CHANAKYA NATIONAL LAW

UNIVERSITY

Impact of Internet Technology on Economic

Crime
Cyber Law

Submitted to:
Mr. Kumar Gaurav

Submitted by:
Anubhuti Varma
Roll No- 721
5th Year, 9th Semester

ACKNOWLEDGEMENT
I take this opportunity to express my humble gratitude and personal regards to Mr. Kumar
Gaurav, for inspiring us and guiding us during the course of this project work and also for his
cooperation and guidance from time to time during the course of this project work on the topic
Impact of internet technology on Economic crime.

Anubhuti Varma

2 | Page

Research Methodology
Aims and Objectives:
The aim of the project is to present a detailed study of Impact of Internet Technology on
Economic Crime
Scope and Limitations:
The project is basically based on the doctrinal method of research as no field work is done on
this particular topic. The whole project is made with the use of the secondary sources.
Method of Writing:
The method of writing followed in the course of this research paper is primarily analytical and
descriptive.
Mode of Citation:
The researcher has followed uniform form of citation throughout the course of this research
paper.
Sources of Data:
The following secondary sources of data have been used in the project1. Books
2. Websites
3. Statute

3 | Page

Contents
INTRODUCTION...........................................................................................................................5
IT LEGISLATION IN INDIA.........................................................................................................6
METHODS USED FOR CYBER CRIME....................................................................................17
CYBER SECURITY LEGAL ISSUES......................................................................................20
CHALLENGES FACED BY GOVERNMENT............................................................................22
CONCLUSION..............................................................................................................................24

4 | Page

INTRODUCTION
Economic crimes refer to illegal acts committed by an individual or a group of individuals to
obtain a financial or professional advantage. In such crimes, the offenders principal motive is
economic gain. Cyber crimes, tax evasion, robbery, selling of controlled substances, and abuses
of economic aid are all examples of economic crimes.1
Economic crime accounts for a loss of more than $200 billion dollars annually, and as the
complexity and costly nature of such activity becomes more sophisticated, this number is
expected to increase. These traits often make an economic crime investigation harder to pursue
and prevention more troublesome to implement. Thus, corporations rely on the expertise and
training of investigators and criminal justice professionals to safeguard their financial assets and
identities against unscrupulous economic action.
Cyber crime is an economic crime committed using computers and the internet. It includes
distributing viruses, illegally downloading files, phishing and pharming, and stealing personal
information like bank account details.2 Its only a cyber crime if a computer, or computers, and
the internet play a central role in the crime, and not an incidental one.
Cyber crime is a generic term that refers to all criminal activities done using the medium of
computers, the Internet, cyber space and the worldwide web. There isnt really a fixed definition
for cyber crime. The Indian Law has not given any definition to the term cyber crime. In fact,
the Indian Penal Code does not use the term cyber crime at any point even after its amendment
by the Information Technology (amendment) Act 2008, the Indian Cyber law. But Cyber
Security is defined under Section (2) (b) means protecting information, equipment, devices

1 Economic Crime Law (November 8,2014, 8.00pm),

http://definitions.uslegal.com/e/economic-crime%20/.
2 Cyber Crime (November 8, 2014, 8.26pm), http://www.pwc.in/assets/pdfs/publications2011/economic-crime-survey-2011-india-report.pdf

5 | Page

computer, computer resource, communication device and information stored therein from
unauthorized access, use, disclosure, disruption, modification or destruction.3

IT LEGISLATION IN INDIA
Mid 90s saw an impetus in globalization and computerisation, with more and more nations
computerizing their governance, and e-commerce seeing an enormous growth. Until then, most
of international trade and transactions were done through documents being transmitted through
post and by telex only.4 Evidences and records, until then, were predominantly paper evidences
and paper records or other forms of hard-copies only. With much of international trade being
done through electronic communication and with email gaining momentum, an urgent and
imminent need was felt for recognizing electronic records ie the data what is stored in a
computer or an external storage attached thereto.
Cyber law is a term used to describe the legal issues related to use of communications
technology, particularly cyberspace, i.e. the Internet. It is less of a distinct field of law in the
way that property or contract are, as it is an intersection of many legal fields, including
intellectual property, privacy, freedom of expression, and jurisdiction. In essence, cyber law is an
attempt to apply laws designed for the physical world, to human activity on the Internet. In India,
The IT Act, 2000 as amended by The IT (Amendment) Act, 2008 is known as the Cyber law. It
has a separate chapter XI entitled Offences in which various cyber crimes have been declared
as penal offences punishable with imprisonment and fine.

