TEAM CODE – ILS-024

MEMORIAL FOR PETITIONERS

BEFORE THE HONOURABLE SUPREME COURT OF REPUBLIC OF STAN

In the matter of

Tanvir Ahmad & another

……… Appellant

Versus

Union of Stan
……. Respondent

And

In the matter of

Petition filed under Section 379 of the

Criminal Procedure Code, 1973

HUMBLY SUBMITTED BY THE COUNSEL APPEARING ON BEHALF OF THE

PETITIONERS
 TABLE OF CONTENTS

1. List of Abbreviations.
2. Index of Authorities.
3. Statement of Jurisdiction.
4. Statement of facts.
5. Issues Raised.
6. Summary of Arguments.
7. Arguments Advanced.
a. Whether the acts done by accused can be considered as a cybercrime and are such
acts punishable under section 66 of the IT Act?
b. Were the accused had intent to annoy SSRO authorities which is the agency of the
government, who in this present case the in charge of a computer, computer
system or computer network with the means of multi vector attack on servers of
SSRO by sending a mail which was programmed to make its way into the servers
of SSRO by introducing a self-programmed virus?
c. Are the actions of the accused to be considered as cyber trespass as criminal
trespass under section 441 of Stanian Penal Code?
d. Whether the actions of the accused are justified in charging the accused under
Cyber Terrorism under Section 66 F of IT Act?

8. Prayer.
 LIST OF ABBRIVIATIONS

A. I. R All India Reporter

& And
Cr.P.C. Code of Criminal Procedure
H.C High Court
I.P.C. Indian Penal Code
Ltd. Limited
Ors. Others
R.T. O Road Transport Officer
S.C Supreme Court
S.C.C Supreme Court Cases
Sec. Section
S.C.R Supreme Court Reports
U/s Under Section.
 INDEX OF AUTHORITIES

Table of Cases:

1. Kamalakanta Tripathy v. Respondent: State of Odisha and Ors.

2. Mohd Ajmal Amir Kasab v. State of Maharashtra.

3. Pune Citibank Mphasis Call Center Fraud

4. Shankar v. State Rep

5. SMC Pneumatics (India) Pvt. Ltd. vs. Jogesh Kwarta
6. The Bank NSP Case

Books Referred:

1. The Constitution of India by Durga Das Basu

2. The Criminal Procedure Code- Bare Act
3. The Indian Penal Code- Bare Act
4. Taxmann Cyber Crimes & Laws by Sushma Arora
5. Indian Evidence Act by Avtar Singh

Research Data Base:

1. SCC online: http://www.scconline.com/WebEdition.aspx

2. AIR online: http://www.airwebworld.com

Statues:
1. The Constitution of India, 1950
2. The Indian Penal Code, 1860
3. The Criminal Procedure Code, 1973
4. Information Technology Act, 2000
 STATEMENT OF JURISDICTION

The counsel humbly submits to the jurisdiction of this Hon’ble Court under Section 379 of
the Criminal Procedure Code. This section mentions that where the high court has, on appeal,
reversed an order of acquittal of an accused person and convicted him and sentenced him to
death or to imprisonment for life or to imprisonment for a term of ten years or more, he may
appeal to the Supreme Court.
 STATEMENT OF FACTS

1. The Republic of Stan, is a developing nation which lies in the southern region of Asia.
The country has a rich history and has seen a huge upsurge in the area of information
technology in recent years. The Stanian Space Research Organization (SSRO) is the
space agency of the Government of The Republic of Stan headquartered in Periyana, a
state in the southern part of the country, with a vision to "harness space technology
for national development", while pursuing space science research and planetary
exploration.

2. In March 2021, the SSRO, in the wake of the recent events of cyber-attacks on
multiple websites of national importance, had decided to take extensive measures to
secure its own cyber systems. Thus, after a substantial upgrade of its existing cyber
security, it released a public notification announcing a reward of 1,00,000 in its
national currency to anybody who could find vulnerabilities in their security
mechanism. The contest was subsequently announced closed on August 31st, 2021.

