Sunday, February 9, 2020

Indian arrested for Selling psychotropic medicines on Darknet



Indian  Narcotics Control Bureau (NCB) on 9th February has arrested the country's first 'darknet' narcotics operative who allegedly shipped hundreds of psychotropic drug parcels abroad in the garb of sex stimulation medicines. 

Dipu Singh, 21, son of a retired army officer, was arrested by the sleuths of the Delhi zonal unit of the Narcotics Control Bureau (NCB) from Lucknow recently. 

Darknet refers to the deep hidden internet platform that is used for narcotics sale, exchange of pornographic content and other illegal activities by using the secret alleys of the the onion router (ToR) to stay away from the surveillance of law enforcement agencies. Owing to its end-to-end encryption, darknet is considered very tough to crack when it comes to investigating criminal activities being rendered over it. 

Singh was a major player on the darknet. His listings were found in one of the biggest and reliable darknet markets like Empire Market and Majestic Garden.

Accused initially used to ship  medicines related to erectile dysfunction and fitness supplements to overseas locations using the dark internet facility, but later shifted to transacting in psychotropic drugs under this garb seeing the profit margin in this illegal trade.

A Bachelor in hotel management from Amity University in Lucknow, Singh had "mastered the technique to disguise identity while making a shipment.

Accused was arrested by the central anti-narcotics agency under the Narcotic Drugs and Psychotropic Substances (NDPS) Act after raids were conducted at his residence in Lucknow's Alam Bagh area. 

While 12,000 tablets of various psychotropic drugs were seized from his residence, the NCB alleges Singh is a "mastermind" of hundreds of drug parcels clandestinely couriered to countries like the USA, UK, Romania, Spain and some European nations using the dark web. 

A total of 55,000 psychotropic tablets that includes tramadol, zolpidem, alprazolam have been seized as part of this two-month-long operation that was conducted with cooperation from international agencies, 

Some other seizures in this case were made in Mumbai and the UK too. 

The NCB was part of a global 'Operation Trance', launched in December last year, entailing a joint intelligence gathering action on international postal, express mail and courier shipments containing psychotropic drugs (which can only be purchased on a doctor's prescription) that are abused as sedatives and painkillers. 

The latest darknet ring was unearthed as part of this operation, which has international linkages and is spread across Singapore and the US and services of global post offices and international couriers were used as logistics for the illicit trade.

The payment gateways of cryptocurrency like Bitcoins and Litecoin were used by the operators to conceal the transactions from regulatory agencies,

The orders were procured from darknet and routed through various wicker identities, WhatsApp and some business-to-business platforms.


Monday, February 3, 2020

Cyber Insurance paid to pay Ransomeware: Case Study & Case Law

A Canadian insurance company infected by ransomware virus paid off the cybercriminals using its cyber insurance policy. Their British reinsurers, having to disburse 109.25 Bitcoins, wanted it back from the blackmailing cybercriminals.

After infection, the unnamed Canadian company suffered a total lockdown of all of its systems and asked its reinsurance firm to pay the ransom so it could get back on its feet.

Paying off blackmailers holding a company to ransom is never advisable, many a time it is against the local law. Despite a negotiation that made criminals bring down their initial demand of $1.2m to $950k, the decryption tool provided had to be run on each and every affected device on the company's network.

It took five days to decrypt 20 servers and "10 business days" to unlock 1,000 desktop computers.

Neither company was going to pay out and forget the incident. The English reinsurer hired Chainalysis Inc, a "blockchain investigations firm", which eventually pinpointed the people responsible.

In the AA Versus Unknown Persons and Ors. [2019] EWHC 3556 (Comm) Case No: CL-2019-000746
The Unknowns were arraigned as below:
(1) PERSONS UNKNOWN WHO DEMANDED BITCOIN ON 10TH AND 11TH OCTOBER 2019
(2) PERSONS UNKNOWN WHO OWN/CONTROL SPECIFIED BITCOIN
(3) iFINEX trading as BITFINEX
(4) BFXWW INC trading as BITFINEX

IN THE HIGH COURT OF JUSTICE BUSINESS & PROPERTY COURTS OF ENGLAND AND WALES COMMERCIAL COURT (QBD)
Hon. Justice Bryan said: "Whilst some of the Bitcoin was transferred into 'fiat currency' as it is known, a substantial proportion of the Bitcoin, namely, 96 Bitcoins, were transferred to a specified address. In the present instance, the address where the 96 Bitcoins were sent is linked to the exchange known as Bitfinex operated by the third and fourth defendants."

