Sr Attack Section Act Punishment

No. No.
1 Social Engineering (SE): This attack relies 66C Using password of another person A Imprisonment up to
on social skills and human interaction person fraudulently uses the password, three years, or/and with
rather than technical skills. An attacker digital signature or other unique fine up to ₹100,000
uses communication and persuasion to identification of another person.
win the trust of a legitimate user and
obtain credentials and confidential 66D Cheating using computer resource If a Imprisonment up to
information such as passwords or person cheats someone using a three years, or/and with
personal identification numbers (PINs) to computer resource or communication. fine up to ₹100,000
log into a particular system. Phishing and
password pilfering attacks are common
techniques used in SE.
2. Scanning: 66D Cheating using computer resource If a Imprisonment up to
IPs Scan: Identifies all hosts connected in person cheats someone using a three years, or/and with
the network along with their IP computer resource or communication. fine up to ₹100,000
addresses.
Ports Scan: Determines which ports are
open on each discovered host in the
network.
Services Scan: Identifies the service or 66 Hacking with computer system If a Imprisonment up to
system running behind each open port. person with the intent to cause or three years, or/and with
Vulnerabilities Scan: Identifies knowing that he is likely to cause fine up to ₹500,000
weaknesses and vulnerabilities related to wrongful loss or damage to the public
each service on the target machine to or any person destroys or deletes or
exploit it afterward. alters any information residing in a
computer resource or diminishes its
value or utility or affects it injuriously
by any means, commits hack.

43 If any person without permission of the The Act does not specify
owner or any other person who is a fixed amount for the
incharge of a computer, computer penalty but indicates
system or computer network that the offender shall
be liable to pay
damages by way of
compensation to the
person affected by the
act.
The compensation
amount can vary based
on the extent of the
damage or loss incurred
by the affected party.
3. Exploitation: 65 Tampering with computer source Imprisonment up to
Viruses, Worms, and Trojan Horses: documents If a person knowingly or three years, or/and with
Malicious software designed to infect intentionally conceals, destroys or fine up to ₹200,000
devices, spread through networks, or alters or intentionally or knowingly
disguise as legitimate software to causes another to conceal, destroy or
perform malicious activities. alter any computer source code used
for a computer, computer program,
 Denial of Service (DoS) Attacks: Various computer system or computer
methods like SYN attacks, buffer network, when the
overflow, teardrop attacks, and smurf
attacks are used to crash systems by 43 If any person without permission of the The Act does not specify
overwhelming them with data or owner or any other person who is a fixed amount for the
connection requests. incharge of a computer, computer penalty but indicates
Man-in-the-Middle (MITM) Attacks: An system or computer network that the offender shall
attacker intercepts and potentially alters be liable to pay
communication between two legitimate damages by way of
devices. compensation to the
Replay Attacks: An attacker captures and person affected by the
replays legitimate packets to disrupt act.
communication integrity. The compensation
Jamming Channels: An adversary sends a amount can vary based
continuous flow of packets to keep the on the extent of the
communication channel busy, preventing damage or loss incurred
legitimate data exchange. by the affected party.
Popping the Human-Machine Interface
(HMI): Exploiting known vulnerabilities in 66A Publishing offensive, false or Imprisonment up to
device software or operating systems to threatening information Any person three years, with fine.
gain unauthorized remote access. who sends by any means of a computer
Masquerade Attack: An attacker resource any information that is grossly
pretends to be a legitimate user to gain offensive or has a menacing character;
unauthorized access or privileges. or any information which he knows to
Integrity Violations: Altering data stored be false, but for the purpose of causing
in devices to disrupt operations, such as annoyance, inconvenience, danger,
injecting false data to affect system obstruction, insult shall be punishable
monitoring accuracy. with imprisonment for a term which
Privacy Violations: Collecting private may extend to three years and with
information about customers, potentially fine.
leading to physical attacks like burglary
when the house is empty. 66C Using password of another person A Imprisonment up to
person fraudulently uses the password, three years, or/and with
digital signature or other unique fine up to ₹100,000
identification of another person.

66D Cheating using computer resource If a Imprisonment up to

person cheats someone using a three years, or/and with
computer resource or communication. fine up to ₹100,000

66E Publishing private images of others If a Imprisonment up to

person captures, transmits or publishes three years, or/and with
images of a person’s private parts fine up to ₹200,000
without his/her consent or knowledge.
4. Maintaining access: 66 Hacking with computer system If a Imprisonment up to
Backdoors: Stealthy programs installed to person with the intent to cause or three years, or/and with
allow the attacker to easily and quickly knowing that he is likely to cause fine up to ₹500,000
regain access to the target system later. wrongful loss or damage to the public
or any person destroys or deletes or
alters any information residing in a
 computer resource or diminishes its
value or utility or affects it injuriously
by any means, commits hack.

43 If any person without permission of the The Act does not specify
owner or any other person who is a fixed amount for the
incharge of a computer, computer penalty but indicates
system or computer network that the offender shall
be liable to pay
damages by way of
compensation to the
person affected by the
act.
The compensation
amount can vary based
on the extent of the
damage or loss incurred
by the affected party.

5. Severity and Likelihood of Attacks 69 Failure/refus al to decrypt data If the Imprisonment up to

In IT networks, security parameters are Controller is satisfied that it is seven years and
classified based on their importance: necessary or expedient so to do in the possible fine.
confidentiality, integrity, accountability, interest of the sovereignty or integrity
and availability. In contrast, in smart of India, the security of the State,
grids, they are classified as availability, friendly relations with foreign Stales or
integrity, accountability, and public order or for preventing
confidentiality. Thus, attacks incitement to the commission of any
compromising availability have high cognizable offence, for reasons to be
severity, while those targeting recorded in writing, by order, direct any
confidentiality have low severity. Each agency of the Government to intercept
attack also has a likelihood of being any information transmitted through
performed, with some being highly any computer resource. The subscriber
severe but less likely due to their or any person in charge of the
complexity, while others are less severe computer resource shall, when called
but more likely to be executed. upon by any agency which has been
directed, must extend all facilities and
technical assistance to decrypt the
information. The subscriber or any
person who fails to assist the agency
referred is deemed to have committed
a crime.