Deepening Roots of State-Sponsored Cyber Espionage

With a giant leap of technology, the concept of cyberspace emerged, demarcated by its virtual boundaries. These virtual boundaries are being penetrated through spying programmes like GhostNet, Trojan, logic-bombs or other associated malwares, shaping the concept of Cyber Espionage.

Various factors like extent and magnitude of damage caused by attacks, nature and identity of attacks and how much sensitive information is lost, play a leading role to define cyber espionage. That’s why, this concept is still devoid of any well accepted definition and different nations have their own version of cyber espionage. As per Tallinn Manual, “cyber espionage is an act undertaken clandestinely or under false pretences that uses cyber capabilities to gather information with the intention of communicating it to the opposing party.”

Increasing dependence on technology, where classified information finds its place in databases, the amount of state-sponsored espionage has also increased. Espionage is an age old state tacit, which also finds mention in Kautilya’s Arthasastra. Edward Snowden revelations in June 2013 and recent global cyber espionage incidents brought that issue on centre stage. These cyber stunts not only insult the sovereignty of a State but also lead to major economic drain.

Concerning the gravity of issue, it cannot be attached to mere incidents of technology misuse but revolves around serious politico-legal repercussions. Cyber espionage has the potential to steal trade secrets, valuable intellectual property as well as confidential information regarding a nation’s security system.  Leading members of world fraternity are being accused of crossing their red line in the virtual space. Russia, China and America are proclaimed as most notorious violators of cyber ethics. Though, it would be a great folly to limit these violations only to few standard countries. In the secret cover of screens, many countries around the world are committing cyber-espionage.

Demands are being raised by various national groups to declare it a warfare activity. International law is still trying to establish a basic framework to encounter this global challenge. Ingredients that constitute offence and defence are shaping themselves in the umbrella of international law. As per Tallinn Manual, cyber space being the sovereign territory gives rise to a legitimate logic of treating cyber attacks with same seriousness as attacks on physical territory. Thus, victim nations shall be entitled to justice and reparations under the ambit of international law and propounds evolution of law thereto.

It goes without any doubt that implications of cyber espionage are indeed severe and concept like cyber warfare can take shape as a natural consequence.  However, certain section of experts rejects the claims of cyber warfare in Toto. They declare that cyber attacks are too disorganised and disjointed to take shape of real war. Owing to constant media coverage, public perception hints towards the escalation of cyber attacks into full-scale war. The reality check rejects all these perception because the scale of these attacks is less than 4%. Public perception is being shaped by media as well as politics. One can sensitise the issue and broadcast a productive story while others can direct public policy in lieu of combating cyber espionage. However, barring the equation of cyber espionage with warfare, cyber attacks do deserve a legal sensitive framework governing the international fraternity.




Deepika Sangwan is a second-year student at Army Institute of Law, Mohali. She is an Editor at college magazine ‘AILITE 2016-2017’. She believes that writing gives clarity & depth to one’s thoughts. Apart from decorating facts with reasoning, cycling is her favourite pass time.


Beware of the Hacker!

A friend was pissed off recently because he was informed by others of unusual posts from his Facebook account. He had been offline for sometime only to be called back with abnormal activity happening on his wall. A rant from him partly read as follows,

“Am sorry friends for all the posts on your walls in my name. Please know that am not responsible. Some fellow has hacked my account and is out to spoil my good name. Am fixing things and hope to find this fellow.”

Well, my friend was not the first one to have their Facebook account hacked. I had seen several complaints from different people, even from other social media platforms. Thing is, the culprits are in most cases never found and so, after the owners of the accounts have fixed things and changed their privacy settings, the incidents are soon forgotten and life goes on.

Hacking is just but one form of cyber crime, maybe the most common and yet the one that people mostly brush off as not being serious, despite the serious consequences that come with it. The definitions of cyber crime vary largely because of the vast forms it takes as well as the jurisdictions. However, what remains constant in those various definitions is the fact that the computer, computer system or internet is often involved either as a target or a medium of committing the crime.[1] In this blog post though, I will restrain myself to hacking as an offence and why any hacker out there should think twice before continuing with their acts.

