistles
to make free long-distance calls. Although not yet classified as cybercrime, these actions exploited
telecommunications infrastructure, laying the foundation for future computer-based exploits. 8

Legal frameworks were non-existent in this phase, and the Indian legal system had not yet
conceived of crimes committed using computer systems. The Indian Penal Code (IPC), 1860 was
the primary legislation available, but it did not account for crimes committed in cyberspace.

PHASE 2: RISE OF THE INTERNET AND EMAIL (1990S)

The 1990s were a transformative decade with the commercial emergence of the internet and email
systems. This connectivity brought new dimensions to crime phishing, spamming, and virus
attacks became the first real cyber threats with significant economic consequences.

One of the first major global cyberattacks was the Morris Worm (1988), created by a Cornell
University student. This self-replicating worm shut down about 10% of the internet (then mostly
limited to universities and research institutions), marking the first major Distributed Denial of
Service (DDoS) attack. It prompted the U.S. government to form CERT (Computer Emergency
Response Team).9

In the late 1990s, email-based viruses like Melissa (1999) spread by tricking users into opening
infected Microsoft Word files, which then mailed themselves to others. This malware infected
millions of systems, including those of government agencies and corporations.

8
MIT Technology Review, “The Original Phone Phreak” (2001), available at:
https://www.technologyreview.com/2001/07/01/233568/the-original-phone-phreak/ (last visited on April 18, 2025)
9
Ibid.

7
In India, these developments prompted lawmakers to take action, leading to the enactment of the
Information Technology Act, 2000. It defined cyber offenses and included provisions such as:

 Section 65 – Tampering with computer source documents

 Section 66 – Hacking with computer systems

 Section 67 – Publishing obscene material online

The IPC was also used creatively to prosecute cyber offenders under Section 420 (cheating) and
Section 468 (forgery), but a specialized law was clearly required.

PHASE 3: E-COMMERCE, SOCIAL MEDIA, AND VIRUSES (2000S)

The 2000s marked the globalization of the internet. E-commerce, social networking (Orkut,
Facebook), and online banking became commonplace. With this, cybercrime exploded in scope
and severity. One of the most destructive viruses of the decade was the ILOVEYOU worm (2000),
a seemingly innocent email attachment titled “I LOVE YOU” that infected over 50 million
computers worldwide. It spread rapidly by accessing users’ contact lists and sending itself to
others.10

Cybercriminals began using techniques such as:

 Phishing – Tricking users into revealing banking or login credentials.

 Keyloggers – Programs that recorded every keystroke typed on infected machines.

 Trojan Horses – Malware disguised as legitimate software, used to steal data.

In India, one of the first major cybercrime cases was the Bazee.com case (2004), where obscene
material was listed on a popular e-commerce site. The CEO was arrested, even though he had no
direct role in the listing. The case highlighted the liability of intermediaries under Section 67 of
the IT Act.

India amended its IT Act in 2008, adding new cyber offenses:

 Section 66C – Identity theft

10
BBC News, “The Love Bug: 20 years since the virus that changed everything”(2020), available at:
https://www.bbc.com/news/technology-52535181( last visited on April 18, 2025).

8
  Section 66D – Cheating by personation using computer resources

 Section 66A (later struck down) – Sending offensive messages through communication
service

The IPC remained relevant with Sections 354D (cyberstalking), 507 (criminal intimidation via
anonymous communication), and 499/500 (defamation) being invoked in digital contexts.

PHASE 4: MOBILE APPS, RANSOMWARE, AND CLOUD EXPLOITATION (2010S)

This decade witnessed massive adoption of smartphones, cloud storage, and mobile apps,
expanding the digital attack surface. With the growth of mobile banking and digital wallets, India
saw a sharp rise in SIM swapping, mobile banking fraud, and app-based phishing.

