TAXONOMY OF CYBER CRIMES: AN OVERVIEW

Reading time : 10 minutes

INTRODUCTION

Information and communication technology has shaped an incredible platform for society by enabling it to grow by leaps and bounds. The Technology and Internet have helped the community to develop in every aspect and has brought the world closer. The Internet is one of the greatest inventions of all time. It has perfected into the wonderful and fastest system of communication. Today, it is impossible to imagine a world without technology and the internet. It has impacted in such a way that no aspect of human life remains unaffected or uncovered by it. From communicating to shopping, for almost everything, Humans are dependent on the Internet. We can easily say that the Internet and Technology have made our lives easier. However, like two sides of the coin, technology comes with its advantages and disadvantages. The world full of the Internet and forever evolving technology has given us a whole new era of crime. While the Internet is a gift of science to humankind, but at the same, it has become a haven for criminals. Due to their unique characteristics and complexity, these crimes have imposed the biggest challenge to the legal system worldwide. Cybercrimes are the product of the Internet and Technology. It is evolving in thousands of different ways. These crimes are highly advanced, and the criminals are also skilled. The taxonomy of cybercrime gives us a comprehensive introduction to the terms related to it.

DEFINITION AND MEANING OF CYBERCRIMES

Due to the complex nature of cybercrime, it is challenging to define it in limited and straightforward terms. Moreover, as the concept of cybercrime is very new and complex, it is understood differently by different thinkers.

 To understand the meaning of cybercrime, it is crucial to understand the relationship between “Computer Crime” and “Cybercrime” as both terms are used interchangeably in the same context. Computer crimes include both crimes committed on or by the use of the Internet and offences committed to or with the help of the computer.

 Computer crimes are when the perpetrator uses special knowledge about computer technology, and cybercrime is when the perpetrator uses the special knowledge of cyberspace.[1]

There is no single definition of cybercrime, as it covers a wide range of criminal conduct. Different authors and organization tried to define in their way. Some of the standard definitions of cybercrimes are:

  • Cybercrime is a criminal act that either target or uses a computer or computer network, or network device to carry out criminal activity.[2]
  • According to the U.S. Department of Justice (the “DOJ”)[3], cybercrimerefers to any illegal activity for which a computer is used as its primary means of commission, transmission, or storage.
  • Cybercrime is defined as any criminal offence facilitated by or involves electronic communications or information systems, including any electronic device, computer, or the Internet.
  • Any activity that involves unauthorized and unlawful access to or utilization of computer system or networks to temper data or intentionally transacts anything illegal with the help of a computer and the Internet can be broadly called a cybercrime.

TYPOLOGY IN CYBERCRIME

Due to the complex nature of cybercrime, the interpretation of it varies. Consequently, there are different approaches to develop a classification system of cybercrime. However, in all of the approaches, there is a significant role of the computer in the commission of cybercrime. Ian Walden and some other writers have divided cybercrime into three general categories regarding the role of the computer.

Taxonomy by Ian Walden as regarding the role of computer

  • Computer as the target of the crime: A computer system itself is used for any unauthorized or unlawful purpose. It involves hacking the computer for erasing data, identifying theft, denial of service attack, or terrorist activity threatening the critical infrastructure.
  • Computer as the tool of the crime – A computer is used as the instrument or means to commit a crime, including many traditional crimes as computer assist in the commission of the crime.  For example, fraud, forgery, blackmailing, stalking, creating and distributing obscene and pornographic material.
  • A computer is incidental to other crime – it refers to the situation where the computer is not needed for the commission of the crime, but in some way it is connected to the crime committed. A computer may contain evidence or information regarding the crime. Such information or evidence is of high evidentiary value in any prosecution for the crime—for example, bookkeeping crimes and drug shipment.

TYPES OF CYBERCRIME

1.Hacking

Hacking is an uncontrollable and mischievous criminal act. It can be defined as unauthorized or illegal access to gain control over a computer network security system for some illicit purpose. It is identifying and exploiting the weakness in computer or computer networks. Hacking is also regarded as the form of cyber trespass, which is an invasion of private space on the Internet by the Hacker.

Who is Hacker?

According to the New Oxford Dictionary of English, 1998, ‘Hacker is a person who uses a computer to gain unauthorized access to data. Hackers are cybercriminals who are specialized and skilled in computer technology. They mostly work for profit or have a political objective.

Types of hacking

E-mail hacking, Network hacking, Password hacking and Computer Hacking.