3 Prashant Mali, Types of Cyber Crimes and Cyber Laws in Inida (November 9,
7.30pm), http://www.csi-india.org/c/document_library/get_file?uuid=047c826d-171c49dc-b71b-4b434c5919b6 .
4 The benefits and risks of a networked world (November 8, 2014, 8.38pm),
http://www.pwc.com/gx/en/economic-crime-survey/cybercrime.jhtml

6 | Page

The United Nations Commission on International Trade Law (UNCITRAL) adopted the Model
Law on e-commerce in 1996. The General Assembly of United Nations passed a resolution in
January 1997 inter alia, recommending all States in the UN to give favourable considerations to
the said Model Law, which provides for recognition to electronic records and according it the
same treatment like a paper communication and record.5
Objectives of I.T. legislation in India: It is against this background the Government of India
enacted its Information Technology Act 2000 with the objectives as follows, stated in the preface
to the Act itself, to provide legal recognition for transactions carried out by means of electronic
data interchange and other means of electronic communication, commonly referred to as
"electronic commerce", which involve the use of alternatives to paper-based methods of
communication and storage of information, to facilitate electronic filing of documents with the
Government agencies and further to amend the Indian Penal Code, the Indian Evidence Act,
1872, the Bankers' Books Evidence Act, 1891 and the Reserve Bank of India Act, 1934 and for
matters connected therewith or incidental thereto.
The Information Technology Act, 2000, was thus passed as the Act No.21 of 2000, got President
assent on 9 June and was made effective from 17 October 2000.
The Act essentially deals with the following issues:

Legal Recognition of Electronic Documents

Legal Recognition of Digital Signatures
Offenses and Contraventions
Justice Dispensation Systems for cyber crimes.

Amendment Act 2008: Being the first legislation in the nation on technology, computers and
ecommerce and e-communication, the Act was the subject of extensive debates, elaborate
reviews and detailed criticisms, with one arm of the industry criticizing some sections of the Act
to be draconian and other stating it is too diluted and lenient. There were some conspicuous
omissions too resulting in the investigators relying more and more on the time-tested (one and

5 Ibid.
7 | Page

half century-old) Indian Penal Code even in technology based cases with the I.T. Act also being
referred in the process and the reliance more on IPC rather on the ITA.6
Thus the need for an amendment a detailed one was felt for the I.T. Act almost from the year
2003-04 itself. Major industry bodies were consulted and advisory groups were formed to go into
the perceived lacunae in the I.T. Act and comparing it with similar legislations in other nations
and to suggest recommendations. Such recommendations were analysed and subsequently taken
up as a comprehensive Amendment Act and after considerable administrative procedures, the
consolidated amendment called the Information Technology Amendment Act 2008 was placed in
the Parliament and passed without much debate, towards the end of 2008 (by which time the
Mumbai terrorist attack of 26 November 2008 had taken place). This Amendment Act got the
President assent on 5 Feb 2009 and was made effective from 27 October 2009.
Some of the notable features of the ITAA are as follows:
_ Focussing on data privacy
_ Focussing on Information Security
_ Defining cyber caf
_ Making digital signature technology neutral
_ Defining reasonable security practices to be followed by corporate
_ Redefining the role of intermediaries
_ Recognising the role of Indian Computer Emergency Response Team
_ Inclusion of some additional cyber crimes like child pornography and cyber terrorism
_ authorizing an Inspector to investigate cyber offences (as against the DSP earlier)
How the Act is structured: The Act totally has 13 chapters and 90 sections (the last four
sections namely sections 91 to 94 in the ITA 2000 dealt with the amendments to the four Acts
namely the Indian Penal Code 1860, The Indian Evidence Act 1872, The Bankers Books
Evidence Act 1891 and the Reserve Bank of India Act 1934). The Act begins with preliminary

Dr. Sarla Gupta and Beniprasad Agrawal, Information Technology, Law and Practice, 2009,
Premier Publishing Company, Allahabad.
6

