Cybercrime Laws in Pakistan | Trial & Quantum of Punishments

The rise of 5G and 6G technologies marks a digital revolution, enabling rapid global information exchange. However, this progress has led to a rapid increase in cybercrimes. Cybersecurity experts predict that by 2025, global online frauds and offences etc could cost up to $10.5 trillion annually. Pakistan has experienced an 83% increase in digital offences over three years, with over 102,000 complaints to the FIA.

Due to excess reliance of individuals on internet services, they are more prone to digital crimes. Pakistani authorities are taking steps to protect citizens from digital threats and to educate them about such crimes. In this article we will discuss various kinds of cyber crimes and cybercrime laws in Pakistan, as well as the process for reporting such crimes. 

What is a cybercrime:

cybercrime laws in Pakistan

Cybercrimes are criminal activities that are carried out using computers or the internet. Where the criminal uses a device to reach the personal data or confidential information etc or to disable the device or other sources of others for the purpose of harm, are also called as cyber or digital crimes. These crimes include hacking, identity theft, phishing, online scams, cyberbullying, and the distribution of malware, among others. These crimes can have serious consequences, including financial loss, damage to reputation, and breach of privacy.

Top Twenty kinds of Cybercrimes:

Following are the 20 mostly reported types of cybercrimes in world:-

Hacking:

‘Hacking’ means the use of illegal and unusual methods to make the computer and internet do things to harm others. The vary factual explanation of this act make it more like a “cracker” and “cracking” instead of “hacker” and “hacking”. However, in order to be consistent with the most common usage of the word, we use “hacking” here to refer to unauthorized access.

In Pakistan, hacking as an offence refers to unauthorized access to computer systems, networks, or data with the intent to commit fraud, cause harm, or steal information. This includes activities such as illegally accessing or illegitimatly viewing someone’s email account or data, breaking into a company’s database to steal sensitive information, or disrupting the functioning of a website or network. Cybercrime laws in Pakistan, like in many other countries, prohibit such activities and impose penalties on individuals or groups involved in hacking.   

Spoofing attack:

A spoofing attack is a type of cyber attack in which a criminal actor impersonates a legitimate entity or device on a network. This can involve IP address spoofing (where the attacker alters the source IP address in a network packet to hide their identity), email spoofing (where the attacker forges the sender’s address in an email to appear as someone else), or website spoofing (where the attacker creates a fake website that looks like a legitimate one to trick users into providing sensitive information). Spoofing attacks are often used to steal data, spread malware, or gain unauthorized access to systems.

Cyber harassment:

Cyber harassment which is also referred to as online harassment or cyber bullying, is the use of internet communication to threaten, harass, or intimidate a person or group. Sending hurtful comments, starting rumors, disclosing personal information without authorization, and making up profiles to impersonate other people are a few examples of this. Its victims may experience severe repercussions from it, such as psychological discomfort, damages to their reputations, and in severe situations, bodily injury. Under cybercrime laws in Pakistan, it is considered illegal and it results in punishment of imprisonment and Fine.

Cyber bullying:

Cyberbullying, also referred to as online bullying, is a type of harassment and bullying that takes place via the internet. Cyberbullying and cyber harassment both involve using electronic communication to harm or intimidate others, but they differ in key aspects. Cyberbullying typically involves repeated behavior intended to harm, embarrass, or intimidate a specific individual, often with a power imbalance. It often targets individuals, especially children and teenagers, and can involve severe forms of harassment. Cyber harassment, on the other hand, may involve a single instance or a series of actions intended to harass, annoy, or alarm someone, and can target individuals, groups, or organizations. While cyberbullying may be more specifically defined and may have specific legal consequences, cyber harassment may be more broadly defined under harassment or stalking laws, depending on the jurisdiction.

Cyber stalking:

Cyberstalking is a form of online harassment or intimidation in which the perpetrator uses electronic communications to stalk a victim. This can include monitoring their online activity, sending threatening or harassing messages, or gathering personal information with malicious intent. Cyberstalking can be particularly distressing because it can be difficult for the victim to escape from the perpetrator’s reach, as the harassment can occur through various online platforms. Cyberstalking is illegal in many jurisdictions and is considered a serious offense due to its potential to cause emotional distress and physical harm to the victim.

