Cyber Crimes And Ethical Hacking In India

Our lives in the digital age alternate between cyber dangers and cybersecurity. In addition to its good effects, the internet has had certain detrimental effects on society. For example, similar to crimes seen in the real world, the internet has witnessed crimes that infringe on a person’s rights. Cybercrime is defined as any crime involving a computer or network; examples of cybercrime include hacking, pornography, cyberwarfare, sextortion, and copyright infringement. With the progress of technology and social contact in virtual space, an individual’s personal information has grown more susceptible as a result of increased internet use. Hacking occurs when a cybercriminal gains access to a person’s information without the victim’s permission. The Hacking is a sad truth of modern century in which an unauthorised person uses his computer knowledge and skills to gain access to a computer or a network. A hacker, black hat hacker, or cracker is someone who engages in such activity with the intent of causing unlawful loss to others. Ethical hacking, like diamond cutting diamond, is a preventative activity for hacking, and the person who conducts it is known as an ethical hacker. Theoretically, both are the same because the core idea is to access another’s computer data, but the distinction is in the aim and authorization.

In a nutshell, hacking is an unauthorised entrance into a computer or network, and the person who obtains this unauthorised access is referred to as a hacker.

Hacking is one of the most dangerous cybercrimes that has emerged in the internet age. According to reports, England ranked first among cyber-attack victim countries, having been hit by 9 crore cyber assaults this year, while India ranked 21st, having been hit by 6.95 lakh cyber-attacks.

cybercrimeHacking is a method of identifying weak links or holes in a computer network and then gaining unauthorised access to change the settings of the targeted network or computer system. Hacking is a derogatory phrase that is frequently associated with criminal activity. A respectable, lawful ethical hacker, on the other hand, use the same talents as an unethical hacker to try to uncover weaknesses and repair them before the bad guys can get there and try to break in.

CONCEPTUAL UNDERSTANDING

Ethical hacking is a field of study in which computer security specialists (ethical hackers/white hat hackers) discover a system’s vulnerabilities and weaknesses with the permission of the system’s owner, who is responsible for resolving the problem. As a result, it can be referred to as good hacking, as it identifies any potential vulnerabilities in the system and patches them before it is hacked by black hat hackers. It can also be interpreted as a proactive measure taken by the system’s original owner. “Ethical hacking” has long been a divisive term. Many individuals doubt the term’s existence because the concepts ethical and hacking are mutually exclusive. At the end of the day, hacking is an unauthorised incursion, which has a negative connotation and is seldom seen as an ethical act, hence the phrase is frequently questioned. Penetration testing, intrusion testing, and red teaming are all terms used to describe ethical hacking, but it is not confined to penetration testing. If hacking is a kind of offence, ethical hacking is a form of defence.

White hat hackers are ordinary computer hackers who specialise in computer security research and work solo or in collaboration with other researchers. Ethical hacking has evolved into a profession in recent years. These individuals ensure that an organization’s information systems are secure.

White hat hackers labour with authorization and good intentions, while blackhat hackers infiltrate with malicious intent and without permission. On the one hand, a hacker modifies or alters computer software and hardware to achieve a goal that is considered to be contrary to the creator’s original intent, while ethical hacking is the act of locating weaknesses and vulnerabilities in computer and information systems by duplicating the intent and actions of malicious hackers.

Grey hat hackers are a mix of both hackers and crackers. Such hackers are frequently viewed as working for the greater good, and they may, in certain situations, break the law in order to acquire data access.

The way we’ve gone towards the internet, and how the internet has exceeded practically everything to become the ‘most essential’ thing, is fascinating but not unexpected. The importance of social media in today’s world is astounding. Within minutes, we receive updates from all across the world. However, the internet keeps a large amount of our data with it. And this data can be abused by a single individual, a group of people, or an organisation. In the online age, there are several ways for persons with evil intent to steal someone’s data.

Phishing, for example, UI addresses, viruses, cookie stealing, denial of service (DOS), and so on. Hacking is the act of stealing someone’s online information. However, not all hacking is carried out with malice or resentment in mind. There is hacking that is done with permission and to avoid or lessen the risks of internet abuse.