8 | Page

and definitions and from thereon the chapters that follow deal with authentication of electronic
records, digital signatures, electronic signatures etc.
Elaborate procedures for certifying authorities (for digital certificates as per IT Act -2000 and
since replaced by electronic signatures in the ITAA -2008) have been spelt out. The civil offence
of data theft and the process of adjudication and appellate procedures have been described. Then
the Act goes on to define and describe some of the well-known cyber crimes and lays down the
punishments therefore. Then the concept of due diligence, role of intermediaries and some
miscellaneous provisions have been described.7
Rules and procedures mentioned in the Act have also been laid down in a phased manner, with
the latest one on the definition of private and sensitive personal data and the role of
intermediaries, due diligence etc., being defined as recently as April 2011.
Applicability: The Act extends to the whole of India and except as otherwise provided, it applies
to also any offence or contravention there under committed outside India by any person. There
are some specific exclusions to the Act (ie where it is not applicable) as detailed in the First
Schedule, stated below:
a) negotiable instrument (Other than a cheque) as defined in section 13 of the Negotiable
Instruments Act, 1881;
b) a power-of-attorney as defined in section 1A of the Powers-of-Attorney Act, 1882;
c) a trust as defined in section 3 of the Indian Trusts Act, 1882
d) a will as defined in clause (h) of section 2 of the Indian Succession Act, 1925 including any
other testamentary disposition
e) any contract for the sale or conveyance of immovable property or any interest in such
property;
f) any such class of documents or transactions as may be notified by the Central Government

Section 43 deals with penalties and compensation for damage to computer, computer system etc.
7 Guide to college major economic crime (November8, 8.20pm),
http://www.worldwidelearn.com/online-education-guide/criminal-justice/economic-crimemajor.htm

9 | Page

This section is the first major and significant legislative step in India to combat the issue of data
theft. The IT industry has for long been clamouring for a legislation in India to address the crime
of data theft, just like physical theft or larceny of goods and commodities. This Section addresses
the civil offence of theft of data. If any person without permission of the owner or any other
person who is in charge of a computer, accesses or downloads, copies or extracts any data or
introduces any computer contaminant like virus or damages or disrupts any computer or denies
access to a computer to an authorised user or tampers and so on, he shall be liable to pay
damages to the person so affected. Earlier in the ITA -2000 the maximum damages under this
head was Rs.1 crore, which (the ceiling) was since removed in the ITAA, 2008.
The essence of this Section is civil liability. Criminality in the offence of data theft is being
separately dealt with later under Sections 65 and 66. Writing a virus program or spreading a virus
mail, a bot, a Trojan or any other malware in a computer network or causing a Denial of Service
Attack in a server will all come under this Section and attract civil liability by way of
compensation. Under this Section, words like Computer Virus, Compute Contaminant, Computer
database and Source Code are all described and defined.
Questions like the employees liability in an organisation which is sued against for data theft or
such offences and the amount of responsibility of the employer or the owner and the concept of
due diligence were all debated in the first few years of ITA -2000 in court litigations like the
bazee.com case and other cases. Subsequently need was felt for defining the corporate liability
for data protection and information security at the corporate level was given a serious look.8
Thus the new Section 43-A dealing with compensation for failure to protect data was introduced
in the ITAA -2008. This is another watershed in the area of data protection especially at the
corporate level. As per this Section, where a body corporate is negligent in implementing
reasonable security practices and thereby causes wrongful loss or gain to any person, such body
corporate shall be liable to pay damages by way of compensation to the person so affected. The

8 Dr. Sarla Gupta and Beniprasad Agrawal, Information Technology, Law and Practice, 2009,

Premier Publishing Company, Allahabad.

10 | P a g e

Section further explains the phrase body corporate and quite significantly the phrases
reasonable security practices and procedures and sensitive personal data or information.
Thus the corporate responsibility for data protection is greatly emphasized by inserting Section
43A whereby corporates are under an obligation to ensure adoption of reasonable security
practices. Further what is sensitive personal data has since been clarified by the central
government vide its Notification dated 11 April 2011 giving the list of all such data which
includes password, details of bank accounts or card details, medical records etc. After this
notification, the IT industry in the nation including techsavvy and widely technology-based
banking and other sectors became suddenly aware of the responsibility of data protection and a
general awareness increased on what is data privacy and what is
the role of top management and the Information Security Department in organisations in
ensuring data protection, especially while handling the customers and other third party data.
Reasonable Security Practices
_ Site certification
_ Security initiatives
_ Awareness Training
_ Conformance to Standards, certification
_ Policies and adherence to policies
_ Policies like password policy, Access
Control, email Policy etc
_ Periodic monitoring and review.
The Information Technology (Reasonable security practices and procedures and sensitive
personal data or information) Rules have since been notified by the Government of India, Dept
of I.T. on 11 April 2011. Any body corporate or a person on its behalf shall be considered to have
complied with reasonable security practices and procedures, if they have implemented such
security practices and standards and have a comprehensive documented information security
programme and information security policies containing managerial, technical, operational and
physical security control measures commensurate with the information assets being protected
with the nature of business. In the event of an information security breach, the body corporate or
a person on its behalf shall be required to demonstrate, as and when called upon to do so by the
11 | P a g e

