Cybercrime in India

Why in the News?

A Parliamentary panel on home affairs presented a report, titled 'Cyber Crime – Ramifications, Protection and Prevention', highlights the evolution and growing complexity of cyber threats in India.

About Cybercrime

• The National Cybercrime Reporting Portal (NCRP) defines Cybercrime as any unlawful act where a computer, computer network, or electronic device is used as a tool or target to commit or facilitate a crime.
• Types of Cyber Crime
  • Malware, Ransomware, phishing, vishing (voice phishing), smishing (SMS phishing), identity theft, etc. are most common types of cybercrime.
  • But new threats continue to emerge as technology evolves, like digital arrest, cryptojacking, deep fake scams, and CaaS (Crime-as-a-Service).

Reasons for rise in Cybercrime

• Rapid Digital Transformation: The expansion of digital platforms and high-speed connectivity through initiatives like Aadhaar, UPI, and DigiLocker, etc. has correspondingly grown the opportunities for cybercriminals.
• Transnational Nature of Cybercrime: CBI highlighted that Indian citizens have been trafficked abroad and coerced into committing cybercrimes from foreign-controlled "scam factories", especially in Southeast Asia. 
  • This includes fake loan apps, call center-based extortion rackets and even human trafficking using cryptocurrency payments.
• Organised Nature of Cybercrime: The emergence of Cybercrime-as-a-Service (CaaS) lowers the technical barrier for entry, allowing less-skilled individuals to launch powerful cyberattacks by purchasing ready-made tools from the dark web.
• Jurisdictional Challenge: The cross-border nature of these attacks complicates law enforcement efforts due to jurisdictional challenges and differing legal frameworks across countries, allowing criminals to operate from "safe havens".
• Evolution of Criminal Methods: Criminals hide identity via VPNs, bulletproof hosting, decentralised storage (IPFS (Interplanetary File System), blockchain).
  • Widespread encryption (E2E, secure protocols) in use, and new technologies (5G, OTT apps) complicate lawful interception.
• Gaps in laws: Gaps in the IT Act, lack of accountability for IT intermediaries, lenient penalties, poor grievance redressal, and a shortage of trained cyber experts hinder justice. 

Impact of rise in cybercrime

•  Financial Losses: India lost over ₹31,500 crore (2019–24) due to cybercrime and most crimes are financial (UPI, QR fraud, deepfakes, SIM swaps).
• Threats to Critical Infrastructure: Multiple agencies have highlighted ransomware attacks targeting Critical Information Infrastructure (CII), which aim to paralyse essential services.
• Social & Psychological Impact: Victims of sextortion, cyberstalking, and deepfakes face trauma, social withdrawal, and even suicidal tendencies. 
  • AI-driven deepfakes target students, hurting mental health.
• Erosion of Trust: Citizens, especially the elderly, are losing faith in digital services after repeated frauds.

Government Initiative to Tackle Cybercrime

• Stronger Legal and Regulatory Framework: The National Crime Records Bureau (NCRB) categorises cyber offences under the IT Act, 2000, Bharatiya Nyaya Sanhita (BNS) crimes, and Special and Local Laws (SLL).
  • Important sections of the IT Act include Section 69A (blocking public access to information), Section 79 (intermediary liability and "safe harbour"), and Section 70B (establishing CERT-In)
• Agencies and Institutional mechanisms

• Indian Cybercrime Coordination Centre, I4C (2020): National coordination hub; runs Helpline 1930 & National Cybercrime Reporting Portal.
• CERT-In: Handles cybersecurity incidents, issues advisories. (Eg: alerts on AI-driven phishing).
• National Critical Information Infrastructure Protection Centre (NCIIPC): Protects Critical Information Infrastructure (power, banking, telecom).
• CBI & NIA: Specialised divisions for cyber fraud and terrorism-related crimes. (Eg: Operation Chakra against dark web fraud.)
• State Initiatives: Kerala (Cyberdome) and Maharashtra lead in cyber labs & forensics.

• Advanced Technology Tools
  • AI/ML for fraud detection: (Eg, NPCI's FRM system, RBI's MuleHunter.ai.)
  • Deepfake detection tools by MeitY & C-DAC and Cyber Swachhta Kendra to clean malware & botnets.
  • Blockchain & Tokenization: Used by TRAI (spam control) & RBI (card security).
• Inter-agency and International Cooperation: SAHYOG Portal (I4C) Connects government, intermediaries, and platforms for content takedown.
• Public Awareness: Campaigns like Cyber Dost, RBI Kehta Hai
  • Cyber literacy in schools & universities, SEBI's Niveshak Shivir for investors.

Way forward

• Empowering CBI: Parliamentary panel on home affairs recommended amending the Delhi Special Police Establishment (DSPE) Act, 1946, to empower the CBI to investigate cybercrime cases nationwide without needing general consent from state governments. 
  • This is aimed at overcoming operational delays, as eight states have withdrawn general consent.
• Legal reforms: Update the IT Act with stricter penalties, a unified cybercrime law, and victim compensation.
  • Regulate AI-driven content (deepfakes), OTT platforms (age-gating, parental controls), and online gaming. 
• Intermediary Accountability: Mandate registration of platforms in India, appoint local grievance officers, and ensure quick takedowns.
•  Cooperation: Strengthen State Cybercrime Coordination Centres, create an international liaison unit, a 24×7 cyber desk, and faster cross-border data sharing.
• Tech Upgrade: Invest in AI/ML-driven threat intelligence, blockchain verification, quantum-resistant encryption, and an indigenous app store.
• Data Protection: Align with DPDP Act 2023 for storage, KYC, and privacy safeguards.
• Capacity Building: Train police, prosecutors, judiciary, and students in cybersecurity; expand forensic labs and VR-based training.
• Public Awareness: Run multilingual awareness campaigns, financial literacy drives, and regulate finfluencers.