Bitfinex is a cryptocurrency exchange headquartered in the British Virgin Islands, though the court noted that one email address associated with the exchange was seemingly traced to China.

Justice Bryan said: "At the present time there is no evidence that [Bitfinex] are themselves, perpetrators of the wrongdoing, rather, it is said, they have found themselves the holder of someone else's property."

Hon. Justice ruled that Bitfinex probably knew who the two alleged ransom receivers were, saying: "I have no doubt that Bitfinex has the ability to access its records and its KYC [know your customer, finance sector ID rules] material to identify the information that is sought" about the two alleged blackmailers.

A Scottish MSP was caught red-handed promising ransomware decryption services when in reality all they were doing was paying off the cybercriminals and adding a windfall high margin. At least one study has found that less than half of companies paying off ransomware actually get their files back.

Meanwhile, A US federal judge has ruled that an insurer providing a "business owner's insurance policy" to National Ink & Stitch, which sustained a ransomware attack in 2016 and was forced to replace most of its IT infrastructure, must pay for the damages the security incident caused.

In her recent ruling, Judge Stephanie Gallagher of the U.S. District Court of Maryland wrote that the damage to Nation Ink & Stitch's computer infrastructure from a ransomware attack constituted "physical loss or damage" covered by the insurance policy and that the insurer must pay the costs to recover and rebuild the network. National Ink & Stitch is an Owings, Maryland-based embroidery and screen printing firm.

The insurer, Columbus, Ohio-based State Auto Property and Casualty Insurance Co., had denied coverage for the cost of replacing National Ink & Stitch's computer system, arguing that that the company had not experienced "direct physical loss of or damage to" its computer system, the judge noted in the ruling.

The ruling did not set a specific dollar figure, although National Ink & Stitch previously argued for a settlement of $310,000 in recovery costs, according to court documents. National Ink & Stitch and State Auto could be reached for comment.

Advocate (Dr.) Prashant Mali
Cyber & Privacy Expert

Sunday, February 2, 2020

Online Defamation Laws in India

Online Defamation Laws (Criminal) in India

With Section 66A of The IT Act,2000 struck down by Hon. Supreme Court of India in Shreya Singhal's Case, victims have left only with options in other laws based on words and actions of the accused online.


Section 504 Indian Penal Code- Intentional insult with intent to provoke breach of the peace. (using bad words, curse words like BC, MC, F*ck U e.t.c)
“whoever intentionally insults, and thereby gives provocation to any person, intending or knowing it to be likely that such provocation will cause him to break the public peace, or to commit any other offence, shall be punished with imprisonment of either description for a term which may extend to two years, or with fine, or with both”.
Section 469 of the IPC states that whoever commits forgery, intending that the document or electronic record forged shall harm the reputation of any party, or knowing that it is likely to be used for that purpose shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine.
Section 499 of the IPC states that a person who uses some words spoken or intended to be read, by signs or visible representation to make or publish any imputation about a person in order to harm their reputation is guilty of defamation in India. 
Section 500 of the IPC states that a person who is liable under Section 499 would be punished with simple imprisonment for up to 2 years, with fine or both. Within the meaning of publication, posting any defamatory statement on a social media network, website, forum or bulletin board is also considered as defamation in India. 
Section 503 of the IPC : states that whoever threatens another with any injury to his person, reputation or property, or to the person or reputation of anyone in whom that person is interested, with intent to cause alarm to that person, or to cause that person to do any act which he is not legally bound to do, or to omit to do any act which that person is legally entitled to do

For a better understanding of sec 504 IPC, it is necessary to know what does the term ‘insult’ actually mean and how it become severe in nature that can even make a person liable for committing a criminal offence.

