Recent examples of cyber crime & eCommerce fraud

related investigations in India

Cyber Crime statistics in India
* taken from National Crime Records Bureau website

Incidence Of Cases Registered Under Cyber Crimes

IT Act IPC

Year 2005 2006 2007 2005 2006 2007

India 179 142 217 302 311 339

Person Arrested Under IT Act By Age Group During 2007 (2006)

Age <18 18-30 30-45 45-60 > 60 Total

Group
IT IPC IT IPC IT IPC IT IPC IT IPC IT IPC

India 2 4 97 126 46 237 9 61 0 1 154 429

Cyber Crime statistics in India
* taken from National Crime Records Bureau website

Incidence Of Cases Registered And Number Of Persons Arrested Under Cyber Crimes
IT Act during 2007 - All-India
S.No. Section Crime Head Cases Persons
registered Arrested
A Offences under IT Act

1 65 Tampering with computer source documents 11 2

2 Hacking computer systems

2a 66(1) Loss/damage to computer resource/utility 30 25

2b 66(2) Hacking 46 23
3 67 Obscene publication/transmission in electronic form 99 86
4 68 Failure of compliance/orders of Certifying Authority 2 1

5 69 Failure to assist to decoy the information in interception by Govt. Agency 2 0

6 70 Unauthorized access/attempt to access protected Computer System 4 0
7 71 Obtaining license or Digital Signatures my misrepresentation/suppression 11 11
of facts
8 73 Publishing false digital signature certificate 0 0
9 74 Fraud Digital Signature 3 3
10 72 Breach of Confidentiality 9 3
TOTAL of A 217 154
Cyber Crime statistics in India
* taken from National Crime Records Bureau website

Incidence Of Cases Registered And Number Of Persons Arrested Under Cyber Crimes
IPC during 2007 - All-India
S.No. Section Crime Head Cases Persons
registered Arrested
B Offences under IPC

1 193 False electronic evidence 0 0

2 204, 477 Destruction of electronic evidence 0 0

3 463,465,466,468,469, Forgery 217 264

471,474,476,477A

4 405, 406, 408, 409 Criminal Breach of Trust 73 85

5 489 Tampering 5 8
6 489A to 489E Counterfeiting currency/stamps/property/marks 44 72

TOTAL OF B 339 429

GRAND TOTAL (A+B) 556 583

Cyberstalking

¾ Facts:
™ One Mrs. Ritu Kohli complained to the police against the a person who was using her
identity to chat over the Internet at the website www.mirc.com, mostly in the Delhi
channel for four consecutive days.
™ Mrs. Kohli further complained that the person was chatting on the Net, using her name
and giving her address and was talking obscene language. The same person was also
deliberately giving her telephone number to other chatters encouraging them to call
Ritu Kohli at odd hours.
™ Consequently, Mrs Kohli received almost 40 calls in three days mostly at odd hours from
as far away as Kuwait, Cochin, Bombay and Ahmedabad. The said calls created havoc in
the personal life and mental peace of Ritu Kohli who decided to report the matter.
¾ Investigation: By Delhi Police
™ the IP addresses were traced and the police investigated the entire matter and ultimately
arrested Manish Kathuria on the said complaint. Manish apparently pleaded guilty and was
arrested.
¾ Actions:
™ A case was registered under section 509, of the Indian Penal Code (IPC). Nothing in IT Act.
Blackmailing

¾ Facts:
¾ A Dubai based NRI was lured by anonymous women on internet who after winning his
confidence and love started blackmailing him under the guise that the first women with
whom the NRI got befriended had committed suicide and police is investigating the case
and seeking NRI’s details. The accused also sent fake copies of the letters from CBI, High
Court of Calcutta, New York police and Punjab University etc. The NRI by that time had
paid about Rs. 1.25 crore to the accused.
¾ Investigation: By Mumbai Police
¾ Thankfully, the NRI has saved all the emails which he has so far received from the
strangers he has been communicating with. The I.P. Address embedded in all e-mails
received by complainant reveals the origin of the emails. The man assuming these various
identities is a single person.
¾ Actions:
¾ Charges framed u/s 292, 389, 420, 465, 467, 468, 469, 471, 474 IPC read with Section 67
of IT Act.
Hacking – Gaining illegal access

¾ Facts:
¾ Two BPO employees gained illegal access to their company’s computer system
by hacking with the passwords. They conspired with son of a credit card holder
and illegally increased the credit limit of the card and changed the communication
address so that credit card statement never reaches the original card holder. The
credit card company was cheated about Rs. 7.2 laks.
¾ Investigations: By Chennai police
¾ The computer system of the BPO company were examined along with the
computer logs showing the access to the computer systems by the accused. The
presence of accused was also verified with the attendance register.
¾ Actions:
¾ Charges framed u/s 120(B), 420, 467, 468, 471 IPC and Section 66 of IT Act.
Phishing

¾ Facts:
¾ The defendants were operating a placement agency involved in `head-hunting'
and recruitment. In order to obtain personal data which they could use for
head-hunting, the defendants composed and sent emails to third parties in
NASSCOM's name.
¾ Actions:
¾ Injunction (Anton Piller Order) and Rs. 16 lakhs damages – Nothing in IT Act
¾ Case Law:
¾ National Association of Software and Service Companies vs. Ajay Sood &
Others, Decided by Delhi High Court in 2005
Obscenity – Hosting obscene profiles

