Site icon Lawful Legal

Navigating Cyber Attacks: Case Law Insights on Legal Challenges and Defenses

Author- Kanak Sharma, Faculty of Law, Aligarh Muslim University

Abstract 

Cyberattacks have become a significant threat in the digital era, posing risks to individuals, corporations, and governments worldwide. With the increasing dependence on technology and the internet, cyber threats like data breaches, malware, ransomware, and Distributed Denial of Service (DDoS) attacks have escalated in both frequency and complexity. These attacks lead to financial losses, damage to reputation, and disruption of essential services, making cybersecurity a critical issue. This article attempts to establish a fundamental understanding of Cyber Attacks with the help of some case laws.

Introduction

The big Technological shift from nothing to Landline phones and then to Mobile Phones, we human being are so equipped with the technology that it has become a part of our lives. The role with technology plays in our day to life is now indispensable and by technological evolution the functions of workspace, learning in schools and colleges has become easier. There are various great advantaged of this technological evolution and its adaptability.

Though it has its own setbacks and some of the setbacks are so grave that they might pose and ever bigger danger that what has been the advantages of the shift.

One big setback is Cyber Security. With the growing virtual environment there arise a need to establish security measures in the virtual environment too. The steps to make the virtual platform safer will increase people’s faith on the virtual platform and enhance the adaptability among people which will eventually to technological advancement.

The bottom-line is that Cyber Security is what Police is to the state. Cyber Attack is one such threat which has to be prevented for establishing Cyber Security.

Cyber Attack

A cyber attack is a set of actions taken by threat actors to gain unauthorised access, steal data, or damage computers, computer networks, or other computing systems. A cyber attack might originate from anywhere. An individual or a group can carry out the attack utilising one or more tactics, methods, and procedures (TTPs).

Individuals that conduct cyber attacks are known as cybercriminals, threat actors, bad actors, or hackers. They can act alone, alongside other assailants, or as part of an organised criminal group. They attempt to uncover flaws in computer systems and exploit them to accomplish their objectives.

When starting cyber attacks, cybercriminals may have a variety of motivations. Some commit terrorist acts for personal or financial gain. Others are “hacktivists” who work for social or political reasons. Some assaults are part of cyberwarfare operations carried out by nation states against their adversaries, while others are carried out by known terrorist groups.

How is Cyber Attack a Threat?

A cyber or cybersecurity threat is a harmful act that attempts to harm, steal, or disrupt digital life in general. Cyber threats include computer viruses, data breaches, Denial of Service (DoS) assaults, and other types of attack vectors. Cyber attacks can cause power outages, military equipment failures, and the revealing of national security secrets. They can lead to the theft of valuable and sensitive data, such as medical information. They have the ability to interrupt phone and computer networks as well as paralyse systems, rendering data unavailable.

Shreya Singhal v. Union Of India ((2013) 12 SCC 73)

Facts of this case : Two ladies were detained under Section 66A of the IT Act for allegedly posting inflammatory and objectionable comments on Facebook about the complete shutdown of Mumbai following the death of a political leader. Section 66A of the IT Act penalises anybody who uses a computer resource or communication to send or receive material that is offensive, false, or causes irritation, discomfort, danger, insult, hatred, hurt, or ill will.

Following the arrest, the women filed a petition contesting the validity of Section 66A of the IT Act, claiming that it violates free speech and expression.

The Supreme Court’s judgement was founded on three concepts: dialogue, advocacy, and incitement. It was observed that just discussing or advocating for a topic, no matter how controversial, is at the heart of free speech and expression. Section 66A was found to be capable of restricting all forms of communication, and it made no distinction between mere advocacy or discussion on a particular cause that is offensive to some and incitement by such words leading to a causal connection to public disorder, security, or health, among other things.

In response to the question of whether Section 66A aims to shield individuals against defamation, the Court stated that Section 66A condemns offensive utterances that may irritate an individual but do not harm his reputation.

However, the Court also stated that Section 66A of the IT Act does not violate Article 14 of the Indian Constitution because there is a discernible distinction between information given via the internet and information sent via other modes of expression. Furthermore, the Supreme Court did not even address the procedural unreasonableness claim because it is unlawful on substantive grounds.