Globally, ransomware attacks dominated headlines. In 2017, the WannaCry ransomware attack
affected over 230,000 computers in more than 150 countries, including India’s Andhra Pradesh
Police Department. It encrypted users’ data and demanded payments in Bitcoin. Shortly after,
NotPetya, a more destructive ransomware disguised as financial software, targeted Ukraine but
spread globally.11

During this time, data breaches also rose companies like Yahoo!, Equifax, and even Facebook were
compromised, exposing the data of billions. Cybercriminals often sold stolen credentials on the
dark web, and identity theft became a global epidemic.

India’s CERT-In began issuing more frequent public alerts. The IT Act was further interpreted to
address cyberterrorism (Section 66F) and hacking of government databases. Meanwhile,
traditional IPC provisions were insufficient to prosecute these crimes unless accompanied by IT
Act charges.

PHASE 5: THE ERA OF ARTIFICIAL INTELLIGENCE, DEEPFAKES, AND CRYPTO

CRIME (2020S–PRESENT)

The most recent phase is defined by highly advanced cyber threats and the increasing use of
artificial intelligence, deepfake technology, and cryptocurrencies. In the current digital ecosystem,

11
Wired, “The Untold Story of NotPetya, the Most Devastating Cyberattack in History” (2018), available at:
https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/(last visited on April 18,
2025).

9
cybercriminals are no longer lone hackers but organized syndicates, some operating with state
support.

 Deepfake technology has been misused to impersonate CEOs in video calls for financial
scams.

 Crypto ransomware attacks like DarkSide (which targeted U.S. pipelines) have shown how
digital currencies are used for untraceable payments.

 In India, online scams involving fake investment platforms, crypto trading, and Ponzi
schemes conducted via Telegram and WhatsApp groups have risen dramatically.

According to NCRB data, cybercrime in India increased by over 200% between 2018 and 2023,
with states like Uttar Pradesh, Karnataka, and Maharashtra reporting the highest numbers. 12 Law
enforcement agencies now work in collaboration with Interpol, CERT-In, and cyber forensic
experts to combat crimes like:

 Online job fraud

 Online sextortion and honey-trapping

 Fake loan apps and financial fraud

12
Id. at 6.

10
To address the issue of digital privacy and data misuse, India enacted the Digital Personal Data
Protection Act, 2023, which provides individuals rights over their personal data and mandates
accountability from data fiduciaries.

FACTORS CONTRIBUTING TO THE EVOLUTION CYBERCRIME

The evolution of cybercrime has been significantly influenced by a combination of technological,

social, and legal factors. One of the most critical contributors is the rapid advancement in
technology, which provides cybercriminals with sophisticated tools to exploit vulnerabilities in
digital systems. With the exponential increase in internet penetration across the globe, especially
in developing nations, more people are online than ever before, thereby expanding the pool of
potential victims. This widespread connectivity, coupled with the anonymity offered by the
internet, allows cybercriminals to operate across borders with minimal risk of being identified or
caught. Another major factor is the lack of robust cybersecurity infrastructure in many
organizations and among individual users, making them easy targets for attacks such as phishing,
ransomware, and data breaches.13

Furthermore, public awareness about cyber threats remains relatively low, particularly in rural and
less technologically advanced areas. This lack of education makes users more susceptible to scams
and social engineering tactics. The emergence of the Internet of Things (IoT) has also played a
role, as many smart devices are poorly secured and provide additional entry points for attackers.
The dark web and the use of cryptocurrencies have further fueled cybercrime by facilitating
anonymous transactions and the trade of illegal services and information. Additionally, legal
systems around the world often struggle to keep pace with the rapidly changing nature of
cybercrime, and law enforcement agencies may lack the expertise or resources to investigate and
prosecute such offenses effectively. In some cases, cybercrimes are even politically or
economically motivated, carried out by state-sponsored actors or organized groups aiming to
disrupt national security or steal sensitive information. Together, these factors have contributed to
the complex and ever-evolving landscape of cybercrime.

13
Cybersecurity & Infrastructure Security Agency (CISA), “Cyber Hygiene: Protecting Yourself Against Cyber
Threats” (2023), available at: https://www.cisa.gov/news-events/news/cyber-hygiene (last visited on April 18,2025).

