Rupin Sharma, IPS
Cybercrimes are typical because they test the traditional limits of law about jurisdiction and investigations. The cybercrimes could be committed across multiple jurisdictions- across police stations, across states, across countries and sometimes where it is impossible to even know where the perpetrator or criminal is based. In cyber-crimes, if we include attempts to commit crimes as a parameter – attempts to commit crimes are offences themselves, we are all possible targets or victims every day. We all receive numerous phishing, vishing and smishing contacts/advances from unknown persons every day. All these are attempts at committing cybercrimes from a legal viewpoint.
Cyber-crimes are usually ‘NO CONTACT CRIMES’ or ‘VIRTUAL CRIMES’ - crimes where the fraudster or criminal and the victim/ target have never met each other physically or may even never meet each other at all.
Under these extraordinary circumstances, reporting to the police or investigation agencies is difficult yet important. It is imperative that the victim should report to the police immediately – all crimes and even attempts.
There may also be cases where the victim may be hesitant to inform anyone about having been a target, either because of his foolishness or himself being involved e.g., in sextortion – or because of the stigma attached to being called a fool for not knowing or following the basics of cyber security.
In cases of cyber-crimes or where a person feels that he has been an attempt of an attack or a victim, the following steps are desirable:
- Please report to the police immediately;
- No police station should refuse to register an FIR in cases of reports of cyber-crimes;
- If the police station does not have jurisdiction or capability to investigate the case, it should NOT refuse to register the crimes at all. It should register ZERO FIR and later this can be transferred;
- Reports on cyber-crimes can be lodged at National Cyber Crime Reporting Portal i.e., at https://cybercrime.gov.in on the part relating to cybercrimes;
- Offline complaints can also be filed by dialing the national helpline number 155260;
- Readers and public are advised to refer to latest advisories issues by CERT-IN and report any unwanted or suspected behaviour to incident @ cert.in.org.in;
- While making a report to police or CERT.in, please include the following basic information: -
• Time of occurrence of the incident;
• The method used to commit the crime;
• Details about the incident;
Steps For Police Officers
The detailed steps of investigation may vary from case to case but there are some basic steps which need to be followed: -
(1) Always lodge/ register FIRs on complaints received – never refuse to register any FIRs. By refusing to register an FIR or delaying registration you may be allowing the perpetrator to attack more persons or even cover his traces;
(2) Even if there are rumored complaints/incidents never refuse FIRs - You can always submit closure reports if there is no crime or inadequate evidence;
(3) When complainants are hesitant, it may be advisable to still register FIRs as Suo-moto complaints or cases without divulging the details of victim. Such things can happen in sextortion or porn cases especially where pornography has been used as an interface for extortion or even for siphoning off funds from bank accounts;
(4) Take as many details as possible from the complainant;
(5) Be careful about what devices or machines have to be seized from the victim or target;
(6) Since the victim’s machines/devices can provide important clues, these may need to be seized, however, it is better to make copies/clones of the date rather than depriving the victims of their devices. This ear of losing the device is also a factor which inhibits victims from approaching the police – besides having been defrauded, they do not want to aggravate a loss by losing their devices too for investigation;
(7) Follow appropriate protocols especially about devices seized from accused persons or suspects so that a proper chain of custody can be proved during prosecution and so that allegations of tampering with data by investigators can be avoided;
(8) It is better to seize and seal the devices seized/ recovered from the accused right at the point of seizure to avoid complications in investigation. Making copies on the spot, if possible, may also be a strategy if the investigation agencies have enough resources;
(9) Take opinion of cyber forensic experts for analyzing the data on the suspected devices;
(10) The investigators need to know the details of the related nodal officers of the Telecom and Mobile Internet Service providers so that they can approached for assistance;
(11) The police officers should know the formats of making requests to service providers if you are required to do so;
(12) Know what questions need to be asked from service providers to help in investigations. The answers and responses you receive will depend on the questions you ask to the service providers and mobile companies;
(13) Know the details of Nodal officers of the important social media platforms and e-commerce or courier companies who may need to be approached for assistance in investigations;
(14) Know what questions are to be asked to the nodal officers. A standard list or a checklist may be developed for field officers;
(15) Know what information is necessary for investigations to carry the matter forward to catch the real culprits and also how the information from service providers or Social Media Platform or E-Commerce sites need to be preserved and presented for prosecution and evidence;
(16) Know how the foreign based entities can be approached or how they can be approached. This is necessary because the internet data may be present outside India too. Know the legal provisions which can be invoked to request or force the companies to share data/details for investigation;
(17) Know the channels to be used to send requests for investigation to companies outside India, whenever required.
Investigation of cyber-crimes is a difficult and tedious job. It consumes huge resources by way of manpower, time and even money. Sometimes investigations may last for years if trans-national investigations have to be done.
Besides this, for preservation of electronic or digital evidence and cyber forensics too, huge financial resources are required. These need to ne built-in and incorporated into the usual policing budget.
In the end, Prevention is Better than Cure and Greed is a cause of downfall.
Therefore, while police will investigate but it is better for the public to be alert and cautious about attempts at cyber-frauds and do not let greed overpower your sanity and peace of mind.