A straight forward definition of hacking is the use of a computer to gain unauthorized access to data in a system. Norton classifies hacking as a type 1 cyber crime done where hackers take advantage of the flaws in a computer system to carry out a crime.[2] Hackers hack into computer databases for various reasons, including facilitation of identity theft to be able to commit other crimes, to defraud corporations or individuals as well as hacking government databases to expose state secrets.[3]

In the UK, hacking is an offence under the Computer Misuse Act of 1990. This is provided for by Section 1 of the Act which provides for unauthorized access to computer material, which hacking is part of. The Police and Justice Act of 2006 made some amendments to sections 1-3 of the Computer Misuse Act making the maximum sentence the offence of unauthorized access to computer material to be two years. The Indian Information Technology Act of 2000 under section 65 provides for 3 years imprisonment or a fine of up to 2 Iakhs or both for the offence of tampering with computer source documents which hacking is part of.

In the US, hackers are punished for their acts by a number of different crimes depending on the varying circumstances under which the crimes were committed as well as par the different computer crime statutes available. The penalties include imprisonment of between six months and twenty years depending on the statute under which one is found liable and the veracity of the crime as well as fines between $ 1000 to $15000 or both the prescribed fine and imprisonment.

Advances in technology coupled with increased internet use are some of the reasons hacking has become common across the globe. Criminals have thus realized that they need not be physically present at a place to commit whatever crimes they want and are thus hiding behind keyboards and doing so much mischief. Some do it for fun; just to show others how good they are with technology. This is why more and more governments have or are coming up with laws to curb hacking and protect themselves as well as their subjects from the acts of hackers.

Most forms of cyber crime, hacking included have a concept of being borderless, that is, they can be committed in a different country and the effects are felt in another country. With this concept may arise the problem of jurisdiction, especially so where one country lacks provisions on a form of cyber crime. This is the reason international and regional instruments such as the Budapest Convention and the African Union Convention on Cyber Security and Personal Data Protection encourage cooperation between states in the prosecution of cybercrimes and other computer related crimes.

It goes without saying therefore that you ought to take hacking seriously as an offence punishable under law just in case you were not. One may ask why it is an offence, and here is the reason. Hacking is a breach to key human rights such as the right to privacy and right to property because most of the information targeted by hackers is private and confidential which they use against their victims. Also, the property being violated does not belong to the hacker and hence hackers interfere with the real owner’s right to enjoy the ownership and use of their property.

[1] <> accessed on 9/3/2017

[2] < > accessed on 9/3/2017

[3] <> accessed on 10/3/2017




Deborah Mulemiah is currently a postgraduate diploma in Law at the Kenya School of Law. Passionate about law and literature.

Reporting a cyber crime in India with just an e-mail

“Yesterday only, I received a call on my mobile device from an unknown number. The anonymous caller presented himself as some bank officer who was in immediate need of my ATM card number and CVV. After politely informing him that I’m a law student, I did disconnect the call.”

Well, not a new thing. Such happenings are way too common in our friend circle, family friends, and even ourselves and our parents. Law knowing persons including law professors, practitioners, and law students regularly receive phishing attempts, impersonating calls and emails on their electronic devices. What’s worse is that they choose to ignore such happenings.

Thanks to the recent legal developments in the Indian legal system, we can report such incidents just by dropping an email or reporting it to the local cyber cell.

What to report

Any cybercrime can be reported following the undermentioned steps. Whether a person is asking for your secret information or someone threatening you over Facebook, whether someone hate-texting you on Twitter or sending you sexually inappropriate messages on Whatsapp, you can (and must) report the incident by following the undermentioned steps.

For a rough idea regarding the ambit of the term ‘cybercrime’, it includes any illegal act that involves the usage of a computer or networking device. Read more here.

Where to report

Cyber crimes have global jurisdiction according to the IT legislation and therefore a complaint can be lodged in any cyber cell as per convenience.

How to report

First, you have to write an application addressing to the head of the cyber crime cell (head of the particular cyber crime cell to which you chose to report).