11
 IMPACT OF EVOLVING CYBERCRIME

The evolving nature of cybercrime has had a profound impact on individuals, businesses, and
governments worldwide. One of the most significant consequences is the increasing financial loss
caused by cyberattacks such as phishing scams, ransomware, identity theft, and online fraud.
Individuals often fall victim to unauthorized transactions or data breaches, leading to emotional
distress and financial ruin. For businesses, cybercrimes can result in massive data leaks, disruption
of operations, loss of consumer trust, and legal liabilities. On a larger scale, government institutions
face threats like cyber espionage and attacks on critical infrastructure, which can compromise
national security and public safety. The rise in cybercrime has also led to a surge in cybersecurity
costs, as organizations are forced to invest heavily in protection measures and recovery
mechanisms. Moreover, as cybercriminals become more sophisticated, law enforcement agencies
struggle to keep up, often facing jurisdictional challenges and lack of technical resources. This
creates a growing gap between the attackers and those tasked with stopping them, further
exacerbating the threat. Overall, the evolving cybercrime landscape poses a serious challenge to
digital trust, economic stability, and the safety of cyberspace.

In addition to the financial and security-related consequences, the evolution of cybercrime also has
significant social and psychological impacts. Victims of cyberstalking, cyberbullying, and online
harassment often experience anxiety, depression, and a sense of helplessness, especially in the
absence of adequate legal recourse or support mechanisms. The misuse of personal data and
images can severely damage reputations and lead to long-term emotional trauma. Moreover,
cybercrimes targeting children, such as online grooming and exposure to harmful content, pose
serious threats to the safety and mental well-being of young users.

From an economic perspective, the evolving nature of cybercrime hampers innovation and growth.
Startups and small businesses, which often lack the resources for strong cybersecurity, are
particularly vulnerable and may be forced to shut down after a major breach. On a national level,
cybercrimes affect investor confidence, international trade, and the smooth functioning of e-
governance services. The infiltration of fake news, misinformation, and propaganda through cyber
channels also undermines democratic processes and social harmony, influencing public opinion
and even elections.

12
Furthermore, the ever-changing tactics of cybercriminals necessitate continuous upgrades in
defense mechanisms, placing a constant burden on IT teams and cybersecurity professionals. This
evolution also gives rise to a cybercrime economy, where hackers sell stolen data, malware kits,
and hacking tools on the dark web, making it easier for even non-technical individuals to engage
in criminal activities. In essence, the impact of evolving cybercrime extends far beyond the digital
realm, affecting personal lives, business integrity, and national sovereignty in increasingly
complex and far-reaching ways. 14

NOTABLE CASES OF CYBERCRIME

1.Jamtara Vishing Syndicate Conviction

A. Nature of Crime: A special PMLA court in Ranchi convicted five individuals from Jamtara
district for operating an organized cybercrime syndicate involved in vishing (voice
phishing) scams. 15
B. Judicial Aspect: The court sentenced each convict to five years of rigorous imprisonment
under the Prevention of Money Laundering Act (PMLA) and imposed fines of ₹2.5 lakh.
Properties worth approximately ₹68 lakh were also confiscated.

2. Digital Arrest Scam Targeting S.P. Oswal

A. Nature of Crime: S.P. Oswal, chairman of Vardhman Group, was duped out of $830,000
by fraudsters posing as federal investigators. They staged a fake online Supreme Court
session, with an impersonator acting as Chief Justice D.Y. Chandrachud, to coerce Oswal
into transferring funds under threat of digital arrest. 16
B. Judicial Aspect: Authorities arrested two individuals and recovered $600,000, marking
one of the largest recoveries in such fraud cases in India.

14
The rise of cybercrime as- a service: Implications and countermeasures, available at: https://papers.ssrn.com/ (Last
visited on 2nd April, 2025).
15
Jharkhand court convicts 5 jamtara cyber criminals, available at: https://www.theweek.in/ (Last visited on 2nd April,
2025).
16
Indian textile baron duped with fake supreme court hearing, available at: https://www.reuters.com/ (Last visited on
2nd April 2025).

