FAQ section gives brief answers to general questions User may have. For more information and in depth analysis on cyber laws / cybercrimes please refer to Case Studies, Cyber Saathi Publications / Articles, Founder Publications & Articles & Cyber Saathi  Papers & Submissions.

The computer, information technology and the internet are very handy and resourceful tools which can be used for great good but as with any tool one needs the manual and to operate them properly. To ensure that using the computer, information technology and the internet, does not compromise the safety and security of persons, property or the Nation.

Cyber safety is knowing the safe way of using technology without compromising on security. To protect against breaches and violations and attacks on systems, networks or devices. Cyber safety helps keep the user, their data, property including their system and networks safe and secure. It provides security from crimes such as data theft, cyber financial fraud, ransomware, viruses etc. It protects businesses and the very frontiers of our Nation, which can now be subjected to attack with remote access and the click of a button.

Empowering through knowledge, ensuring and enabling cyber safety and cyber security is the primary vision of Cyber Saathi. Cyber Saathi believes that through such empowerment, the balance is tilted in favour of safety and security first, protection and prevention being of paramount focus and in case of attack, robust resilience and preservation mechanisms and finally to ensure prosecutions and punishments as not only retributive justice but more as deterrents. Cyber Saathi is working towards creating safer digital domains through this four pronged focus.

Imagine yourself in a fast car – let’s say a convertible with the top down. And you have a very smooth long empty freeway in front of you. Would you still even start the car let alone speed down the freeway only because the car is capable of great speed? The first thing you would check was to see if the brake is working. Its only when your brakes work that you can even start the car. Cyber safety looks and feels like those brakes that enable driving that very alluring fast car. It is that assurance we get before starting to use technology, which can be very powerful yet a veritable minefield strewn with risks, threats and vulnerabilities. 

Taking the car example further safety is not just all about brakes. Many elements are built into the system to ensure our safety such as seat belts and air bags. These safety elements cannot guarantee that the car will not meet with an accident or that the passenger will not be injured but it significantly reduces the probability and certainly add to the security.

Cyber safety and security work in the same way. It cannot guarantee absolute safety or security against breaches or attacks. It just helps in a smoother and safer ride.

As with the car, cyber safety and cyber security also depend on multiple parameters to be effective – technology enabled protections may come foremost when we speak of cyber security, which could range from simple passwords to restricted access or anti-virus software, firewalls, or encryption or air-gapping (delinking systems from internet or other forms of remote access is one way to air gap systems), to name some measures. This alone however does not encompass all aspects of cyber safety or security. With humans being probably the weakest link policies, rules and regulations are also means to ensure cyber safety and cyber security.

Laws and enforcement play key roles in the process of cyber safety. These are the deterrents that predominantly keep crimes and violations in check. Hence when systems work more efficiently, cyber security trumps over crimes or breaches. Finally with prevention and protection being still the best cure, including to ensure cyber security, awareness of the various existing and evolving crimes, threats and risks is most critical. With such awareness comes substantial safety, as even the best air gapped systems can otherwise be breached only because the human handling the system may inadvertently enable a breach due to ignorance or negligence.

Cyber Saathi plays a key role in contributing to the creation of such awareness and also by lending value to policy, law making and most importantly in espousing the quality of enforcement. 

Everything is connected today – from critical infrastructure to commercial establishments to individuals, there is immense reliance on technology. The extent to which, technology enabled people locked down for more than a month to enjoy a modicum of normalcy during the corona virus (“Covid19”) phase is indication of just one small fragment of technology’s capability.

During this very phase of Covid19 however there was a huge spurt of cybercrimes, which range from phishing attacks, online frauds, virus attacks and hacking to name a few. Public awareness of cybercrimes and the need for safe use of communication devices was one of the silver linings of this dark phase.

If it were not for cyber security mechanisms, not only would the crimes have been exponential, there would also not be mechanisms for bounce backs or resilience.

Be it our home, office or the entire Nation – there are walls and boundaries, which are meant as protective measures. There are breaches, thefts, trespass, attacks and violations of boundaries. Merely because attacks or breaches may be inevitable, we do not dispense with walls or locks or protective mechanisms. After all it is these protective mechanisms that reduce the intensity of attacks and also protect against much larger damage.

Cyber safety and security are similar to these protective walls and boundaries we put up as protection. Any technology may be vulnerable to attacks and breaches. Systems and devices may have flaws and with the plugging of each bug, flaw or opportunity for breach, there may be others found or created.