Hacking Specific Legislation in India

The offence of hacking is, by name not there in the IT (Amendment) Act,2008, but it has been qualified with necessary mens rea under Section 43 to be read with Section 66 of the Act.[4] It says that acts that destroys, deletes, or alter any information residing in a computer resource or diminishes its value or utility or affect it injuriously by any means are to be punished criminally if it is done dishonestly and fraudulently.

ELEMENTS OF CYBER HACKING

  • Mens rea –there should be a fraudulent or dishonest intention, causing wrongful loss or damage to any person.
  • Unauthorized access – there should be unauthorized access i. e hacker is not entitled to or does not have consent to access the data or the information.

PENALTY

When the accused is made criminally liable, he is punished with imprisonment up to three years or with a fine which may extend to five lakh rupees, or with both.

2. DENIAL OF SERVICE (DoS) ATTACKS

A denial of service attack is the denial of access to the legitimate users of the Internet by disallowing them to receive legitimate messages and information.[5] It is a malicious attempt by a single person or a group of person to cause the victim or site to deny the service to its customer. When it is done on a wide scale is known as distributed denial of service (DDoS). It includes the attempt to spam a network to prevent network traffic and attempt to disrupt the service to the specific system or computer. For example – Thousands of individual computers are directed to access some website like Amazon at the same time, causing interruption to the service.

In India, the Information Technology Act, 2000, Denial of Service, is included in chapter IX in Section 43 (f). Section 43 of Information Technology, 2000 states that,  If any person without the permission of the owner or any other person who is in charge of a computer, computer system or computer network,

(f) Denies or causes the denial of access to any person authorized to access any computer, computer system or computer network by any means;

This subsection read with section 66 regards it as an offence.

3. CYBER OBSCENITY

With the growth of technology and the internet, the ambit of the crime of obscenity has also been expanded. Today pornographic material is freely or readily available to the entire internet user with great ease and no value. Obscenity is a global issue. Obscenity is related to the concept of morality and decency.  The meaning of obscenity can vary from society to society.  Something immoral or obscene for one maybe is not for others. Depending upon the standards and morals existing in a particular community, the definition of the term obscenity may differ.

 In the case of Samarseh Bose V, Amal Mitra[6] , the court held that obscenity is a subjective issue and may differ from society to society or judge to judge.

 In simple terms, we can say that Cyber obscenity includes a pornographic website, pornographic magazines produced using computers to publish and print the material and the internet to download and transmit pornographic pictures, photos, writing etc. Cyber pornography refers to stimulating sexual or other sexual activity over the Internet.[7]

Legal Provisions Relating Cyber Obscenity:

In India, the Indian Penal Code, 1860 And the Information Technology Act, 2000 describes obscenity as a crime. The traditional law of obscenity is contained in section 292 – section 294 of the Indian Penal Code. Section 292 of the Indian Penal Code prohibits the sale, distribution or exhibition of obscene material.[8]

Section 67 of the Information technology Act, 2000 provides punishment for publishing obscene material in electronic form.

ELEMENTS OF SECTION 67 OF IT ACT, 2000

  1. The conduct must include publication or any material that is lascivious in nature or appeals to the prurient interest or effect. It can corrupt the mind of the person who is likely to read, hear, or see such material.
  2. Such publication should be in electronic form

Punishment

  • First conviction – imprisonment, which may extend to three years and fine which may extend to five lakh rupees
  • Second conviction – imprisonment, which may extend to five years and fine which may extend to 10 lakh rupees

Section 67 A – Punishment for publishing or transmitting material coning sexually explicit acts, etc., in electronic form. It states that the act which depicts sex appealing activities in electronic form is also punishable. Section 67 B applies as an exception to the section mentioned above. Apart from Section 67,67 –A, and 67- B, Section 66 –E  also relates to obscenity resulting from a violation of privacy.

4.CHILD PORNOGRAPHY

 Child pornography is about visualizing the images of underage engaged in sexual activities. It refers to those images created through sexual exploitation or abuse of children sexual activity and the circumstances which render such activity exploitative and abusive. It is a subset of Child abuse. The main reason behind the rise  in  child pornography is the vast accessibility to the porn material, the anonymity of the offender and the instant availability of material.

There are three stages through which the entire malpractice of child pornography passes: production, distribution, and then downloading such material. Production involves the creation of pornographic material using different gadgets like camera or phone. Then distribute it to the paedophiles via text messages, upload it on websites, P2P Networks, and lastly, downloading it.