HISTORY OF ETHICAL HACKING

In the year 1960, the first case of hacking occurred at MIT, giving rise to the term hacker. The internet had gained market acceptance by the end of 1980. People began to use the internet for their enterprises, and internet-based firms began to offer advertisements, e-commerce, and other services. People were also concerned about hackers at this time because if the system was hijacked, they could lose control of private and confidential information about their employees, the company, and their clients. So, it was a time when individuals felt the need for an ethical hacker and considered employing a computer specialist who could hack their system with their consent, but instead of causing damage, he would assess the security of the system and report any weaknesses. They would also give guidance on how to remedy the problems. The US military conducted the first ethical hacks to assess their operating systems and determine whether they should use a two-level (secret/top secret) classification system. 

ETHICAL HACKING IN INDIA

Before delving into the legalities of ethical hacking, it’s important to note the distinction between hacking and ethical hacking. Hacking is considered a criminal offence in India. Although ethical hacking is not widely practised in India, it is a growing field. Ethical hacking courses are available at a number of institutes and colleges around India. According to a survey by security solutions company Symantec, India ranked third in terms of vulnerability to cyber threats such as malware, spam, and ransomware in 2017, up one spot from the previous year. Hacking is a punishable offence in India, despite the fact that Indian laws do not particularly address ethical hacking. Hacking goes against the fundamental principles of India’s legal system. Because ethical hacking is not specifically addressed in Indian law, it has a legal status of neutrality in the Indian legal system.

ETHICAL HACKING GUIDELINE

Ethical hackers must follow a set of guidelines in order to hack legally. A good hacker understands his or her obligations and adheres to all ethical guidelines. The most important ethical hacking standards are as follows:

  • An ethical hacker must be granted authorization by the organisation that owns the system. Hackers should obtain complete authorization before conducting any security audit on the system or network.
  • Determine the breadth of their assessment and communicate their plan to the organisation.
  • Any security flaws or vulnerabilities found in the system or network should be disclosed to the appropriate authorities.
  • Because their purpose is to secure the system or network, ethical hackers should adhere to and respect their non-disclosure agreement.
  • Delete any evidence of the attack after reviewing the system for weaknesses. It prevents malicious hackers from abusing the system’s flaws.

CONSTITUTUONAL ARGUEMENT

Hacking violates Article 21, which deals with the right to life and personal liberty, which includes the right to live in dignity, according to constitutional norms. Furthermore, hacking infringes on an individual’s right to privacy, which is n ow a basic right. By breaking into a system, black hats gain access to a person’s or organization’s confidential information, whereas ethical hacking prevents this from happening. As a result, ethical hacking is permissible as long as it follows constitutional guidelines.

It’s not a crime.

A crime must have two aspects in order to exist, and these two elements are:

1.) mens rea, i.e. malicious purpose

2.) actus reus, which refers to a physical act.

Because the first and most basic factor, mens rea, is missing in ethical hacking, the question of whether it is a crime does not arise. Furthermore, ethical hacking is vital because it is done to prevent hacking.

TRESPASS

Trespass is mostly separated into two sections:

Trespass against a person and trespass against property

Only trespassing on private property is important in this article. Trespass is defined as an unauthorised entry onto another’s property without the permission of the genuine owner. Trespass is a criminal offence under both civil and criminal law. In civil law, purpose is unimportant, however in criminal law, intent is critical.

Trespassing is the only infraction frequently associated with ethical hacking, but it refers to the act of hacking rather than ethical hacking.

CIVIL LAW

Trespassing is defined as entering another’s property without their permission under civil law. It is a part of the Tort Law, which is a non-codified body of law based on case law. Although tort law only applies to tangible property, it does not apply to hacking or ethical hacking. In support of this, ethical hacking carries no culpability because it is done with the owner’s authorization, hence the issue of it being a civil wrong will never arise.

CRIMINAL LAW

Trespass is defined in Indian criminal law under section 441 of the Indian Penal Code (IPC), 1860, and has a very broad definition. In a nutshell, it defines trespass as accessing another’s property with malice with the aim to hurt or intimidate the owner of the property in question. The type of property required to constitute the crime of trespass is not mentioned here.

Trespass is a property crime that can be classified into two categories.