13
3. Star Health Data Breach via Telegram Chatbots

A. Nature of Crime: Hackers used Telegram chatbots to leak sensitive data belonging to Star
Health, India's largest health insurer. The leaked information included personal details and
medical reports of millions of customers.
B. Judicial Aspect: While Star Health claimed no widespread data breach, the incident raised
significant concerns about data security and the misuse of messaging platforms for
cybercrimes.

4. Delhi High Court Orders SBI to Compensate Cyber Fraud Victim

A. Nature of Crime: A customer of the State Bank of India (SBI) lost ₹2.6 lakh due to a cyber
fraud incident.
B. Judicial Aspect: The Delhi High Court directed SBI to compensate the victim,
emphasizing the bank's implied duty to exercise reasonable care and take prompt action
upon detecting fraud. The court also awarded 9% interest per annum from the date the fraud
was reported and ₹25,000 as litigation costs. 17

5. Indore Cyber Fraud Cases

A. Nature of Crime: In 2024, citizens of Indore, Madhya Pradesh, reported over 10,000 cyber
fraud cases, resulting in losses totaling ₹60 crore. Victims included a former High Court
judge.
B. Judicial Aspect: Authorities managed to recover ₹12.5 crore and arrested 52 individuals
involved in these crimes. The incidents highlighted the growing prevalence of cyber fraud
and the need for increased public awareness and cybersecurity measures. 18

6. Gurugram Bankers Involved in Cybercrime

A. Nature of Crime: In Gurugram, 21 bank officials from both public and private sectors
were arrested in connection with cybercrime cases, contributing to nearly ₹300 crore in
fraudulent activities.

17
Delhi HC direct SBI to compensate loss of Rs. 2.6 Lakhs incurred by cyber fraud victim, available at:
https://www.scconline.com/ (last visited on April 18, 2025).
18
Indore citizen lose 60 crore to cyber fraudster, available at: https://www.newsdrum.in (last visited on April 18, 2025).

14
 B. Judicial Aspect: The arrests underscored the involvement of insiders in facilitating
cybercrimes and prompted calls for stricter verification processes and internal controls
within banking institutions.19

7. Andhra Pradesh Tax Case (2001)

A. Nature of Crime: First-ever recorded cybercrime case in India involving manipulation of

computer systems to alter sales tax data.
B. Facts: An engineer used a computer to falsify sales tax records.
C. Judicial Aspect: Though there was no proper cyber law at the time (IT Act was still being
introduced), the accused was prosecuted under the Indian Penal Code (IPC) for forgery and
tampering with government records.
D. Outcome: It highlighted the need for cyber-specific legislation in India, leading to the
formal introduction of the Information Technology Act, 2000.

8. Bazee.com Case (Avnish Bajaj Case), 2004

A. Nature of Crime: Obscene MMS clip sale on an e-commerce platform.

B. Facts: A student uploaded a pornographic MMS video for sale on the website Baazee.com.
The CEO, Avnish Bajaj, was arrested.
C. Judicial Aspect: He was booked under Section 67 of the IT Act, 2000 (publishing obscene
material in electronic form) and Sections 292 & 294 IPC.
D. Outcome: Though Bajaj didn’t upload the content himself, the case highlighted
intermediary liability, leading to the introduction of Section 79 of the IT Act which provides
safe harbor to intermediaries if they act diligently.

9. Bank NSP Cyber Fraud Case (2004)

A. Nature of Crime: Online identity theft and cheating.

B. Facts: An employee of a call center transferred customer data to her boyfriend, who used
it to fraudulently withdraw money from accounts.
C. Judicial Aspect: Charged under Sections 43 & 66 of the IT Act and Section 420 IPC
(cheating).

19
Gurugram: 21 bankers held in cybercrime cases so far in 2024, available at: https://www.hindustantimes.com/
(Last visited on 2nd April, 2025).