Legal Provision Regarding Child Pornography

Earlier in India, though obscenity was worded in the Indian Penal code under section 292 and 293, there was no separate provision criminalizing Child pornography. However, later by The Information Technology (Amendment Act),2008  distinction has been made between mainstream pornography and child pornography under section 67-B[9].Section 67- B OF Information Technology Act, 2000 prescribes the punishment for publishing or transmitting material depicting children in the sexually explicit act in the electronic form. Browsing or downloading child pornography online has also been criminalized under the act. It is a severe offence.  In Kamal Vaswani V Union Of India [10], the sc has expressed concern about child pornography and directed to ban the sites relating to it.

5. CYBERSTALKING

Stalking is something that almost everyone has experienced once in life, primarily women while returning from college, schools, or workplaces; some eyes keep following every action. Similar to it, Cyber Stalking is following every movement of the internet user. It is an Internet born crime that involves using technology (most often, the Internet) to make someone else afraid or concerned about their safety. [11] It means using the Internet or other electronic means to harass, annoy, intimidate, defame or make unwarranted advances towards another. It is one of the forms of cyberbullying.  This is often done because of strong liking or obsession or for vengeful purpose . Cyberstalking mainly consists of making threats, monitoring every movement of the victim, identity theft blackmailing. There can be different psychological reasons behind stalking like jealousy, obsession, attraction, hatred, rage or psychiatric dysfunction. Though the cyberstalker does not harass the victim physically, they do commit this offence digitally. Cyberstalking spoils the healthy mindset of the victims and Leaves a devastating effect on the victims’ minds.

Means of cyberstalking – unsolicited e-mails, spamming, flaming, thronging victims, computer with a key logger, spyware and viruses

Profile of the stalker – It is not necessary that the stalker must be a habitual offender. Anybody can be a stalker if they have some motive or intention. A stalker is a psychological case. In psychological term are the people suffering from erotomania[12]. He can be an obsessive stalker, delusional stalker or vengeful stalker.

INDIAN LAW

The Criminal Amendment Act 2013, Stalking has been made a separate offence in chapter XVII by adding Section 345 D of the Indian Penal Code, 1860. With regards to cyberstalking, it says that Any man who monitors the use by a woman of the Internet, e-mail or any other form of electronic communication; commits the offence of stalking, shall be punished on first conviction with imprisonment of either description for a term which may extend to three years, and shall also be liable to fine; and be punished on a second or subsequent conviction, with imprisonment of either description for a term which may extend to five years, and shall also be liable to fine.

Under Information Technology Act, 2000 – For data protection, IT Amendment Act, Section 43A has been included. It states that If a firm or a company transmits sensitive information about a person, according to the Act,  such body corporate will be liable to pay the damages by compensation. Under Section 67 of the Act, prescribe punishment for when a stalker sends or posts any obscene content to the victim via electronic media. As per the provision provided in the law, when a stalker misuses a victim’s personal information to publish an obscene message or comment on any electronic media is also punishable.

6. CYBERSQUATTING

Cybersquatting is another crime of this internet age. Squatting denotes occupying an abandoned place o rebuilding not belonging to such occupier. The term Cybersquatting means registering, trafficking or making misuse of a domain name. The main intention behind committing this crime is to steal a domain name to receive profits from the goodwill of another trademark or business house.

Concept of Domain Name

 A domain name is the linguistic version of internet protocols (IPs).In a virtual world, domain names become the exclusive identity of an organization. It reflects the goodwill and reputation of the business. Therefore domain name is treated at par with trademarks, and the same legal protection is also given to it. The internet corporation for assigned names and number (ICANN) adopted The Uniform Domain Name Dispute Resolution Policy on 24th October 1999. This policy provides for the administrative proceeding for trademark holders to contest ‘abusive registration of domain name’ and gives the registrar the power to cancel, transfer or suspend a domain name in case of a dispute. It also has provision for the actual trade name owner to have the cause of action against a domain name registrant who registers or uses such names which are identical to the name belonging to the actual owner for monetary gain.

In La Russa V. Twitter Inc[13]La Russa accused Twitter of Cybersquatting as twitter used the name of La Russ with his picture and the statement that ‘hey there! Tony La Russa is using Twitter,” which encouraged many to join. He claimed that the intention was to divert the tariff from the original La Russa website and profit from his name. Later there was a settlement and voluntary dismissal of the case.