However cyber safety and security are continuous efforts like that of our Armed forces or law enforcement agencies, which strive to protect us despite incursions, attacks or crimes.

Cyber safety is also not a one-time action or protective measure. Creating or structuring safe architecture, developing firewalls or anti-virus mechanisms or securing systems through technology are not walls that can hold forever. Similarly cyber awareness is also such that merely knowing of yesterday’s threats will not protect against tomorrow’s unknown threats or risks. Cyber safety and security are in a constant state of flux. This churn, as with any manthan (i.e., churn), may create both good and evil and cyber safety and cyber security measures are that which ensure that the scorecard remains tilted in favour of the former.

A new born child today gets its own social media account. Devices govern every aspect of our lives. Yet we have barely a cursory understanding of the potential of such technology that we use in our daily lives. It is not just a computer or a smart phone that could be weaponised. Every smart appliance in our homes or offices can be weaponised and we are probably facilitating this.

In January 2020, class action suits were filed in Mississippi, USA on the ground that a home security camera was hacked and was used to spy on their 8-year old child and to taunt and terrify her  (https://www.nbcnews.com/news/us-news/couple-whose-8-year-old-daughter-was-taunted-ring-hacker-n1113426). Digital assistants are no longer futuristic gadgets but a way of life for many. News of such digital assistants listening to conversations shocked many but these assistants have a continued existence in people’s homes and private living spaces.(August 2019: https://mashable.com/video/apple-apology-siri-recording-opt-in/; July 2019: https://www.consumerwatchdog.org/privacy-technology/how-google-and-amazon-are-spying-you).

Privacy is just one issue. There are all kinds of scams emerging and evolving weaponizing digital domains. Individuals, who fall victim to cybercrimes could lose their life savings (such as victims of phishing attacks, job scams or the lottery and bequeath scams); they could suffer physical harm or even lose their lives (as in cases of cyberbullying or stalking or the horrific blue whale and momo attacks). They may inadvertently allow their systems and devices to be compromised and such devices can be used to launch attacks. These are but some risks and threats listed.

Women and children remain the most vulnerable – from threats such as the above mentioned incident of a hacker threatening an 8-year old to women being blackmailed using pictures or videos taken; their privacy being violated through sharing of women specific mobile numbers for stalking them; assailing their dignity and rights not only through physical crimes against them but also  by uploading such content online. (N. S. Nappinai (2017).Tackling Women’s Digital Freedoms and Unfreedoms Online – Through Law & Technology. ITForChange. https://itforchange.net/e-vaw/wp-content/uploads/2017/12/OPinion-piece-II.pdf)

Awareness if the first level cyber safety – not just of threats and risks but also remedies; knowing how to go about ensuring cyber safety is the next and implementing such policies even for individual cyber hygiene, safety and security.

Cyber Saathi provides these inputs through knowledge based information sharing and creating support systems through peer mentoring.

One incident of hacking can bring an entire business down. Apart from the trust deficit that such an attack would cause, cyber-attacks cause heavy and substantial financial loss.

The digital world is fraught with risks and threats. Creating technology enabled solutions is very time consuming and expensive. Finding a breach in such security and safety mechanisms is not only less expensive but sometimes absurdly easy. In one of the largest cyber-attacks discussed and analysed globally, the Stuxnet virus attack on a nuclear facility, which was purportedly completely air gapped, it only took one contaminated external device to be slipped in for a multi-million dollar initiative to be demolished.

Companies and businesses need to look at cyber safety and cyber security not as a tick-mark regime or regulatory compliance but as the life blood of its business – a business process that has to permeate the very core and that which will remain in focus as a constant, in its ever-changing dimension.

The new industrial revolution and evolution depends on information systems and security and the need for a top – down evaluation and implementation of cyber safety and cyber security mechanism becomes core to the functioning and success of every business.

Cyber Saathi provides the knowledge base for businesses and professionals to understand the needs of Cyber safety and security and to then apply it practically.

Wars today do not need battlegrounds. The cyber domain provides seamless access and consequently immense opportunities for attacks from across borders. Cyber defence therefore becomes most imperative, as much as Nations ensure sufficient weaponry amongst others, as a preventive measure. Here again prevention includes pre-emption – to be able to anticipate and be prepared, if not to thwart attacks, then definitely to ensure resilience and speedy recovery.

Cyber Saathi endeavours to buttress other cyber safety measures through the first step of awareness and to then lend support and inputs drawn from domain expertise and experience of its Founder, in guiding and supporting policy and law making and enforcement thereof.  