The objective of 504 IPC section is to prevent the intentional use of abusive language amounting to insult, giving rise to provocations causing the person against whom such words are used to commit a breach of peace. In this section, it is showed how a person can provoke another to commit an offence that is criminal in nature and which can also harm the public peace at large.

In our daily lives also, we hear a lot of words that are offensive in nature but somehow ignore to manage them, but in cases, if a person intentionally uses abusive or offensive words in order to humiliate a person or provoke him, he is said to commit an offence under the purview of sec. 504 Indian Penal Code. In order to establish an offence under this section, the following ingredients must be proved:

That the accused insulted some person intentionally.
That the intention of the person is such which is likely to give provocation to the person insulted.
The accused has the knowledge that such provocation would cause the person to break the public peace or under the influence of which, he can commit an offence.

Most Read: IPC Section 498
To commit an offence under this section, insult is necessary. The term ‘insult’ means that the words used must be of such a nature that causes contempt to the dignity of a person or we can say, which causes a sense of humiliation to the person. These words even include the daily slangs people use in their daily lives as well such as- bastard, foolish and so on.

To bring a case under this section, it would be necessary to decide whether the use of such words led to an intentional insult or not. A person cannot be held liable under this section unless insult was intended. Now the major question arises, how to determine whether the insult was intentional or not? 

So, the answer to this question is, an intention of insult is a matter of facts and circumstances which differs from case to case and situation to situation. Nature of insult is more of a question of fact and not of law. Insult caused should give provocation to cause a breach of public peace.

Say for an example- when the accused abused the complainant in such a manner which involves the chastity of his mother or sister, such an act falls under the ambit of IPC section 504. This was also held in the case of In re Karumuri Venkatratnam.

By reason of the expression of the abusive words in the background, atmosphere, and circumstances in which they are used, the act shows the breach of peace, which is considered as the determining test to bring a case within the extent of section 504 IPC.

Further, it is also contended that every insult could not be classified as an intentional insult. Say for an instance, a mere lack of good manners and casual talks between friends does not constitute an offence under this section. In the same manner, use of abusive language not supported by intention also does not lead to a breach of peace and does not make it an offence.

In classifying whether the particular abusive language is covered under IPC 504 or not, the court has to find out what in ordinary circumstances would be the effect of the abusive language used, and what if the complainant used those words or did an act as a result of his cool temperament or in his sense of discipline.
It is the ordinary general nature of the abusive language that is the test for considering whether the abusive language is an intentional insult likely to provoke the person insulted to commit a breach of peace and not the particular conduct or temperament of the complainant.

Each case of abusive language is to be decided on the facts and circumstances of that case, and there cannot be a general proposition that no one commits an offence under section 504 IPC if he merely uses abusive language against the complainant

Hence, the abuse that attracts section 504 IPC, must be accompanied with an intention to provoke a person intending or knowing it to be likely that such provocation will cause the latter to break the public peace, or commit some other offence.

The punishment provided in the code for committing the offence under this section is imprisonment for 2 years or fine, or may include both. It is a non-cognizable as well as a bailable offence, triable by any Magistrate.  

Tuesday, January 21, 2020

Credit Card Debit Card New RBI Rules 2020

credit card rbi rules

RBI 2020 new  Credit card Debit Cars rules: What cardholders must knowTo avoid card frauds U should know the following-

  • All debits and credit cards, including those which are reissued, can only be used for domestic transactions at ATMs and point of sale (PoS) terminals at the time of issuance / reissuance of the card. "At the time of issue/re-issue, all cards (physical and virtual) shall be enabled for use only at contact-based points of usage within India," RBI said.
  • Banks can deactivate current cards and reissue them based on risk perception. RBI has asked all banks and other card-issuing companies to disable online payment services of all debit and credit cards that have never been used for online/contactless transactions. RBI told banks and card issuers: “Existing cards which have never been used for online (card not present) /international/contactless transactions shall be mandatorily disabled for this purpose.”
  • All those Debit Card and Credit Card which are never used for online transactions after March 16,  a move aimed at enhancing security for digital transactions.
  • If the cardholder wants to use the Debit/Credit card outside India, then they need to ask the bank to enable international transactions.
  • Cardholders now can switch on and switch off their card or any particular facility like ATM transaction, online transactions available in the Debit or Credit Card.
  • Customers can get the facility to set their transaction limits.              RBI's new rule for debit and credit cards will come into effect from March 16. However, it will not be applicable for prepaid gift cards and those cards used at the mass transit system