agency mandated under the law, that they have implemented security control measures as per
their documented information security programme and information security policies. The
international Standard IS/ISO/IEC 27001 on "Information Technology Security Techniques Information Security Management System - Requirements" is one such standard referred to in
sub-rule (1).
In view of the foregoing, it has now become a major compliance issue on the part of not only IT
companies but also those in the Banking and Financial Sector especially those banks with huge
computerised operations dealing with public data and depending heavily on technology. In times
of a litigation or any security breach resulting in a claim of compensation of financial loss
amount or damages, it would be the huge responsibility on the part of those body corporate to
prove that that said9
Reasonable Security Practices and Procedures were actually in place and all the steps
mentioned in the Rules passed in April 2011 stated above, have been taken.
In the near future, this is one of the sections that is going to create much noise and be the subject
of much debates in the event of litigations, like in re-defining the role of an employee, the
responsibility of an employer or the top management in data protection and issues like the actual
and vicarious responsibility, the actual and contributory negligence of all stake holders involved
etc.
The issue has wider ramifications especially in the case of a cloud computing scenario (the
practice of using a network of remote servers hosted on the Internet to store, manage, and
process data, rather than a local server, with the services managed by the provider sold on
demand, for the amount of time used) where more and more organisations handle the data of
others and the information is stored elsewhere and not in the owners system. Possibly, more
debates will emanate on the question of information owners vis a vis the information container
and the information custodians and the Service Level
9 Guide to college major economic crime (November8, 8.20pm),
http://www.worldwidelearn.com/online-education-guide/criminal-justice/economic-crimemajor.htm

12 | P a g e

Agreements of all parties involved will assume a greater significance.

Adjudication: Having dealt with civil offences, the Act then goes on to describe civil remedy to
such offences in the form of adjudication without having to resort to the procedure of filing a
complaint with the police or other investigating agencies. Adjudication powers and procedures
have been elaborately laid down in Sections 46 and thereafter. The Central Government may
appoint any officer not below the rank of a director to the Government of India or a state
Government as the adjudicator.
Secretary in any state is normally the nominated Adjudicator for all civil offences arising out of
data thefts and resultant losses in the particular state. If at all one section can be criticized to be
absolutely lacking in popularity in the IT Act, it is this provision. In the first ten years of
existence of the ITA, there have been only a very few applications made in the nation, that too in
the major metros almost all of which are under different stages of judicial process and
adjudications have been obtained in possibly less than five cases. The first adjudication obtained
under this provision was in Chennai, Tamil Nadu,
In a case involving ICICI Bank in which the bank was told to compensate the applicant with the
amount wrongfully debited in Internet Banking, along with cost and damages. in April 2010.
This section should be given much popularity and awareness should be spread among the public
especially the victims of cyber crimes and data theft that such a procedure does exist without
recourse to going to the police and filing a case. It is time the state spends some time and thought
in enhancing awareness on the provision of adjudication for civil offences in cyber litigations
like data theft etc so that the purpose for which such useful provisions have been made, are
effectively utilized by the litigant public.10
There is an appellate procedure under this process and the composition of Cyber Appellate
Tribunal at the national level, has also been described in the Act. Every adjudicating officer has
10 Guide to college major economic crime (November8, 8.20pm),
http://www.worldwidelearn.com/online-education-guide/criminal-justice/economic-crimemajor.htm

13 | P a g e

the powers of a civil court and the Cyber Appellate Tribunal has the powers vested in a civil
court under the Code of Civil Procedure.
After discussing the procedures relating to appeals etc and the duties and powers of Cyber
Appellate Tribunal, the Act moves to the actual criminal acts coming under the broader definition
of cyber crimes. It would be pertinent to note that the Act only lists some of the cyber crimes,
(without defining a cyber crime) and stipulates the punishments for such offences. The criminal
provisions of the IT Act and those dealing with cognizable offences and criminal acts follow
from Chapter IX titled Offences
Section 65: Tampering with source documents is dealt with under this section. Concealing,
destroying, altering any computer source code when the same is required to be kept or
maintained by law is an offence punishable with three years imprisonment or two lakh rupees or
with both. Fabrication of an electronic record or committing forgery by way of interpolations in
CD produced as evidence in a court (Bhim Sen Garg v. State of Rajasthan and others 11) attract
punishment under this Section. Computer source code under this Section refers to the listing of
programmes, computer commands, design and layout etc in any form.
Section 66: Computer related offences are dealt with under this Section. Data theft stated in
Section 43 is referred to in this Section. Whereas it was a plain and simple civil offence with the
remedy of compensation and damages only, in that Section, here it is the same act but with a
criminal intention thus making it a criminal offence. The act of data theft or the offence stated in
Section 43 if done dishonestly or fraudulently becomes a punishable offence under this Section
and attracts imprisonment upto three years or a fine of five lakh rupees or both. Earlier hacking
was defined in Sec 66 and it was an offence.
Now after the amendment, data theft of Sec 43 is being referred to in Sec 66 by making this
section more purposeful and the word hacking is not used. The word hacking was earlier
called a crime in this Section and at the same time, courses on ethical hacking were also taught
academically. This led to an anomalous situation of people asking how an illegal activity be
taught academically with a word ethical prefixed to it. Then can there be training programmes,
for instance, on Ethical burglary, Ethical Assault etc say for courses on physical defence?
11 2006 Cri LJ 3463.
14 | P a g e