A website’s name is its domain name. It is like an address where Internet users can access a website. A domain name consists of a series of alpha-numeric characters that are used to identify entities on the internet. Domain names are extremely important to organisations because it promotes the organisation’s name and brand and in cases of commercial organisations, it promotes their products. A domain name needs to be registered before it can be used and no two websites can have the same domain name, because a domain name is unique.

An Internet Protocol (IP) address is an identifying feature assigned to every computer that is connected to the Internet and it helps in facilitating communication between them. The IP address comprises of four groups of numbers that are separated by decimals. Identifying the IP address is useful when it comes to investigating offences like virus attacks, phishing attacks emanating from fraudulent emails. Identifying the IP address is the first step to identifying where the email came from.

A meta tag is an element found within the source of a web document. It describes the contents of a website and is part of the software source code of the website. Meta tags provide additional information about the website like its author, how frequently it is updated and a general description of the contents. Meta tags are not visible to persons viewing a website, but they are the links that lead a person to a website. Search engines make use of meta tags to assess the contents of a webpage and other relevant material that may be needed to build a search engine index.

There is no definition of cybercrimes under Indian laws presently. In general, offences committed using computers or devices or where the computer or device is the victim would both fall under the category of cybercrime. In brief, a computer or computing device is either a weapon or a victim for it to attract the term “cybercrime”. Some jurisdictions have resorted to specific definitions but India laws, till date has not defined the term.

Some existing and evolving trends of cybercrimes are hacking, data theft, virus attacks, denial of service attacks, identity theft, cheating online, financial frauds such as phishing, credit and debit card frauds or even frauds pertaining to digital wallets, publishing or transmission of obscene or sexually explicit content, child pornography or child sexual abuse material, cyber terrorism, violation of privacy, sexual harassment or cyberstalking.

Gaining illegal access to a computer or computer resource without the consent of the owner or systems administrator of such computer or computer resource would amount to hacking. When this breach is committed with dishonest or fraudulent intent, it is punishable as a Criminal offence.

The Information Technology Act, 2000 provides for both civil penalties and Criminal liability for commission of such violations / offences.

If a person downloads, copies or extracts any data, computer data base or information from a computer or a computer resource without the permission of the owner or the administrator who controls the computer, and when such act is committed with dishonest or fraudulent intent, it amounts to data theft.

Cases of data theft by employees, contractors, Criminals through phishing or vishing attacks and data breaches, large and small including those used for commission of large scale financial frauds are general trends of cybercrimes that occur predominantly. 

The Information Technology Act, 2000 provides for both civil penalties and Criminal liability for commission of such violations / offences.

A virus is a malicious computer software program also referred to as a computer contaminant, which is designed to modify, destroy, record, transmit data or programme residing within a computer, computer system or computer network; or usurp the normal operation of the computer, computer system, or computer network, and which is introduced into a computer or computer system without the knowledge or consent of the owner or system administrator.

When such attack is committed with dishonest and fraudulent intent, it amounts to a Criminal offence.

The Information Technology Act, 2000 provides for both civil penalties and Criminal liability for commission of such violations / offences.

Revenge porn is the non-consensual publishing or transmission of images or videos of another person, which violates their privacy and dignity. These would include nude or suggestive imagery; content recorded during physical relationships or in privacy; content recorded under duress or through violence; content of physical violations of another; content obtained through misrepresentations or deceit including through social engineering and misuse of such content to either threaten a person to do acts, which they will not otherwise do or refrain from doing something or to obtain monetary gains illegally.

Revenge porn is a colloquial term, which is not a defined offence under Indian laws. However there are several provisions which can be invoked to file a complaint for threats or commission of revenge porn.

Use of content recorded with consent of a person but against the person’s wishes or without consent for publication or transmission could also amount to an offence if the content shared is of private parts.

Text based content containing vicious attacks on the reputation or character of a person or raising imputation against them or causing fear or alarm or to outrage their modesty could also amount to an offence.

Cyber Extortion is not a defined offence under Indian laws. However there are sufficient provisions making such Criminal acts an offence punishable under law. If a person threatens or causes alarm in another by using recordings (video or audio) or even text based communications to blackmail them into doing something or to refrain from doing something, which they would not do or refrain from except for such extortion it could amount to cyber extortion.

Various forms of such extortionist methods have been evolving in recent times with digital devices being used as powerful weapons. Victims should not fear such extortionist methods and ought to seek legal remedies without delay. Victims ought to take help from adults or authority figures and legal and forensic professionals to deal with such instances and ought not to buckle down to pressure, as it will only lead to further abuse of such victims and further recordings, which will be misused in a more aggravated manner.

