CBI v Arif Azim: India's First Cybercrime Conviction

by

Andrei Muresan

CyJurII Scholar

on 8 December 2025

Citation Number: AIR 2015 SC 1523, Kar L J 121, SCC OnLine SC 1242, CC No. 4680 of 2004.

Introduction

The 2004 case known as CBI v Arif Azim is a landmark case in India’s history. This is because, for the first time ever, a young 24-year-old man called Arif Azim was sentenced and convicted of committing cybercrimes and cheating. In addition to this, this case paved the way towards strengthened laws and further convictions in regard to cybercrimes and similar felonies.

Facts 

This particular saga began all the way back in May of 2002, when an American woman called Barbara Campa allegedly made a purchase of a Sony colour TV and a pair of cordless headphones. It was nothing unusual, as at that time, the company known as Sony India Private Ltd managed a website called www.sony-sambandh.com, which was directed at Non-Resident Indians. Essentially, the website allowed these people to send Sony products to their friends and relatives in India after they pay for it online.

Then, she allegedly provided her credit card details, in order for the payment to be made and then requested the products to be delivered to Arif Azim, based out of Noida. Afterwards, the payment was accepted by the credit card company and the transaction was processed. Finally, after checking and undertaking the process known as due diligence, the company delivered the products to Arif Azim. In addition to this, when the delivery was made, the company took photos, which became proof that Arif Azim accepted the delivery. 

The saga ended here temporarily, until a month and a half after the delivery was made. Essentially, the credit card company discovered that the purchase of these Sony products was made illegally, and that Barbara Campa never actually approved the purchase in the first place. As a result of this, this information was forwarded back to Sony India, who then used it to lodge a complaint with the Central Bureau of Investigation under Sections 418, 419 and 420 of the Indian Penal Code. The matter was then duly investigated, and Arif Azim was quickly arrested by the authorities and the products were quickly recovered and sent back to Sony. Finally, it was discovered that while he was working at a call center in Noida, he obtained the credit card details of an American woman, which he then proceeded to use for his fraud action.

Issues 

After Arif Azim was arrested by the Indian authorities, he was then sentenced to one year of imprisonment, although he was released on probation. The Indian court took this approach, since he was a young first-time offender, and they did not think it was fair to imprison him for a longer period of time. In addition to this, he was also accused of breaching the following Indian laws in regard to online fraud, cybercrimes and computer-related offences, which are as follows: 

- Section 418 of Indian Penal Code, which outlines the following: “Cheating with knowledge that wrongful loss may ensue to person whose interest offender is bound to protect”.

This means that the person who cheats with knowing that it can cause harm to the person who had an interest in the transaction to which this offence related, can be punished with imprisonment of up to three years, a fine, or even both.

- Section 419 of Indian Penal Code, which states the following: “Punishment for cheating by personation”.

This means that the person who cheats by personation can be punished with a fine, imprisonment of up to three years, or even with both.

- Section 420 of Indian Penal Code, which outlines the following: “Cheating and dishonestly inducing delivery of property”.

This means that the person who cheats and induces the deceived person into delivering a piece of property to any person or making, altering or destroying a whole or a part of a valuable security document or anything that can be converted into a valuable security document, can be punished with imprisonment of up to seven years, and can also receive a fine.

- Section 66C of the Indian Information Technology Act of 2000, which defines “Punishment for identity theft”.

Essentially, identity theft simply means taking illegal ownership of another person’s identity. This also means that the person who has been caught committing identity theft shall be punished with imprisonment of up to 3 years or a fine.

Conclusion

As mentioned above, this case had a very big significance in India, as this was the very first conviction on a cybercrime in its history. Therefore, this showed that the Indian Penal Code of 1860 could be applied to certain categories of cybercrimes, which were not defined yet in the Indian Information Technology Act of 2000. In addition to this, this case showed that the Indian government needed to drastically improve and strengthen its laws in regard to different types of cybercrimes. Lastly, this case was very useful, since it set a precedent for other future cybercrime convictions that were tackled in future Indian case laws. Some examples are as follows: Shreya Singhal v. UOI case, Shamsher Singh Verma v. State of Haryana case, Syed Asifuddin and Ors. v. State of Andhra Pradesh and Anr. case, State of Tamil Nadu v. Suhas Katti case, Avnish Bajaj v. State (NCT) of Delhi case, the Pune Citibank Mphasis Call Center Fraud case, and finally, the SMC Pneumatics (India) Pvt. Ltd. vs. Jogesh Kwatra case.