Child pornography:

Children are becoming a potential target for digital offences due to the development of the internet. Children utilize the internet as more houses have access to it, increasing the likelihood that they will become victims of pedophiles’ aggressiveness. Children’s inhibitions are lowered due to easy access to pornographic content on the internet. Pedophiles attempt to meet youngsters for sexual activities, including taking explicit photos and films of them, by luring them in with pornographic material. Pedophiles typically attempt to make friends with minors in chat rooms by pretending to be teenagers and trying to gain their trust. Numerous kids worldwide become victims of sexual predators every year. These young victims have long-lasting emotional, physical, and psychological scars.

The moment that sexual abuse is captured on tape and posted online, it becomes permanently archived. The youngsters portrayed in it are haunted by the idea that numerous strangers use an image of their darkest moments for their own pleasure, and this knowledge bothers them on a daily basis. This is the reason that the child pornography and other offences pertaining minors sexually explicit pictures and videos are heavily punished with imprisonment of seven years and 50 million rupees fine under cybercrime laws in Pakistan. The NR3C cybercrime section is committed to making the internet a secure environment for our kids and has zero tolerance for pedophiles.

Data theft:

The act of taking computer-based information from an unaware victim with the intention of violating privacy or gaining access to private information is known as data theft. Both large corporations and private computer users are facing an increasing amount of data theft. The most prevalent categories in situations of data theft are listed below. 

  • E-commerce: When you buy or sell something online, you should be sure that your data is protected from prying eyes. Ignorance can result in the disclosure of private account information. 
  • Password cracking: If your computer is not password-protected or has a weak password that is easy to crack, hackers may get access to it and steal important data.
  • Eavesdropping: Information transmitted via unsecure lines may be intercepted and stored. There is a risk if no encryption method is employed.

Laptop theft:

Laptop or other like gadgets theft can be considered a digital offences when the theft involves the unauthorized access to or theft of data stored on the laptop. If the stolen laptop contains sensitive or confidential information, such as personal data, financial information, or intellectual property, the theft can have serious consequences. Additionally, if the theft involves the use of technology, such as hacking or remote access tools, to steal the data, it can be classified as a cybercrime.

Identity theft:

Identity theft as an online offnce involves the unauthorized use of someone else’s personal information, such as their name, social security number, credit card number, or other identifying information, to commit fraud or other criminal activities. This can occur through various online methods, such as phishing scams, data breaches, malware attacks, shoulder surfing, dumpster diving, spamming, spoofing, and skimming. Perpetrators of identity theft can use the stolen information to make purchases, apply for loans or credit cards, or even commit crimes in the victim’s name, causing financial and reputational harm to the victim.

Unauthorized use of Intellectual property rights:

Under cybercrime laws in Pakistan, obtaining or using intellectual property without authorization is regarded as offence. This covers any unauthorized use, access, or duplication of intellectual property, including trade secrets, patents, trademarks, copyrights, and private information. Cybercriminals frequently take advantage of digital technologies such as malware, phishing, and hacking to get private information that can be used for financial gain or to obtain an unfair competitive edge. Intellectual property theft can lead to large monetary losses, harm to one’s reputation, and a reduction in creative potential for both individuals and companies.

Denial of service attack:

A cyberattack known as a denial of service (DoS) attempts to prevent authorized users from accessing a computer or network resource. Usually, this is accomplished by providing the targeted system data that crashes it or by overloading it with internet traffic. A denial-of-service attack’s primary goal is to interfere with a network’s or website’s regular operation such that authorized users are unable to access it.

Digital Piracy:

The unauthorised duplication, transfer, or utilisation of copyrighted digital content, including games, apps, movies, and software, is known as digital or online piracy. Usually, this is done without the copyright holder’s consent, which causes financial losses for content producers and distributors. Piracy can happen in a number of ways, including through using unapproved streaming services, file-sharing networks, and unlawful websites for downloads.

Computer Malware:

When computer malware is used to purposefully interfere with, harm, or obtain illegal access to computer networks, systems, or data, it is classified as a digital crime. Malware is frequently used by cybercriminals to obtain sensitive data, including financial and personal information, for nefarious or financial gain. 

