19 December,2022 05:53 AM IST | Mumbai | Faizan Khan
The Thane siblings had sold personal details including Aadhaar number, contact number, address, etc, of people from Maharashtra, Delhi and Gujarat on two websites. Representation pic
Mumbai Crime Branch Unit 3, which is probing the case of theft and sale of personal data on two websites, has invoked Section 66F of the Information Technology Act that deals with cyber terrorism. The section has a maximum punishment of life imprisonment. The defence lawyer, for two of the seven arrested accused, questioned the move and said that if the case was related to cyber terrorism, then the National Investigation Agency would have taken it over. The Esplanade Court, which was hearing bail applications of three accused, has reserved its order till Monday.
The Crime Branch arrested Thane residents Rahul Yeligatti, 28, and Nikhil Yeligatti, 25, last month after learning that the duo was selling personal details including Aadhaar card number, contact number, address, etc of some people from Maharashtra, Delhi and Gujarat on two websites. During the probe, it was revealed that the siblings launched www.tracenow.co and www.fonivotech.com during the lockdown. Cops also learnt that Nikhil used to work as a loan recovery agent and knew how to procure data of customers.
Section 66F of the IT Act deals with punishment for cyber terrorism with intent to threaten the unity, integrity, security or sovereignty of India or to strike terror in the people or any section of the people by introducing or causing to introduce any computer contaminant.
Also read: Mumbai: 11 months, 3,960 cyber cases, only 245 cracked
The prosecution lawyer told the court, "The gravity of the case is big as it has compromised with the personal information of people from not only Maharashtra but also Gujarat and Delhi, and hence the section 66F of the IT Act, which deals with cyber terrorism, is invoked in the case."
The accused sold personal data of citizens from three states. Representation pic
Defence lawyer Advocate Akash Kavade, for the Yeligatti brothers, refuted, saying, "The section of cyber terrorism is added to the case only to delay the bail application as the maximum punishment here is life imprisonment. And if it is a case of cyber terrorism, the NIA would have come into the picture. Further, the prosecution has failed to bring on record any material to invoke stringent provisions of cyber terrorism." "Even if I agree with the case of the prosecution, then the entire case revolves around data theft, and Yeligatti brothers have purchased the data for business purposes and even their remand application has similar grounds," Kavade added.
The bail application of the duo stated: "The Prosecution has failed to bring on record any material to show the manner in which the present Applicants have jeopardised the unity, integrity, security or sovereignty of India. Further it is alleged by the prosecution itself that the Applicants used to share/sell the data to Bank Recovery Agents for meagre amounts of Rs 12,000 odd. Thus, in these circumstances, it is hard to digest that the Applicants are involved in the acts of cyber terrorism affecting the unity, integrity, security or sovereignty of India." The defence advocate also mentioned that when Nikhil was summoned by Naupada Police, he appeared before them on May 27 and cooperated with the cops.
After the arrest of the Yeligatti brothers, the police arrested Mohammed Ejaz Husain, 48, from Hyderabad as the siblings revealed that they procured the data from Husain. It was also alleged that the accused may have hacked into the servers of Central Identities Data Repository (CIDR), the website of Unique Identification Authority of India (UIDAI). The court will also decide on Husain's bail plea on Monday.
Cops made more arrests in the case including Sujit Atmaram Nangre, 27, an employee of the Department of Telecom (DoT) in Pune. Nangre, who used to work as a data entry operator, allegedly saved the data in a pen drive and sold it to Sandeep Palande, a 40-year-old from Pune. Palande then sold it to Vikas Pedamkar, 54, and Ishtiyaq Shaikh, 44. Shaikh then sold the data to the Hyderabad-based accused who supplied it to the Thane siblings.
The bail application filed by the Yeligatti brothers also mentioned that Aadhaar cards of all individuals are linked with their respective SIM cards, thus the theory that the applicants had hacked into the server of CIDR or UIDAI is untrue. It also cited that none of these agencies have filed any complaint.
"Cyber terrorism under Section 66F of the IT Act covers any person with intent to threaten the unity, integrity, security or sovereignty or to strike terror in people or any section of people in certain circumstances which include penetrating or accessing a computer resource without authorisation or introducing any computer contaminant. It also involves convergence of cyber space and unlawful attacks against computers, networks etc. to intimidate or coerce a government or its people in furtherance or political or social objectives," said Dr Sujay Kantawala, senior lawyer.
"Whereas, Section 43B of the IT Act covers data theft which is a simple act of violating, stealing or removing persons or companies' confidential information without authority. Data theft is a cognisable and bailable offence, but whether it would cover purchases in cross border transactions where the data is sold from person to person is debatable. Hence prima facie, qua purchasers who did not originally steal the data would fall in that category," Kantawala added.
66F
Section of the IT Act that deals with cyber terrorism
07
No of accused arrested in the case so far