Hacking: Cybercrime Legislation And Cybersecurity Measures

Index

1. Introduction 
2. Understanding Hacking 
3. Cybercrime Legislation In India
4. Penalties For Hacking Under The IT Act, 2000
5. Offences Related To Hacking Under The IT Act, 2000
6. Ethical Hacking
7. Ethical Hacking As A Vital Tool For Law Enforcement
8. Preventive Measures To Protect Against Hacking
9. Steps To Take If Your Computer Is Hacked
10. Conclusion

Introduction 

Hacking of computers and other devices like mobile phones and laptops has become increasingly common in recent times. The prevalence of hackers attempting to breach your computer security is staggering. It’s crucial to understand hacking, related offences, and how to respond to them. Without this knowledge, it’s challenging to approach the right authorities or take preventive measures effectively. Nowadays, criminal activities extend beyond physical encounters, often occurring in virtual spaces where perpetrators remain anonymous. Cybercrimes, such as hacking into computers or devices to steal personal information for malicious use, are rampant.

It’s important to note that virtually everything stored online, from images to sensitive data, is susceptible to hacking. This vulnerability makes our devices, including computers, laptops, and mobile phones, prime targets for hackers. Understanding these crimes and related information is essential as it can be quite distressing to realise the extent of this threat. However, there’s no need to panic. 

Understanding Hacking 

Hacking is currently one of the prevalent forms of cybercrime. Perpetrators of this crime, known as hackers, exploit technological vulnerabilities to infiltrate computers or laptops and access personal information. Motivations for such crimes range from financial gain through blackmail to sheer thrill-seeking or more malicious purposes like defamation or disrupting businesses and reputations.

Various forms of hacking exist, including web-spoofing, trojan attacks, and virus attacks. In web-spoofing, hackers forcefully take control of another person’s website for ransom or other motives. Trojans, unauthorised programs, enable hackers to gain unauthorised access to systems. These attacks extend to commercial websites, impacting entire businesses. Moreover, hacking poses a significant threat to national security if government sites or systems are compromised.

Cybercrime Legislation In India

India, according to a 2021 report by the United States Federal Bureau of Investigation, ranks among the top five countries affected by cybercrimes. The borderless nature of cybercrime poses significant challenges for law enforcement agencies. While internet users are subject to state laws, international disputes create complexities in enforcement. This gap has allowed criminals to exploit technology for unlawful activities, highlighting the need for regulations to safeguard personal data and privacy.

In response, the Indian Government enacted the Information Technology Act, 2000 (IT Act, 2000), addressing not only hacking but also a spectrum of cybercrimes. This legislation became essential as traditional crimes like conspiracy, fraud, and solicitation migrated to digital platforms such as computers, laptops, and mobile devices.

Key provisions of the IT Act include:

1. Legal recognition of e-commerce and electronic transactions.
2. Equating electronic records with traditional documents.
3. Authentication of digital signatures by certifying authorities.
4. Establishment of a Cyber Law Appellate Tribunal to handle cybercrime appeals.
5. Exclusion of certain legal instruments like negotiable instruments, power of attorney, and wills from the Act’s purview.

Additionally, the Act prioritises data protection and privacy under Section 43 of the IT Rules, 2011, demonstrating India’s commitment to combating cyber threats through legislative measures.

Penalties For Hacking Under The IT Act, 2000

Section 66 of the IT Act, 2000 outlines the punishment for hacking, along with its key elements:

1. Intent to cause harm.
2. Damage inflicted through unlawful means.
3. Awareness that the compromised information is important and confidential, and that its unauthorised revelation, destruction, or alteration can cause serious harm to the owner.

According to this section, hacking is punishable by imprisonment for up to three years, a fine of up to five lakh rupees, or both. Identity theft, where someone misuses another person’s personal information without permission, is one of the fastest-growing hacking-related crimes.