Malicious software, sometimes known as computer malware, is any software that is specifically created with the goal to harm a computer, server, client, or computer network. Malware can be found in a variety of formats, including as worms, Trojan horses, spyware, adware, ransomware, and rootkits. These harmful applications have the ability to take over a device or network, steal confidential data, corrupt data, and interfere with normal operations. Usually, corrupted software, malicious websites, or infected email attachments are used to spread malware.

Financial Frauds/ online frauds:

Online financial frauds refer to any fraudulent activity conducted over the internet with the intent to deceive individuals or organizations for financial gain. This can include various forms of fraud, such as phishing scams, identity theft, credit card fraud, investment scams, and online banking fraud. Perpetrators of online financial frauds often use deceptive tactics to trick victims into providing sensitive information or transferring money, leading to financial losses for the victims. These activities are illegal and punishable under laws in many jurisdictions.

Money Laundering:

Money laundering is the act of hiding the source of funds gained unlawfully, usually through digital technology or internet transfers. Cybercriminals can conceal the illegal origins of the funds and make them appear legitimate by using a variety of money-laundering techniques, including online gaming, cryptocurrency exchanges, and digital payment platforms. Many nations, including Pakistan, have anti-money laundering legislation that make it unlawful and penalized.

Cyber terrorism:

Cyberterrorism is an offens which entails heavy punishment of Fourteen years imprisonment and 50 millions rupees fine under Cybercrime laws in Pakistan which is coded in shape of section 10 of Prevention of electronic crimes Act, 2016.

The use of computers to carry out violent activities that cause or threaten major physical harm, loss of life, the destruction of vital infrastructure, or severe economic harm is known as cyberterrorism. It entails the purposeful use of denial-of-service and hacking attacks among other cyberattacks to intimidate or instill terror in governments or populations for religious, political, or ideological motives. Cyberterrorism frequently targets vital infrastructure, governmental organizations, or financial systems in its attempt to inflict widespread disruption, fear, and harm.

Vandalism:

Vandalism refers to the malicious destruction or defacement of digital property, such as websites, databases, or computer systems. It is typically carried out by unauthorized individuals or groups with the intent to disrupt operations, deface websites, or cause damage to digital infrastructure. Vandalism can take many forms, including the insertion of malicious code, deletion of files, or alteration of website content. It is illegal and punishable under laws.

Botnets:

Botnets are compromised computer networks or devices under the direction of a single person, known as a “bot-master” or “controller.” Usually, malicious software is installed on these infiltrated machines, also referred to as “bots” or “zombies,” enabling the bot-master to remotely manage them. Botnets are frequently employed in a variety of digital offences, such as malware distribution, spam email campaigns, and distributed denial-of-service (DDoS) assaults. Many nations have laws that make it unlawful and criminal to utilize botnets for malevolent purposes.

Ransomware:

A kind of malicious software known as ransomware locks down a victim’s computer or encrypts its contents, then demands a fee to unlock the device or data. Because it has the potential to create large financial losses and interfere with company, government, and individual operations, it is regarded as a major cybercrime. Cybercriminals that are looking to make money usually launch ransomware attacks, and they frequently target people or businesses that have important data or weak cybersecurity protections. Victims are urged to report such cases to law police, as paying the ransom does not ensure that access to the data will be recovered.

Digital warfare:

The use of cyberattacks to interfere with or destroy a nation-state’s or its citizens’ computer systems, networks, or infrastructure is known as “digital warfare,”. Attacks on vital infrastructure, including power grids, transportation networks, or financial networks, with the intention of causing harm, chaos, or financial loss, might be classified as this type of cybercrime. Espionage is another type of digital warfare in which attackers try to obtain confidential data or interfere with military activities. It violates international law and is regarded as a major danger to national security.

Cybercrime Laws in Pakistan:

Legislation in Pakistan have undergone significant development in recent years to address the growing challenges posed by digital offenses. A major portion of Pakistan’s enactment was influenced by foreign legislation. Here, we mention the key cybercrime laws in Pakistan based on their effectiveness and relevance, along with a brief overview of relevant statutes and reported cases.