Thursday, January 16, 2020

When IT Act, 2000 is applied, IPC cannot be applied by Police in the FIR



IT Act is a Special Act: case laws By Advocate (Dr.) Prashant Mali
Sharat Babu Digumarti Vs. Govt. of NCT of Delhi. 
MANU/SC/1592/2016. 
Gagan Harsh Sharma and Ors. Vs. The State of Maharashtra and Ors. MANU/MH/3012/2018.
Ajay Murlidhar Batheja Vs. The State Of Maharashtra and Ors. MANU/MH/  /2018.

Special Law:  A law that applies to a place or especially to a particular member or members of a class of persons or things in the same situation but not to the entire class and that is unconstitutional if the classification made is arbitrary or without a reasonable or legitimate justification or basis 1.

The Indian Parliament enacted in the Fifty-First Year of the Republic of India, an act called the Information Technology Act, 2000. This act is based on the resolution A/RES/51/162 adopted by the General Assembly of the United Nations on the 30TH January 1997 regarding the model law on the electronic commerce earlier adopted by the United Nations Commission on International Trade Law (UNCITAL) in its twenty-ninth session.

The Act is here to protect and provide certain means of redressal even to the owner of a single computer, computer system or computer network located in India which has been violated by any person. The act is the first step to give necessary confidence and protection to the said owner.

The said Act is a special act as it is said section 81 of the act which reads as follows :
Act to have overriding effect.-“The provisions of this Act shall have effect notwithstanding anything inconsistent therewith contained in any other law for the time being in force. Provided that nothing contained in this act shall restrict any person from exercising any right conferred under the Copy Right Act, 1957 or the Patents Act , 1970(39 of 1970)”.

In the case of Sharat Babu Digumarti v Government (NCT of Delhi) [(2017) 2 SCC 18]  the accused were charged with offences under Section 67 of the IT Act
and Section 292 of the IPC. The question before the Supreme Court was whether the accused who was discharged under Section 67 of the IT Act could be prosecuted under Section 292 of IPC. Placing reliance on non-obstante provisions under Section 81 of the IT Act and Section 67A and 67B, it was held that charge under Section 292 could not survive. The decision was on the basis that Sections 67, 67A and 67B was a complete code regarding offence concerning publishing and transmitting obscene material in electronic form and non-obstante provision under Section 81 makes IT Act a special law that will prevail over the general law, IPC.

On 26 October 2018, a two-judge bench of the Bombay High Court vide its judgment in Gagan Harsh Sharma And Anr vs The State Of Maharashtra And Anr on 26 October, 2018 (Criminal Writ Petition No 4361 of 2018) held that when the offence is sufficiently covered under the provisions of the Information Technology Act, 2000 (IT Act), the IT Act will apply as lex specialis to the exclusion of the Indian penal code, 1860 (IPC). The Bombay High Court vide its judgment quashed and set aside the First Information Report (FIR) insofar as the investigation into the offences punishable under the IPC were concerned, on the basis that the ingredients of offences alleged under IPC were the same as compared to the ingredients of the offences alleged to have been committed under IT Act.

I Got this Bail in the sessions court. Police often apply IPC Section 379 in data theft cases along with Section 43 & 66 of the IT Act,2000 .
I argued along with above case laws for non-applicability of IPC S379 which was only added by police to make the offense Non-Bailable, special Act i.e IT Act,2000 when applied IPC sections do not apply. Court has accepted my argument on the merits of Law and granted the Bail
Bail Order of sessions court  - Download Link

In the case of Ajay Murlidhar Batheja vs The State Of Maharashtra And Anr on 26 October 2018 (CRIMINAL APPLICATION NO.1217 OF 2018) the Bombay high court held “We are therefore not inclined to quash the said FIR as far as the offences under the Information Technology Act are concerned, however, we hold that the invocation and application of the provisions of the Indian Penal Code and specifically, Section 420, is not sustainable in light of the judgment Sharat Babu Digumarti v/s. Government (NCT of Delhi) (Supra)”.
Thus we can see that the provisions of this Act will prevail notwithstanding anything inconsistent therewith contained in any other law for the time being in force.
Nevertheless, by virtue of new proviso the scope of the overriding effect shall not restrict any person from exercising any right conferred in Copy Rights Act,1957 or the Patents Act,1970. The idea behind the new proviso is to protect the rights of intellectual property rights holder under the Copyright At or the Patents Act.