In India, the Information technology act, 2000 does not address the domain name. But as the domain name is identical with the trademark, the protection is accorded in the Trade Mark Act, 1999. As Cybersquatting is an offence related to the domain name and their registration, Information Technology Act, 2000 is also silent about Cybersquatting. However, in some cases, courts have thrown some light on this topic:

In the case of Yahoo Inc V. Akash Arora[14] , the Delhi high court awarded relief to Yahoo! Inc’s petition against the defendant using the domain name Yahooindia.com for their services. The plaintiff contended that the defendant had copied the format, content, layout, colour scheme of their website. The defendant claimed that the domain name belonging to the plaintiff was not registered in India; therefore, there is no trademark infringement, and yahoo is a general word and did not have distinctiveness. The court rejected the defendant’s contention and gave its decision in favour of the plaintiff. It was held that the general term yahoo had acquired the identity with the business of the plaintiff’s company. The court granted an injunction against the defendant from using the word yahoo in its domain name.

Rediff communication ltd v Cyberbooth [15], the single bench judge deliberated upon the protection of domain name in India. In this case, the defendant had registered the domain name ‘radiff.com’, similar to the plaintiff’s domain name ‘rediff.com’. The court favoured the plaintiff and was convinced that there was a clear intention to deceive on the part of the defendant. it was of the opinion that the high importance and value attached to a domain name makes it a significant corporate asset of any company

7. INTERNET FRAUD

Online fraud or internet fraud refers to any fraud scheme that uses one or more Internet components to present fraudulent solicitation to prospective victims, conduct fraudulent transactions, or transmit the proceeds of fraud to the financial institution or other connection to the scheme.[16] It is an internet scam where the fraudster lures the victims. The motive of the fraudster is mainly economical. Internet fraud is an umbrella term that covers cybercrime fraud, including crimes like identity theft and identity fraud, phishing, credit card frauds, market manipulation schemes.

  • Credit Card Fraud:  Credit card fraud is an internet crime when a fraudster acquires all the details about the victim’s credit or debit card in an attempt to steal money or make purchases. It means obtaining the information regarding CVV, Card number through various methods that include taking advantage of a victim’s gullibility. The fraudster offers appealing credit card or bank loan deals to get the details. The main reason for such fraud is a lack of awareness amongst the customers. For example, a victim might receive a message/ call from their bank telling them they are eligible for a particular loan.
  • Identity Theft and Identity Fraud:  These are the term used to refer to all types of crime in which wrongfully obtains and uses another personal identity or personal data to involves fraud or deception for economic gain. This can be coupled with other crimes.
  • Phishing /SMS Spoofing: Phishing is a form of cyber fraud where the attacker claims to be legitimate institutions and collects sensitive information used to commit a crime. Here the attacker set up a mimic website and create a fake identity that the victims believe to be true. Once the attacker manages to get the information, the victim is redirected to the original website.
  • Spamming: It simply means sending the e-mails in bulk to misguide the users. Cyber attacks via spam e-mails (unsolicited bulk messages) remain one of the primary vectors for disseminating malware and many predicate forms of cybercrime. Monitoring spam as potential cybercrime can help prevent by observing changes in attack methods, including the type of malicious code and the presence of criminal networks.
  • Internet auction fraud: Online auction happens on-site like eBay. It means the victim as a buyer placed a bid but never gets the product or gets the wrong product.

8. CYBER DEFAMATION

Defamation traditionally means the false statement to destroy/cause harm to the character or reputation of another. For instance, when A says B is a thief to destroy his reputation, A is said to commit defamation against B. As the Internet is emerging as a robust platform for communication via social media, give also has given a field to the offence of defamation.  It is very easy to post stuff online. It provides an open offer to present their thoughts and ideas.  Cyber defamation is very much similar to traditional defamation mainly because the primary purpose of both of them is to cause harm to the good reputation of the person. Cyber defamation means harm /injury to the reputation of the individual through cyberspace.  The computer or Internet is tools that are used in cyber defamation. The leading platforms are Facebook,  Twitter and Google, as they provide anonymity to the wrongdoer. It is very easy to make a fake user account, write a defamatory statement about anyone, and easily get away with it. E-mails, blogs social networking sites like Facebook, My Space, Twitter are some main platform to defame someone.

