Topics on Hacking that can help for an Informed Decision.
HACKING: Be-aware of the malware!
Internet can be a boon or a bane, depending upon the user. While majority of you are busy creating strong passwords and ensuring security for your password protected accounts and websites, there is a section of people constantly trying to break through this security and commit a breach.
Hacking essentially means an act of forcefully gaining access into someone’s private data without their consent. The person who commits an act of hacking is called as a ‘hacker’. The purpose of hacking differs since a hacker may hack just for fun or to gain access to confidential data or may want to alter the data present therein.
Hacking of a computer system is a punishable offence under the law which invites punishment of upto 3 years in prison and/or fine only if the intention of the hacker is to cause loss or damage to the owner of the information that has been hacked into.
Hacking is the act of gaining unauthorised access to a computer, a mobile phone and any such electronic device, and involves accessing programs, data, network resources etc. of such a device. Hacking takes place when a person uses a computer system or accesses an account without having the authority to do so, especially by trying to bypass the security measures present on that computer.
A hacker might use a software on the internet as a tool for gaining access to a particular computer. Generally, these hacking softwares are disguised in the form of free games, lotteries and so on, which innocent computer users fall prey to. Thus, such softwares serve as a ‘click bait’. The term “click-bait” is used to refer to content on the internet that is mainly intended to attract people’s attention thereby enticing them to click on a link to a particular web page you’re directed to.
Hacking is a crime in itself, and can be used to perpetrate other crimes, including stealing someone’s information from their computer to facilitate identity theft, posting pornographic material, stealing someone’s intellectual property (copying blogposts, books, pictures, movies and other creative works of a person), and so on.
Hacking, i.e. gaining unauthorised access to an electronic device to access and manipulate information, is of several types. Some common ones are discussed below:
- Website Hacking – This is a form of hacking where the hacker takes over control of a website from the website owner. The hacker can then make any changes to the content of that website. In December 2016, the IIT-Madras website was hacked and manipulated by unknown people.
- Network Hacking – This is aimed at a group of devices forming a network, such as an office network, wherein the hacker manipulates data being shared over that network. A popular example is Julian Assange hacking into the US government network and accessing classified files.
- Email Hacking – This refers to illicit access to an email, or to another person’s email account altogether. An email account usually contains sensitive information like a person’s passwords for banking, social media, and other accounts. Hillary Clinton’s emails were hacked as Secretary of State, which were leaked last year during US Presidential Elections.
- Online Banking Hacking – This is accessing one’s bank account online without having its password, or authority to do so. This enables the hacker to steal the money from that account, or make illicit payments. Credit Card frauds are the most common example.
- Computer Hacking – Computer hacking refers to a hacker gaining access to your computer, manipulating and making changes to files ce or network to discover loopholes and weaknesses, so as to be able to fix them. Ethical hackers are employed by governments and corporations to make their electronic systems and networks safer.
Hacking, a crime becoming increasingly common in the internet age, where we can send a message, book a ticket or even send money in the click of a button, needed to be controlled by the law. Thus, two laws were made applicable to it - Information Technology Act, 2000 (“IT Act”) and Indian Penal Code, 1860 (“IPC”).
Section 43 (a) of the IT Act prohibits gaining unauthorised access to a computer or network. However, this is not a criminal offence punishable with fine or imprisonment. This only provides compensation for the victim from the unauthorised hacker. This compensation can be up to five crore rupees, depending on the circumstances.
Meanwhile, Section 66 of the IT Act provides for criminal liability. This section stipulates accessing information or making changes to the hacked device, or harming the victim in any way after having gained such unauthorised access. If found guilty under this section, the illegal hacker can be punished with a fine of up to five lakhs, or with imprisonment up to three years, or both. However, the accused can get bail for before trial for such offence.
Under the IPC, Sections 379 and 406 are applicable to hacking. Section 379 pertains to theft, and is thus applicable for the hacker steals information from a computer or network without the owner’ permission. Section 406 deals with criminal breach of trust, which pertains to hacking for the particular malicious hacker may be a known person like a friend or employee, who abuses his position to access and use information from a device without any authority. If charged under the IPC for hacking, the hacker cannot get bail.