Conclusion:
It is often found that police in cybercrime matters to make the offence nonbailable will add 379 or 420 or 408 of the Indian Penal Code. The above case laws clearly indicate that when sections of the IT Act,2000 are applied sections from the general law namely IPC should not be added.

By Advocate (Dr.) Prashant Mali [MSc (Computer. Sci.) LLB, LLM, Ph.D. in Cyber Law]
Mobile: +919821763157
Email: cyberlawconsulting@gmail.com
Twitter: @AdvPrashantMali

References :
1. “Special law.” The Merriam-Webster.com Legal Dictionary, Merriam-Webster Inc., https://www.merriam-webster.com/legal/special%20law. Accessed 14 January 2020.




Sunday, January 12, 2020

Having Child Porn in your mobile ? Beware !


Child porn in Mobile: Beware ?
As a part of the police crackdown against those who had viewed, downloaded, stored or shared child sexual abuse content (child pornography) online.

Sumit Kumar Kalra  a 49-year-old man was arrested at Chennai Airport on Saturday night for downloading child sexual abuse material and sharing .
Arrested accused is a computer science graduate and owns a shop that sells gym equipment on Montieth Road, Egmore. On Saturday night, as he landed in Chennai from Delhi, the police of the Crime against Women and Children wing nabbed him. The police had received information about the crime from the Us based National Centre for Missing and Exploited Children, which has the technology to monitor child pornography material shared online.
India reported a maximum number of online child sexual abuse cases, followed by Thailand, which shows the data by US-based National Centre for Missing and Exploited Children (NCMEC).  India accounts for 3.88 million such cases filed between 1998 and 2017. This is despite the fact that India is estimated to have 451 million internet users .
Sumit had allegedly downloaded child sexual abuse material from the dark web on April 29, 2019 and had shared it with a friend over Facebook Messenger. Police also matched Sumit’s phone number and the IP address used to share the content. Sumit had used different browsers to remain anonymous. Though the accused had initially denied his crime, when the police confronted him with evidence, he confessed to his involvement, claims the police.
He has been booked under the section 13,14 of Protection of Children from Sexual Offences Act (POCSO) and section 67B of Information Technology Act,2000 and has been remanded to judicial custody.  
The Chennai police had, in December, announced that they had with them around 1500 IP addresses that had shared child sexual abuse content online and that they were monitoring at least three gangs that had created, stored and circulated child sexual abuse content. The Chennai police had also nominated Jayashree, the SP in-charge of Crime against Women and Children as the nodal officer for coordinating with the district police offices to act against child sexual abuse material. 
In December, the police arrested a 42-year-old man from Trichy for storing and sharing child sexual abuse material online. On January 4, a 23-year-old man from Assam was held in Pollachi for sharing child sexual abuse material on Facebook and a day later, the Coimbatore police also arrested a 25-year-old man, who worked as a bus driver in a private engineering college in the city, for viewing and sharing child sexual abuse videos online. 

Punishment for using a child for pornographic purposes

Offence
POCSO Act Punishment 

Use of a Child for Pornographic purposes
Minimum: 5 years

Use of a child for the pornographic purposes resulting in penetrative sexual assault
Minimum: 10 years
Maximum: life imprisonment


Use of a child for the pornographic purpose resulting in aggravated penetrative sexual assault
Minimum: 20 years
Maximum: Life imprisonment or death

Use of a child for the pornographic purposes resulting in sexual assault
Minimum: 3 years
Maximum: 5 years

Use of a child for the pornographic purposes resulting in aggravated sexual assault
Minimum: 5 years
Maximum: 7 years

I hereby caution and appeal WhatsApp group admin and members not to share or download any child abuse videos . One mistake can ruin your and your family’s life. Beware !
Adv (Dr.) Prashant Mali

FIR and remedies against Police in India



Remedies against Police 

Powers of the police in India are laid down in the Chapter XI from Sec. 149 to 153 of Code of Criminal Procedure, 1973 (CRPC). Police officials are also given powers u/s 41, 42 and 151 of CrPC, 1973, to make arrest without a warrant taking into consideration the circumstances. Sometimes they either exceed there power or abuse the same causing injustice to citizens.