Cyberbullying takes place when someone harasses, embarrasses, excludes, impersonates, or threatens a victim online or otherwise by using electronic technology. It may be in the form of cyber stalking, hacking of accounts, impersonation, vulgar messages online, outing an individual, posting humiliating or embarrassing content of the victim online, threatening violence, stalking, or child pornography. It can happen through emails or SMS or social media or other messaging platforms.

Section 66A of the Information Technology Act, 2000 (as amended) could have been invoked for prosecuting cyber bullying but due to extensive abuse of the said provision and innate flaws in its drafting, the provision was struck down by the Supreme Court of India in Shreya Singhal v. UOI (AIR 2015 SC 1523). However depending of the mode and manner of commission of the offence of cyber bullying, victims may file Criminal complaints invoking other provisions of law. The same would be contingent on the manner in which and the rigour of commission of such offence and most importantly the harm or damage caused due to the same.

Stalking is an offence under Indian law. There is no separate or specific provision for cyber stalking. However stalking through online or electronic communications is also included in the offence of stalking and hence cyber stalking has become an offence since the introduction of Section 354D IPC through the Criminal Amendments Act of 2013.

When a person, without the consent of another, follows, contacts, or attempts to contact despite demonstration of disinterest by the other person, or monitors use of internet, email or other electronic communications commits Stalking. Under Indian law the offence of Stalking has been made gender specific i.e., it is an offence when a MAN stalks a WOMAN in the above manner. 

Hence under Section 354D IPC, a woman stalking a man or a woman stalking a woman is not an offence.

Cybersquatting is the act of obtaining a fraudulent registration of a domain name by pre-emptively registering and blocking valuable domain names so that they may be sold later to the lawful owner of the name at a premium price.  Where the person who has blocked a domain is not using it or has no direct nexus to the name but has done so with the sole intention of making illegal monetary gains out of such blocking of domain name, the same is cyber squatting.

The remedy for the same lies with the domain dispute resolution methodology adapted by each domain. For instance .com domain name disputes will be resolved by the World Intellectual Property Organisation (“WIPO”).

If any person publishes, transmits or captures pictures, videos or films the private parts of another person knowingly, when the other person had a reasonable expectation of privacy then his/ her privacy has been violated. The definition of private parts has been limited to naked or undergarment clad genitals, pubic area, buttocks or female breast.

Even if a person consents to the recording of nude or semi-clad pictures or videos it would still be an offence to publish or transmit such content for which consent may not have been obtained.

Violation of privacy is punishable under Section 66 E of the Information Technology Act, 2000 (as amended) (“IT Act”).

It is a process by which cyber criminals manage to gain access to the banking or personal details of innocent victims through fake emails or websites. The cyber criminals usually pretend to be a legitimate association like a bank or an insurance company, in order to deceive the victims and extract confidential information such as financial information, personal data.

Vishing is merely another form of phishing, where fraudulent phone calls are made to collect the same data by people claiming to be from banks or financial institutions.

Early trends of this crime also referred to as a Nigerian 419 scam used to tempt victims through emails claiming that they have won a lottery or got an inheritance and obtain money from them for alleged administrative costs. Once a person takes the bait more and more money would be siphoned out on various pretexts. Prevention is in most instances the only cure and victims ought to be careful of such scams.

These have evolved to distress calls from traveling relatives or friends who have allegedly lost their passports and purses. Or as prizes for recent purchases, which in most instances would seem genuine as data is first captured by such scamsters and very believable scenarios are then built to dupe victims. 

Job scams are another easy bait adapted by Criminals. Job scams impact the bottom of the pyramid – it targets aspiring youngsters and parents, who believe that a dream job would be with a multinational company (“MNC”), especially for Information Technology jobs. Victims may receive calls or emails or SMS offering employment opportunities with MNCs. Very authentic looking letterheads or even genuine seeming phone numbers would be used. These may be cases where an insider within a big company may have been compromised or their telephone systems compromised. Candidates with stars in their eyes go through the process and after giving them the promise of employment, the scam kicks in – demands are made either in the name of security deposit or as expenses for administrative process (these are just illustrative. Criminals have been very innovative in coming up with genuine sounding reasons for payments and any such demand should be a warning for aspirants). These may start with small amounts, which then keep growing large in some instances and in some others demands for one shot large payments to private accounts of the criminals.

