social engineering

Online Revenge Porn-Recourse for Victims under Cyber Laws

– Advocate Puneet Bhasin, Cyber Law Expert, Cyberjure Legal Consulting

revenge porn
Online Revenge Porn means that when there are relationship break ups, then either party puts up nude pictures of the other or videos of their intimate moments on social networking media, blogs and other websites. Online Revenge Porn is on the rise world over with the advent of an open arena of the internet. Most online porn in India is amateur porn or revenge porn. World over, every country has enacted specific legislation to deal with revenge porn.
UK is coming out with the Revenge Porn Law. Many US States already have their Revenge porn laws. Virginia also has a revenge porn law and on 20th October, 2014 the first person was charged and convicted under their law.
In India we do not have a separate Revenge Porn Law, but Sections 67, 67-A and 66-A of the Information Technology Act, 2000 make online publication of Revenge porn a punishable offence.
Section 67 reads as under:
Punishment for publishing or transmitting obscene material in electronic form. -Whoever publishes or transmits or causes to be published or transmitted in the electronic form, any material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it, shall be punished on first conviction with imprisonment of either description for a term which may extend to three years and with fine which may extend to five lakh rupees and in the event of second or subsequent conviction with imprisonment of either description for a term which may extend to five years and also with fine which may extend to ten lakh rupees.
This section makes a person liable for transmitting or causing to transmit nude photos or content of the nature that it can deprave/corrupt the viewer of such content.
When people are in relationships, they tend to share nude or naughty photos of themselves with each other, and these photos are misused by the jilted partner in the event of a break up.
A victim can seek recourse under Section 67 in such a case.
Section 67 A of the Information Technology Act reads as under:
“Punishment for publishing or transmitting of material containing sexually explicit act, etc. in electronic form. – Whoever publishes or transmits or causes to be published or transmitted in the electronic form any material which contains sexually explicit act or conduct shall be punished on first conviction with imprisonment of either description for a term which may extend to five years and with fine which may extend to ten lakh rupees and in the event of second or subsequent conviction with imprisonment of either description for a term which may extend to seven years and also with fine which may extend to ten lakh rupees.”
This section also criminalizes the act of any party transmitting via email, MMS or video any act or conduct of explicit nature which the parties indulged in during the course of the relationship.
A victim can file a complaint with the Cyber Police Station along with filing an FIR in the Police Station.
In India we definitely need separate and comprehensive revenge porn laws along with an efficient judicial mechanism to deal with these offences in short duration of time. Many countries have a National Helpline along with a separate Cell to deal with Online Revenge Porn, as these matters require immediate redressal before the video goes viral. A National Helpline for revenge should be set up in India too, where victims can complain and there would be immediate pull down of the content from the internet. Most developed countries have enacted specific laws for the same already because of the huge increase in Revenge porn in the virtual world.
Disclaimer: This article is purely for educational purpose and is not in the nature of legal advice. It does not constitute any lawyer-client relationship between the author and the reader.


– Advocate Puneet Bhasin, Cyber Lawyer, Cyberjure Legal Consulting,

social 3 social 2

Hacking or unauthorized access to accounts can be of two types. The first is the one that would involve password cracking tools, but most organizations have cyber security features in place to prevent these attacks, however, it’s the second type of attack that can cripple any organization or person’s accounts and databases; this is a social engineering attack.

Social engineers are criminals who take advantage of human behavior to pull off an online scam or hacking attack. Successful social engineers are confident and in control of the situation completely.

There can be two techniques used by social engineers. One is of simple observation and another is of proactive effort.

In the first case, the social engineer simply observes a person’s social networking profiles, linkedin profiles and all data available about him. Most people have passwords that they can easily remember, and for that they have to be words closely related to them. People share their lives on social networking, where their date of birth, favourite colour, pet’s name and everything possibly related to them is freely available. It’s pretty easy to guess passwords in such a scenario. It’s always advisable to be discrete with respect to the data shared on social media. Such data is also collected by the online questionnaires and market research forms that people request to fill in public places.

In the second case, the attack is pre-planned and complete checklist is made of the person or companies likes, dislikes, passions, hobbies and professional credentials. Then the second stage of physical access comes into the picture. For example, three income tax officials turn up at your office for an inspection along with relevant badges and check all your office computers and all your documents, and in the process lodge key loggers into your computers, whereby they will receive an email of every key stroke made on the computers, thereby giving out your passwords and confidential data.

An example of this kind of attack would be where a social engineer researches about a person let’s say Mr. A, and knows that this person is fond of foreign holidays. The social engineer then calls up this person as the authorized representative from a reputed travel agency and offers a mind-blowing holiday package. He asks the Mr. A the version of PDF reader he is using on his laptop. The conversation is very friendly and inspires trust in the mind of Mr. A. The social engineer sends the holiday proposal in a PDF format which is not compatible with the PDF reader installed by Mr. A, and along with the proposal sends a compatible PDF reader for Mr. A to download and read the proposal. The PDF reader has malware attached that gives the social engineer access into Mr. A’s computer.

Another example of this type of attack would be where a very pretty woman, who is a journalist, goes to meet the System Administrator of a big company, to get his opinion on cyber security. She flirts a lot with him and after taking his opinion leaves, but “accidently” leaves her pen drive with him. A beautiful woman who flirted with this guy definitely would make him curious about her and he accesses her pen drive to know more about her. Only that the pen drive is infected with key logger and Trojan malware, thereby making the company’s networks very vulnerable.

The 4 basic principles which most social engineers follow are:

  • They project confidence. They do not sneak around and they proactively approach people and draw attention towards themselves.
  • They give you something. Probably just a small favor which creates trust and a perception of indebtedness.
  • They use humor as that is one tool which is endearing and disarming.
  • They make a request and offer a reason and research shows people are likely to respond to any reasoned request.

Attacks by social engineering are offences in India under Section 43 of the Information Technology Act, 2000. This section reads as under:

Penalty and compensation for damage to computer, computer system, etc. -If any person without permission of the owner or any other person who is incharge of a computer, computer system or computer network,-

(a) accesses or secures access to such computer, computer system or computer networkor computer resource;

(b) downloads, copies or extracts any data, computer data base or information from such computer, computer system or computer network including information or data held or stored in any removable storage medium;

(c) introduces or causes to be introduced any computer contaminant or computer virus into any computer, computer system or computer network;

(d) damages or causes to be damaged any computer, computer system or computer network, data, computer data base or any other programmes residing in such computer, computer system or computer network;

(e) disrupts or causes disruption of any computer, computer system or computer network;

(f) denies or causes the denial of access to any person authorised to access any computer, computer system or computer network by any means;

(g) provides any assistance to any person to facilitate access to a computer, computer system or computer network in contravention of the provisions of this Act, rules or regulations made thereunder;

(h) charges the services availed of by a person to the account of another person by tampering with or manipulating any computer, computer system, or computer network,

(i) destroys, deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means;

-he shall be liable to pay damages by way of compensation to the person so affected.


A victim is required to make a Complaint in the prescribed format along with the applicable fees to The Adjudicating Officer, Information Technology Act, 2000. The fees are calculated in accordance with the damages claimed. Under the provisions of the Rules for conduct of Adjudicating Proceedings under the Information Technology Act, 2000, the Adjudicating officer shall decide every application in 4 months and the whole matter in 6 months.


social 1