Elements of  Cyber defamation

1. The statement must be defamatory – a statement can be made by words or by signs or by visible representation. A statement made tends to diminish the reputation of the person

2. The defamatory statement must refer to the plaintiff- the defamatory comment must refer to the person or the class of persons. It can be in expressed or implied form

3. The mala fide intention of the wrongdoer – there must be an intention to cause harm to the reputation of the person

4. The statement  must be published or should be communicated to the third person

5. The statement must be false and frivolous

6.  The use of computer or internet

In India, defamation is treated both as a tort and as an offence. The concept of defamation in fact, is a mixed concept, partly subjective and partly objective.[17] The law of defamation in India is made exhaustive under section 499 of the Indian penal code. The law of defamation under the penal code makes the printer, seller and the maker liable under Sections 500, 501 and 502

9. CYBER TERRORISM

Cyber terrorism is a type of cybercrime. It is defined as the use of computer or computer networks to engage in terrorism. The most widely accepted definition of cyber terrorism is that it is” a criminal act perpetrated by the use of computers and computer network resulting in violence, destruction or disruption of services to create terror and fear in the mind of people to influence with the government or people to conform to a particular political, social or ideological agenda.[18]’’

 According to the U.S. Federal Bureau of Investigation, ” Cyber terrorism is any premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against non-combatant targets by sub-national groups or clandestine agents.”

Activities such as publication of terrorism ideologies and propaganda, raising funds for a terrorist activity like training and equipment, recruiting and giving training to the members, obtaining the information, financing the campaign.

10. VIRUS/ WORMS ATTACK

A virus is the instruction hidden within the computer programs and is designed to cause faults or destroy the data. It gets attached to a computer or the file and replicate itself and circulate to other files. In India, the IT act defines the term virus in Section 43 as any computer instruction, information or data that destroy, damages, degrades or adversely affects the performance of a computer or attaches itself to another computer and operates when the programme, data or instruction is executed in that computer.

A Worms is a program that travels from one computer to another without attaching itself to the computer’s operating system and later infects the operating system of any computer that uses a file taken from an infected computer.[19]

CONCLUSION

Computers don’t commit a crime. However, the computer, hand in hand with the internet, has given birth to a whole new generation of crime. The internet is elegant, resilient and multifunctional, but at the same time, it is not innocuous. With the increase in popularity of the internet, cybercrime is also increasing in number. Internet being a global phenomenon will undoubtedly have numerous drawback. Cybercrime is evolving day by day. India has made a vital stride in checking Cyber Crimes by the institution of the Information Technology Act and by giving restrictive forces to the police and different specialists to handle such wrongdoings. However, we require much more effort to formulate legislation on the use of the internet to curb the imminent danger of cybercrime and achieve cyber free space.


[1] Donn B. Parker, cybercrime: Vandalizing the Information Society (Addison – Wesley,2002)

[2] Suresh T. Vishwanathan, ‘The Criminal Aspect In Cyber Law’ In The Indian Cyber Law ( Bharat Law House (P) Ltd. 2001) 81

[3] Koba Associates, Computer Crime: Expert Witness manual

[4] Information Technology Act 2000, India Available At https://www.meity.gov.in/content/information-technology-act-2000  (last visited on 20th June 2021)

[5] ‘Hackers Attack’ August 2003 Reader’s Digest, 85

[6] (1985) 4 SCC 289

[7] E-Bhasin,  “The Internet Service” available at https://www.scribd.com/document/216575082/Obscenity-and-Child-Pornography-Applicability-of-Hicklin-Test ( last visited on 20th June 2021)

[8] Available at https://lawtimesjournal.in/obscenity-under-ipc/ (last visited on 17th June 2021)

[9] Inserted by virtue of section 32 of the IT (Amendment ) Act,2008 (10 of 2009)

[10] W.P (c) 177/2013, Supreme Court Of India

[11] Fisher, B.S., F.T. Cullen, and M.G. Turner, Being pursued: Stalking victimization in a national study of college women. Criminology & Public Policy, 2002. 1(2): p. 257-308

[12] It is a mental condition, a delusion in which the person gets obsessed  with another person

[13] Case No CGC -09-488101:2009 WL -1569936

[14] (1999)19 PTC 201(Del).

[15]  AIR 2000 Bombay 27

[16] Available at https://2009-2017.state.gov/j/inl/rls/nrcrpt/1999/928.htm ( last visited on 15th June 2021)

[17] Ratarnlal  Ranchhoddas and Dhirajlal Keshavalal Thakore, the Indian penal code ( 31st ed. , reprint 2007) 2554

[18]  The U.S. National Infrastructure Protection Center, available at https://www.lawyersnjurists.com/article/cyber-terrorism-2/ ( last visited on 18th June 2021)

[19] Jonathan Roosenoer, cyber law (R.R Donnelley and sons, Harrison, BURG, NEW YORK, 1997) 172

Author: APURVA SAHU

Editor: Kanishka VaishSenior Editor, LexLife India.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s