15
 D. Outcome: Raised concerns about data privacy and internal cybersecurity practices in
financial institutions.

10. Pune Citibank Mphasis Call Center Fraud (2005)

A. Nature of Crime: Phishing and social engineering scam.

B. Facts: Employees of a BPO in Pune accessed Citibank customers' details and transferred
around ₹1.5 crore fraudulently.
C. Judicial Aspect: Accused were booked under Section 66 (computer-related offenses) and
Section 43 (unauthorized access) of the IT Act, along with Sections 420 and 468 IPC.
D. Outcome: Convictions made; this case stressed the need for robust cybersecurity training
for outsourcing companies.20

11. ATM Hacking Case – Kerala (2016)

A. Nature of Crime: Skimming devices installed in ATMs.

B. Facts: Romanian nationals were found guilty of installing skimmers in ATMs in Kerala
and stealing card data.
C. Judicial Aspect: Charged under Sections 66C and 66D of the IT Act (identity theft and
cheating by personation), and Section 420 IPC.
D. Outcome: They were sentenced to 5 years’ imprisonment, setting a precedent for using
IT Act provisions against foreign cybercriminals.

12. WhatsApp-Pegasus Spyware Case (2019)

A. Nature of Crime: Alleged state-sponsored surveillance using spyware.

B. Facts: NSO Group’s Pegasus spyware was used to target Indian journalists, lawyers, and
activists via WhatsApp.
C. Judicial Aspect: Petitions were filed in the Supreme Court of India, citing violations of
Right to Privacy (Article 21).

20
Times of India, “Mphasis Fraud Case: Court Convicts Accused” (2007), available at:
https://timesofindia.indiatimes.com/city/pune/citibank-fraud-call-centre-staff-held/articleshow/( last visited on April
18, 2025).

16
 D. Outcome: The Supreme Court appointed a committee to probe the matter, emphasizing
that the state cannot get a free pass whenever the specter of ‘national security’ is raised. 21

13. Bulli Bai App Case (2022)

A. Nature of Crime: Targeted harassment through an online auction of Muslim women.

B. Facts: An app listed photographs of women from a specific community for a fake auction,
causing national outrage.
C. Judicial Aspect: FIRs were registered under Section 66F (cyber terrorism), Section 354D
IPC (stalking), 509 IPC, and IT Act provisions.
D. Outcome: The accused, including young college students, were arrested. The case
highlighted the need for social media accountability and laws addressing gendered cyber
harassment.

LEGAL FRAMEOWRK ON CYBERCRIME

INTERNATIONAL LEGAL FRAMEWORK ON CYBERCRIME

1. BUDAPEST CONVENTION ON CYBERCRIME (2001)22

The Budapest Convention on Cybercrime, adopted by the Council of Europe in 2001, is the first
and most significant international treaty specifically designed to address cybercrime. It aims to
harmonize national laws related to cyber offences, improve investigative techniques, and foster
international cooperation among countries. The Convention defines various categories of
cybercrimes including offences against the confidentiality, integrity, and availability of computer
data and systems, such as illegal access (hacking), illegal interception, data interference, and
system interference. It also addresses computer-related crimes like computer-related fraud and
forgery, content-related offences such as the dissemination of child pornography, and offences
related to infringements of copyright through digital means. Additionally, the Convention lays
down procedural tools for law enforcement, such as expedited preservation of stored data, search
and seizure of computer systems, and real-time collection of traffic data. A major strength of the

21
Indian Express, “FIR Filed Under Cyber Terrorism Against Bulli Bai App Creators” (2022), available at:
https://indianexpress.com/article/india/bulli-bai-app-fir-cyber-terrorism-7697961/ (last visited on April 18, 2025).
22
Ministry of Home Affairs, Government of India, “India’s Mutual Legal Assistance Treaties (MLATs)”available at:
https://www.mha.gov.in/en/mutual-legal-assistance (last visited on April 18,2025).

17
Convention is its emphasis on international cooperation, including mutual legal assistance, trans-
border access to stored data, and joint investigations. Although over 65 countries, including the
US, UK, Japan, and many EU nations, have ratified the Convention, India is not a signatory, mainly
due to concerns over data sovereignty and lack of equal say in drafting the convention. Despite
this, India informally aligns with its objectives and often cooperates under mutual legal assistance
treaties (MLATs) and bilateral agreements.