3. Among other participants, Tanvir Ahmad and Ramendra Singhal, first year students at
Stanian Institute of Cyber Security, had also applied for the competition in the month
of June, 2021 to try and find a loophole in SSRO’s security. Although the upgraded
system proved to be too foolproof for them and they could not succeed in their
attempt. However, they had continued to modify their method of attacks and were
expectant of a positive result on their end. On the second Sunday of October 2021, the
duo decided to give their old endeavor another shot and tried a multi-vector attack on
the servers of SSRO. One of their multiple modus operandi in this attack was to
introduce a self-programmed virus through an e-mail which, when accessed, was
programmed to make its way into the servers of SSRO and facilitate the success of the
multi-vector attack, launched from the outside by the two.

4. This method of attack became successful and the duo gained access to SSRO’s
servers on the said date. However, once the breach was successful, the virus began to
behave in a manner not foreseen by the perpetrators of the attack. It affected multiple
websites hosted by the SSRO and began to make innumerable copies of the extremely
confidential data that had been housed inside the servers. Tanvir Ahmad and
 Ramendra Singhal, monitoring this breach from their end, noticed this unprecedented
behavior of the virus and were alarmed. Their test runs with the virus had only
showed them that the virus was capable of facilitating multi-vector attacks and taking
down the websites hosted on the infected server.

5. Faced with an unforeseen behavior of their program which they now knew would land
them in the midst of extremely dire circumstances, they sent out an anonymous mail,
addressed to the SSRO, containing the coding of the virus and every other detail they
thought would be helpful in terminating the attack. However, because the servers at
SSRO had been clogged, this message did not get through until it was too late.
Multiple websites hosted on the servers had stopped showing up and the SSRO
servers had become jammed. Following this, an emergency response to the attack was
triggered and the servers at SSRO shut down to prevent further damage.

6. Following the reboot of the servers and the restoration of order, the mail which had
been sent anonymously by the two was received and tracked by way of the IP address,
which directed the Authorities to Tanvir Ahmad and Ramendra Singhal, both of
whom were subsequently arrested and charged under Sections 66, 66F of the
Information Technology Act, 2000 and Section 441 of the Stanian Penal Code. The
Ld. Sessions Court, upon perusing the facts and the evidence on record, concluded
that there was a clear lack of intention on the part of the Accused and thus, they were
acquitted under all of the charges labeled against them.

7. The State filed an appeal against the Ld. Sessions Court’s verdict in the High Court of
Periyana. The High Court, in its judgement stated that the mere access by the two of
them was access without authorization and that the breach of confidentiality of the
files was deemed sufficient to find the two guilty under the charged sections. The
judgement of the Sessions Court was thus reversed and Tanvir Ahmad and Ramendra
Singhal were found guilty under Sections 66, 66F of the Information Technology Act,
2000, and Section 441 of the Stanian Penal Code. They have now filed an appeal
before the Supreme Court of The Republic of Stan.

8. All the relevant laws of The Republic of Stan are pari materia to those of India.
 ISSUES RAISED

1. Whether the acts done by accused can be considered as a cybercrime and are such acts
punishable under section 66 of the IT Act?

2. Were the accused had intent to annoy SSRO authorities which is the agency of the
government, who in this present case the in charge of a computer, computer system or
computer network with the means of multi vector attack on servers of SSRO by sending a
mail which was programmed to make its way into the servers of SSRO by introducing a self-
programmed virus?

3. Are the actions of the accused to be considered as cyber trespass as criminal trespass under
section 441 of Stanian Penal Code?

4. Whether the actions of the accused are justified in charging the accused under Cyber
Terrorism under Section 66 F of IT Act?
 SUMMARY OF ARGUMENTS

Whether the acts done by accused can be considered as a cybercrime and are such acts
punishable under section 66 of the IT Act?

Section 66 of the IT Act says that “If any person, dishonestly or fraudulently, does any act
referred to in section 43, he shall be punishable.” In this case, the accused dishonestly or
fraudulently did not penetrate the server. It was SSRO who invited the interested people to
hack the server. What the accused persons did, they did it in good faith.

Were the accused had intent to annoy SSRO authorities which is the agency of the
government, who in this present case the in charge of a computer, computer system or
computer network with the means of multi vector attack on servers of SSRO by sending
a mail which was programmed to make its way into the servers of SSRO by introducing
a self programmed virus?

The act was done without criminal intention and to prevent other harms of the server which
may occur in near future. That is why as soon as they saw that the self programmed virus is
taking over the server, they sent an email to the SSRO authority with all the working
mechanism & details of the virus

Are the actions of the accused to be considered as cyber trespass as criminal trespass
under section 441 of Stanian Penal Code?

