top of page


Introduction to Cyber Crime

The first recorded Cyber Crime took place in the year 1820! That is not surprising, considering the fact that the Abacus, which is thought to be the earliest form of a Computer, has been around since 3500 B.C., in India, Japan and China. The era of the modern Computers, however, began with the Analytical Engine of Charles Babbage.

In 1820, Joseph-Marie Jacquard, a textile manufacturer in France, produced the loom. This device allowed the repetition of a series of steps in the weaving of special fabrics. This resulted in a fear, amongst Jacquard's employees, that their traditional employment and livelihood were being threatened. They committed acts of sabotage to discourage Jacquard from further use of the new technology. This is the first recorded.


The term ‘CYBERSPACE’ was coined by the science fiction author William Gibson in his 1982 novel Nuromancer to describe the environment within which computer hackers operate.

In the novel, the activity of hacking-securing unauthorised access to the contents of computer systems- is couched in very physical terms.

The image is of the hacker overcoming physical security barriers to penetrate into the heart of the computer systems and make changes to the physical structure thereby modifying the operation of the system. When departing, the hacker might even remove and take away elements of the system.


Today Computers have come a long way, with neural networks and nano-computing promising to turn every atom, in a glass of water, into a Computer capable of performing a billion operations per second.

Cyber Crime is an evil, having its origin in the growing dependence on computers in modern life. In a day and age when everything from Microwave Ovens and Refrigerators to Nuclear Power Plants are being run on Computers, Cyber Crime has assumed rather sinister implications.

Major Cyber Crimes, in the recent past, include the Citibank rip off.

US $ 10 million were fraudulently transferred out of the Bank and into a bank account in Switzerland.

A Russian hacker group, led by Vladimir Kevin, a renowned hacker, perpetrated the attack. The group compromised the Bank's security systems. Vladimir was allegedly using his Office Computer at AO Saturn, a Computer Firm in St. Petersburg, Russia, to break into the Citibank Computers. He was finally arrested at the Heathrow Airport on his way to Switzerland


At the onset, let us satisfactorily define "Cyber Crime" and differentiate it from "Conventional Crime". Computer crime can involve criminal activities that are traditional in nature, such as theft, fraud, forgery, defamation and mischief, all of which are subject to the provisions of The Indian Penal Code. The abuse of Computers has also given birth to a gamut of new age crimes, that are addressed by the Information Technology Act, 2000.

Defining Cyber Crimes, as "acts that are punishable by the Information Technology Act" would be unsuitable as the Indian Penal Code also covers many cyber crimes, such as E-mail Spoofing and Cyber Defamation, sending threatening E-mails etc. A simple, yet sturdy definition, of Cyber crime would be "unlawful acts wherein the computer is either a tool or a target or both".

Let us examine the acts wherein the computer is a tool for an unlawful act. This kind of activity usually involves a modification of a conventional crime by using computers. Some examples are:


This would include cheating, Credit Card frauds, money laundering etc. To cite a recent case, a Website offered to sell Alphonso mangoes at a throwaway price. Distrusting such a transaction, very few people responded to or supplied the Website with their Credit Card numbers. These people were actually sent the Alphonso mangoes. The word about this Website now spread like wildfire. Thousands of people from all over the country responded and ordered mangoes by providing their Credit

Card numbers. The owners, of what was later, proven to be a bogus Website, then fled taking the numerous Credit Card numbers and proceeded to spend huge amounts of money, much to the chagrin of the Card Owners.


This would include pornographic Websites; pornographic magazines produced by using Computers (to publish and print the material) and the Internet (to download and transmit pornographic pictures, photos, writings etc). Recent Indian incidents revolving around Cyber pornography include the Air Force Balbharati School case. A student of the Air Force Balbharati School, Delhi, was teased by all his classmates for having a pockmarked face. Tired of the cruel jokes, he decided to get back at his tormentors. He scanned photographs of his classmates and teachers, morphed them with nude photographs and put them up on a Website that he uploaded on to a free Web hosting service. It was only after the father of one of the class girls featured on the Website objected and lodged a Complaint with the police that any action was taken.

In another incident, in Mumbai a Swiss couple would gather slum children and then would force them to appear for obscene photographs. They would then upload these photographs to websites specially designed for paedophiles. The Mumbai police arrested the couple for pornography.


