NEW DELHI: Indian law enforcement agencies, including central intelligence units and cybercrime divisions, are gearing up for a major crackdown on OSINT (Open-Source Intelligence) platforms that are illicitly collecting, processing, and selling leaked, hacked, or dark web data.
Sources indicate that multiple such platforms have been identified for unlawfully monetizing Sensitive Personal Data (SPD) and Personally Identifiable Information (PII), offering it to private investigators, corporate intelligence firms, and even government agencies.
Officials confirm that these activities violate multiple Indian cyber laws, including the Information Technology Act, 2000, the Digital Personal Data Protection (DPDP) Act, 2023, and provisions under the newly enacted Bharatiya Nyaya Sanhita (BNS), 2023.
Legal Implications and Law Enforcement Action
Authorities have warned that any platform or individual engaged in the unauthorized collection and sale of stolen credentials, financial data, or personally identifiable records will face immediate legal action. Key legal violations include:
- Information Technology Act, 2000 – Sections 43(A), 66, 66C, 66D, and 72A criminalize identity theft, unauthorized data breaches, and the misuse of sensitive data.
- Digital Personal Data Protection (DPDP) Act, 2023 – Imposes heavy penalties for illegal data processing and failure to safeguard personal data.
- Bharatiya Nyaya Sanhita (BNS), 2023 – Sections 316 (identity fraud), 317 (data theft), 319 (cheating by impersonation), and 355 (criminal conspiracy) cover fraudulent activities related to unauthorized data access and sale.
Contents
A senior official involved in cyber investigations stated, “We are closely monitoring these platforms and their operators. Soon, we will initiate website takedowns, legal proceedings, and arrests.”
Final Warning to Offenders
This is a final warning for developers and operators running such OSINT platforms. Law enforcement agencies, in collaboration with CERT-In, MeitY, and global cybersecurity units, are tracking transactions, identifying perpetrators, and preparing for enforcement actions.
Industry experts suggest that individuals involved in these activities should immediately shut down operations, delete illegally obtained data, and comply with Indian cyber laws. Failure to do so will result in criminal prosecution, financial penalties, and possible imprisonment.