Note – Your application should include the following details:

  • Name
  • Address
  • E-mail address
  • Phone number

Second, attach the relevant and required documents. The type of documents required vary from offence to offence. For example, in case of hacking, you need to provide documents like logs of the server, a copy of the defected page, a copy of the original page, control mechanism details, list of suspects etc. In case of an impersonating call or message, the required documents include such call/message log, sender/caller details, impersonating details etc. Broadly speaking, attach any document that proves the existence of a prima facie case.

Third, send the email (along with the attached documents) to the concerned cyber crime cell using the contact details mentioned below.

Addresses of Cyber Crime Investigation Cells in India


Cyber Crime Police Station,

CID Annexe Building, Carlton House,

# 1, Palace Road,

Bangalore – 560001.

Telephone: +91- 080- 22942475, +91- 080- 22943050




SIDCO Electronics Complex,

Block No. 3, First Floor,

Guindy Industrial Estate,

Chennai -32

Ph: 044 22502526




Central Bureau of Investigation,

Plot No. 5-B, 6th Floor, CGO Complex,

Lodhi Road, New Delhi – 110003

Ph:+91-11-4362203, +91-11-4392424




In Charge Cyber Crime Police Station,

Hyderabad City.

Email :




ACP   Inspector Cyber Crimes

Sub-Inspector Cyber Crimes

IT Cell    Special Branch

Ph: 9491 039 167, 9491 039 172

9491 039 088, 040-2785 3413



Cyber Crime Investigation Cell,

Crime Branch, 4th Floor,

Administrative Building No. 1,

Near Udyog Bhavan,

Civil Lines, Nagpur-01.

Tel: +91 – 712 – 2566766



Office of Commissioner of Police

2, Sadhu Vaswani Road,

Camp, Pune – 411001

Phone: +91-20-020-26126296, 26122880, 26208250

Fax: 020 26128105.


E-Mail: /


Cyber Crime Investigation cell,

Annex III, 1st floor, Office of the Commissioner of Police,

D.N.Road, Mumbai – 400001

Ph: +91-22- 24691233

Web site:

E-mail id:



Website :


Ph: +91-9672700012



Madhya Pradesh

Inspector General of Police


Bhopal (M.P.)






Helpline Numbers:







3rd Floor, Office of Commissioner of Police,

Khalkar Lane, Court Naka, Thane (W)

Ph: 022-25410986



Uttar Pradesh

Cyber Complaints Redressal Cell,

Nodal Officer Cyber Crime Unit Agra,

Agra Range 7,Kutchery Road,


Uttar Pradesh

Ph : 0562-2463343, Fax: 0562-2261000



West Bengal


IIIrd Floor ,Bhawani Bhawan

Alipore, Kolkata – 700 0027

Phone Numbers – 033 2450 6100

Fax Number – 033 2450 6174




DIG, CID, Crime and Railways
Fifth Floor
Police Bhavan
Sector 18, Gandhinagar 382 018
Contact Details:
+91-79-2325 4384

+91-79-2325 0798
+91-79-2325 3917 (Fax)


IG-CID, Organized Crime

Rajarani Building, Doranda Ranchi, 834002

Ph: +91-651-2400 737/ 738


Don’t ignore crimes, no matter how small they may seem to be. You have a need to speak for yourself, and an obligation to lend your voice to those in need. Concluding with the words of Elie Wiesel:

“We must take sides. Neutrality helps the oppressor, never the victim. Silence encourages the tormentor, never the tormented. Sometimes we must interfere.”

– Elie Wiesel, The Night Trilogy: Night, Dawn, the Accident




‘Passionate!’ That’s the only word he uses to describe himself. Questioning assumptions. Challenging hypocrisies. Making the planet a better place to live in.