This would include sale of Narcotics, Weapons and Wildlife etc., by posting information on Websites, Auction Websites, and Bulletin Boards or simply by using E-mail communications. Many of the Auction Sites even in India are believed to be selling goods unlawfully.


There are millions of Websites; all hosted on servers abroad, that offer online gambling. In fact, it is believed that many of these Websites are actually fronts for money laundering.


These include software piracy, copyright infringement, trademarks violations, theft of computer source code etc.


A spoofed E-mail is one that appears to originate from one source but actually has been sent from another source. E.g. Pooja has an E-mail address Her enemy, Sameer spoofs her E-mail and sends obscene messages to all her acquaintances. Since the E-mails appear to have originated from Pooja, her friends could take offence and relationships could be spoiled for life.

E-mail spoofing can also cause monetary damage. In an American case, a teenager made millions of dollars by spreading false information about certain Companies whose shares he had short sold. This misinformation was spread by sending spoofed E-mails, purportedly from news agencies like Reuters, to Share Brokers and Investors who were informed that the Companies were doing very badly. Even after the truth came out, the values of the shares did not go back to the earlier levels and thousands of Investors lost a lot of money.


Counterfeit currency notes, postage and revenue stamps, mark sheets etc can be forged, using sophisticated computers, printers and scanners. Outside many colleges across India, one finds touts soliciting the sale of fake mark sheets or even certificates. These are fraudulently made by using the computers, and high quality scanners and printers. In fact, this has becoming a booming business involving thousands of Rupees being given to student gangs in exchange for these bogus but authentic looking certificates.


This occurs when defamation takes place with the help of computers and / or the Internet. E.g. someone publishes defamatory matter about someone on a Website or sends E-mails containing defamatory information to sundry and or all of that person's friends.

In a recent occurrence, X, a young girl, was about to be married to y. She was really pleased because despite it being an arranged marriage, she had liked the boy. He had seemed to be open-minded and pleasant. Then, one day when she met Y, he looked worried and even a little upset. He was not really interested in talking to her. When asked he told her that, members of his family had been receiving E-mails that contained malicious things about X’s character. Some of them spoke of affairs, which she had had in the past. He told her that, his parents were justifiably very upset and were also considering breaking off the engagement. Fortunately, Y was able to prevail upon his parents and the other elders of his house to approach the police instead of blindly believing what was contained in the mails.

During investigation, it was revealed that the person sending those E-mails was none other than X's stepfather. He had sent these E-mails so as to break up the marriage. The girl's marriage would have caused him to lose control of her property of which he was the guardian till she got married.

Another famous case of cyber defamation occurred in America. All friends and relatives of a lady were beset with obscene e-mail messages appearing to originate from her account. These mails were giving the lady in question a bad name among her friends. The lady was an activist against pornography. In reality, a group of people, displeased with her views, and angry with her for opposing them, had decided to get back at her by using such underhanded methods. In addition to sending spoofed obscene E-mails, they also put up Websites about her, that basically maligned her character and sent E-mails to her family and friends containing matter defaming her.


The Oxford dictionary defines stalking as "pursuing stealthily". Cyber stalking involves following a person's movements across the Internet by posting messages (sometimes threatening) on the Bulletin Boards frequented by the victim, entering the Chat-Rooms frequented by the victim, constantly bombarding the victim with E-mails etc.



It seems really difficult to believe but it is true. Most amateur hackers and cyber criminals are teenagers. To them, who have just begun to understand what appears to be a lot about computers, it is a matter of pride to have hacked into a computer system or a website. There is also that little issue of appearing really smart among friends. These young rebels may also commit cyber crimes without really knowing that they are doing anything wrong.


Hacktivists are hackers with a particular (mostly political) motive. In other cases this reason can be social activism, religious activism, etc. The attacks on approximately 200 prominent Indian websites by a group of hackers known as Pakistani Cyber Warriors are a good example of political hacktivists at work.


One can hardly believe how spiteful displeased employees can become. Till now they had the option of going on strike against their bosses. Now, with the increase independence on computers and the automation of processes, it is easier for disgruntled employees to do more harm to their employers by committing computer related crimes, which can bring entire systems down.




The importance of collection and presentment evidence in a court of law cannot be overemphasized in any criminal prosecution. The cybercrime are no exception to this. Effective combating of cybercrimes requires prompt discovery, safe custody and presentment in acceptable form in a court, of evidence related to those crimes. As computers and related storage and communication devices proliferate in our society, so does the use of those devices in conducting criminal activities. The number of criminals who use computers, laptops, network servers and even cellular phones in commission of their crimes is increasing alarmingly.