2. UNITED NATIONS EFFORTS

The United Nations has also taken a proactive role in the global governance of cybercrime. The
United Nations Office on Drugs and Crime (UNODC) is the primary UN agency dealing with
cybercrime. It provides technical assistance, policy advice, and capacity-building programs for
developing countries to enhance their ability to prevent and investigate cybercrimes. The UNODC
also conducts global assessments and publishes reports that help identify emerging trends,
legislative gaps, and enforcement challenges in various regions. Furthermore, the UN has initiated
the drafting of a new comprehensive international convention on countering the use of information
and communications technologies (ICTs) for criminal purposes. This initiative, led by the UN
General Assembly, is still under negotiation and aims to create a universally accepted legal
framework on cybercrime that includes both developing and developed countries. The draft is
being negotiated by an open-ended ad hoc intergovernmental committee, with active participation
from countries like Russia, China, and India. The goal is to develop a treaty that is more inclusive
and equitable than the Budapest Convention, especially for countries that were not part of its
original formulation.23

3. INTERPOL’S CYBERCRIME INITIATIVES

INTERPOL plays a crucial role in coordinating cross-border investigations related to cybercrime.

Through its Cybercrime Directorate, headquartered in Singapore, INTERPOL facilitates
information exchange, digital forensics support, threat intelligence sharing, and real-time
coordination between member countries. It also runs joint operations targeting major cybercrime
networks, such as those involved in ransomware, phishing, and financial cyber frauds. One of

23
UN News, “UN Moves Ahead on Global Cybercrime Treaty Despite Divisions” (2022), available at:
https://news.un.org/en/story/2022/01/1110202 (last visited on April 18, 2025).

18
INTERPOL’s key tools is the Cyber Fusion Centre, which brings together law enforcement and
private partners for collaborative threat analysis. INTERPOL also maintains a Global Cybercrime
Expert Group and provides training for law enforcement officers worldwide.

4. G8 24/7 NETWORK AND OTHER COOPERATION MECHANISMS

The G8 24/7 Network is an informal yet vital arrangement that allows rapid communication and
assistance between nations in cybercrime emergencies. It connects law enforcement officers
around the world, enabling urgent preservation of digital evidence, IP address tracking, or domain
seizure. Countries like India participate in this network despite not being part of the Budapest
Convention. In addition, organizations such as EUROPOL (European Union Agency for Law
Enforcement Cooperation) support member states with cyber investigations through their
European Cybercrime Centre (EC3).

5. REGIONAL AND SECTOR-SPECIFIC FRAMEWORKS

Apart from global initiatives, several regional organizations and forums address cybercrime within
their jurisdictions. The Asia-Pacific Economic Cooperation (APEC) has a Telecommunications
and Information Working Group that promotes legal and technical standards to combat cybercrime.
The African Union has adopted the Malabo Convention (2014) on cybersecurity and personal data
protection. The Arab League and ASEAN are also working towards harmonizing cybercrime laws
within their member countries. Furthermore, sector-specific organizations like the International
Telecommunication Union (ITU) contribute by developing global cybersecurity standards,
offering technical support to developing countries, and facilitating public-private partnerships. 24

6. CHALLENGES IN INTERNATIONAL COOPERATION

Despite these efforts, international cooperation on cybercrime faces several challenges. One major
hurdle is the lack of uniformity in legal definitions and procedures. What may be considered a
cyber offence in one country might not be illegal in another. Also, jurisdictional conflicts, data
localization policies, and sovereignty concerns often hamper the flow of digital evidence and delay
investigations. There is also a geopolitical divide, with Western countries largely supporting the

24
Asia-Pacific Economic Cooperation (APEC), “Telecommunications and Information Working Group” available
at:https://www.apec.org/groups/committee-on-trade-and-investment/telecommunications-and-information-working-
group (last visited on April 18,2025).

19
Budapest Convention, while others favor a new UN-led framework to ensure equitable
participation. Therefore, although the global framework is expanding, the absence of a universally
accepted treaty and real-time legal harmonization continues to be a significant obstacle.