Section 66 is linked to the Indian Penal Code, 1860 (IPC), as it incorporates the terms “dishonestly” and “fraudulently” as defined in Sections 24 and 25 of the IPC. Additionally, Section 66B of the IT Act, 2000, penalises individuals who dishonestly receive stolen computer systems or other communication devices. The punishment for this offence includes imprisonment for up to three years, a fine of up to one lakh rupees, or both.

Offences Related To Hacking Under The IT Act, 2000

Chapters IX and XI of the IT Act, 2000, outline various offences related to hacking and their corresponding punishments:

1. Unauthorised Access: Any person who accesses or attempts to access another person’s computer, laptop, mobile device, or other electronic devices without permission is subject to punishment. According to Section 43 of the Act, the penalty for unauthorised access is a fine of up to one crore rupees. The term “access” is defined under Section 2(1)(a) of the Act.
2. Tampering with Computer Documents: Tampering with documents stored in a computer is punishable under Section 65 of the IT Act, 2000. If a person knowingly or intentionally conceals, destroys, alters, or causes another to do the same with computer source documents, they can be punished with imprisonment for up to three years, a fine of up to two lakh rupees, or both.
3. Accessing Protected Systems” Section 70 of the Act pertains to computer systems declared protected by the appropriate government. Unauthorised access to such protected systems by anyone other than authorised personnel is punishable by up to 10 years of imprisonment and a fine.
4. Breach of Privacy or Confidentiality: The Act also penalises breaches of privacy or confidentiality. Any person who, without consent, accesses another’s electronic record, book, register, information, or document in violation of the Act’s provisions can face up to two years of imprisonment, a fine of up to one lakh rupees, or both, as stipulated under Section 72.

Ethical Hacking

Hacking is an illegal activity punishable by law. However, institutions, organizations, companies, and even governments sometimes hire experts to hack their systems to identify and rectify security vulnerabilities. This practice, known as ethical hacking, is permissible and involves professionals who are often employed by agencies like the Central Bureau of Investigation, National Security Agency, and Federal Bureau of Investigation.

Ethical hacking involves computer security experts hacking into systems with the owner’s consent to identify weaknesses in technology. These experts are hired and compensated by companies, institutions, or organizations to enhance security. Ethical hacking also aids law enforcement in investigations. The fields of cybersecurity and networking are rapidly growing, offering promising career opportunities for young professionals due to the increasing reliance on the internet in daily life. While technology has simplified tasks, it has also introduced new threats, necessitating regulation of online activities and cybercrimes.

Although both hacking and ethical hacking involve breaches of privacy and require similar education and training, they serve different purposes. Malicious hackers misuse their skills to steal confidential or personal data, whereas ethical hackers use their expertise to eliminate vulnerabilities in computer systems and other technologies. While hacking is an offense punishable by law in India, ethical hacking is permitted and is an emerging field. Some educational institutions offer courses in ethical hacking, indicating its potential as a growing profession.

The intention of an ethical hacker is to identify vulnerabilities or weaknesses in the computer systems of an organization, firm, or company that has hired them. Conversely, hackers have a malicious intent, seeking to steal data or other confidential information by breaching computer systems or other communication devices.

Ethical hackers are employed by companies, organizations, and governments to prevent future hacking incidents by identifying and correcting loopholes in their technology. In contrast, hackers may be driven by motives such as revenge, enmity, or the desire to cause wrongful loss and gain wrongful profit. It is legally permissible, as it is conducted with the consent of the system’s owner. On the other hand, hacking is illegal and prohibited by law.

Moreover, there is no punishment for ethical hacking since it is performed with the system owner’s consent. However, hacking is a punishable offense under the law.

Ethical hackers are compensated by the organizations or companies that employ their services. In contrast, hackers typically profit by blackmailing victims or selling stolen confidential information to third parties.

Ethical Hacking As A Vital Tool For Law Enforcement

Ethical hacking, while distinct from illegal hacking, plays a crucial role in assisting police and other investigative agencies. These Ethical hackers help identify criminals by decoding complex technical situations, particularly in cases involving cybercrimes. In India, ethical hackers have proven to be valuable assets to law enforcement. Here are two notable instances:

In 2016, a girl from Gurgaon filed a harassment and defamation complaint against a boy who hacked her Facebook account, sending obscene messages to her family and friends. He also photoshopped her pictures to publicly defame her. The case was transferred to the cyber cell, where ethical hackers and engineers assisted the police in decoding the password. Their efforts confirmed the girl’s allegations, leading to the arrest of the accused.