Victims are warned to be cautious of such job scams of telephonic interviews and for deposits in advance. In general, large and multinational companies do not ask prospective employees to deposit amounts and do not conduct interviews by telephone. Verifying in person with the Human Resources Department, meetings at the office premises and receipt of signed job offers in person are some ways to avoid such scams. These scams are very highly evolved where the phone numbers may match with those on contact pages of large companies displayed online; the letterheads may look genuine of offers; very official sounding persons will conduct interviews online or through telephones. All of these cannot be sufficient for victims to fall prey. They have to verify further before parting with hard – earned money.

More evolved scams presently are of hacking of websites to modify contact details and to scam those calling such modified contact numbers to part with substantial payments. Whenever a scamster seeks payments online or through digital means it is imperative for the users to verify genuineness irrespective of where they obtained the contact details or how genuine it may appear. 

Banks ought to also be more accountable. Banking channels are being used to siphon out this money and KYC ought to be stringent enough to be able to catch these culprits.

Creating a fake ID on social media or email ID in someone else’s name for dishonest or fraudulent intent is identity theft. Identity theft is the wrongful use of another’s personal information to obtain any financial advantage or any other benefit in that person’s name. This could happen when someone steals your personal information to access your bank account or use it for committing any fraudulent act or a crime. However personation takes place when someone pretends to be another person with the intention to deceive.

Hate Speech is abusive or threatening comments or posts or speech that is prejudicial or causes prejudice towards a particular group of persons, particularly on the grounds of religion. Hate speech is an exception to the freedom of speech and expression and is illegal in India.

Hate speech is punishable under IPC.

Yes – publishing or transmission of obscene content or sexually explicit content is an offence in India.

In Ranjit D. Udeshi v. State of Maharashtra (AIR 1965 SC 881), the Supreme Court of India held that pornography was an aggravated form of obscenity. Under S. 67A of the IT Act, the publishing or transmission in electronic form, of any lascivious or prurient content, or material, which tends to deprave or corrupt persons who may read, see or hear the contents of such material is an offence punishable with 3 years imprisonment and/or fine up to Rs.5 lakhs for the first conviction and 5 years and Rs.10 lakhs for subsequent convictions. S. 67B of the IT Act combats child pornography. Even receiving or retention of child pornographic content or browsing for the same are punishable, which is distinct from other forms of pornography. Sexual abuse and also child sexual abuse material dissemination, retention storage etc., are also offences under S. 12, S. 14 and S. 15 of the Protection of Children from Sexual Offences Act, 2012 (“POCSO”).

DDOS stands for Distributed Denial of Service, which is a form of cyber-attack that uses compromised computers to block computer systems by overloading them beyonf their bandwidth. It is a punishable offence under S. 66 read with S. 43(f) of the IT Act.

DDOS attacks block the functioning of a network/ server/ webpage/ system by overwhelming it with bots (programs that apparently function like individuals) and by firstly slowing down, then freezing service and access all together.

In case of DDOS attacks, the commonly exhibited webpage will show an Error from anywhere between 500 to 511 which are server errors.

Spamming is the practise of sending unsolicited messages (email/text) to a large number of individuals repeatedly.

This can be an automated or a manual process and may include infected files, attachments and / or links. Spamming, when done at the level of a denial of service attack or a distributed denial of service attack would be a Criminal offence  punishable under Section 66 r/w Section 43(f) of the Information Technology Act, 2000.

Cyber Terrorism is the wrongful use of technology to spread politically motivated information with the intent to generate fear or intimidate a society at large, instigate unrest in a country causing fear, harm, disruption, loss or damage in a society.

Cyber terrorism is punishable under Section 66F of the Information Technology Act, 2000 (as amended). This definition however is much wider than the simplistic explanation set out above and includes threaten the unity, integrity, security or sovereignty of India or to strike terror in people or any section of the people through a DDOS attack, hacking or through introducing a virus or computer contaminant. It also includes data theft through hacking from restricted data bases to cause harm to the sovereignty and integrity of India, the security of the State, its foreign relations, public order, decency or morality, or in relation to contempt of court, defamation or incitement to an offence, or to the advantage of any foreign nation, group of individuals or otherwise. Detailed discussions on the interpretation and sustainability of this provision will be covered in the Research section and the same may be referred for more information. 

Spoofing is the malicious act of sending a fraudulent communication from an unknown source in a manner whereby the recipient believes it to originate from a credential/trustworthy source with the intent of deceiving the receiver of the message.

Spoofing can be carried out via text, phone calls, emails etc.

Commission of such act for dishonest or fraudulent intent is punishable under the Information Technology Act, 2000 (as amended) and the provisions applicable could range from Section 66D to Section 66 r/w Section 43 of the above Act.