INDIAN LEGAL FRAMEWORK ON CYBERCRIME

1. Information Technology Act, 2000 (Amended in 2008)

The Information Technology (IT) Act, 2000 is India’s cornerstone legislation for cyber laws. It was
enacted to provide legal recognition to electronic transactions and to address the growing concerns
of cybercrime. The Act was significantly amended in 2008 to widen its scope in response to the
increasing threats in the digital space.

IMPORTANT PROVISIONS INCLUDE:

1. Section 43: Imposes penalties for damage to computer systems without permission, such as
unauthorized access, downloading, introducing viruses, or disrupting networks. 25
2. Section 66: Deals with hacking if a person, dishonestly or fraudulently, damages or destroys
data in a computer system, they are punishable with imprisonment up to three years or fine up
to five lakh rupees.
3. Section 66C: Covers identity theft, i.e., fraudulently or dishonestly making use of electronic
signatures, passwords, or any other unique identification feature of another person.
4. Section 66D: Addresses cheating by personation using computer resources—punishable with
up to three years imprisonment and a fine. 26
5. Section 66E: Penalizes the violation of privacy, such as capturing, publishing, or transmitting
images of a person’s private areas without consent.
6. Section 67, 67A, 67B: Related to publishing or transmitting obscene, sexually explicit content,
or child pornography in electronic form.
7. Section 69: Grants power to central and state governments to intercept, monitor, or decrypt
any information in the interest of sovereignty, security, or public order.
8. Section 70: Deals with the protection of Critical Information Infrastructure (CII) unauthorized
access to such infrastructure is punishable.

25
The Information Technology Act, 2000 (No. 21 of 2000)
26
Ibid.

20
9. Section 72: Penalizes breach of confidentiality and privacy by any person who has secured
access to any electronic record.

This Act also legally recognizes digital signatures, certifying authorities, and the admissibility of
electronic records in legal proceedings.

2. BHARATIYA NYAYA SANHITA (BNS)

Cybercrime is not restricted to technical offences; many are traditional crimes committed using
digital means. Therefore, several BNS provisions are invoked alongside the IT Act:

1. Section 419/319 BNS: Punishment for cheating by personation (also overlaps with Section
66D of the IT Act).
2. Section 420/318(4) BNS: Punishment for cheating and dishonestly inducing delivery of
property often used in online fraud cases.
3. Section 463/336(1) BNS, 465/336(2) BNS: Relate to forgery, which now includes
electronic records.
4. Section 468/336(3) BNS, 471/340(2) BNS: Used in cases of forgery for the purpose of
cheating and use of forged electronic documents.
5. Section 354/78 BNS: Covers cyberstalking, particularly aimed at protecting women from
online harassment.
6. Section 499, 500: Applicable in cases of online defamation.
7. Section 507: Addresses criminal intimidation by anonymous communication, including
threats sent via emails or messages.

The BNS helps bridge the legal gaps where the IT Act may not provide sufficient coverage,
especially in cases involving intent, criminal conspiracy, or bodily harm resulting from cyber
incidents.

3. INSTITUTIONAL AND POLICY FRAMEWORK

a. CERT-In (Indian Computer Emergency Response Team)

CERT-In is the national nodal agency for responding to computer security incidents. It collects and
analyzes cyber incident data, issues alerts and advisories, and coordinates responses to

21
cybersecurity threats. It also operates the Cyber Swachhta Kendra, which provides free tools to
detect and remove botnets and malware from infected systems. 27

b. National Cyber Crime Reporting Portal

Launched by the Ministry of Home Affairs, this portal allows citizens to report cybercrimes,
especially those related to women and children. It improves access to legal remedies and initiates
swift responses from law enforcement.

c. Indian Cyber Crime Coordination Centre (I4C)

This is a centralized platform launched in 2020 to strengthen the capacity of law enforcement
agencies and provide a coordinated response to cybercrime. It includes a Cyber Crime Threat
Analytics Unit, Platform for Reporting, Research and Innovation Centre, and Capacity Building
Centres.

d. National Cyber Security Policy, 2013

This policy aims to create a secure cyber ecosystem, protect critical infrastructure, and promote
cooperation between public and private sectors. It outlines strategies for awareness, training, R&D,
and the creation of a 24/7 national alert system.

e. Cyber Police and Forensic Labs

Most Indian states now have dedicated cyber police stations and digital forensic labs to handle
complex investigations. These units use tools for email tracing, data recovery, and mobile forensics
to solve cybercrime cases.