This tricky situation was put an end to, by the ITAA when it re-phrased the Section 66 by
mapping it with the civil liability of Section 43 and removing the word Hacking. However the
act of hacking is still certainly an offence as per this Section, though some experts interpret
hacking as generally for good purposes (obviously to facilitate naming of the courses as ethical
hacking) and cracking for illegal purposes. It would be relevant to note that the technology
involved in both is the same and the act is the same, whereas in hacking the owners consent is
obtained or assumed and the latter act cracking is perceived to be an offence. Thanks to ITAA,
Section 66 is now a widened one with a list of offences as follows:
66A Sending offensive messages thro communication service, causing annoyance etc through an
electronic communication or sending an email to mislead or deceive the recipient about the
origin of such messages (commonly known as IP or email spoofing) are all covered here.
Punishment for these acts is imprisonment upto three years or fine. 66B Dishonestly receiving
stolen computer resource or communication device with punishment upto three years or one lakh
rupees as fine or both.
66C Electronic signature or other identity theft like using others password or electronic
signature etc. Punishment is three years imprisonment or fine of one lakh rupees or both.
66D Cheating by personation using computer resource or a communication device shall be
punished with imprisonment of either description for a term which extend to three years and
shall also be liable to fine which may extend to one lakh rupee.
66E Privacy violation Publishing or transmitting private area of any person without his or her
consent etc. Punishment is three years imprisonment or two lakh rupees fine or both.
66F Cyber terrorism Intent to threaten the unity, integrity, security or sovereignty of the nation
and denying access to any person authorized to access the computer resource or attempting to
penetrate or access a computer resource without authorization. Acts of causing a computer
contaminant (like virus or Trojan Horse or other spyware or malware) likely to cause death or
injuries to persons or damage to or destruction of property etc. come under this Section.
Punishment is life imprisonment. It may be observed that all acts under S.66 are cognizable and
non-bailable offences. Intention or the knowledge to cause wrongful loss to others ie the
15 | P a g e

existence of criminal intention and the evil mind ie concept of mens rea, destruction, deletion,
alteration or diminishing in value or utility of data are all the major ingredients to bring any act
under this Section.
To summarise, what was civil liability with entitlement for compensations and damages in
Section 43, has been referred to here, if committed with criminal intent, making it a criminal
liability attracting imprisonment and fine or both.
Section 67 deals with publishing or transmitting obscene material in electronic form. The earlier
Section in ITA was later widened as per ITAA 2008 in which child pornography and retention of
records by intermediaries were all included.12
Publishing or transmitting obscene material in electronic form is dealt with here. Whoever
publishes or transmits any material which is lascivious or appeals to the prurient interest or if its
effect is such as to tend to deprave and corrupt persons who are likely to read the matter
contained in it, shall be punished with first conviction for a term upto three years and fine of five
lakh rupees and in second conviction for a term of five years and fine of ten lakh rupees or both.
This Section is of historical importance since the landmark judgement in what is considered to be
the first ever conviction under I.T. Act 2000 in India, was obtained in this Section in the famous
case State of Tamil Nadu v. Suhas Katti on 5 November 2004. The strength of the Section and
the reliability of electronic evidences were proved by the prosecution and conviction was
brought about in this case, involving sending obscene message in the name of a married women
amounting to cyber stalking, email spoofing and the criminal activity stated in this Section.
Section 67-A deals with publishing or transmitting of material containing sexually explicit act in
electronic form. Contents of Section 67 when combined with the material containing sexually
explicit material attract penalty under this Section.
Section 69: This is an interesting section in the sense that it empowers the Government or
agencies as stipulated in the Section, to intercept, monitor or decrypt any information generated,
transmitted, received or stored in any computer resource, subject to compliance of procedure as
laid down here. This power can be exercised if the Central Government or the State Government,
as the case may be, is satisfied that it is necessary or expedient in the interest of sovereignty or
12 Dr. Sarla Gupta and Beniprasad Agrawal, Information Technology, Law and Practice,

2009, Premier Publishing Company, Allahabad.