The computer may be contraband, fruits of the crime, a tool of the offence, or a storage container holding evidence of the offence. Computers may provide the means of committing crime. For example, the criminal might use Internet to deliver a death threat via e-mail, to launch hacker attacks againt another computer, to disseminate computer viruses, or to transmit some hate materials against some targets. Computers may also serve as mere storage devices for evidence of crime. For example, a computer may contain the details of a money laundering operation undertaken by a smuggler of a list of contacts who owes money to a drug kingpin. These details are vital for initiation of any successful action, in a court of law, against these criminals.

However, the evidence available in the computers or related to a cybercrime is different in nature from that related to real world crimes. These differences pervade all the stages of evidence discovery, collection, storage and presentation in court. All the stakeholders need to know these differences and the methods used for collection and presentation etc. so that they preserve the evidence of any crimes perpetuated against them or investigated by them. Similarly, the judiciary also must know the basics of the evidence produced before them. In this Chapter, we shall undertake to analyse, briefly, various aspects related to evidence in the cyber world.


In real world crimes there are following types of evidence:

1. Direct Evidence

2. Hearsay Evidence

3. Circumstantial Evidence

4. Oral and Documentary Evidence

5. Scientific Evidence

6. Real and Digital Evidence


The very characteristics that make Internet and computer networks extremely useful also make it difficult for the investigators to discover and collect evidences of crimes committed against, or by means of them. It is easy to delete a file in a computer and thereby making the data not available to any investigator who snoops around. Unlike in the real world crimes, there may not be tangible evidences like a paper record or weapon, in cybercrimes. The virtual digital records have to be collected, preserved and produced in the court to the satisfaction of the court. These involves tremendous problems unless all the people involved are aware of what is required of them., right from the victim of the crime to the investigator and judge. The science of Computer Forensics is fast becoming a very necessary skill set for law enforcement department, government entities, and corporations worldwide. Various challenges involved in cyber evidence collection and production are dealt in brief in the following subparagraphs.


Far more information is retained on a computer than most people realise. It is also more difficult to completely remove information than is generally thought. For these reasons, computer forensics can often find evidence of, or even completely recover, lost or deleted information, even if the information was intentionally deleted. Therefore, computers can act as a reservoir of evidence for the enforcement agencies, if only one knows how to and where to look for it. Computer forensics is the scince and technology of unearthing evidence from computer systems. It is a process of methodically examining computer media for evidence. It is the recognition, collection, preservation, analysis and presentation of cyber evidence.

Like in the real world evidences, the first step involved in the cyber evidence collection is the discovery of evidence. For an investigator to discover evidence, it is important for the victim of the crime to report the matter in the earliest possible time. Reporting cybercrimes are still very low for various reasons. Firstly most of the victims does not know about the crime and even when they come to know of it, it becomes too late for anything to be done. Another reason is that the corporate bodies do not want to involve police in the investigation since any adverse publicity on their systems can have negative reaction from their customers. Reporting a security breach puts a company’s reputation at risk. Corporate bodies feel that calling law enforcement is as good as advertising that you’ve been hacked- the kiss of death for any business that relies on trust. System administrators and corporate managers also believe that by avoiding police involvement they can stave off negative press.

It is needless to mention that reporting cyebercrimes as and when they occur will go a long way in checking this menace. In their White Paper on Computer Crime Statistics, the International Computer Security Association, points out that.

Most computer crimes go undetected by their victims.

Of the attacks which are detected, few are reported

This kind of situation is ideal for the criminals to enlarge their activities. Therefore, it is the duty of every person dealing with computers and networks to report to the concerned authorities any violations or crimes as soon as they notice it. Especially the organisations that use computer networks in doing their business or other functions can be more serious and proactive in this direction. Organisations can initiate few basic steps to facilitate reporting and investigation of cybercrimes. They are:

ESTABLISH AN INCIDENT-RESPONSE POLICY: A predefined policy will help management and system administrators better understand their company’s security needs and the risk in calling the police. This guidance will facilitate a speedier incident response and reduce confusion during the investigation and recovery process.