Shamsher Singh Verma v. State of Haryana 2015 SCC Online SC 1242

In this case, the accused filed an appeal with the Supreme Court after the High Court denied the accused’s request to exhibit the Compact Disc presented in defence and have it verified by the Forensic Science Laboratory.

The Supreme Court ruled that a Compact Disc is a document as well. It further stated that it is not essential to acquire admission or denial of a document from the accused, complainant, or witness in person under Section 294 (1) of the CrPC.

Syed Asifuddin and Ors. v. State of Andhra Pradesh and Anr. (2005 Cri LJ 4314)

Under the Dhirubhai Ambani Pioneer Scheme, the subscriber acquired a Reliance device as well as Reliance mobile services. The user was enticed by better tariff options offered by rival service providers and desired to switch. The petitioners (TATA Indicom employees) hacked the Electronic Serial Number (hereafter referred to as “ESN”). The Reliance phones’ Mobile Identification Number (MIN) was permanently merged with ESN, and reprogramming of ESN caused the device to be validated by Petitioner’s service provider rather than Reliance Infocomm.

Questions before the Court: 

i) Whether a telephone handset is a “Computer” under Section 2(1)(i) of the IT Act?

ii) Does manipulating the ESN loaded into a mobile device constitute a change of source code under Section 65 of the Information Technology Act?

Decision: 

(a) Section 2(1)(i) of the IT Act defines a “computer” as any electronic, magnetic, optical, or other high-speed data processing device or system that performs logical, arithmetic, and memory functions by manipulating electronic, magnetic, or optical impulses, as well as all input, output, processing, storage, computer software, or communication facilities connected or related to the computer in a computer system or computer network. As a result, a telephone handset falls within the definition of “computer” in Section 2(1)(i) of the IT Act.

(b) ESN modification allows other service providers, such as TATA Indicomm, to use previously exclusive devices. As a result, changing an ESN is a violation of Section 65 of the IT Act since each service provider is required to have its own SID code and assign a unique number to each instrument used to access the services supplied. As a result, the petitioners’ conviction cannot be overturned under Section 65 of the IT Act.

Christian Louboutin vs. Nakul Bajaj & Ors.  [(2018) 253 DLT 728]

Facts: The Complainant, a luxury shoe maker, filed a complaint seeking an injunction against an e-commerce portal www.darveys.com for engaging in trademark infringement with the sale of counterfeit goods.

The Court was asked if the defendant’s use of the plaintiff’s trademark, logos, and picture was protected under Section 79 of the IT Act.

The Court determined that the defendant is more than an intermediary because the website has complete control over the things supplied through its platform. It identifies and then promotes third-party sellers of their items. The Court further said that an e-commerce platform’s active engagement would shield it from the rights afforded to intermediaries under Section 79 of the IT Act. 

Avnish Bajaj v. State (NCT) of Delhi [(2008) 150 DLT 769]

Facts: Avnish Bajaj, the CEO of Bazee.com, was detained for disseminating cyber pornography in violation of Section 67 of the IT Act. Someone else had used the bazee.com website to sell copies of a CD containing pornographic material.

The Court found that Mr. Bajaj had no involvement in the broadcast of obscene content. Furthermore, the sexual content could not be seen on the Bazee.com website. However, Bazee.com obtains a commission on sales and money from adverts displayed on its website.

The Court further stated that the evidence gathered shows that the cyber pornography offence was committed by someone other than Bazee.com. Mr. Bajaj was granted bail on the condition that he provide two Rs. 1 lakh sureties. However, the accused had the burden of proving that he was only a service provider and did not offer material.

State of Tamil Nadu v. Suhas Katti  [CC No. 4680 of 2004]

The current case is a watershed moment in the Cyber Law regime because the quick handling allowed for a conviction within 7 months of filing the FIR.

Facts: The accused was the victim’s family friend who intended to marry her but she married another man, resulting in a divorce. Following her divorce, the accused persuaded her once more, and in response to her refusal to marry him, he engaged in Internet harassment. The accused created a bogus e-mail account in the victim’s name and sent defamatory, obscene, and harassing messages to the victim.