A crime involving sensitive information, hacking must be combatted. Reporting hacking incidents not only saves the victim but also makes society safer for other people.
Victims of hacking are generally helpless. This is because a layman, not possessing special knowledge of computers and information technology, will not know how to regain control over his hacked device or network and save his personal information from being disseminated. Thus, the machinery of law is available for those who fall prey to malicious hacking.
On coming to know that you have been hacked, you must go file a complaint in a police station, preferably situated where the crime is committed, or where the hacked device is. The following two options are available:
- Civil Remedy
In case a system has only been hacked and no information therein has been accessed, it falls under Section 43(a) of the Information Technology Act, 2008. Here, the victim can claim compensation in a civil court up to an amount of five crore rupees. This is not a criminal offence.
Employees of Mphasis call centre were held guilty under Section 43(a) for obtained PINs from customers without authority in order to be able to transfer money to themselves.
- Criminal Liability
If information is accessed, used, manipulated or changed in the hacked system, you can file a criminal case. This would involve severe liability and punishment for the hacker, in the form of fine, imprisonment, or both.
Section 66 of the IT Act applies, which stipulates fine up to five lakhs, imprisonment up to three years, or both. Sections 379 (theft) and 406 (criminal breach of trust) of the IPC are also attracted, wherein the accused cannot even get bail.
For instance, a student gained access to the website of the Gujarat Technological University and manipulated data to grant himself admission. Having not only gained access, but also used and changed information on the hacked website, he was held criminally guilty and sentenced to imprisonment.
Getting hacked is no less than a nightmare! In the present times, when the whole world is just a click away, it is becoming more convenient for hackers to hack into your computers, mobile phones and social media accounts. Everyday hundreds of people suffer from the menace of hacking be it through their unprotected Wi-Fi connection, banking hacks or on social media accounts. But who is to be held liable when you become a victim of hacking?
If your emails or the data in your computer is hacked, then you can file a complaint against the hacker by filing the copy of the emails or posts sent by the hacker and the data which was hacked in a hard and soft copy. It is important to note that the service/ internet providers cannot be held liable for it.
If your internet banking account gets hacked, you must file a complaint with the bank within 3 days of the transaction. Then you cannot be held liable for any of the transactions and the bank becomes liable for insecure internet banking facility. You can file a complaint against the bank in this case and claim compensation for the loss incurred through those insecure and unauthorised transactions.
You cannot file a complaint against the social media company in case your account is hacked. The 2014 Snapchat leak case is an example where some private photos of some users who used a third-party app to save their photos, were leaked and Snapchat’s 24 hours-deleting policy was contemplated as false. But Snapchat wasn’t held liable as the pictures were leaked from the other app that the users used to save their photos in Snapchat and thus resolved the social media company from any liability.
It is not an easy task to find a needle in a haystack. Pin-pointing the source or location of the hacker who easily hide their location is an extremely difficult task. The hackers are hidden deep within the dark web and it is nearly impossible to locate the hacker or track his ip address. So, where and in which court can you file a case of hacking?
India is still not prepared to deal with the increasing number of cyber-crime cases. Under the Indian law, all the courts in India accept the cases relating to hacking or other cyber- crimes. There are no special courts to deal with cyber- crimes. A Cyber Appellate Tribunal was established to deal with the cyber cases but it isn’t functional now. Therefore, you have to approach your nearest court to file a case of hacking.
If you are a victim of hacking, you can approach a civil court under whose jurisdiction the hacking has happened. In simple words, if your computer is hacked in the area under Tis Hazari Court, then you can approach that court. It is irrelevant if your hacker is from another country. You have to file a case in your country and particularly where your computer, mobile phone or bank account got hacked. The place where the hack happened is important to determine which court you can approach.
The infamous ‘you won a jackpot’ and ‘I give you my inheritance’ emails which led to so many people getting their personal information hacked is a depressing example. In most of those cases, the hackers weren’t from India. When people got trapped in their greed and instead lost huge amounts of money, the Indian courts accepted their cases under whose jurisdiction they resided.