  • Tangible
  • Intangible

Trespassing on a computer system, which is an intangible asset, is referred to as hacking. Physical intrusion and physical injury are not always relevant when determining trespass culpability. Computer systems, software, and websites are all considered property nowadays. In the online world, terminology like homepage, visiting a website, domain, or navigating to a site are used, implying that websites are owned. As a result, any illegal access onto their property with the purpose to harm them might be considered criminal trespass. Because ethical hacking lacks all of the necessary elements, such as the intent to conduct an offence or to intimidate, insult, or annoy, it is legal and does not carry any risk.

INTELLECTUAL PROPERTY ISSUE IN CYBERSPACE

With the advent of e-commerce and e-business, companies and organisations are more concerned about protecting their intellectual property rights online. Nowadays, cybercrime encompasses not only fraud, cyberbullying, and identity theft, but also infringement of numerous businesses’ and organisations’ copyrights and trademarks.

Cyber Laws and Intellectual Property Rights (IPR) are inextricably linked, and online content must be safeguarded.

Cyberspace is the non-physical world in which computers communicate with one another via computer networks. With the advancement of technology, everyone now has the ability to access cyberspace and share information.

Private information is sometimes shared in cyberspace by someone who is not the owner. As a result, one’s privacy is infringed upon. One gets money off of the work of others. Those rights are safeguarded by IPR.

Intellectual property rights include patents, copyright, trademarks, trade secrets, industrial and layout designs, geographical indications, and so on. There are a variety of legal remedies available when these rights are violated in cyberspace.

Copyright Infringement: The owner of any published artistic, literary, dramatic, or scientific work receives copyright protection on his work to prevent others from utilising it under his name and profiting from it.

When these copyrights are utilised without the owner’s consent, it is considered an infringement of the copyright. Copyright infringement occurs when copies of software are distributed on the internet and sold by someone other than the owner. Copying content from a website or from a blog is also a copyright violation.

Cyberspace Copyright Issues:

  • Linking: It allows a website’s user to navigate to another website on the Internet without leaving the one he’s on. It’s done by hovering your mouse over a text or image on a web page. The owner of the webpage’s rights or interests are harmed by linking.

Linked sites may lose money because revenue is generally proportional to the amount        of people that visit their page.

It may give the idea that the two linked sites are endorsing the same thing and are connected.

The Shetland News’ deep link to embedded pages of the Shetland Times’ web site, through the usage of Times’ web site’s news headlines, was found to be an act of copyright infringement under British law in Shetland Times, Ltd. v. Jonathan Wills and Others, and an injunction was imposed.

Piracy can be of 3 types:

  • Soft lifting
  • Software Counterfeiting
  • Uploading-Downloading.
  • Cybersquatting And Trademark Infringement: A trademark is a graphically expressed mark that can differentiate one person’s goods or services from those of another, and it can include the shape of the goods, their packaging, and colour combinations.

When domain names are registered, sold, or trafficked in with the goal of profiting on someone else’s goodwill, this is known as cybersquatting. It is a crime that is punishable. 

Trademark Issue in Cyber Space

When more than one person believes they have the right to register a domain name, a domain name dispute occurs. It occurs when a registered trademark is registered by someone or something that isn’t the owner of the registered brand. The policy of the Internet Corporation for Assigned Names and Numbers (ICANN) must be followed by all domain name registrars. A domain name dispute is known as cybersquatting.

The defendants in Yahoo! Inc v. Akash Arora & Anr were providing internet services through yahooindia.com.

The petitioner was the owner of the Yahoo! brand and had registered its domain name in many countries, such as yahoo.in in India. As a result, the domain name yahooindia.com could be mistaken for a Yahoo! extension. The case was classified as passing off by the court, which issued an injunction prohibiting the defendant from using the domain name yahooindia.com.

Meta tagging is a strategy in which a term is added into the site’s keywords field to boost the odds of the site being returned by a search engine, even if the site has nothing to do with the word inserted. When corporations use meta tags on their own websites that contain the names or descriptions of other companies, they are committing trademark infringement.

After discovering that the companies inserted the words Oppedahl and Larson in the keywords field of their web pages in order to draw traffic to their sites, the law firm of Oppedahl & Larson, owner of the domain name, filed a trademark infringement action against three companies and the corresponding ISPs.

The UDRP Administrative Procedure is only applicable in cases when a domain name has been registered in an abusive manner. Certain circumstances must be met in order for a domain name registration to be abusive.

