|
Whenever the word 'Hacking'
or 'Hacker' comes to our mind, the picture
or the image which is created is that of an intelligent being who is
criminal by nature, who attacks other computer systems, damages it,
break codes and passwords, send viruses etc. Their mindset are as if the
'hackers' are the computer criminals. They
have a very wrong notion in this regard and have a completely negative
attitude and utter dislike for the 'Hackers'.
In this regard, the media has
wrongly associated the computer criminals as 'Hackers'. The media has
played a major role and has its hands behind this creation of negative
connotation of the word 'hacker'. General public may spread rumours but
it is hard to believe, someone speaking about completely new term, which
is also a totally new concept to him.
But the fact is that the terms
'Hacker' and so called 'Computer Criminal' are absolutely two different
terms and are not linked with each other in any respect. They speak what
they read and listen from others. For this, whenever any cyber crime
occurred, by unauthorised use of other computer systems, the news
published and delivered in public was by the use of the term 'hacking'.
So we can say that it is because of media why people have hatred or
negative feeling for the 'hackers'.
Now if such cyber criminals are not
hackers then two major question which arises are:
1. Who are Hackers? And,
2. What are such cyber criminals called?
Actually, 'Hackers' are very intelligent people who use their skill in a
constructive and positive manner. They help the government to protect
national documents of strategic importance, help organisations to
protect documents and company secrets, and even sometimes help justice
to meet its end by extracting out electronic evidence. Rather, these are
people who help to keep computer criminals on the run.
Now dealing with the second part, i.e., what are such cyber criminals
called? The actual word for such criminals is not 'hacker' but
'cracker'.
First I would like to explain the term 'Hacker', because there is a
great misconception regarding it. I made a field study by a
questionnaire method taking few samples amongst the youths across the
country. In that study, for the question regarding explaining the term
'hacking', most of the samples were just beating around the bush. The
responses were as follows: -
Knowledge
About The Term Hacking
# 30% Do Not Know At All
# 5% Know Exactly What It Is
# 65% have Wrong Idea
Analyzing the above chart, we can
see that it is only 5% of people who know exactly, what hacking means.
Rest all other either don't know at all or they have a wrong notion
about it. 65% of them believe hacking to be of a criminal nature.
So as to eliminate the fallacies in
its connotation, I would like to begin with its meaning. Hackers are
generally computer programmers who maintain network systems, secure
documents, etc. So anyone who has a good hand on computer programming
can be termed as 'hacker' in general.
Ankit Fadia,
who is a great master mind of India in the field of 'Hacking', has said:
"Traditionally,
hackers were computer geeks who knew almost everything about computers
and were widely respected for their wide array of knowledge. But over
the years, the reputation of hackers has been steadily going down.
Today, they are feared by most people and are looked upon as icons
representing the underground community of our population."
In the light of this general
allusion of the term 'hacking', which is generally construed by people,
The word 'hacker' can be used to describe all of these: -
1. Code Hackers - They know
computers inside out. They can make the computer do nearly anything they
want it to.
2. Crackers - They break into
computer systems. Circumventing Operating Systems and their security is
their favourite past time. It involves breaking the security on software
applications.
3. Cyber Punks - They are the
masters of cryptography.
4. Phreakers - They combine their
in-depth knowledge of the Internet and the mass telecommunications
system.
5. Virus Builders - Virus incidents
have resulted in significant and data loss at some stage or the other.
The loss could be on account of: -
* Viruses - A virus is a programme that
mayor may not attach itself to a file and replicate itself. It can
attack any area: from corrupting the data of the file that it invades,
using the computer's processing resources in attempt to crash the
machine and more.
* Worms -
Worms may also invade a computer and steal its resources to replicate
themselves. They use the network to spread themselves. "Love bug" is a
recent example.
* Trojan horse
- Trojan horse is dicey. It appears to do one thing but does
something else. The system may accept it as one thing. Upon execution,
it may release a virus, worm or logic bomb.
* Logic bomb -
A logic bomb is an attack triggered by an event, like computer
clock reaching a certain date. Chernobyl and Melissa viruses are the
recent examples.
Hacking v/s
Cracking
The term hacker is a term used by some to mean 'a clever programmer' and
by others, especially journalists or their editors, to mean 'someone who
tries to break into computer systems'. Programmers who use their skills
to cause trouble, crash machines, release computer viruses, steal credit
card numbers, make free long distance calls (the phone system is so much
like a computer system that it is a common target for computer
criminals), remove copy-protection, and distribute pirated software may
also call themselves 'hackers', leading to more confusion. Hackers in
the original sense of the term, however, look down on these sorts of
activities. Hackers generally deplore cracking. Among the programming
community, and to a large extent even amongst the illegal programming
community, these people are called 'crackers' and their activities known
as 'cracking' to distinguish it from hacking.
A cracker is generally someone who
breaks into someone else's computer system, often on a network, bypasses
passwords or licenses in computer programs or in other ways
intentionally breaches computer security. A cracker can be doing this
for profit, maliciously, for some altruistic purpose or cause, or
because the challenge is there. Some breaking-and-entering has been done
ostensibly to point out weaknesses in a site's security system.
