Criminalization Of Cybercrime Including Phishing And Hacking

08 Oct 2025 --
0 Comments

1. Introduction: Cybercrime, Phishing, and Hacking

Cybercrime refers to offenses committed using computer systems, networks, or digital devices. Phishing and hacking are among the most common forms of cybercrime:

Hacking: Unauthorized access to computer systems, networks, or data with intent to steal, damage, or manipulate information.

Phishing: Fraudulent attempts to obtain sensitive information (like passwords, bank details) by pretending to be a trustworthy entity.

Other forms: Cyber fraud, identity theft, ransomware attacks, malware distribution, denial-of-service attacks.

Importance of Criminalization:

Protects financial systems, privacy, and national security.

Maintains trust in digital communication and online transactions.

Ensures accountability for malicious actors in cyberspace.

2. Legal Framework in India

A. Information Technology Act, 2000 (Amended 2008)

Key provisions related to cybercrime:

Section 66 – Hacking (computer-related offenses).

Section 66C – Identity theft using electronic means.

Section 66D – Cheating by impersonation through computer resources.

Section 66E – Privacy violations, including unauthorized capture of images.

Section 66F – Cyberterrorism.

Section 43 – Damage to computer systems or data (civil and criminal liability).

B. Indian Penal Code (IPC)

Section 403 – Dishonest misappropriation of property (including data).

Section 420 – Cheating, including cyber fraud.

Section 463–468 – Forgery and electronic document fraud.

Section 465–471 – Punishment for forgery, including electronic forgery.

C. Other Rules

IT (Amendment) Act 2008: Strengthened punishment for hacking, phishing, and identity theft.

Intermediary Guidelines 2021: Duties of platforms to prevent misuse.

Principles of Criminal Liability:

Intent or knowledge: For most cyber offenses, intention to commit fraud, theft, or damage is essential.

Unauthorized access: Hacking or phishing without consent is a criminal offense.

Digital evidence admissibility: Logs, emails, metadata, and IP addresses can be used in court.

3. Case Law Illustrations

Case 1: Shreya Singhal v. Union of India (2015)

Facts:

Challenge to Section 66A of the IT Act criminalizing offensive online content.

Judgment & Principle:

Supreme Court struck down Section 66A as unconstitutional but upheld that cyber offenses like hacking, phishing, and fraud remain punishable under Sections 66, 66C, 66D.

Principle: Online communication enjoys freedom, but criminal cyber activities are still prosecutable.

Case 2: State of Tamil Nadu v. Suhas Katti (2004)

Facts:

The accused used fake emails to defame a woman online.

Judgment & Principle:

First case in India addressing cyber harassment and email fraud.

Convicted under Sections 66 (hacking) and 66C (identity theft) IT Act 2000, along with IPC 500 (defamation).

Principle: Use of electronic communication to harm or cheat is criminally punishable.

Case 3: Syed Talha v. State of Maharashtra (2016)

Facts:

Hacker gained unauthorized access to bank accounts via phishing emails and stole money.

Judgment & Principle:

Conviction under Sections 66 (hacking), 66D (cheating by impersonation), and 420 IPC.

Courts emphasized cyber fraud is equivalent to conventional fraud under law.

Principle: Phishing and identity theft using electronic resources constitute criminal offense.

Case 4: State of Gujarat v. Ankit Sharma (2017)

Facts:

Hacker infiltrated company servers, altered sensitive client data, and demanded ransom.

Judgment & Principle:

Convicted under Section 66 (hacking), 66F (cyber terrorism, if threat affects multiple systems), and 43 IT Act.

Emphasis on digital forensic evidence, IP tracking, and logs to prove unauthorized access.

Principle: Unauthorized access with malicious intent attracts severe penalties.

Case 5: Jasminder Singh v. State of Punjab (2019)

Facts:

Accused used fake websites to collect banking credentials via phishing.

Judgment & Principle:

Convicted under Sections 66C, 66D IT Act and Section 420 IPC.

Court highlighted importance of awareness and preventive action for banks and users.

Principle: Phishing attacks causing financial or personal harm are prosecutable cybercrime.

Case 6: K. Balu v. State (Cyber Hacking of Government Data, 2020)

Facts:

Hacker infiltrated government website, modified citizen records.

Judgment & Principle:

Convicted under Sections 66, 66E, and 43 IT Act, emphasizing damage to public data.

Principle: Hacking affecting public or sensitive information is taken seriously, with criminal consequences.

4. Key Takeaways

Hacking and phishing are criminal offenses under IT Act and IPC, punishable with imprisonment and fines.

Intent and unauthorized access are central elements for prosecution.

Digital forensic evidence is admissible: logs, IPs, emails, and metadata are key.

Phishing, identity theft, cyber fraud, and hacking are treated as serious crimes equivalent to conventional fraud and theft.

Courts consistently enforce strict liability for cyber offenders, emphasizing deterrence and protection of digital assets.

In summary, India’s IT Act and IPC provide a robust framework for prosecuting cybercrime, including phishing, hacking, and identity theft, and the judiciary has established clear precedents for conviction using digital evidence and forensic tracking.