Protecting yourself against hacking

India is developing and taking a turn towards the path of digitalization. But it is our duty to keep our personal information private. It is adamant that the information can be stolen by the hackers and be used for any wrongful purpose. A man can forget but the internet never forgets and therefore, the information needs to keep in safe from the hands of the hackers. Hacking is an illicit attempt and unauthorised intrusion into hardware or software/ computer or a network.  It is the exploitation of the computer system or any private network of the company or any institution. Hacking can be done for personal conflict also. Hacking is a mala fide attempt to access or to take control over the network of others. Hacking is basically done by the hackers. There is no hard and fast rule to define and determine the hackers. Hacking is generally done by the one who is highly skilled and intelligent to crack the password of the other’s computer system or the network. Hacking is basically done by the professionals who have the knowledge of computer system in depth. If a real hacker wants to get information about your personal belongings, they can easily get that information through hacking.

Hackers are also known as “THE CRACKERS” as they crack the password of the network or the channel to get the information out of it. Hacking is a very vulnerable process and is the information is easily disclosed.

To protect yourself against hacking and getting your information be undisclosed, there are certain remedies to be followed so that the necessary and important information remains undisclosed and the hacker could not hack the computer in order to get the information.

  1. Passwords

You should create a strong password for your computer in respect of securing your data from the hackers. Passwords should be the combination of letters, numeric and symbols. You should reset the password from time to time. One should keep in mind that there should not be the same password for different accounts.

  1. Private website

If you have your own domain name, then there is a chance that your personal information including your number, an address is available to everybody. Hence, while registering, privatize your information so that hackers make not get any information.

  1. History data

The Internet has all the records what were you up to and what you are up to. So clear off the history data once in a while so that information cannot be leaked.

  1. Avoid open Wi-Fi AND Hotspot

Hackers are active through free Wi-Fi and hotspot and can steal your private data through open Wi-Fi or hotspot. Hence, avoid using the open Wi-Fi network or giving or taking hotspot connection from any other network. Instead, connect your internet in outside places.

  1. Public computers

Cyber cafes are the most reluctant places from where cyber crime happens. Using a private account through public computers may lead you in a difficult as it can go viral easily.

  1. Online transactions

These are the days where digitalization is at its peak but not to forget to use your card details alertly. There can be a chance of fraud by online companies to collect the details of your card and misuse it.


The speed of the internet is growing fast and we are lagging behind it. When we use anything, we should be aware of its pros and cons. Therefore, using internet also has its pros and cons and we should safely use it for our safety. Online transaction is on demand nowadays, and after demonetization, it has increased it pace like hell. So, while doing online transaction, we should know which all are the protected websites and from where your card details should not be leaked. We should stay cautious while using public programming system and avoid entering the personal bank accounts or social media details as there are chances for these accounts to be hacked. Nowadays, in this competitive world, every company and person needs to grow fast from the other and climb the mountain of success, for this sometimes, they hack the site or account of other person to grab the details of their marketing strategies, and hence, for this, hackers are hired by these big companies.




Sakshi Jain is currently pursuing her BLS LLB from Government Law College, Mumbai. Although she’s keen to gain knowledge and explore things going around her, her priority always stays focused on law only. Although she yearns for a career in the corporate sector, she’s quite confident regarding her capability to endure in other fields also. A passionate law student and a natural reader, she wants to complete her master degree from Harvard, Oxford, or London University.

Online sexual harassment

In India, irrespective of whether we live in the urban or the rural area, one of the things that remains a constant is misogyny. We face misogyny from our births till the end of our lives, right from female infanticide to child marriages and dowry deaths; from sexual harassment at workplace to marital rape and eve teasing; and from eve-teasing to acid-throwing and rape, women are at the receiving end of each ill-treatment. And as offended as we are with what happens in the offline/tangible world, this blog post is not about that. Slowly, like a sickly disease, this very prejudice against women can be seen permeating the digital world as well. It is kind of scary when we think about it. The online world was and is still a safe haven for many, including me. People were protected by the computer/mobile screen which does not allow for direct face-to- face communication or real relationships. Now, not so much.

Why is this so scary?

Crimes in India are all governed by the substantive law formulated under the IPC (Indian Penal Code). This means that possibly every real world offence (either a committed or an omitted act which is a violation of a legal right) that you can think of has been defined and has a quantum of punishment under the Indian Penal Code. For example, assault and battery, rape, murder, culpable homicide, theft, trespassing, outraging the modesty of women, etc. The list is endless, really.