16 | P a g e

integrity of India, defence of India, security of the State, friendly relations with foreign States or
public order or for preventing incitement to the commission of any cognizable offence relating to
above or for investigation of any offence. In any such case too, the necessary procedure as may
be prescribed, is to be followed and the reasons for taking such action are to be recorded in
writing, by order, directing any agency of the appropriate Government. The subscriber or
intermediary shall extend all facilities and technical assistance when called upon to do so.
Section 69A inserted in the ITAA, vests with the Central Government or any of its officers with
the powers to issue directions for blocking for public access of any information through any
computer resource, under the same circumstances as mentioned above. Section 69B discusses the
power to authorise to monitor and collect traffic data or information through any computer
resource.

17 | P a g e

METHODS USED FOR CYBER CRIME

Control over the physical world is generally localized, low-tech and underpinned by many well
established practices and procedures. The challenge to this seemingly well-oiled machinery is
offered by a new paradigm of organized crime-cybercrime. The increasing use of the internet
by all facets of society has led to the evolution of new field of criminal activity that is defined by
its dependence on the internet. While certain aspects of cyber crime are held common with
previously existing forms of criminality it is nevertheless true that cyber crime forms a distinct
category of its own, one that requires different mechanisms to deal with it. Most of the cyber
crime involves multiple, undetectable, small crimes or micro-crimes.
Although the headline events are those where gangs of organized criminals use technical mean to
electronically steal millions from banks; successful operations at beginning of decade used
simple fraud technique to steal small value denominations from multiple individuals without
alerting the victims or the law enforcement agencies. Avenues for these operations could range
from gaining illegal access to personal bank accounts to selling access to compromised
computers.13
Viruses and worms- Viruses and worms are computer programs that affect the storage devices of
a computer or network, which then replicate information without the knowledge of the user.
Spam emails- Spam emails are unsolicited emails or junk newsgroup postings. Spam emails are
sent without the consent of the receiver potentially creating a wide range of problems if they
are not filtered appropriately.
Trojan- A Trojan is a program that appears legitimate. However, once run, it moves on to locate
password information or makes the system more vulnerable to future entry. Or a Trojan may
simply destroy programs or data on the hard disk
13 Safeguarding Organisations in India Against Cyber Crime 5(2010),
http://www.pwc.in/assets/pdfs/publications-2011/economic-crime-survey-2011-indiareport.pdf

18 | P a g e

Denial-of-service(DoS)- DoS occurs when criminals attempt to bring down or cripple individual
websites, computers or networks, often by flooding them with messages.
Malware- Malware is a software that takes control of any individuals computer to spread a bug
to other peoples devices or social networking profiles. Such software can also be used to create
a botnet a network of computers controlled remotely by hackers, known as herders, to
spread spam or viruses.
Scareware- Using fear tactics, some cyber criminals compel users to download certain software.
While such software is usually presented as antivirus software, after some time these programs
start attacking the users system. The user then has to pay the criminals to remove such viruses
Phishing- Phishing attacks are designed to steal a persons login and password. For instance, the
phisher can access the victims bank accounts or assume control of their social network.
Fiscal fraud- By targeting official online payment channels, cyber attackers can hamper
processes such as tax collection or make fraudulent claims for benefits
State cyber attacks- Experts believe that some government agencies may also be using cyber
attacks as a new means of warfare. One such attack occurred in 2010, when a computer virus
called Stuxnet was used to carry out an invisible attack on Irans secret nuclear program. The
virus was aimed at disabling Irans uranium enrichment centrifuges.
Carders- Stealing bank or credit card details is another major cyber crime. Duplicate cards are
then used to withdraw cash at ATMs or in shops.
Cyber-crime has spawned many entrepreneurs, though of dubious repute. They have given rise to
new criminal hacking enterprises aimed not at committing fraud but at providing services to help
others commit fraud. This operation enables people to commit crime vicariously, i.e. without any
direct perpetration. Another model is to create a subscription based identity theft service rather
than stealing personal credentials themselves cyber criminals have hacked into PCs and then
charged clients for a limited period of unfettered access. As is the case with most business
services, customers willing to pay extra can obtain premium services such as a complete clean-