In another case, ethical hackers aided in investigating a bank fraud where a woman reported that her bank account had been hacked and five lakh rupees were stolen. The cyber police and hackers discovered a suspicious application on her phone that enabled the hacker to access her account. By obtaining the IP addresses of devices used for transactions from the bank, the police successfully identified and arrested the criminal.

Preventive Measures To Protect Against Hacking

To prevent attacks or hacking of your computer system or other communication devices, consider the following measures:

1. Use strong passwords and change them regularly.
2. Avoid sharing passwords with anyone.
3. Keep your computer software updated.
4. Use antivirus software or internet protection.
5. Avoid downloading unnecessary files from unknown websites and sources.
6. Ensure your Wi-Fi is encrypted with a password.
7. Utilize two-step authentication or verification processes to make it harder for hackers to access your computer.
8. Ignore and frequently delete emails from suspicious sources.
9. Regularly back up data and information stored on your computer.
10. Delete all stored information before selling or discarding your system.

Steps To Take If Your Computer Is Hacked

To prevent cyber attacks, follow the recommended measures to secure your computer or electronic device. However, if your computer has been hacked, take the following steps immediately:

1. Identify Unfamiliar Applications: If you notice unknown applications installed on your device, do not click or use them. Instead, deactivate or uninstall these applications immediately.
2. Reset Passwords: Change all your passwords, including those for your bank accounts and other important details.
3. Log Out and Inform Contacts:  Log out of all online accounts and notify your friends and family about the hack. Advise them not to respond to any suspicious messages or emails sent in your name.
4. Disconnect from the Internet: Disconnecting from the internet can help prevent further attacks from the hacker.
5. Reload Operating System and Update: Reload your operating system and install updates from trusted websites to prevent virus attacks.
6. Remove External Devices: Remove any external devices or hardware connected to your system. Before doing so, back up all important work and information. If the hard drive is vulnerable, wipe all information from it immediately.
7. Install Security Software: Install security software or antivirus programs on your system.
8. Monitor Financial Accounts: Contact your bank and monitor your accounts and financial transactions for any suspicious activity.
9. Report to Authorities: If necessary, report the hacking incident to the police.

Conclusion 

Cybercrimes significantly threaten Article 21 of the Constitution, which guarantees personal liberty and privacy. These crimes often begin with unauthorized access to a person’s computer, known as hacking, which is one of the most dangerous forms of cybercrime. Once hackers gain access, they can misuse personal information for financial gain or revenge. To combat this, the Indian Penal Code, 1860, was deemed inadequate, leading to the enactment of the IT Act, 2000, which specifically addresses cybercrimes and prescribes distinct punishments for hacking and related offenses.

Cybercrime is a global concern, with countries like the United States, the United Kingdom, and European Union member states developing their own methods to regulate these crimes. However, the problem persists, partly due to the issue of dual criminality and the lack of uniform international regulations. Criminals often escape punishment when crimes are committed in one country while the perpetrator resides in another, making cross-border enforcement challenging.

Despite these challenges, India has made significant progress in cyber security, ranking 10th globally according to the Global Cyber Security Index 2020. However, the fight against cybercrime is ongoing and will likely intensify with technological advancements. Artificial intelligence (AI) represents a new challenge, as current regulations do not address liability for AI-driven crimes. Additionally, the anonymity provided by virtual spaces complicates the investigation and apprehension of cybercriminals.

To effectively combat cybercrimes, it’s crucial to hire experts in cyber police agencies capable of tracking these offenses and perpetrators. With the increasing prevalence of online activities, privacy is continually at risk, necessitating a collaborative effort. The government, regulatory bodies, investigative agencies, and companies must unite to address and mitigate the growing threat of cybercrimes.