Crimes of a sexual nature need such a great amount of evidence that most accused are acquitted (pronounced not guilty). Either the trial takes too long, or the investigation is botched, or the accused gets away on the basis of a technicality. Thus, the reality is that not all offenders are caught and put behind bars to suffer the consequences of their actions.

In comparison to other crimes against women, cyber-bullies often do not realise the nature of the wrongful act being committed by them.

Sexual harassment is a punishable offence in India, irrespective of whether it is in tangible or intangible form. It is imperative to know which acts constitute sexual harassment, and how to fight sexual harassment to have an understanding of its online aspect. Sexual harassment is defined as the unwanted intrusion of a sexual nature in the personal space of an individual.

Online sexual harassment can be punished under Section 67 of the Information Technology Act, 2000 along with relevant provisions of the IPC. For example, outraging the modesty of a woman, showing pornographic content without consent, making sexually coloured remarks or asking for sexual favors online are punishable offences under Section 67 of the Information Technology Act. This act makes transmitting or publishing obscene material in electronic form punishable by imprisonment upto 3 to 5 years and a fine of upto 5 to 10 lakh rupees.

Online sexual harassment has been found to manifest into three large categories:

a. the victim is on the receiving end of pornographic material, lewd comments and insults.

b. offensive material is posted about the victim on a public platform; or

c. offensive material of/about someone is posted without their consent.

Online sexual harassment has now become a harrowing reality faced by more than 70% of women in urban areas. In such a reality, it is of paramount importance that you know how to protect yourself from it.

Here is a step-by- step guide on how you can protect yourself against online offenders:

Step 1: Proceed with caution

A precautionary method to protect yourself is to privatise your social media accounts. This way, no anonymous user will ever be able to harass you as your posts will not show up on their feed. Also, make sure that the information you post on social media is not sensitive, i.e., photos of yourself and/or your phone number on public access networks. These can be used in a wrong way.

Step 2: Block, Block, Block

If the privatisation of your accounts is not enough and you still receive or are tagged in offending material, then you can block such a person. If anyone emails or texts you with objectionable material, block them. It’s the simplest way of protecting yourself from online trolls. All social media sites provide the facility of blocking hostile elements from your feed.

Step 3: Report to the host website

Any material which you find as derogatory to yourself or your views can be removed when you report such material to the host website. You can also report a person repeatedly for making derogatory remarks. This can get that person’s account shut down permanently by the host website.

Step 4: File an FIR

If a person is repeatedly sexually harassing you through multiple fake accounts, or publishing derogatory content posing as you, then you can file a police complaint against him/her to protect yourself.

Many women feel helpless when faced with online sexual harassment. However, one doesn’t need to live in fear anymore. Have faith in the judicial system and your modesty will be protected if the necessary precautions and actions are taken at the right time. Remember that Indian Penal Code as well as the Information Technology Act, 2000, have your back. One protects you in the real world whereas the other, in the virtual one. It must be kept in mind that the wheels of justice may be slow, but they exist nevertheless.

Now that you know about what steps to take in case you are ever faced by online trolls, let others gain from it too. Share the post, and let it reach far and wide, because someone somewhere might be facing an online harassment and may need help.



Khadija Khalil is currently pursuing 3 rd year of BLS/LLB course at Pravin Gandhi College of Law, Mumbai. With a love for the smaller things in life (being 5 ft tall), she is a geek who found law to be her fandom. Also a moot court enthusiast, because, why not.

Doctrine of Auto-block: Regulating the Search Engines

Lately, Beti Bachao Beti Padhao Yojana, (BBBP) was launched by the Honourable Prime Minister of India, an initiative by Ministry of Women and Child Development. It has been effective since January 2015. This BBBP Scheme was launched, in consequence of an alarm which was triggered by the Census of 2011, which reported 918 as the sex ratio of the child up to the age of 6 years, which has decreased from 927 in 2001, 934 in 1991, and 976 in 1961.[1]

Dr. Sabu Mathew George, filed a Public Interest Litigation, in the Apex Court, to draw the attention of the State towards, the advertisement, being promulgated electronically, for Pre-natal or Pre-conception Sex determination, by search engines within India.[2]