The following conditions apply:

  • The domain name registered by the domain name registrant is identical or confusingly similar to a trademark or service mark in which the complainant (the person or entity filing the complaint) has rights;
  • The domain name registered by the domain name registrant is not a trademark or service mark in which the complainant (the person or entity filing the complaint) has rights.
  • The registered domain name is been used in bad faith.

THE INFORMATION TECHNOLOGY ACT 2000

The Information Technology (IT) Act of 2000 is a watershed moment in Indian legal history and a turning point in the field of cyber law. If we carefully examine the provisions of the IT Act, we can deduce that it covers almost all of the wrongs that arise from hacking, because hacking is such a broad offence that it encompasses a wide range of other offences, such as a person who hacks another person’s system can leak the owner’s private information, it can also be used to extort money, a black hat hacker can use the information to enrich himself, and so on.

Chapter XI Section 66 of IT Act, 2000 particularly deals with the act of hacking. Section 66(1) defines a hack as, any person, dishonestly or fraudulently, does any act referred to in Section 43 is called hacking, and Section 66(2) prescribes the punishment for it. Hacking is a punishable offense in India with imprisonment up to 3 years, or with fine up to two lakh rupees, or with both.

Chapter IX Section 43 of IT act, 2000 prescribes a penalty for the damage to computer or computer system. It is a common thing which happens whenever a computer system is hacked. Black hats damage the system that they hack and steal the information. This enumerative provision includes a lot of activities.

Chapter XI Section 65 of the said act makes tampering with computer source documents an offense. Section 72 of the same chapter makes the breach of confidentiality and privacy, a punishable offense. This is the most common aftermath of hacking.

All the above-mentioned provisions mandatorize the need of mala fide i.e. intention to cause harm which is absent in ethical hacking therefore ethical hacking is not illegal in India.

ETHICAL HACKING AS A PROFESSION

Cyber security and networking are two of the world’s hottest industries right now. Every country in the world strives to make the best use of the Internet. Businesses use the Internet to run and manage their operations. The use of the internet has simplified the work of such organisations, but it also poses a threat to them. As a result, ethical hacking is a relatively young profession that is rapidly expanding. Because India strives to make the most of the Internet, the ideal of a digital country enhances the need for ethical hacking.

We must recognise that cyber-security is a process rather than a product, and that no server or cyber system is immune to hacking. Everything on the internet can be hacked, depending on the hacker’s expertise and the amount of work put forth. To prevent a true black hat from encroaching on the network, white hats work with the government and commercial companies to test their networks for vulnerabilities, flaws, and bugs.

Ethical hacking can be classified into two categories:

  • Companies hire ethical hackers to hack their own internal systems.

The most harmful thing in the information age is the information itself. It works in your favour as long as you have it, but as soon as it escapes and falls into the wrong hands, it becomes more harmful than anything else. In such a circumstance, huge businesses are exposed to the most serious cyber security threats from their competitors. They are constantly worried that their system may be compromised. All of their business information is saved on a server, which, if stolen, might put the company out of business. Cyber security specialists is a euphemism for ethical hackers. Ethical hacking is a profession that is not only restricted to IT firms; other businesses also use ethical hackers. Companies like Wipro, Infosys and IBM Wipro, Infosys, IBM, TCS, Tech Mahindra, HCL, Airtel, Reliance are some of the examples of the companies which are known for ethical hacker recruiters.

  • When ethical hackers are hired by government as cyber security experts

Governments from several countries are currently grappling with cyber security issues. Although the Indian government does not have any positions available for ethical hackers in any of its departments. Cyber security professionals are hired in many government ministries for cyber-related activities.

Furthermore, ethical hackers are required by numerous government agencies, military and law enforcement wings, defence firms, forensic laboratories, detective enterprises, and investigation services. Cyber security professionals are employed by investigative agencies such as the Central Bureau of Investigation (CBI), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI), but their information is not made public.

Department of Electronics and Information Technology, which includes ICERT (Indian Computer Emergency Response Team), Intelligence Bureau, Ministry of Communications and Information Technology, Department of Telecom, National Technical Research Organization, Defense Research and Development Organization, Army, and others are among the government departments that hire cyber security experts. This is not an entire list, and other government offices now require computer skills as well. For such occupations, there are written tests and interviews.

ETHICAL HACKERS AS SOURCE OF HELP

  • Gurgaon police are aided by ethical hackers.

