Indian arrested for Selling psychotropic medicines on Darknet

Indian  Narcotics Control Bureau (NCB) on 9th February has arrested the country's first 'darknet' narcotics operative who allegedly shipped hundreds of psychotropic drug parcels abroad in the garb of sex stimulation medicines. 

Dipu Singh, 21, son of a retired army officer, was arrested by the sleuths of the Delhi zonal unit of the Narcotics Control Bureau (NCB) from Lucknow recently. 

Darknet refers to the deep hidden internet platform that is used for narcotics sale, exchange of pornographic content and other illegal activities by using the secret alleys of the the onion router (ToR) to stay away from the surveillance of law enforcement agencies. Owing to its end-to-end encryption, darknet is considered very tough to crack when it comes to investigating criminal activities being rendered over it. 

Singh was a major player on the darknet. His listings were found in one of the biggest and reliable darknet markets like Empire Market and Majestic Garden.

Accused initially used to ship  medicines related to erectile dysfunction and fitness supplements to overseas locations using the dark internet facility, but later shifted to transacting in psychotropic drugs under this garb seeing the profit margin in this illegal trade.

A Bachelor in hotel management from Amity University in Lucknow, Singh had "mastered the technique to disguise identity while making a shipment.

Accused was arrested by the central anti-narcotics agency under the Narcotic Drugs and Psychotropic Substances (NDPS) Act after raids were conducted at his residence in Lucknow's Alam Bagh area. 

While 12,000 tablets of various psychotropic drugs were seized from his residence, the NCB alleges Singh is a "mastermind" of hundreds of drug parcels clandestinely couriered to countries like the USA, UK, Romania, Spain and some European nations using the dark web. 

A total of 55,000 psychotropic tablets that includes tramadol, zolpidem, alprazolam have been seized as part of this two-month-long operation that was conducted with cooperation from international agencies, 

Some other seizures in this case were made in Mumbai and the UK too. 

The NCB was part of a global 'Operation Trance', launched in December last year, entailing a joint intelligence gathering action on international postal, express mail and courier shipments containing psychotropic drugs (which can only be purchased on a doctor's prescription) that are abused as sedatives and painkillers. 

The latest darknet ring was unearthed as part of this operation, which has international linkages and is spread across Singapore and the US and services of global post offices and international couriers were used as logistics for the illicit trade.

The payment gateways of cryptocurrency like Bitcoins and Litecoin were used by the operators to conceal the transactions from regulatory agencies,

The orders were procured from darknet and routed through various wicker identities, WhatsApp and some business-to-business platforms.

Cyber Insurance paid to pay Ransomeware: Case Study & Case Law

A Canadian insurance company infected by ransomware virus paid off the cybercriminals using its cyber insurance policy. Their British reinsurers, having to disburse 109.25 Bitcoins, wanted it back from the blackmailing cybercriminals.

After infection, the unnamed Canadian company suffered a total lockdown of all of its systems and asked its reinsurance firm to pay the ransom so it could get back on its feet.

Paying off blackmailers holding a company to ransom is never advisable, many a time it is against the local law. Despite a negotiation that made criminals bring down their initial demand of $1.2m to $950k, the decryption tool provided had to be run on each and every affected device on the company's network.

It took five days to decrypt 20 servers and "10 business days" to unlock 1,000 desktop computers.

Neither company was going to pay out and forget the incident. The English reinsurer hired Chainalysis Inc, a "blockchain investigations firm", which eventually pinpointed the people responsible.

In the AA Versus Unknown Persons and Ors. [2019] EWHC 3556 (Comm) Case No: CL-2019-000746

The Unknowns were arraigned as below:

(1) PERSONS UNKNOWN WHO DEMANDED BITCOIN ON 10TH AND 11TH OCTOBER 2019

(2) PERSONS UNKNOWN WHO OWN/CONTROL SPECIFIED BITCOIN

(3) iFINEX trading as BITFINEX

(4) BFXWW INC trading as BITFINEX

IN THE HIGH COURT OF JUSTICE BUSINESS & PROPERTY COURTS OF ENGLAND AND WALES COMMERCIAL COURT (QBD)

Hon. Justice Bryan said: "Whilst some of the Bitcoin was transferred into 'fiat currency' as it is known, a substantial proportion of the Bitcoin, namely, 96 Bitcoins, were transferred to a specified address. In the present instance, the address where the 96 Bitcoins were sent is linked to the exchange known as Bitfinex operated by the third and fourth defendants."

Bitfinex is a cryptocurrency exchange headquartered in the British Virgin Islands, though the court noted that one email address associated with the exchange was seemingly traced to China.

Justice Bryan said: "At the present time there is no evidence that [Bitfinex] are themselves, perpetrators of the wrongdoing, rather, it is said, they have found themselves the holder of someone else's property."

Hon. Justice ruled that Bitfinex probably knew who the two alleged ransom receivers were, saying: "I have no doubt that Bitfinex has the ability to access its records and its KYC [know your customer, finance sector ID rules] material to identify the information that is sought" about the two alleged blackmailers.

A Scottish MSP was caught red-handed promising ransomware decryption services when in reality all they were doing was paying off the cybercriminals and adding a windfall high margin. At least one study has found that less than half of companies paying off ransomware actually get their files back.

Meanwhile, A US federal judge has ruled that an insurer providing a "business owner's insurance policy" to National Ink & Stitch, which sustained a ransomware attack in 2016 and was forced to replace most of its IT infrastructure, must pay for the damages the security incident caused.