The fraudulent use of a person’s credit/debit card to enter into unauthorized transactions which in turn leads to financial loss/damage to owner of the card.

This can take place due to loss/theft of the card and / or the confidential details therein. It could also be due to the victim falling prey to a phishing or vishing attack.

Civil and Criminal remedies are available for victims under the Information Technology Act, 2000 (as amended) (“IT Act”), as well as under Indian Penal Code, 1860. Apart from this, India’s Central Bank – the Reserve Bank of India has also issued several circulars for customer protection from such malicious attacks. Refer Research section for articles that will be published with more details on such attacks and remedies.

The fraudulent take-over of another’s website causing the rightful owner to lose control over it by the practise of hacking is referred to as ‘Web-jacking’.

It derives its name from the term ‘hijacking’. This practise is carried out to threaten, damage, cause loss or harm to the owner of the website or users of the website. It could also be for committing offences of cheating, misrepresentation and financial frauds.

The modus by which such offences are committed will decide applicable provisions but there are several remedies under the Information Technology Act, 2000 (as amended), including Section 66 r/w Section 43 (a) and under Indian Penal Code, 1860.

Data diddling is the process of altering data before or during the period it is fed into the computer and thereafter changing it back to after it has been processed.

This process is either automated to be carried out by a virus or is manually carried out by an individual entering the data. This method is used to either cause an advantage/gain to the individual modifying the data or loss/harm/damage to another.

It may be difficult to track the change carried out and detection would depend on the mode and manner of commission of such wrongful act.

When data – diddling is committed for dishonest or fraudulent purpose, it is punishable as a Criminal offence and may be prosecuted under Section 66 r/w Section 43. Depending on the purpose for which it is committed, other provisions may also be invoked including under Indian Penal Code, 1860.

The process of fraudulently deducting/diminishing/stealing something in minuscule portions via small attacks that are generally unnoticed but lead to a sizeable loss overtime is referred to as a ‘Salami attack’.

For example – An employee of a bank fraudulently sets a program into the bank’s system which deducts 10 paisa from every customer of the bank every month and credits it to an account of his choosing. Though the sum being deducted each time is insignificant and will likely pass unnoticed by the customers, overtime the consolidated deductions would add up to a significant amount being misappropriated by the employee.

Such wrongs are criminal offences punishable under Section 66 r/w Section 43 of the Information Technology Act, 2000 and depending on the facts and circumstances provisions of Indian Penal Code, 1860 may also be invoked.

A Logic Bomb is a malicious code inserted into a system which is set to activate when a specific scenario / condition is achieved. The code is set up in such a manner whereby it stays dormant until a certain condition or set of conditions are achieved whereby the said code is activated to carry out the pre-written instructions. Logic bombs may also be set to future timelines.

For example – A programmer working at an innovative technology solutions company sets a logic bomb into his company’s main network which is set to delete all the company’s data in the event he is sent a termination notice. In this scenario, the logic bomb will stay dormant until the day the programmer receives a termination notice and in the event the programmer receives the termination notice, the logic bomb is triggered thereby initiating the process of deleting the company’s data.

Such offences are punishable under Section 66 r/w Section 43 of the Information Technology Act, 2000 and may also be punishable under Indian Penal Code, 1860 depending on the facts of each case.

The process of altering/modifying an original image by merging another image/s leading to the original image being changed seamlessly is called Morphing.

Cyber criminals generally use morphing to threaten/harm others by morphing the victim’s image producing sexually explicit / pornographic content.

The modus by which such offences are committed will decide applicable provisions but there are several remedies under the Information Technology Act, 2000 (as amended), including Section 66 r/w Section 43 (a) and under Indian Penal Code, 1860.

The fraudulent use of a charging cable set up at a public space to either insert malware into phones/devices connected to the said cable or to extract data without the knowledge of the owner of the phone/device.

For example-  A person connects their phone at a public charging station at the airport not knowing that the USB/charging connection is set up to either insert malware into their device or fraudulently extract data from the person’s device without their knowledge.

It is a punishable offence under Section 66 r/w Section 43 of the Information Technology Act, 2000.

Any person may file a police complaint.