In this case, the accused dishonestly or fraudulently did not penetrate the server. The
students were attempting to enter into the server upon the notification issued by the SSRO in
the month of March 2021 and by such conduct they did not gain any access to the
information, data that is restricted for reasons of the security of the State; stored in the server.

Whether the actions of the accused are justified in charging the accused under Cyber
Terrorism under Section 66 F of I.T Act?

If there were any intention to threat the country, they would continue to attack the servers.
They tried to help SSRO by finding loopholes so that SSRO can strengthen their web
security. Thus it is not justified the actions of the accused persons to be charged under section
66F of IT Act.
 ARGUMENTS FURTHER PROCEED

Whether the acts done by accused can be considered as a cybercrime and are such acts
punishable under section 66 of the IT Act?

The attempt was to receive the cash prize announced by SSRO. For which they must enter
into the servers of SSRO. The virus was designed only to enter into the server. As the virus
was self programmed, it was working on its own course after entering the server which was
unknown to the accused. The accused entered into the server in good faith. The accused are
laymen & they were not aware of the extent of damages the virus can do. It attained a
destructive Avatar.

Here a landmark judgement I would like to mention is The Bank NSP Case1: A girl created
fraudulent email ids such as “indianbarassociations” and sent emails to a boy’s foreign
clients. She used the bank’s computer to do this. The boy’s company lost a large number of
clients and took the bank to court. The bank was held liable for the emails sent using the
bank’s system.

Another case we would like to mention, Shankar v. State Rep2 where the petitioner
approached the court under 482 ,Crpc. to quash the charge sheet file against him .The
petitioner secured unauthorised access to the protected system of Legal Advisor Directorate
of Vigilance and Anti-corruption and was charged under sec 66,70,72 of Information
Technology Act 2000.

Were the accused had intent to annoy SSRO authorities which is the agency of the
government, who in this present case the in charge of a computer, computer system or
computer network with the means of multi vector attack on servers of SSRO by sending
an e-mail which was programmed to make its way into the servers of SSRO by
introducing a self programmed virus?

It is respectfully submitted that these two accused persons have no such intention to violate
the server system of SSRO as also trespassing to their server is beyond their imagination.

1
The Bank NSP Case. shorturl.at/chxJ0
2
Shankar vs. State Rep. indiankanoon.org/doc/1131053/
As previously & repeatedly we mentioned the term ‘good faith’; it is remarkable that they do
the needful to protect the system for upcoming threats in future SSRO may face. They did not
only think about the prize money or winning the competition;They tried their all to find
loopholes about the server and to rectify that. Hence good faith aptly proven.

We apologize for the consequences surely but we want to say that our deliberation,
preparation & most importantly knowledge we used here for the sake of SSRO. There is no
masking present here. We already came to know their excellence in the field of technology. If
they wanted to copy confidential data of SSRO they could easily do that within a fraction of
second instead they choose honesty; they immediately informed SSRO through an
anonymous mail. Here a remarkable point to be underlined that annoyance to SSSRO’s server
is done by these two mere students already claimed; but in reality their excellence here
misinterprets their good will for SSRO. Hence we should note a relatable case law where
intention to annoyance & fraudulence mindset is actually present:

Pune Citibank Mphasis Call Center Fraud (2005)3”

Facts: In 2005, US $ 3, 50,000 were dishonestly transferred from the Citibank accounts of
four US customers through the internet to few bogus accounts. The employees gained the
confidence of the customer and obtained their PINs under the impression that they would be a
helping hand to those customers to deal with difficult situations. They were not decoding
encrypted software or breathing through firewalls, instead, they identified loopholes in the
MphasiS system.

The court held that section 43(a) of the IT Act, 2000 is applicable because of the presence of
the nature of unauthorized access that is involved to commit transactions. The accused were
also charged U/s 66 of the IT Act, 2000 and section 420 i.e. cheating, 465,467 and 471 of The
Indian Penal Code, 1860.

With comparison this case with our case synopsis we may say that whatever their intention is
but it’s not clearly to breach the security of SSRO and also not to annoy SSRO’s server
system.

Are the actions of the accused to be considered as cyber trespass as criminal trespass
under section 441 of Stanian Penal Code?

