Monetary penalties:

Cyber Crime penalty ranges from the fine of 1 lakh rupees to 10

lakh rupees. Where on one hand, Cyber Crime penalty for
tampering with computer source code and violation of privacy will
cost you 2 lakh rupees, on the other hand, failure to assist the
agency in regard interception or monitoring or decryption of any
information through any computer resource and publishing
obscene content on electronic platform cause you the loss of 10
lakh rupees. Only monetary loss is not the downside of these
offences but Cyber Crime penalty for these crimes mean 5 to 10
years behind the bars.

Then there are offences which ascertain the loss of 1 lakh rupees
and imprisonment, too, which varies from 2-3 years. Such as-

 Dishonestly receiving stolen computer resource or communication

device
 Identity Theft
 Cheating by Personation by using computer resource
 Failure to comply with the directions given by Controller
 Misrepresentation to the Controller to the Certifying Authority
 Breach of Confidentiality and privacy
 Publishing electronic Signature Certificate false in certain
particulars
 Publication for a fraudulent purpose

adjudication and appeals under IT Act 2000:

Section 46 of IT Act 2000

Section 46 of the IT Act 2000 grants the Central Government the

following power:

– To Appoint an Adjudicating Officer

– To hold an Enquiry to Adjudge, upon the complaints being filed.

Also , the adjudicating officer may be of the Central Government
or of the State Government, must have field Experience with IT
and Law and exercises Jurisdiction over claims for damages up to
Rs 5 Crores and is also vested with certain powers of a civil court
as per section 46(5) of the Act. The adjudicating officer is vested
with significant judicial powers, including the power to enforce
certain criminal penalties following the principles of basic natural
justice and equity while adjudication.

This position of Adjudicating officer is termed as “Quasi-Judicial

body” as it has powers and procedures resembling that of a Court
of Law or Judge, and bears an obligation to determine facts and
draw valid conclusions so as to provide the basis of an official
action with justice. Such actions result in providing redressals or
remedies by imposing legal penalties or duties on specific parties.
A Quasi Judicial Body has also been defined as “an organ of
Government other than a Court or Legislature, which affects the
rights of private parties either through adjudication or
rulemaking”

The Role of Adjudicating officers under the IT Amendment

Act, 2008

Section 46 (1A) : The scope of power in hands of the Adjudicating

officer under the amended Act in Section 46 (1A) is limited as
claims for injury or damage not exceeding 5 crores are under
their jurisdiction. Beyond Rs. 5 crore the jurisdiction shall now
vest with a competent or higher court.

Section 46(2): As per this subsection the quantum of

compensation that may be awarded is left to the discretion of
Adjudicating officers which suggests huge subjectivity on what
should be the penalty keeping in view the factors of unfair
advantage gained by the amount of loss caused to a person by
the offender. The Information Technology (qualification and
experience of adjudicating officers and manner of holding
enquiry) Rules,2003 lay down the scope and manner of holding
inquiry including reliance on documentary and other evidence
gathered in investigations.[2]
Section 46(5): In this section, authority of the Adjudicating officers
have been stretched conferred by including order of attachment
and sale of property, arrest and detention of the accused and
appointment of the receiver which leads to better enforceability
and effectiveness of its orders and working.

Adjudging the quantum of penalty/Damages

The adjudicating officer may impose penalties for any of the

offences described in Section 43, 44 and 45 of the Act but there
are “Factors” to be Taken into Account by the Adjudicating Officer
while adjudging the quantum of compensation are:

The amount of gain of unfair advantage, wherever quantifiable,

made as

a result of the default,

– The amount of loss caused to any person as a result of the

default,

– The repetitive nature of the default.[3]

Jurisdiction of an Adjudicating Officer

There are always a number of limitations listed under the

provision of various Acts. One of them is the jurisdiction of an
Adjudicating Officer appointed under the provisions of the IT Act
which would extend only to:

“First, Determining the extent of damages payable, secondly in

determining the amount of penalty payable by a person for his
failure to furnish information, returns, etc., and lastly determining
the amount of penalty/damages payable by a person for
contravening the provisions of the Act, Rules or Regulations for
which no separate penalty is provided.”

Nature of cyber criminality:

Cybercrime is Transnational in nature. These crimes are
committed without being physically present at the crime location.
These crimes are committed in the impalpable world of computer
networks.

To commit such crimes the only thing a person needs is a

computer which is connected with the internet.

Scope of Cyber Crimes

Cyber Crime is when an individual intentionally uses information

technology to produce destructive and harmful effects on the
tangible and/or intangible property of others. It has no national
boundaries and is usually a term for criminal activities involving a
computer or a network as a tool or a target.

Cybercrime can be basically categorized into three parts:

1. Cyber Crimes against persons
2. Cyber Crimes against property
3. Cyber Crimes against government.

1. Cybercrimes against persons

Cybercrimes committed against persons include various crimes

like transmission of child pornography, harassment of any one
with the use of a computer such as e-mail. The trafficking,
distribution, posting, and dissemination of obscene material
including pornography and indecent exposure, constitutes one of
the most important Cybercrimes known today. The potential harm
of such a crime to humanity can hardly be amplified.

2. Cybercrimes against property

The second category of Cyber-crimes is that of Cybercrimes
against all forms of property. These crimes include computer
vandalism (destruction of others' property), transmission of
harmful programmes.

3. Cybercrimes against government

The third category of Cyber-crimes relate to Cyber Crimes against

Government. Cyber terrorism is one distinct kind of crime in this
category.

The growth of internet has shown that the medium of Cyberspace

is being used by individuals and groups to threaten the
international governments as also to terrorize the citizens of a
country.

This crime manifests itself into terrorism when an individual

"cracks" into a government or military maintained website.

• Malware Where victims are hit with a worm or virus that renders
their devices useless

• Man in the Middle Where a hacker puts himself between a

victim’s machine and a router to sniff data packets

• Phishing Where a hacker sends a seemingly legitimate-looking

email asking users to disclose personal information other types of
cyber-attacks include cross-site scripting attacks, password
attacks, eavesdropping attacks (which can also be physical), SQL-
injection attacks, and birthday.

Cyber Criminals Motivation

The main motive behind the cybercrime is to disrupt regular
business activity and critical infrastructure.

Cybercriminals also commonly manipulate stolen data to benefit

financially, cause financial loss, damage a reputation, achieve
military objectives, and propagate religious or political beliefs.

Suicide Hackers

Suicide hackers are individuals who aim to bring down critical

infrastructure for a “cause” and are not worried about facing jail
terms or any other kind of punishment. They are similar to suicide
bombers, who sacrifice their life for an attack and are thus not
concerned with the consequences of their actions.

Malicious Insider or Whistle blower

A malicious insider or a whistle blower could also be an employee

with a grudge or a strategic employee compromised or hired by
rivals to garner trade secrets of their opponents to remain on top
of their game. These hackers may take privilege from their quick
access to information and their role within the corporate to hack
the system.

•Protect Your Most Visible

Asset-Websites are the
most visible and vulnerable
part of a company’s
infrastructure. As hackers
scan the Internet nonstop in
search of weaknesses,
companies should not
overlook this vulnerable
entry point in their cyber
security defense strategy.
Products like malware and
vulnerability scanners and
web-application firewalls
can help you guard this
important asset that is the
face of your brand.
•Focus on Effects- I t’s clear
that organizations can’t
prevent 100 percent of
intrusions. A sophisticated
and determined adversary
will eventually get in. This
is why companies should
focus on detecting the
effects (also called
indicators of attack) of
malware and adversary
activity, and not just look
out for
known bad signatures
(known as indicators of
compromise