Pakistan’s cybercrime laws cover the following eight major aspects of the e-commerce industry:

  • Recognition of electronic documents
  • Electronic communications
  • The digital signature regime and its evidential consequences
  • Website and digital signatures certification providers
  • Stamp duty
  • Attestation and notarization of certified copies
  • Jurisdiction
  • Offences

Prevention of Electronic Crimes Act, 2016 (PECA)

In 2016, the Prevention of Electronic Crimes Act (PECA) was passed. It provides a comprehensive framework for all forms of digital offences and is based on the Cyber Crime Bill of 2007.

 The principal piece of legislation in Pakistan that addresses cybercrimes, electronic frauds, and offenses pertaining to information technology is the PECA. It seeks to offer a legislative framework for crime prevention, investigation, prosecution, and punishment.

 Unauthorized access to information systems, electronic forgeries, cyberterrorism, cyberstalking, and online harassment are all made illegal by PECA. Additionally, it creates the National Response Center for Cybercrimes (NR3C) to handle investigations of these crimes.

Because it covers a wide spectrum of cyber offenses and offers a legal foundation for their prosecution, PECA is of much importance among other cybercrime laws in Pakistan.

It deals with the internet crimes like unauthorised data access (hacking), Denial of Service (DoS) assault (DOS Attack), Electronic forgery and electronic fraud, Cyberterrorism, spamming, spoofing, cyberterrorism, child pornography and hate speech etc.

Prevention of Electronic Crimes Ordinance 2007:

In 2007, the PECO (Prevention of Electronic Crimes or Cybercrimes Ordinance) was passed. This ordinance covered the various types of digital crimes i.e. Criminal access to data, data damage, system damage, electronic fraud and forgery, misuse of device, system and encryption, unauthorized access to code, cyber stalking, spamming, spoofing, unauthorized interception and cyber terrorism.

Cybercriminals in Pakistan may face a variety of sanctions under PECO. Depending on the crime, they can range from six months in prison to even the death penalty. The regulations apply to everyone in Pakistan who commits cybercrime, regardless of country of citizenship.

The Electronic Transactions Ordinance, 2002:

The first enactment pertaining to IT was the Electronic Transactions Ordinance (ETO), which was passed in 2002. This regulation acknowledges and supports electronic transactions and associated matters, such as the legality of contracts created electronically. Although it isn’t specifically related to cybercrime, it gives electronic communication a legal foundation, which is crucial for investigations.

The ordinance creates guidelines for the use of digital signatures and electronic documents in electronic transactions and acknowledges their legal validity. Since it offers a legal framework for electronic communication—which is frequently essential in investigations and prosecutions—the Electronic Transactions Ordinance, 2002 is pertinent to legislation pertaining to cybercrime.

The Pakistan Penal Code 1860:

While not specific to online offences, the PPC includes provisions that can be applied to certain cyber offenses, such as fraud, defamation, and unauthorized access to computer systems.

 Relevant sections of the PPC include Section 420 (cheating and dishonestly inducing delivery of property), Section 499 (defamation), and Section 500 (punishment for defamation), which can be applied to cybercrimes.

 While the PPC is not tailored for digital offences, its provisions can be used to prosecute cyber offenders for offenses that are not specifically covered under other cybercrime laws in Pakistan.

Pakistan Telecommunication (Re-organization) Act, 1996:

This Act provides for the establishment of the Pakistan Telecommunication Authority (PTA) and regulates the telecommunications sector in Pakistan. It also includes provisions related to the prevention of unauthorized access to telecommunication systems.

The Act empowers the PTA to regulate and monitor telecommunications services to prevent misuse, the telecommunications sector, the Pakistan Telecommunication (Re-organization) Act, 1996, is relevant to cybercrime laws as it provides a framework for regulating and preventing crimes that involve telecommunication systems.

Cybercrime Wing of FIA in Pakistan:

The Federal Investigation Agency’s Cybercrime Wing (CCW) is governed by legislation under the Prevention of Electronic Crimes Act (PECA) 2016, which addresses the increasing dangers associated with digital offences. This high-tech crime fighting squad was established in 2007 with the goal of identifying and combating the widespread issue of technological abuse in society. It is th main organization of its sort in Pakistan that takes legal action against cybercriminals and immediately receives complaints.

CCW specializes in a number of areas, including technical investigation, penetration testing, information system security audits, digital forensics, and training. The unit has helped numerous government entities increase their capacity ever since it was founded.