Usually, the FIR should be registered in the police station within where the crime took place. But there are situations where police refuse to file FIR. According to new amendment in the law, if police refuse to file FIR there will be two-year imprisonment as punishment. A police officer who comes to know about a cognizable offence can file an FIR himself/herself. It is possible to send a complaint in writing and by post to the Superintendent of Police. If the SP is satisfied with your complaint then he/she shall either investigate the case himself/herself or order an investigation to be made. And it is not always necessary to go in person to register the FIR. Email or phone call is also enough to register an FIR in case of emergency. There are certain sections in the Indian penal code that authorizes to register FIR by the police and also constitutes stringent punishments against refusal in registering FIR.
Section 166 in The Indian Penal Code states about Public servant disobeying law, with intent to cause injury to any person. Whoever, being a public servant, knowingly diso­beys any direction of the law as to the way in which he is to conduct himself as such public servant, intending to cause, or knowing it to be likely that he will, by such disobedience, cause injury to any person, shall be punished with simple imprisonment for a term which may extend to one year, or with fine, or with both.
Also by Section 166A Public Servant disobeying direction under Law, Whoever, being a public servant knowingly disobeys any direction of the law which prohibits him from requiring the attendance at any place of any person for the purpose of investigation into an offence or any other, or knowingly disobeys, to the prejudice of any person, any other direction of the law regulating the manner in which he shall conduct such investigation, or fails to record any information given to him under sub-section (1) of section 154 of the Code of Criminal Procedure, 1973, in relation to cognizable offence punishable under section 326A, section 326B, section 354, section 354B, section 370, section 370A, section 376, section 376A, section 376B, section 376C, section 376D, section 376E or section 509, shall be punished with rigorous imprisonment for a term which shall not be less than six months but which may extend to two years, and shall also be liable to fine.
Punishment for non treatment of victim is given in the Section 166B that mentions that Whoever, being in charge of a hospital, public or private, whether run by the Central Government, the State Government, local bodies or any other person, contravenes the provisions of section 357C of the Code of Criminal Procedure, 1973, shall be punished with imprisonment for a term which may extend to one year or with fine or with both.
Public servant framing an incorrect document with intent to cause injury is provided in the Section 167 Whoever, being a public servant, and being, as such public servant, charged with the preparation or translation of any document or electronic record, frames or translates that document or electronic record in a manner which he knows or believes to be incorrect, intending thereby to cause or knowing it to be likely that he may thereby cause injury to any person, shall be punished with imprisonment of either des c r i p tion for a term which may extend to three years, or with fine, or with both.
FIR against police under the IT Act under Section 72 – Breach of confidentiality and privacy Any person who, in pursuant of any of the powers conferred under this Act, rules or regulations made there under, has secured access to any electronic record, book, register, correspondence, information, document or other material without the consent of the person concerned discloses such electronic record, book, register, correspondence, information, document or other material to any other person shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both.
Police Complaints Authority
In order to keep a check and to curtail the severe problem of police violence or abuse, the Supreme Court of India in Prakash Singh v/s Union of India[2006 (8) SCC 1], inter alia, instructed the government at state and district level to set up Independent Police Complaints Authority. The main function of these Police Complaint Authorities is to look into the complaints against the police officers. But hardly any actions were taken on the part of State Governments till date due to disinterest on this particular issue. The State Governments must constitute a Police Complaint Authority which should be free from any influence and vested with such legal powers and fruitful resources as are necessary and serve as deterrent to the crooked police official’s misconduct.



FIR : All you want to know about in a criminal case

FIR - What is?  The first information report is a report giving information of the commission of a cognizable crime,  which may be made by t...