In her recent ruling, Judge Stephanie Gallagher of the U.S. District Court of Maryland wrote that the damage to Nation Ink & Stitch's computer infrastructure from a ransomware attack constituted "physical loss or damage" covered by the insurance policy and that the insurer must pay the costs to recover and rebuild the network. National Ink & Stitch is an Owings, Maryland-based embroidery and screen printing firm.

The insurer, Columbus, Ohio-based State Auto Property and Casualty Insurance Co., had denied coverage for the cost of replacing National Ink & Stitch's computer system, arguing that that the company had not experienced "direct physical loss of or damage to" its computer system, the judge noted in the ruling.

The ruling did not set a specific dollar figure, although National Ink & Stitch previously argued for a settlement of $310,000 in recovery costs, according to court documents. National Ink & Stitch and State Auto could be reached for comment.

Advocate (Dr.) Prashant Mali
Cyber & Privacy Expert

Online Defamation Laws in India

Online Defamation Laws (Criminal) in India

With Section 66A of The IT Act,2000 struck down by Hon. Supreme Court of India in Shreya Singhal's Case, victims have left only with options in other laws based on words and actions of the accused online.

Section 504 Indian Penal Code- Intentional insult with intent to provoke breach of the peace. (using bad words, curse words like BC, MC, F*ck U e.t.c)

“whoever intentionally insults, and thereby gives provocation to any person, intending or knowing it to be likely that such provocation will cause him to break the public peace, or to commit any other offence, shall be punished with imprisonment of either description for a term which may extend to two years, or with fine, or with both”.

Section 469 of the IPC states that whoever commits forgery, intending that the document or electronic record forged shall harm the reputation of any party, or knowing that it is likely to be used for that purpose shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine.

Section 499 of the IPC states that a person who uses some words spoken or intended to be read, by signs or visible representation to make or publish any imputation about a person in order to harm their reputation is guilty of defamation in India. 

Section 500 of the IPC states that a person who is liable under Section 499 would be punished with simple imprisonment for up to 2 years, with fine or both. Within the meaning of publication, posting any defamatory statement on a social media network, website, forum or bulletin board is also considered as defamation in India. 

Section 503 of the IPC : states that whoever threatens another with any injury to his person, reputation or property, or to the person or reputation of anyone in whom that person is interested, with intent to cause alarm to that person, or to cause that person to do any act which he is not legally bound to do, or to omit to do any act which that person is legally entitled to do

For a better understanding of sec 504 IPC, it is necessary to know what does the term ‘insult’ actually mean and how it become severe in nature that can even make a person liable for committing a criminal offence.

The objective of 504 IPC section is to prevent the intentional use of abusive language amounting to insult, giving rise to provocations causing the person against whom such words are used to commit a breach of peace. In this section, it is showed how a person can provoke another to commit an offence that is criminal in nature and which can also harm the public peace at large.

In our daily lives also, we hear a lot of words that are offensive in nature but somehow ignore to manage them, but in cases, if a person intentionally uses abusive or offensive words in order to humiliate a person or provoke him, he is said to commit an offence under the purview of sec. 504 Indian Penal Code. In order to establish an offence under this section, the following ingredients must be proved:

That the accused insulted some person intentionally.

That the intention of the person is such which is likely to give provocation to the person insulted.

The accused has the knowledge that such provocation would cause the person to break the public peace or under the influence of which, he can commit an offence.

Most Read: IPC Section 498

To commit an offence under this section, insult is necessary. The term ‘insult’ means that the words used must be of such a nature that causes contempt to the dignity of a person or we can say, which causes a sense of humiliation to the person. These words even include the daily slangs people use in their daily lives as well such as- bastard, foolish and so on.

To bring a case under this section, it would be necessary to decide whether the use of such words led to an intentional insult or not. A person cannot be held liable under this section unless insult was intended. Now the major question arises, how to determine whether the insult was intentional or not? 

So, the answer to this question is, an intention of insult is a matter of facts and circumstances which differs from case to case and situation to situation. Nature of insult is more of a question of fact and not of law. Insult caused should give provocation to cause a breach of public peace.

Say for an example- when the accused abused the complainant in such a manner which involves the chastity of his mother or sister, such an act falls under the ambit of IPC section 504. This was also held in the case of In re Karumuri Venkatratnam.

By reason of the expression of the abusive words in the background, atmosphere, and circumstances in which they are used, the act shows the breach of peace, which is considered as the determining test to bring a case within the extent of section 504 IPC.

Further, it is also contended that every insult could not be classified as an intentional insult. Say for an instance, a mere lack of good manners and casual talks between friends does not constitute an offence under this section. In the same manner, use of abusive language not supported by intention also does not lead to a breach of peace and does not make it an offence.

In classifying whether the particular abusive language is covered under IPC 504 or not, the court has to find out what in ordinary circumstances would be the effect of the abusive language used, and what if the complainant used those words or did an act as a result of his cool temperament or in his sense of discipline.

It is the ordinary general nature of the abusive language that is the test for considering whether the abusive language is an intentional insult likely to provoke the person insulted to commit a breach of peace and not the particular conduct or temperament of the complainant.

Each case of abusive language is to be decided on the facts and circumstances of that case, and there cannot be a general proposition that no one commits an offence under section 504 IPC if he merely uses abusive language against the complainant

Hence, the abuse that attracts section 504 IPC, must be accompanied with an intention to provoke a person intending or knowing it to be likely that such provocation will cause the latter to break the public peace, or commit some other offence.

The punishment provided in the code for committing the offence under this section is imprisonment for 2 years or fine, or may include both. It is a non-cognizable as well as a bailable offence, triable by any Magistrate.