Director General FIA oversees the Cybercrime Wing, which is led by an Additional Director General (ADG) with support from Directors of Operations and Administration. The Wing is operationally divided into fifteen Cybercrime Reporting Centers (CCRCs) and six Zones, as shown below:-

The CCW Working Zone is an administrative division that oversees a particular number of CCRCs. An Additional Director oversees each zone’s operations and is also in charge of the legal branch, forensic laboratories, and continuing care facilities. Each circle or CCRC is headed by a Deputy Director, who ensures that the CCRC operates as per policy, rules and SOPs of FIA and the goals of the organization are being met in the most efficient manner under his/her jurisdiction. Each CCRC in-charge is assisted by a team of investigators, prosecutors, analysts, law officers, forensic experts and other support staff.

How to report a Cybercrime in Pakistan:

 Reporting an offence under cybercrime laws in Pakistan involves several steps. Here’s a general outline of the process:

1. Contact FIA National Response Center for Cyber Crimes (NR3C):

The authority  for preventing, handling and investigating cybercrimes in Pakistan is the Federal Investigation Agency (FIA). Digital forensics, information system security audits, technical investigation, penetration testing, and related training are areas of specialization for the NR3C. The NR3C can be reached by any person by phone or on their website.

2. Preparation of Complaint under cybercrime laws in Pakistan:

For reporting a crime, you have to prepare a written complaint detailing the experienced cybercrime by Including all relevant information such as the nature of the crime, when it occurred, and any available evidence .

3. Submission of Complaint under cybercrime laws in Pakistan:

Submit your complaint to the FIA NR3C. You may need to visit their office in person or submit it online, depending on their procedures.

4. Follow-up:

After submitting your complaint, follow up with the FIA NR3C regularly to check on the status of your case.

5. Cooperate with the Investigation:

If the FIA decides to investigate your complaint, cooperate with their investigation by providing any additional information or evidence they require.

6. Legal Action under cybercrime laws in Pakistan:

Depending on the outcome of the investigation, the FIA may take legal action against the perpetrator. If necessary, you may need to testify in court.

It’s important to note that the process may vary depending on the specific crime and the authorities involved. It’s advisable to seek legal advice to understand your rights and obligations before reporting it.

Punishments under cybercrime laws in Pakistan 

Prevention of Electronic Crimes Act, 2016 (PECA) imposes the following punishments on cyber criminals:

Offence / Cyber crimeImprisonmentFine
1. unauthorized access to any information system or dataThree monthsRs. 50000
2. Unauthorized copying or transmission of dataSix monthsRs. 100000
3. Interference and damage to information system or dataTwo yearsRs. 500000
4. Unauthorized access to critical infrastructure information system or dataThree yearsRs. 1000000
5. Preparation or Dissemination of information, through any information system or device, with the intent to glorify an offence relating to terrorismseven yearsRs. 10000000
6. Cyber Terrorism Fourteen yearsRs. 50000000
7. (Hate Speech) Preparation or dissemination of  information, through any information system or device, that advances interfaith, sectarian or racial hatred Seven yearsFine
8. Recruitment, funding and planning of terrorismSeven yearsFine
9. Any electronic interference to make any illegal claim or title or to cause any person to part with property or to enter into any express or implied contract, or with intent to commit fraud Three yearsRs. 250000
10. ( Electronic Forgery) Any critical electronic interference to make any illegal claim or title or to cause any person to part with property or to enter into any express or implied contract, or with intent to commit fraud  Seven yearsRs. 5000000
11.  ( Electronic fraud ) Any electronic deception to harm others by someone for wrongfull gain.Two yearsRs. 10000000
12. Making, obtaining, or supplying device for use in offenceSix monthsRs. 50000
13. Unauthorized issuance of subscriber identity module (SIM) card, re­usable identification module (R­IUM) or universal integrated circuit card (UICC) or other moduleThree yearsRs. 500000
14. Illegal & Unauthorized Tampering, etc. of communication equipment Three yearsRs. 1000000
15. Unauthorized interception by technical means with dishonest intention Two yearsRs. 500000
16. Any intentional exhibition or display or transmission of any information through any information system, which is wrong and harmful for the reputation or privacy of a natural personThree yearsRs. 1000000
17. Any intentional harmful exhibition or display or transmission through information system by superimposing a photograph of the face of a natural person over any sexually explicit image or video, or by intimidating him with any sexual act, or by inducing, cultivating or enticing any natural person to engage any sexually explicit act.Five years