19 | P a g e

up of the stolen data, i.e. getting rid of low-value information and assistance with indexation and
tagging of data, etc.14
New skills, technologies and investigative techniques, applied in a global context, are required to
detect, prevent and respond to cyber-crime. This is not just about the Cyber-crime has spawned
many entrepreneurs, though of dubious repute. They have given rise to new criminal hacking
enterprises aimed not at committing fraud but at providing services to help others commit fraud.
This operation enables people to commit crime vicariously, i.e. without any direct perpetration.
Another model is to create a subscription based identity theft service rather than stealing personal
credentials themselves cyber criminals have hacked into PCs and then charged clients for a
limited period of unfettered access. As is the case with most business services, customers willing
to pay extra can obtain premium services such as a complete clean-up of the stolen data, i.e.
getting rid of low-value information and assistance with indexation and tagging of data, etc.15
Law enforcement with regard to investigating crimes and handling evidence, dealing with
offenders, and assisting victims, poses complex new challenges. There is an unprecedented need
for international commitment, coordination and cooperation since cyber-crime is truly a global
phenomenon. It is also important to have a better understanding about the nature of the problem
and to address the issue of significant under-reporting of this dangerous phenomenon. Prevention
and partnerships will be essential to fight cyber crime.

14 Ibid.
15 Ibid.
20 | P a g e

CYBER SECURITY LEGAL ISSUES

The major concern is primarily attacks on networks and the need for coming up with appropriate
legislative frameworks for enhancing, preserving and promoting cyber security. Lawmakers
needs to come up with appropriate enabling legal regimes that not only protect and preserve
cyber security, but also further instill a culture of cyber security amongst the netizen Large
number of existing cyber legislations across the world, do not yet address important issues
pertaining to cyber security. A more renewed focus and emphasis on coming up with effective
mandatory provisions is required which would help protect, preserve and promote cyber security
in the context of use of computers, computer systems, computer networks, computer resources as
also communication devices.16
Mobile law challenges
As the mobile users in India are increasing considerably, the use of mobile devices and content
generated there from are likely to bring forth significant new challenges for cyber legal
jurisprudence. There are no defined jurisdictions dedicated to laws dealing with the use of
communication devices and mobile platforms. As increasingly people use mobile devices for
output and input activities, there will be increased emphasis on meeting up with the legal
challenges emerging with the use of mobility devices, more so in the context of mobile crimes,
mobile data protection and mobile privacy.
Spam galore
As more and more users get added to the Internet and mobile bandwagon, email and mobile
spammers will find increasingly innovative methodologies and procedures to target at digital
users. Law makers are likely to be under pressure to come with up effective legislative
provisions to deal with the menace of spam.
16 Supra note 3.
21 | P a g e

Cloud computing legal issues

As India is moving towards the adoption of cloud computing, various important legal challenges
pertaining to cloud computing will continue to seek attention of Cyberlaw makers. Cloud
computing brings with it, various distinctive new challenges including that of data security, data
privacy, jurisdiction and a variety of other legal issues.Social media legal issuesIn the recent
times there have been increasingly significant legal issues and challenges raised by social media.
As social media websites continues to become the fertile ground for targeting by all relevant
lawyers, law enforcement agencies and intelligence agencies, social media continues to become
the preferred repository of all data. As such, social media crimes are increasing dramatically.
Inappropriate use of social media is further increasing, thereby leading to various legal
consequences for the users. The concept of privacy in the context of social

22 | P a g e

CHALLENGES FACED BY GOVERNMENT

Although governments are actively focused on fighting and preventing cyber criminals from
damaging infrastructure, the very nature of cyberspace poses a number of challenges to the
implementation of cyber regulations in any country. Within cyberspace it is often difficult to
determine political borders and culprits. Furthermore, the cyber criminal community and their
techniques are continously evolving, making it more challenging for governments and companies
to keep up with ever-changing techniques.17
Tracking the origin of crime
According to Rob Wainwright, Director of Europol, criminal investigations of cyber crimes are
complex, as the criminal activity itself is borderless by nature. Tracing cyber criminals poses a
challenge. While many experts speculate that the cyber attacks on Estonia and Georgia, for
instance, were directed by the Russian cyber agencies, some of the attacks have been traced to
the computers originating in Western countries.
Growth of the underground cyber crime economy
A major threat that may hamper the fight against cyber crime is the growth of an underground
economy, which for many cyber criminals can be a lucrative venture.
The underground economy attracts many digital experts and talented individuals with a specialty
around cyber initiative. In the cyber underworld, the hackers and organized crime rings operate
by selling confidential stolen intelligence. Research shows that criminals are trading bank
account information for US$10125, credit card data for up to US$30 per card, and email
account data for up to US$12.18 Often, the acquired data is used in illegal online purchases and in
17 Economic Crime (November 8, 9.23pm), http://www.ncbi.nlm.nih.gov/pubmed/1030807