27
CERT-In, “About CERT-In” available at: https://www.cert-in.org.in/ (last visited on April 18, 2025).

22
 CONCLUSION

The journey of cybercrime from its primitive beginnings to today’s highly advanced and organized
threats mirrors the evolution of digital technology itself. Initially emerging as isolated incidents of
hacking and unauthorized access, cybercrimes have today transformed into a multifaceted global
menace involving ransomware, phishing scams, cyberterrorism, financial frauds, identity theft,
and politically motivated attacks. This evolution has been driven by factors such as increased
internet penetration, the rise of digital economies, gaps in cyber literacy, and the relative anonymity
provided by cyberspace.

Through the lens of real-world cases, the severity and adaptability of cybercriminals become clear.
Indian cases like the WazirX crypto hack (2024), Bulli Bai app incident (2022), and the Jamtara
phishing syndicates showcase how deeply embedded cybercriminal activities have become, even
within everyday digital transactions and social spaces. Globally, incidents such as the WannaCry
ransomware attack (2017), the Yahoo data breach (2013–14), and the SolarWinds cyber espionage
(2020) demonstrate that even large corporations and governments are not immune to cyber threats.
These examples illustrate how cybercrime transcends borders and affects people, institutions, and
nations alike.

The legal response to cybercrime has tried to keep pace with its rapid evolution. In India, the
Information Technology Act, 2000, with its various amendments, serves as the primary legislative
tool for regulating online crimes, complemented by relevant provisions under the Bharatiya Nyaya
Sanhita. Internationally, conventions like the Budapest Convention on Cybercrime and efforts by
organizations such as the United Nations, Interpol, and Europol aim to foster global cooperation,
set cyber norms, and facilitate joint investigations. However, enforcement is still plagued by issues
such as jurisdictional conflicts, lack of extradition agreements, technological disparity between
nations, and insufficient cyber forensic capabilities.

Moreover, the ethical and social dimensions of cybercrime cannot be overlooked. Cyberbullying,
revenge porn, deepfake abuse, and targeted communal hate campaigns pose serious challenges to
personal dignity and democratic discourse. The misuse of platforms, data manipulation, and
surveillance threats also raise urgent questions about digital rights, privacy, and freedom of

23
expression. This calls for a balanced approach that not only punishes offenders but also upholds
individual liberties and ensures cyber justice.

In conclusion, cybercrime is not just a legal or technical issue it is a socio-legal challenge that
demands an integrated, multidisciplinary response. Governments must invest in infrastructure,
training, and cross-border legal agreements. Citizens must be empowered with digital literacy and
awareness. Private tech companies must take greater responsibility in ensuring the security and
ethical use of their platforms. As the digital world continues to grow, the protection of cyberspace
must evolve hand-in-hand resilient, proactive, and collaborative to ensure safety, accountability,
and trust in the digital age.

24
 REFERENCES

STATUTES / ACTS / CONVENTIONS

1. Bharatiya Nyaya Sanhita, 2024.

2. Information Technology Act.200
3. Council of Europe. (2001). Convention on Cybercrime (CETS No. 185).
4. United Nations. (2021). UN General Assembly Resolution on Countering the Use of ICTs for
Criminal Purposes.
WEBSITES
1. https://www.cert-in.org.in/
2. https://www.unodc.org/unodc/en/cybercrime/index.html
3. https://www.apec.org/groups/committee-on-trade-and-investment/telecommunications-and-
information-working-group
4. https://www.itu.int/en/ITU-D/Cybersecurity/Pages/default.aspx
5. https://www.orfonline.org/expert-speak/why-india-has-not-signed-the-budapest-convention/
NEWSPAPERS
1. The Indian Express.
2. The Times of India.
3. BBC.

25