In case of minor, Seven Years
Rs. 5000000
18. Child pornographySeven yearsRs 5000000
19. Unauthorized creation, distribution, transmission of malicious code through information system or dataTwo yearsRs. 1000000
20. Cyber Stalking Three yearsRs.
1000000
21. Cyber Stalking of a minorFive yearsRs.
10000000
22. Spamming Three monthsRs. 50000
23.SpoofingFive yearsRs. 500000

Steps to stay Safe from Cybercrime:

You can follow these tips to protect yourself from cybercriminals:

1. Secure Your Mobile Device:

To protect your smartphone,

  • ensure you use a robust password.
  • Enable automatic device locking. 
  • Install security software, like antivirus programs, on your computer.
  • Only download apps from trusted sources.
  • Check the permissions of each application.
  • Regularly update your operating system for security. 
  • Avoid clicking on spam links in texts or emails. 
  • Disable automatic WiFi connection. 
  • When browsing or making online purchases, ensure the URL begins with “https.”

2. Secure Your Banking:

To secure your banking:

  • For distinct bank accounts, use distinct pin codes. 
  • Do not use computers in cyber cafes for any online banking transaction .
  • It is important to never leave the computer alone when using your bank account.
  • Always register for email and SMS transaction alerts on your mobile device.
  • Never reply to emails or messages asking for your password or pin code. 
  • Once you’ve completed utilizing e-banking services, close your browser and log out. 
  • Always cover the keypad before entering the pin code when using an ATM. 
  • Make sure there are no extra gadgets added by looking around an ATM.

3. Secure Your Social Media:

To secure your social media:

  • Use extra security measures (security code, login alert, etc.) to access your account. 
  • Activate the alert for login notifications. 
  • Share content on social media with only those you trust to see it (pictures, videos, tagged locations, friends, etc.). 
  • Manage and keep an eye on who has access to your contact details. 
  • Maintain a Secure Online Connection Replace the admin usernames and passwords that are set by default on your network first and foremost. 
  • Make sure your password is secure and update it frequently. When not in use, turn off your WiFi and network routers.
  • Check your browser’s privacy settings. Never divulge personal information online in exchange for something free. 
  • Don’t click on links that you receive in emails.

International Standards

The first international convention addressing digital crime is the Budapest Convention, which aims to promote international collaboration, improve investigation methods, and harmonize national legislation. It stresses the protection of privacy and human rights while criminalizing acts including unauthorized access, data tampering, and system interference.

Another convention is United Nations Convention against Transnational Organized Crime (UNTOC). Although UNTOC does not have a specific focus on digital offences, it does offer a framework for countries to work together to combat many types of such organized criminal activties. It focuses on extradition, reciprocal legal aid, and other cooperative measures.

Comparison with cybercrime laws in Pakistan:

1. Coverage of Offenses: The Budapest Convention covers a broader range of offences, including offenses like the distribution of child pornography and racist and xenophobic offenses, which are not explicitly covered in Pakistan’s laws.

2. Protection of Human Rights: The Budapest Convention emphasizes the protection of human rights and fundamental freedoms in the context of combating these offences, an area where Pakistan’s laws could be further developed to ensure adequate safeguards.

3. International Cooperation: Both the Budapest Convention and UNTOC emphasize international cooperation in combating online criminal activties and offences. While Pakistan’s laws provide for international cooperation, there may be room for improvement in aligning with international standards, particularly in terms of extradition and mutual legal assistance

Enforcement of cybercrime laws in Pakistan

By passing legislation like the Prevention of Electronic Crimes Act (PECA) etc., Pakistan has achieved great progress against crime ratio. These enactments offer a framework for handling different kinds of digital offences and safeguarding people’s online privacy. Effective enforcement of these laws still faces obstacles though, such as the requirement for improved cybersecurity infrastructure and more public awareness. Governments, law enforcement organizations, and the general public must work together closely to reduce the risks associated with digital offences and guarantee a safe and secure online environment for everyone.


For other case laws, please visit here.