18 Supra note 5.
23 | P a g e

exchange for other monetary transactions. The untraceability of the origin of these transactions
poses a major challenge to government agencies in their efforts to fight crimes of this nature.
Shortage of skilled cyber crime fighters
Implementing cyber security measures requires skilled manpower. However, most countries face
a shortage of skilled people to counter such cyber attacks. According to Ronald Noble, Head of
Interpol, An effective cyber attack does not require an army; it takes just one individual.
However, there is a severe shortage of skills and expertise to fight this type of crime; not only at
Interpol, but in law enforcement everywhere. Moreover, most trained or skilled people are
recruited by the private sector, as it offers higher financial rewards. In the UK, the PCeU has
experienced this shortage first hand, with only 40 core team members. Similarly, in Australia, the
majority of the cyber crime incidents, particularly minor incidents, remain unsolved or are not
investigated due to the lack of eForensic skills and expertise.
Widespread use of pirated software
One of the major challenges to preventing cyber crime is the prevalence of software piracy, as
pirated software is more prone to attacks by viruses, malware and trojans. Experts believe that
rapid growth of Consumer PC markets in emerging countries - such as India, Brazil and China has contributed largely to the rising piracy rates. The pirated software can include not only
games, movies, office applications and operating systems, but also security software. Often,
users prefer to obtain a pirated security software, rather than purchase and upgrade legal version,
therefore increasing the vulnerability of their systems to cyber attacks. For instance, one of the
reasons for the spread of the Conficker virus in 2008 was the lack of automatic security updates
for unlicensed software.19 The issue becomes more significant for those countries where pirated
software is a common occurrence. China, which is one of the largest such markets, reported that
nearly US$19 billion was spent on pirated software in 2009. In India, the unlicensed software

19 Supra note 2.
24 | P a g e

market value stands at nearly US$2 billion.20 Ensuring cyber security is also a major challenge
for Gulf Cooperation Council (GCC) countries, where 50 percent of software is pirated.21

CONCLUSION
Since most serious economic crimes often involve transitional organized criminals and
international transactions, international co-operation in the fight of these crimes is deemed one of
the most important measures. All nations must be concerned about the seriousness of the
problems and put united effort in their solution. A common global approach to deal with the
problem could contribute to further strengthening international co-operation and law
enforcement mechanisms. This would require standardization of legal definitions of economic
crimes and expertise for investigating such crimes within law enforcement agencies. It is clear
that national sovereignty does not permit investigations within the territory of different countries
without the permission of the national authorities and legal experts always disagree on matters
relating to territorial jurisdictions for the trial of economic crime offenders. Economic crime
investigations need the support and involvement of authorities of all countries involved.22
To prevent and manage economic crime, it is necessary to invest as much in information
technology development as in protection measures. Inadequate protection measures have given
offender opportunities to act when they should not.23 Developing countries have a unique
20 The growing global thread of economic and cyber crime 10 (2012),
http://www.utica.edu/academic/institutes/ecii/publications/media/global_threat_crime.pdf

21 Ibid.
22 Monica N Agu, Challenges of using Information Technology to Combat Economic Crime,
https://www.academia.edu/7528910/Challenges_of_Using_Information_Technology_To_Comba
t_Economic_Crime

23 Ibid.
25 | P a g e

opportunity to integrate security measures at the early stage rather at a later stage. It may be
cheaper at the early point to integrate security in IT development. The only thing is that it may
require upfront investments. Strategies must be formulated early enough to prevent economic
crimes, develop counter measures including development and promotion of technical means of
protection.
In other words, nations should be proactive in crime prevention and management. Fighting
economic crimes after they have occurred can be very expensive and difficult.
Awareness can be a very important economic crimes prevention, control and detection measure.
Increasing public awareness will play a very significant role especially in the case where
regulations are not well enforced. Governments should have a clear concept, proper structure and
process of enforcement for increasing public awareness. Educational systems have to be
restructured to equip the youths and indeed the public to cope with the changing times in the
economy in positive ways. Other ways of creating awareness is through workshops and seminars
and through moral upbringing of young ones by homes and religious organizations.

26 | P a g e

BIBLIOGRAPHY
Books

Karnika Seth, Cyber Laws in the Information Technology Age, 1st ed., 2009, Lexis

Nexis, Butterworths Wadhwa, Nagpur.

Dr. Sarla Gupta and Beniprasad Agrawal, Information Technology, Law and Practice,
2009, Premier Publishing Company, Allahabad.

Websites

www.academia.edu
www.csi-india.org
www.definitions.uselegal.com
www.ncbi.nlm.nih.gov
www.pwc.in
www.utica.edu
www.worldwidelearn.com

27 | P a g e