The above mentioned Writ Petition has been based on the violation of Section 22 of the Pre-conception and Pre-natal Diagnostic Techniques (Prohibition of Sex Selection) Act, 1994 (PCPNDT Act), prohibits the advertising of the facilities available with any person, regarding the pre-natal determination of the sex or sex selection before conception. The Writ Petition highlighted the issue that three famous and widely used search engines, i.e. GOOGLE, BING, YAHOO SEARCH, are violating Section 22 of PCPNDT Act. They were involved in communication of the advertisement, though not advertising themselves.

On 16th August 2010, Cyber Laws Formulation and Enforcement Division, Government of India, Department of Information Technology, filed an affidavit with the Supreme of Court of India, with regard to differentiate between the terms “Advertisement” or “Sponsored Links” and “Organic Search Results”. In differentiating between them, it stated that ‘Organic Search Results’ emerges out of the automatic indexation of the material available on the internet, and that lies beyond the control of the search engines, while the ‘Sponsored Links’ are the advertisements which are displayed after the person, who wants to advertise, has agreed to the terms and conditions provided by the respective search engines. It further stated that, these search engines can only be liable to control the sponsored links and not the organic search results, as they only provide a corridor.

The Apex Court while rejecting the above argument, ordered on 4th December 2014, that an endeavour should be there to apply the provision of the PCPNDT Act, 1994. As a result, it demanded interference of the Government of India to control the ‘Organic Search Results’ of these search engines.Supreme Court, as a protective measure, directed on 28th January 2015, that GOOGLE, BING, YAHOO, shall not display advertisement or sponsor them, while violating Section 22 of the PCPNDT Act, 1994, and shall remove any of the existing advertisement.

Hence, to protect the sex ratio from declining, on 19th September 2016, Apex Court came out with the “Doctrine of Auto Block”, to bind, search engine companies, to block the search results, either ‘sponsored’ or ‘organic’, which would generate on the certain keywords being entered upon, which relates to the ‘pre-natal sex determination’ or ‘pre-conception sex determination’, etc. it has been invoked by Apex Court, because the companies, have denied their control over ‘organic search result’. Hence, this Doctrine covers both the ‘advertisement’ as covered under the PCPNDT Act, and other materials related which aids the gender selection.[3]

This Doctrine intends to block the application of the ‘auto-complete’ function, which helps to complete the keywords while searching for any specific thing, as suitable for the algorithm of search. ‘Doctrine of Auto Block’ invites the cooperation between Government of India and Private Companies, whose search engines, provide the corridor for the advertisements and such other related materials, which helps citizens of India, to avoid the natural selection of gender of their offspring.‘Doctrine of Auto Block’, has to be applied by the Search Engine Companies on their own, and they cannot depend on the Government, for blocking any specific, advertisement or content.

Order dated 19th September 2016, marks the failure of Central Supervisory Board created under the PCPNDT Act and Government of India, as Supreme Court which is a judicial body had to exercise its powers to apply, Doctrine of Auto Block, to block the advertisements along with the ‘related material’, which is available to the public to fulfill their mala fide motives.

The ‘Doctrine of Auto Block’ should be enshrined in the Section 69A of the Information Technology Act, 2000, which empowers the Government of India, to block the public access of any information in the interest of public order and which prevents incitement to the commission of any cognizable offence as mentioned under PCPNDT Act. Under this section, Government of India has absolute power to direct these intermediaries i.e. search engines to block such contents, whether as ‘sponsored’ or ‘organic search result’

[1] As provided by the Census of India, Ministry of Home Affairs, Government of India

[2]Sabu Mathew George v. Union of India & Ors., Writ Petition (Civil) No.341/2008

[3] Order dated 19.09.2016, Sabu Mathew George v. Union of India & Ors., Writ Petition (Civil) No.341/2008




Dhruv Chandora is currently pursuing 4th year of BA LLB (Hons) course at Rajiv Gandhi National University of Law, Punjab. A voracious reader and a keen learner, Dhruv is also a moot court enthusiast.