The accused was charged under Section 67 of the IT Act and Sections 469 and 509 of the Indian Penal Code, 1860. The accused was convicted by the Additional Chief Metropolitan Magistrate of Egmore under Sections 469 and 509 of the Indian Penal Code, 1860, and Section 67 of the IT Act. The accused was sentenced to two years in prison and a fine of Rs. 500 under Section 469 of the IPC, one year in prison and a fine of Rs. 500 under Section 509 of the IPC, and two years in prison and a fine of Rs. 4,000 under Section 67 of the said IT Act.

CBI v. Arif Azim (Sony Sambandh case)

Facts: NRIs could mail Sony products to their Indian friends and relatives after making an online payment at www.sony-sambandh.com.

In May 2002, someone entered into the website as Barbara Campa and ordered a Sony Colour TV set and a cordless phone for Arif Azim of Noida. She used her credit card to pay, and the order was delivered to Arif Azim. However, the credit card company advised the company that the payment was unauthorised because the true owner denied any such purchase.

A complaint was filed with the CBI, and a case was filed under Sections 418, 419, and 420 of the Indian Penal Code, 1860. The investigations concluded that Arif Azim obtained access to Barbara Campa’s credit card details while working at a call centre in Noida, which he exploited.

The Court condemned Arif Azim, but because he was a young lad and a first-time offender, the Court was gentle with him. The convicted person was sentenced to one year of probation by the court. This was a significant case in cyber law because it demonstrated that the Indian Penal Code, 1860 can be an effective piece of legislation to rely on when the IT Act is insufficient.

SMC Pneumatics (India) Pvt. Ltd. vs. Jogesh Kwatra [CM APPL. No. 33474 of 2016]

In this case, Defendant Jogesh Kwatra worked for the plaintiff’s company. To damage the company and its Managing Director, Mr. R K Malhotra began sending demeaning, offensive, vulgar, abusive, and filthy emails to his employees and numerous subsidiaries of the same company around the world. The email was discovered to have originated from a Cyber Cafe in New Delhi throughout the investigation. During the investigation, the Cybercafé attendant identified the defendant. The plaintiff cancelled the defendant’s services on May 11, 2011.

The plaintiffs are not entitled to the prayed-for perpetual injunctive relief because the court’s evidence did not qualify as certified evidence under section 65B of the Indian Evidence Act. The court was unable to accept even the strongest evidence since there was no direct evidence that the defendant was the one who sent these emails. The defendant was also barred from publishing or transmitting any information in Cyberspace that was disparaging or abusive to the plaintiffs.

Conclusion

The IT Act and the Rules promulgated under it control the Cyber Law regime. In addition, when the IT Act is unable to provide for any specific type of offence or does not contain exhaustive provisions with respect to an offence, one may resort to the provisions of the Indian Penal Code, 1860.

However, the Cyber Law regime is still unable to deal with the various types of Cyber Crimes that exist today. With the country heading towards the ‘Digital India’ movement, Cyber Crimes are continually evolving, and new types of Cyber Crimes join the Cyber Law regime on a daily basis. India’s Cyber Law framework is weaker than those of other countries.

FAQs 

Q1. What is a cyber attack?

Answer. A cyber attack is when hackers or other attackers attempt to obtain unauthorized access to a computer system, network, or device with the goal of inflicting harm, stealing data, or disrupting services.

Q2. Who is at risk of a cyber attack?

Answer. Anyone with a digital presence, including individuals, businesses, governments, and organizations, is at risk. Targets may range from small businesses to global corporations, as well as critical infrastructure like healthcare, finance, and energy sectors.

Q3. How can individuals protect themselves from cyber attacks?

Answer. To reduce the risk of a cyber attack:

Q4. What is ransomware, and how does it pose a threat?

Answer. Ransomware is a type of malware that encrypts the victim’s data and demands payment (usually in cryptocurrency) to restore access. It poses a serious threat to businesses, governments, and individuals by paralyzing systems and causing financial loss.

Exit mobile version