In August 2016, a 24-year-old woman filed a complaint with the Gurgaon police stating that the accused hacked into her Facebook account and made abusive statements to her friends, prompting the filing of a cybercrime case involving defamation and harassment. He also publicly defamed her, according to the complaint, by uploading digitally altered (photoshopped) pictures. The case was referred to the cyber cell for investigation. The cyber cell was helped by members of an ethical hacking organisation who had interned with the police department. A group of engineering students from a private institution assisted the cops in cracking her laptop password. According to the investigating authorities and ethical hackers, the laptop had been formatted and all files had been deleted. The ethical hackers, on the other hand, recovered the data using a specialised set of tools and software, confirming that the woman’s allegations were true. In addition, the accused eventually admitted that he altered her images out of wrath.

  • Bank fraud case

In another instance that was solved with the help of a gang of ethical hackers, a woman claimed that her account had been fraudulently entered and an amount of Rs 5 lakh removed. The cyber cell and hackers collaborated to uncover that the complainant’s phone had a malware app installed that allowed the criminals to access her banking information. It was determined that her phone’s software had access to her private communications and that messages from her bank alerting her to fraudulent activity were removed almost instantly. The bank was also required to provide the IP addresses of any devices used to make transactions from the victim’s accounts. However, after discovering the criminals, the police were able to catch them.

CONCLUSION

In comparison to other countries, Ethical Hacker is protected by law in the United Kingdom, where laws define Mens Rea and Actus Rea, and countries such as Japan have provided an identification code to protect Ethical Hacker’s interests, whereas in India, laws such as the IPC lack provisions regarding hacking and his intent. Because it deals with the interference with electronic evidence, the Cr.P.C. lacks rules that allow police to conduct investigations with the assistance of ethical hackers. Infringement of intellectual property rights is increasingly occurring in cyberspace. Various practises by cyber site operators led in intellectual property and other rights of other website operators being violated. It is critical that people are aware of how their websites and webpages are being used illegally. Copyright and trademarks are no longer restricted to traditional intellectual property but have expanded to include intellectual property rights over the internet as a result of the rise of cyberspace and technological advancements. International conventions and treaties establish a variety of regulations and principles to protect IPR infringement online, which aid e-commerce and e-business expansion. The Information Technology Act lacks provisions for jurisdictional difficulties, cybercrimes involving IPR, cyber stalking, and cyber defamation, among other things.

The Indian Trademark Act of 1999, as well as the Copyright Act of 1957, are both quiet on the question of online trademark and copyright infringement. Although the Copyright Act of 1957 protects computer programmes, it does not give remedies for cyber infringement. Once someone gains access to electronic evidence, it may lose its legitimacy due to its delicate nature. India is in need of a law to protect its ethical hackers as the time and technology will advance so will cyber-crimes increase and the and black hat hackers cannot be tackled unless white hat hackers are differentiated from them and are provided with proper identity.

Author: Arundhati Singh (intern) at Khurana & Khurana, Advocates and IP Attorney, in case of any queries please contact/write back to us via email chhavi@khuranaandkhurana.com.

Archives

  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • September 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • February 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016
  • June 2016
  • May 2016
  • April 2016
  • March 2016
  • February 2016
  • January 2016
  • December 2015
  • November 2015
  • October 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • May 2015
  • April 2015
  • March 2015
  • February 2015
  • January 2015
  • December 2014
  • November 2014
  • October 2014
  • September 2014
  • August 2014
  • July 2014
  • June 2014
  • May 2014
  • April 2014
  • March 2014
  • February 2014
  • January 2014
  • December 2013
  • November 2013
  • October 2013
  • September 2013
  • August 2013
  • July 2013
  • June 2013
  • May 2013
  • April 2013
  • March 2013
  • February 2013
  • January 2013
  • December 2012
  • November 2012
  • September 2012
  • August 2012
  • July 2012
  • June 2012
  • May 2012
  • April 2012
  • March 2012
  • February 2012
  • January 2012
  • December 2011
  • November 2011
  • October 2011
  • September 2011
  • August 2011
  • July 2011
  • June 2011
  • May 2011
  • April 2011
  • March 2011
  • February 2011
  • January 2011
  • December 2010
  • September 2010
  • July 2010
  • June 2010
  • May 2010
  • April 2010