UNDERSTAND WHAT INFORMATION INVESTIGATORS WILL NEED: Most times, investigators know next to nothing about a victim’s systems. They’ll need every thing from a network map and a software inventory, to the descriptions and versions of operating systems, to a list of all staff members with access to critical information systems, to a copy of all systems logs.

MAINTAIN UP-TO-DATE HUMAN RESOURCES RECORDS: Since many computer crimes involve employees or other “insiders” investigators will need all the information that is available about employees and contractors with access to restricted systems. Vital information includes employees’ personal and biographical data, job descriptions, access rights and written acknowledgments of network-usage policy. This information, contained in most personnel files, provides many of the required background pieces vital to an investigation.

As a preventive measure against internal security breaches, companies should conduct extensive background checks on prospective employees. A background check will often reveal if an applicant has a criminal record or a history of questionable computer activities.

ARCHIVE SYSTEMS LOGDS: An organization’s systems logs contain a wealth of information on how internal users and external hackers exploit IT assets. They often show an attacker’s IP address, the time he accessed the system, the targeted servers the applications executed and more. Without logs, law enforcement will have no real starting point its investigation.


This is a delicate and precise process. Just as carelessness will negate the value the value of fingerprints at a robbery scent, haphazard collection of digital evidence can have the sane or worse affect in a computer- crime case. Given the fragility of digital evidence, only properly trained investigators and administrators should attempt to recover evidence. The problem is that organizations are often more concerned with restoring a systems to full operation than preserving the system for proper evidence collection. Evidence collection and systems recovery aren’t necessarily conflicting processes. Incorporating the nedds of computer forensics and criminal investigations in the systems-recovery process makes the gathering of evidence and the restring of the normal operations a relatively smooth exercise. If investigators are brought in promptly, a computer forensics specialist can collect a complete image of the compromised system without significant delays in uptime.


What follows from the above discussion on preservation of cyber evidence by the victims themselves is that everyone needs to know what are cyber evidence. Cyber evidence could be either physical or logical. Hardware components and the media in which the data is contained constitute the physical evidence. The physical side of computer forensics involves what is called search and seizure of computer crime, and searches for, and takes into custody computer hardware and media that are involved in the crime. In contrast, the logical side of computer forensics deals with the extraction of raw data from any relevant information resource. This is referred to as information discovery and normally inrmally involves an investigator combing through log files, searching the Internet, retrieving data from a database, etc.


Once the crime is reported to law enforcement agencies the focus is shifted to them. More than the victims, it is this group of players who must have thorough knowledge in computer forensics. Also it is to be kept in mind that computer forensics is not limited to cybercrimes alone. Investigation of any criminal activity may produce electronic evidence. The computer may be contraband, fruits of the crime, a tool of the offense, or a storage container holding evidence of the offense. Therefore the investigating officers must posses the necessary skills to recognise cyber evidence and to collect the relevant evidence without affecting their integrity.


Computers and related evidence rangs from the mainframe computer to the pocket-sized personal data assistant to the floppy diskette, CD or the smallest electronic chip device. Images, audio, text and other data on these media are easily altered or destroyed. It is imperative that law enforcement officers recognize, protect, seize and search such devices in accordance with applicable statutes, policies and best practices and guidelines. Answers to the following questions will better determine the role of the computer in the crime:

Is the computer contraband of fruits of a crime?

For example, was the computer software or hardware?

Is the computer system a tool of the offence?

For example, was the system actively used by the defendant to commit the offense? Were fake Ids of other counterfeit documents prepared using the computer, scanner, and color printer?

Is the computer system only incidental to the offense, i.e., being used to store evidence of the offense?

For example, is a drug dealer maintaining his trafficking records in his computer?

Is the computer system both instrumental to the offense and a storage device for evidence?

For example did the computer hacker use computer to attack other systems and also use is to store stolen credit information?

Once the computer’s role is understood, the following assential questions should be answered:

Is there probable cause to seize hardware?

Is there probable cause to seize software?

Is there probable cause to seize data?

For example, is it practical to search the computer system on site or must the examination be conducted at a fied office or lab?

If law enforcement officers remove the system from the premises to conduct the search, must they ruturn the computer system, or copies of the seized date, to its owner/user before trial.

Considering the incredible storage capacities of computers, how will experts search this this data in an efficient, timely manner?

These answers will also help in formulating a plan according to which the investigator can proceed towards actual collection of evidence through search and seizure.