3
Pune Citibank Mphasis Call Centre Fraud
enhelion.com/blogs/2021/03/01/landmark-cyber-law-cases-in-india/
There was no intention from the accused side to commit cyber trespass & terrorism. If there
were anything as such; SSRO could not have been accessed the server. To constitute cyber
terrorism there should be denial of access of the computer system of the authorised person.
But even after the attack, the officials of SSRO were able to accessed the website and were
able to shut down the server to prevent any further loss.

In case of cyber terrorism, after the capturing the server the perpetrators had the option to
exploit the data by various ways, like delete that data or take that data out from the server and
put it somewhere else or they could rapture the data in such a way that it could not be
accessible further by anyone or they can sale the data to enemy or can ask money to the
government in lieu of returning the data. In this case nothing such happened. In the case
Kamalakanta Tripathy v. State of Odisha and Ors.4 The email id of Madhusudan Padhy, IAS,
Transport Commissioner, and Odisha was hacked by an unknown miscreant. Through this
hacked email, the accused used to send incriminating emails to other people and threaten
them. the Supreme Court observed that the culpability of hacking depends on the presence of
mens rea or the object with which the act was carried out for it to be punishable U/s 66 of the
IT Act and since considering that the email account of a Senior IAS Officer of the State has
been it has been hacked so as to illegally obtain sensitive and confidential documents, the
accused is liable for punishment as prescribed under Information Technology Act, 2000.

The self-programmed virus only made copies of the files which were already housed into the
server. The process of copying at a large number causes heavy traffic into server and finally
the server got jammed.

However, these two accused students charged for criminal trespass but they don't have any
intention like this .Here this is accountable that here the accused trying to quash all proves to
protect him from the wrongdoings he already committed but here these students don't have
any wrongdoings to cover up but also what they do, they do in good faith.Here motive of
criminal trespass is absent in every aspect.

Whether the actions of the accused are justified in charging the accused under Cyber
Terrorism under Section 66 F of I.T Act?

It is humbly submitted that the petitioners had no intention to cyber trespass to SSRO’s
server. An anonymous mail sent to tackle the situation or terminate the attack.At the very

4
W.P.(C). NO. 21524
outsetit is a question to ask that these two students who have been held liable for this
grievous offence is it competent to compare with In Mohd Ajmal Amir Kasab v. State of
Maharashtra5

where Mohd. Ajmal Kasab with his nine other partners illegally entered into the commercial
capital of India i.e. Mumbai City on 26th November 2008. They attacked on various places in
Mumbai in the name of Jihad. In this case If the students had any intention to threaten the
unity, integrity, security or sovereignty of the country they can do that by any other means
not by attacking a server.

When the situation went out from their hand, they sent an e-mail to SSRO with the coding of
the virus. If there were any intention to threat the country they would not have done so and
continue to attack the servers. There is evidence in the coding of the virus where it was made
just to enter into the server for accomplishment the success of their project.

Also another case law dragged our attention very well is SMC Pneumatics (India) Pvt. Ltd.
vs. Jogesh Kwarta6 Where a perusal of the said emails show that they are distinctly obscene,
vulgar, filthy, abusive, intimidating, embarrassing, humiliating and defamatory. But here
instead of any defamatory email sent by them to SSRO they tried to protect the server by
finding disputes already present in their system. This is not acceptable to address these first
year students as terrorists who have a bright future ahead to drag into the case like this. They
did not try to defame the aura of SSRO. They just tried to find out loopholes of SSRO's
server, which, if not rectified in near future probably have to face more drastic attacks. What
they did, they did it in good faith. It is their curiosity led them to conquer their goal to fix
SSRO's server and also to protect indignity, sovereignty and national security belonging to
thisorganisation.

5
Criminal Appeal Nos. 1899-1900 0f 2011
6
1279 0f 2001
 PRAYER

Therefore, in the light of facts stated , issues raised, written submission and authorities cited,
the counsel humbly pleads before your lordship to dismiss this judgment delivered by the
High Court that the accused were found guilty under sections 66, 66F of the Information
Technology Act, and Section 441 of the Stanian Penal Code, or to pass any other such order
which the court may deems fit in the light of justice, equity and in good conscience to which
the counsel shall forever be duty bound to.

Sd/-

(Humbly submitted by the Counsels appearing

On behalf of the Petitioner)