Cyber extortion is a crime involving an attack or threat of attack against an enterprise, coupled with a demand for money to avert or stop the attack. Cyber-extortion can take many forms. Originally, denial of service (DoS) attacks were the most common method. In recent years, cybercriminals have developed ransomware that can be used to encrypt the victim’s data. The attacker then demands money for the decryption key.
A 60 year old citizen, Prateek Das posed as a woman, Rita Basu, and created a fake e-mail ID through which he contacted V. R. Ahmed, a Abu Dhabi based man. Das trapped Ahmed in a ‘cyber-relationship’ sending emotional messages and indulging in online sex. When 6 months passed by then Das sent an e-mail that ‘‘she would commit suicide’’ if Ahmed ended the relationship. He also gave him ‘‘another friend Ruchira Sengupta’s e-mail ID which was in fact his second bogus address. When Ahmed mailed at the other ID he was shocked to learn that Das had died. Further, Das began the emotional blackmail by calling up Ahmed at Abu Dhabi to say that police here were searching for him. Ahmed panicked on hearing the news asked ‘Sengupta’ to arrange a good advocate for him and in this context deposited lakhs of rupees in Sengupta’s account. Das even sent e-mails as high court and police officials to extort more money. Ahmed finally came down to Mumbai to lodge a police case. After the investigation, Das was booked for cheating, impersonation, blackmail and extortion under sections 420, 465, 467, 471, 474 of the IPC. During the whole period, Das was able to abstract around a sum of around 96 lakhs from Ahmed.
As the number of enterprises that rely on the Internet for their business has increased, opportunities for cyber-extortionists have exploded. The probability of identification, arrest, and prosecution is low very because cyber-extortionists usually operate from countries other than those of their victims and use anonymous accounts and fake e-mail addresses.
In India, IT Act 2000 has amended the sections dealing with records and documents in the IPC by inserting the word ‘electronic’ thereby treating the electronic records and documents on a par with physical records and documents. The Sections dealing with false entry in a record or false document etc (420, 465, 471, 474, 476 etc) have since been amended as electronic record and electronic document thereby bringing within the ambit of IPC, all crimes to an electronic record and electronic documents just like physical acts of forgery or falsification of physical records.
Through concerted, high tech efforts, a few cyber-extortionists have been found, arrested, prosecuted, convicted and sentenced to prison. However, according to some reports, most cyber-extortion episodes go unreported because victims do not want the publicity and that; furthermore, the majority of reported episodes do not result in arrests.
Author- Tejaswini Ranjan
HR Head, FSA