  • The victim may file the Complaint;
  • A friend or family member or any person known to the victim may file a complaint;
  • Any person having knowledge of a Criminal offence may file a complaint;
  • A person who has come to know of a cybercrime – for instance a person who may come across criminal content online amounting to a cognizable offence (i.e., an offence for which police may register FIR) may also submit a Complaint;

In some instances however there are restrictions under the Indian Penal Code, 1857 (“IPC”) – for offences to be submitted only by victims or persons of authority as stipulated therein;

The complaint has to be submitted to the concerned police station in writing. Several States have set up cybercrime cells and these cells are also vested with the jurisdiction to accept Complaints of cybercrimes that are committed within their territory. These duplications of jurisdiction does cause substantial distress to victims of cybercrimes, who cannot be expected to identify technical issues of jurisdiction and ought not to be made to run from pillar to post.

The Ministry of Home Affairs (“MHA”) has recently set up an online portal to facilitate easy filing of complaints pertaining to cybercrimes at cybercrime.gov.in.

Reports of cybercrimes will require full details of the complainant in all cases, which will also enable them to track progress online.

However anonymous complaints are accepted on the said portal, of reports pertaining to child pornography or child sexual abuse material and that of rape and gang rape videos or imagery being uploaded online.

Reports of crimes other than cybercrimes will still be required to be submitted only at the concerned police stations.

Links / Details for Facilitating Filing of Cybercrime Complaints:

Details of Law enforcement Agencies across states in India is available on the www.india.gov.in website on the Home Affairs and Enforcement page. (https://www.india.gov.in/topics/home-affairs-enforcement/police

You can also refer to some of the following links in order to locate a Police station within your jurisdiction:

  1. The Mumbai Police have a detailed Police Station Map Zone wise available on their website (https://mumbaipolice.maharashtra.gov.in/map.asp). The details of Police stations, their Address and contact numbers specifically for Suburban Mumbai can also be found at (https://mumbaisuburban.gov.in/police/)
  2. The Delhi Police stations are segregated district wise. Based on your district you can find the details of the Police stations within your district on the Delhi Police website. (http://www.delhipolice.nic.in/).
  3. The details of the Police stations in Chennai, along with contact numbers is provided by the Greater Chennai Cooperation.


  1. The contact information and details Bengaluru City Police is available here. (https://www.bcp.gov.in/)
  2. com also provides contact information for women who are victims of domestic abuse and violence. IndiaHelpline.com provides details for Women Helpline (All India) as well as some state wise women helpline numbers.


You can also file a complaint regarding a cybercrime online in some jurisdictions. Details of some of the state/city where you can file a cybercrime complaint online are available hereunder:

  • New Delhi Cyber Crime Investigation Cell [in];

–       Mumbai Cyber Crime Investigation Cell [cybercellmumbai.gov.in]

–       Bangalore Cyber Crime Cell [cyberpolicebangalore.nic.in]

–       Hyderabad Cyber Crime Police Station


–       Chennai Cyber Crime Cell (the same is applicable for the rest of Tamil Nadu) [tnpolice.gov.in]

–       Kolkata Cyber Crime Cell [kolkatapolice.gov.in]

–       Arunachal Pradesh Cyber Cell [arunpol.nic.in]

–       Asansol Cyber Crime Cell [asansoldurgapurpolice.in]

–       Chandigarh State Cyber Crime Cell [chandigarhpolice.gov.in]

–       Dadra and Nagar Haveli Police Department [dnhpolice.gov.in]

–       Goa Cyber Crime Cell [goapolice.gov.in]

–       Gujarat Cyber Crime Cell [police.gujarat.gov.in]

–       Guwahati Cyber Cell [police.assam.gov.in]

–       Haryana State Cyber Crime Cell


–       Himachal Pradesh Cyber Crime Cell


–       Police Department of Jammu and Kashmir [jkpolice.gov.in]

–       Jharkhand Cyber Crime Department [jhpolice.gov.in]

–       Kerala Cyber Crime Cell


–       Madhya Pradesh Cyber Crime Cell


–       Meghalaya Cyber Crime Cell [megpolice.gov.in]

–       Mizoram Cyber Cell [cidcrime.mizoram.gov.in]

–       Nagaland Police [nagapol.gov.in]

–       Odisha Cyber Crime Cell [odishapolicecidcb.gov.in]

–       Pondicherry Cyber Crime Cell [police.puducherry.gov.in]

–       Punjab Cyber Crime Cell [punjabpolice.gov.insasnagarpolice.in]

–       Rajasthan Cyber Crime Cell [police.rajasthan.gov.in]

–       Sikkim Police [sikkimpolice.nic.in]

–       Thane Police Cyber Cell [thanepolice.gov.in/cybercell.php]

–       Tripura Cyber Crime Cell [tripurapolice.gov.in]

