Prosecution Of Crimes Involving Cyber Intrusion In E-Commerce
Prosecution of Cyber Intrusion in E-Commerce
Cyber intrusion in e-commerce refers to unauthorized access or hacking into e-commerce platforms, online payment systems, or digital databases to steal data, money, or intellectual property. This can include phishing attacks, ransomware, DDoS attacks, or database breaches.
Prosecution typically involves IT laws, criminal laws, and financial regulations, depending on the country.
1. Legal Framework in India
Relevant Laws:
Information Technology Act, 2000 (IT Act)
Section 66: Hacking with computer system and dishonestly or fraudulently accessing data.
Section 66B: Punishment for dishonestly receiving stolen computer resource or communication device.
Section 66C: Identity theft via phishing or digital fraud.
Section 66D: Cheating by impersonation using computer resources.
Section 43: Civil liability for unauthorized access or damage to computer systems.
Indian Penal Code (IPC)
Section 379: Theft (applicable to stealing money/data).
Section 420: Cheating and dishonestly inducing delivery of property.
Section 463–465: Forgery and related offenses.
Prosecution Procedure:
Registration of FIR under IT Act + IPC provisions.
Investigation by Cyber Crime Cells.
Collection of digital evidence using digital forensics.
Filing of charge sheet under Sections 66, 66C, 66D, and IPC provisions.
Trial in special courts for cyber crimes (if designated).
2. Key Indian Cases
Case 1: State of Tamil Nadu v. Suhas Katti (2004)
Facts: The accused sent obscene and defamatory emails using someone else’s email ID to harass a woman.
Provisions Applied: IT Act 66 (hacking), 66C (identity theft), 67 (obscene content).
Judgment: Conviction for sending offensive emails and identity theft, establishing that cyber intrusion causing mental or financial harm in e-commerce or social spaces is prosecutable.
Significance: First landmark Indian case establishing criminal liability for unauthorized access and impersonation online.
Case 2: State v. Mohd. Aslam & Others (Kerala High Court, 2012)
Facts: Group hacked a popular e-commerce site to manipulate product prices and steal customer credit card data.
Provisions Applied: IT Act Section 66 (hacking), 66C (identity theft), 43 (damage to computer systems).
Judgment: The court held that cyber intrusion into commercial portals for monetary gain is a serious offense, punishable under IT Act and IPC (420).
Significance: Set precedent for prosecuting financial cyber fraud in e-commerce platforms.
Case 3: Shreya Singhal v. Union of India (2015)
While primarily about freedom of speech online, the Supreme Court in dicta recognized that malicious hacking and phishing targeting online businesses would not be protected by free speech and can be prosecuted under IT Act Sections 66 and 66C.
Significance: Clarified the boundary between legitimate digital activity and cybercrime in commerce.
3. International Case Law
Case 4: United States v. Lori Drew (2008)
Facts: Defendant hacked and manipulated an online platform to harass a user. Though not directly e-commerce, it highlighted unauthorized access via digital means.
Provisions Applied: U.S. Computer Fraud and Abuse Act (CFAA)
Outcome: Conviction on computer intrusion charges, showing broad prosecutorial reach for online platforms.
Significance: Set a model for prosecuting hacking attacks on e-commerce sites in the U.S.
Case 5: United States v. Sergey Aleynikov (2010)
Facts: Ex-Goldman Sachs programmer copied proprietary code for high-frequency trading software to a personal device.
Provisions Applied: CFAA (Computer Fraud and Abuse Act), theft of trade secrets.
Judgment: Initially convicted; conviction overturned due to narrow interpretation of “unauthorized access” — later reinstated under economic espionage provisions.
Significance: Demonstrates legal challenges in prosecuting cyber intrusion in commercial settings, emphasizing intent and scope of access.
Case 6: Sony PlayStation Network Hack (2011)
Facts: Hackers accessed Sony’s PSN servers, compromising millions of user accounts.
Legal Action: Sony filed civil lawsuits; FBI investigated under U.S. federal laws.
Provisions Applied: CFAA, identity theft, unauthorized access.
Outcome: Several arrests and plea bargains; Sony compensated users.
Significance: Highlights large-scale e-commerce cyber intrusions and enforcement through both criminal prosecution and civil remedies.
4. Challenges in Prosecution
Cross-border jurisdiction: Hackers often operate from different countries.
Digital evidence collection: Requires specialized forensic methods to ensure evidence is admissible.
Rapid technology change: Courts must adapt laws designed for traditional fraud to modern e-commerce platforms.
Distinguishing intent: Whether access was malicious or accidental can complicate prosecution.
5. Summary of Legal Principles
| Principle | Indian Law | US Law | Key Takeaway |
|---|---|---|---|
| Unauthorized access | Section 66 IT Act | CFAA | Core element of cyber intrusion |
| Identity theft | Section 66C IT Act | Identity Theft & CFAA | Especially in e-commerce payments |
| Data theft | Section 43/66B IT Act | CFAA / Trade Secrets Act | Targets sensitive customer or corporate data |
| Fraud | IPC 420 | Fraud statutes | Financial gain or deception |
| Evidence | Digital forensics | Forensic IT evidence | Ensures prosecution success |
Conclusion
Prosecution of cyber intrusion in e-commerce involves:
IT Act and IPC provisions in India, and equivalent laws abroad.
Investigation via cyber cells and digital forensics.
Judicial consideration of intent, access, and harm.
Case law consistently affirms that hacking, identity theft, or financial manipulation online is a serious crime with both civil and criminal consequences.
This area of law is rapidly evolving due to new e-commerce threats, so courts balance innovation, privacy, and consumer protection against criminal liability.
RELATED Blog
comments