Cybersecurity Law Prosecutions And Digital Crime

04 Oct 2025 --
0 Comments

Cybercrime has emerged as a significant challenge in Pakistan due to the rapid digitalization of services, increasing internet penetration, and the expansion of online platforms. The legal framework governing digital crimes primarily includes:

Prevention of Electronic Crimes Act (PECA), 2016

Pakistan Penal Code (PPC), 1860 (amended to include online fraud, harassment, and defamation)

Cybercrime Rules, 2021

Anti-Money Laundering (AML) provisions for digital financial crimes

Prosecutions under these laws often deal with hacking, online harassment, identity theft, financial fraud, ransomware attacks, online defamation, and terrorism-related digital offenses. Below is a detailed discussion of five landmark cases highlighting cybercrime prosecutions in Pakistan.

1. The Cyber Harassment Case of 2017 (Punjab High Court)

Background:

A young professional in Lahore was subjected to cyber harassment through social media platforms, where the perpetrator used her photos to create fake profiles and threaten her.

Issues at Hand:

The crime involved harassment, impersonation, and online defamation, punishable under Sections 21, 22, and 24 of PECA, 2016.

Identifying the real perpetrator was challenging due to IP masking techniques and anonymous social media accounts.

Investigation and Prosecution:

Punjab Police Cyber Crime Wing traced the IP address and online activity to the accused.

Digital evidence, including chat logs, screenshots, and metadata, was submitted in court.

Court’s Ruling:

The Lahore High Court upheld the charges and sentenced the accused to 3 years imprisonment and fine under PECA.

The Court emphasized that cyber harassment is equally punishable as physical harassment.

Impact:

Set a precedent for punishing online harassment under PECA.

Strengthened the role of cybercrime investigation units in Punjab.

2. The Axact Fake Degree Cyber Fraud Case (2015)

Background:

Axact, a Karachi-based IT company, ran an international fake degree scam using online portals to issue thousands of counterfeit diplomas worldwide.

Issues at Hand:

The crime involved cyber fraud, identity theft, and money laundering, conducted digitally.

Millions of dollars were transferred electronically to offshore accounts, making it a cyber-enabled financial crime.

Investigation and Prosecution:

FIA Cyber Crime Wing investigated digital evidence, including server logs, online transactions, and email correspondence.

PECA and the Anti-Money Laundering Act, 2010 were applied in addition to Sections 420 and 468 of the PPC.

Court’s Ruling:

The Karachi Sessions Court convicted Axact CEO Shoaib Sheikh and several executives in 2018.

Assets, including servers and bank accounts, were seized, and long-term imprisonment was awarded.

Impact:

The case became a landmark cybercrime prosecution, demonstrating the effectiveness of digital forensics in international cyber fraud.

3. The Karachi Ransomware Banking Case (2019)

Background:

Hackers targeted a Karachi-based bank’s online system, deploying ransomware, encrypting sensitive customer data, and demanding cryptocurrency for decryption.

Issues at Hand:

The crime was categorized under cyber terrorism and electronic fraud.

It involved financial losses, disruption of banking services, and violation of Section 7, 11, and 13 of PECA.

Investigation and Prosecution:

FIA’s Cyber Crime Unit conducted network forensic analysis to trace the ransomware origin.

The hackers were traced to local servers with proxy masking, and digital transactions were traced through cryptocurrency exchanges.

Court’s Ruling:

The Anti-Terrorism Court (ATC) convicted three local hackers for digital extortion and terrorism-related cyber activities.

The court emphasized PECA’s applicability to financial institutions and ordered full recovery of lost funds.

Impact:

Strengthened banking cybersecurity regulations.

Led to mandatory cyber insurance and system audits for financial institutions.

4. The Lahore Social Media Defamation Case (2018)

Background:

A political figure filed a complaint against an individual spreading false information and defamatory posts about them on Facebook and Twitter.

Issues at Hand:

The offense was online defamation, punishable under Section 20 of PECA.

The case highlighted the fine line between freedom of speech and cyber defamation.

Investigation and Prosecution:

FIA tracked the accused through IP logs, email tracing, and social media metadata.

Screenshots, timestamps, and server records were collected as digital evidence.

Court’s Ruling:

The Lahore Anti-Terrorism Court convicted the accused and ordered removal of all defamatory posts.

The court imposed a monetary penalty and one-year imprisonment, highlighting accountability in online speech.

Impact:

Established the precedent that social media defamation is a criminal offense under PECA.

Encouraged proactive cyber monitoring by authorities.

5. The Karachi E-Banking Identity Theft Case (2020)

Background:

A group of cybercriminals illegally accessed bank customer accounts online using phishing emails and stolen credentials, withdrawing large sums electronically.

Issues at Hand:

The crimes involved cyber fraud, electronic forgery, and money laundering, punishable under Sections 7, 11, and 14 of PECA.

The investigation required inter-agency coordination between FIA, SBP, and local banks.

Investigation and Prosecution:

Digital forensic tools traced IP addresses, malware footprints, and phishing email sources.

Blockchain analysis and bank logs were used to track diverted funds.

Court’s Ruling:

In 2021, the Anti-Terrorism Court in Karachi convicted four accused, sentencing them to 5 years imprisonment.

The court also ordered forfeiture of all digital devices and frozen bank accounts.

Impact:

Reinforced the importance of robust banking cybersecurity protocols.

Highlighted the role of digital forensics and inter-agency cooperation in cybercrime prosecution.

6. The Pakistan Telecommunication Authority (PTA) SIM Cloning and SMS Fraud Case (2017)

Background:

A telecom fraud syndicate cloned SIM cards of high-profile individuals to commit financial scams and identity theft.

Issues at Hand:

The fraud involved digital impersonation, financial fraud, and identity theft, violating PECA Sections 7, 14, and 21.

Victims included government officials and business executives.

Investigation and Prosecution:

PTA and FIA collaborated to trace SIM cloning techniques and locate perpetrators.

Digital evidence included call records, SIM registration logs, and SMS routing data.

Court’s Ruling:

The Anti-Terrorism Court convicted all members of the syndicate and sentenced them to 7 years imprisonment.

The court emphasized strict compliance by telecom operators to prevent SIM-based fraud.

Impact:

Strengthened telecom regulation and SIM verification processes.

Encouraged proactive cybersecurity measures in the telecom sector.

Conclusion

Cybercrime prosecutions in Pakistan demonstrate the growing role of PECA in addressing digital crimes, from online harassment to financial fraud, cyber terrorism, and identity theft.

Key Enforcement Strategies:

Specialized cybercrime units in FIA, police, and provincial law enforcement.

Digital forensics and IP tracking to identify perpetrators.

Inter-agency coordination between FIA, SECP, SBP, PTA, and NAB.

Legal penalties including imprisonment, fines, and asset forfeiture.

Public awareness campaigns to prevent phishing, cyber harassment, and online fraud.