¾ Facts:
¾ Some unknown person had created an email ID using the name of a lady and
had used this email ID to post messages on five Web pages describing her as a
call girl along with her contact numbers.
¾ Investigation: By Chennai police
¾ The IP address and log details were obtained from ISP which were traced to two
cyber cafes in Mumbai. Complainant revealed that she had refused a former
college mate who had proposed to marry her. Police arrested this person and
examined his SIM card which contained complainant’s number and cyber café
owner also identified this man.
¾ Actions:
¾ Charge Sheet was filed U/S 67 of IT Act 2000, 469 and 509 IPC – Accused is
sentenced for the offence to undergo RI for 2 years {State of Tamil Nadu Vs
Suhas Katti, CMM, Egmore, Chennai in 2004}.
Cyber Defamation

¾ Facts:
¾ A company’s employee started sending derogatory, defamatory and obscene
emails about company’s Managing Director. The emails were anonymous and
frequent and were sent to many company’s business associates to tarnish the
image and goodwill of the company.
¾ Investigation:
¾ The accused was identified by the company by the private computer expert.
¾ Actions:
¾ Delhi High Court granted an injunction and restrained the employee from
sending, publishing and transmitting emails which are defamatory or
derogatory to the plaintiffs {SMC Pneumatics (India) Private Limited v.
Jogesh Kwatra}.
Credit Card Frauds – Air Tickets

¾ Facts:
¾ More than 15000 credit cards were fraudulently used to book Air ticket through
the Internet.
¾ Total about Rs. 17 crore.
¾ The fraud had come to light after the of credit card holders approached the
Card Issuing Bank saying they had never booked a ticket. The airline had
charged the amount to the bank, which in turn, had passed on the tab to its
customers.
¾ Investigation:
¾ The gang had booked tickets online using credit card numbers obtained from
restaurants, hotels, shopping malls and other retail outlets. The tickets were
booked from cyber cafes in Mumbai, Delhi, Chennai, Kolkata and Bangalore.
¾ Actions:
¾ Charges framed under IPC.
Data Theft

¾ Facts:
¾ 24-year-old Nadeem Hamid Kashmiri employee of HSBC BPO allegedly
accessed personal information, security information and debit card information
of some customers and these details were passed on to the fraudsters who
diverted £233,000 (approx Rs. 2 crores) from the clients' accounts,.

¾ Actions:
¾ A case has been registered under Sections 66 and 72 of the IT Act and 408,
468 and 420 of the Indian Penal Code.
Tampering with computer source code (also a Copyright
Infringement)

Syed Asifuddin & Ors. v State of Andhra Pradesh & another - 2005 CrLJ 4314
(AP)
¾ A big mobile services company launched a famous scheme wherein this company
was giving an expensive hand-set at a very low cost but with a lock-in period of 3
years in which the mobile subscriber has to pay a fixed monthly rental and a
premium call charge to such mobile services company.
¾ A special computer program / technology was used by this mobile services company
wherein the hand-set can only be used with this mobile services and not with other
mobile services.
¾ Employees of a completing mobile services company lured the customers of the
above company to alter / tamper with the special (locking) computer program /
technology so that the hand-set can be used with the competing mobile services.
¾ Held:
¾ Such tampering is an offence u/s 65 of IT Act as well as
¾ Copyright infringement u/s 63 of Copyrights Act.
Indian ‘John Doe’ sued

¾ John Doe explained:

¾ In the United States, the name John Doe is used for a defendant or victim in a
legal example or for a person whose identity is unknown or is intended to be
anonymous.
¾ Facts:
¾ Integrix (India) Pvt. Ltd received offending emails from this anonymous email
ID (ashokintegrix@yahoo.co.in), which it said were defamatory and damaging
to the company and its directors.

¾ Actions:
¾ Delhi High Court allowed the company to sue an IP address `IP address
number 61.246.153.106, C/o Bharti Infotel, which is named as first Defendant.
Other sued are Yahoo Company (whose email ID used) & Bharti Infotel (the
ISP).
ILOVEYOU Worm

¾ Facts:
¾ Also know as VBS/Loveletter and Love Bug worm
¾ It began in Philippines on 4th May 2000 and spread over the world in one day through email
boxes. It infected 10% of all computers connected to the internet. Only Microsoft windows
operating system effected.
¾ Subject line: “ILOVEYOU”. Attachment LOVE-LETTER-FOR-YOU.TXT.vbs
¾ Damage about Rs. 22,000 Crore
¾ The Pentagon, British Parliament and most of the corporation shut down the email systems to
get rid of this worm.
¾ Affecting:
¾ The worm search all drives which are connected to the infected computer and replace files
¾ The worm propagates by sending out copies of itself to all entries in the Microsoft Outlook
address book
¾ Action:
¾ There was no law against virus writing in Philippines, hence prosecutors dropped all the charges
against the offender. Govt. of Philippines enacted a Philippines eCommerce Law on 14th June
2000 to deal with Cyber Crime.