–       Uttarakhand Cyber Crime Cell [uttarakhandpolice.uk.gov.in]

–       Uttar Pradesh Cyber Crime Cell [uppolice.gov.in]

–       Vishakhapatnam City Cyber Cell


–       West Bengal Cyber Crime Cell [cidwestbengal.gov.in]

Any police complaint ought to ensure that the following are addressed:

  • The Complaint has to be in writing;
  • It should set out the details of
    • the Complainant;
    • where the Complainant is not the victim then the mode or manner of knowledge of the Complainant of the details of the crime;
    • the accused (where such information is available). Else it has to specify that accused details are unknown to Complainant presently;
    • dates of offence/s;
    • details of the offence/s committed;
    • the loss, harm or damage caused to Complainant;

It is not necessary for the Complainant to know exact provisions of law to file a Complaint. However where such details are submitted it helps in faster registration of complaints. The above are merely general inputs and persons may seek professional advice for specific cases.

A Court or Government authority may issue orders for take – down of content on online platforms including social media platforms. Such social media platforms are referred to as “Intermediaries”.

“Intermediaries” are protected from liability for such content through “safe harbour” provisions under Indian laws. However if they fail to exercise due diligence or fail to comply with orders of Courts or from Government authorities, they may be held liable.

Till the decision of the Supreme Court of India in Shreya Singhal v. UOI (AIR 2015 SC 1523), Intermediaries also had to act on notices from users. However this provision was read down by the Supreme Court in the above matter and hence the take – downs in India are limited to those through Court Orders or those from Government  authorities. This does not however mean that users will not be able to report abuse. Social media platforms and chatapps such as whatsapp provide reporting processes on their platforms. These may be availed of for submitting complaints of content hosted on such platforms.

Take Downs are different from blocking for which separate provisions are included in the Information Technology Act, 2000 (as amended).

Social media platforms engage various methods for take – downs. Users may report through the reporting process provided in social media platforms or chatapps; trusted flaggers may verify and bring offensive content to the notice of such platforms for take-downs; infringement of copyright information may be shared with social media platforms for effecting take downs; good Samaritan processes also enable such take – downs.

An intermediary is any person who carries out the function of receiving, storing or transmitting an electronic record or providing any service in relation to that electronic record on behalf of another person. The Information Technology Act 2000 has an inclusive definition which recognises telecom service providers, network service providers, internet service providers, web hosting service providers, search engines, online payment sites, online auction sites, online market places and cyber cafes as intermediaries.

The role of an intermediary is much like a service provider and it is not restricted to only those service providers that offer services online, as it includes offline service providers as well.

The role of an intermediary should be limited to only providing services in relation to an electronic record on behalf of another person. According to the Information Technology Act 2000, an intermediary will be exempted from being prosecuted for offences under the Act if the intermediary complies with these requirements:

  • the role of the intermediary was to only provide access to a communication system used by other persons to transmit, store or host information;
  • the intermediary did not play any role in initiating transmission of information, in selecting the receiver of the information to be transmitted and did not select or modify the information that was transmitted;
  • the intermediary observed due diligence and complied with the guidelines set out by the Central Government while discharging duties under the Information Technology Act.


All Rights Reserved. © Copyright 2020 – N. S. Nappinai Founder,
Cyber Saathi



“Cyber Saathi is a not for profit initiative of the founders intended only for information and knowledge and personal use of Users. Nothing contained herein is legal advice or opinion. Copyright to contents in its entirety of website, case studies, articles, stories and data shared, except News, is owned by N. S. Nappinai, founder, Cyber Saathi. Copying, reproducing, sharing, distributing or using for any other purpose is an infringement. Quotes from the website to be attributed to “Cyber Saathi – An Initiative of N. S. Nappinai”. Content, which violates third party IPR shall not be shared and grievances to be submitted for action. Parental guidance and consent are mandated as case studies and content may relate to heinous offences. Cyber Saathi shall not be liable in any manner whatsoever including, for loss or damages, as set out in its Terms of Usage and other policies, for use of this website or sharing of information. By continuing further on this website, User is deemed to have read, understood and agreed to abide by the Terms of Usage, Copyright Policy and Privacy Policy.”

“The website and modules therein contain details of different kinds of cybercrimes and violations and some of such content or material on Cyber Saathi may contain language or details which may be explicit / sensitive in nature and may not be appropriate for Users below the age of 18 years. For users below18 years of age, parental consent and guidance is mandatory. Parents are advised to review content in advance. “

Designed & Developed By: Jemistry Info Solutions LLP