Construing the responses of the
third question from the questionnaire, the responses I got were: -
Heard The Term
"Cracking"
# 15% Yes
# 85% No
And further when I asked to
distinguish 'hacking' with 'cracking', it was only 5% of them who did it
correctly
Hacking V/s Cracking
# 5% Distinguished Correctly
# 30% Cannot Distinguished At All
# 65 % Distinguished Wrongly
Rest all either cannot distinguish
it at all or they distinguished it wrongly. The wrong distinction was
seen to be vice-versa of the actual definition. Out of 65% of such
people, nearly 75% of them said that cracking is just breaking codes and
when it is of an illegal nature, it becomes hacking.
So we can see that even though
people have some rough idea about these terms but the way they are
employing it to real life, it is completely changing the real meaning
and giving a false impression about the hackers. It is rightly said that
'Little knowledge is more dangerous than no
knowledge at all.'
When they were asked about the
reasons so as why people indulge in 'hacking' (the graph of which is
given later) it was seen that 27% of them said that because of 'Social
Status'.
I failed to understand what kind of
'social status', they were talking about. But when I analyzed the next
question and saw that 75% of them says that 'hacking' is not socially
justified, I came to know that they were talking about the negative
status, which is not of respect but of hatred.
Hacking
Socially Justified Or Not
# 15% YES
# 75% NO
# 10% DON'T KNOW
Perceiving the text of FN1, we see
that Ankit Fadia talks about the underground community of our
population. So this social status can only be amongst that small part of
our population, i.e., the underground world. Whereas, a hacker who is
popular among the normal people is also desired and respected by
crackers.
Sending
Viruses v/s Hacking
Even though hacking is not at all an offence but if construed in a
manner which is generally used by he public the question comes up is
that whether sending viruses can be termed as hacking.
For this, again in the survey there
was a question for which the correct answers were only 15%. Rest all
others said that even sending viruses means Hacking.
Sending Virus V/s
Hacking
# 15 % Correct
# 85% In correct
The term cracking means, 'illegal
access'. Now, 'access' comprises the entering of the whole or any part
of a computer system (hardware, components, stored data of the system
installed, directories, traffic and content-related data). However, it
does not include the mere sending of an e-mail message or file to that
system. 'Access' includes the entering of another computer system, where
it is connected via public telecommunication networks or to a computer
system on the same network, such as a LAN (local area network) or
Intranet within an organisation. The method of communication (e.g. from
a distance, including via wireless links or at a close range) does not
matter. So if a virus is send through an e-mail, it is not an illegal
'access' and hence cannot be termed as 'cracking'.
Cyber Hacking (or rather Cyber
Cracking in verity), is one of the Cyber Crimes and Cyber Crime is a
universal term that allude to all criminal activities done using the
medium of computers, internet, cyber space and the world wide web (www).
In India, the law regulating such crimes is the Information Technology
Act, 2000 (or the IT Act, 2000). If studied in detail, we will find that
there are still many areas in the said Act, which need Amendments. Like,
it does not even define the term 'Cyber Crime' and the crimes mentioned
in Chap. XI named 'offences' have been declared penal offences
punishable by imprisonment or fine. Then Sec.66 defines hacking, but it
went on defining what is in reality 'cracking'. The definition of
hacking provided in Sec.66 of the Act is also very wide and capable of
misapplication. There is every possibility of this section being
misapplied.
So in light of Sec.66 of the Act
read along with this project topic I will now use the words 'Hacking'
and 'Cracking' interchangeably as per the demand of the chapter.
Crackers are becoming a peril so
uncontrollable that even the largest companies in the world are finding
it difficult to cope up with their perpetual attacks. Some crackers just
crack systems and gain access to them, for 'fun'. Their intention is not
to commit any crime. Now, it is a question of debate whether such act in
itself constitutes an offence or not. They may not be brought within the
ambit of existing laws because the IT Act uses the word 'destroys or
deletes or alters any information' and in this case they just gain
access to the system and nothing else. The act of such a cracker can
perhaps, most appropriately, be considered in the light of laws relating
to criminal trespass.
Trespass to
Property
In common language the word 'trespass', means to go on another's
property without permission or right. Though it is ordinarily a civil
wrong, if trespass is done with criminal intention, it is treated as
criminal trespass. The ingredients of the offence of criminal trespass
have been laid down under sec.441 of the Indian Penal Code. The object
of making trespass a criminal offence is to keep the trespasser away
from the premises of individuals so the one may enjoy his/her property
uninterrupted by any intruder.
In applying the section to hacking
on the Internet, the question which arises is "whether websites are
property". Many of the words used to describe websites have a basis in
real property: the word 'site' itself is one, as are such expressions as
'home' pages, 'visiting' Websites, 'travelling' to a site and the like.
This usage suggests that the trespass action might appropriately be
applied to websites as well. That analogies to real property trespass
can be made does not suggest, however, that they should be made. The
fundamental issue is whether the treatment of websites as property makes
sense in light of the justifications for the institution of property
generally.
Thus, as trespass actions are
stranded in the idea of protecting an owner's control over his property
and as even the websites should be considered as a species of property,
there is no reason for not allowing a cause of action for 'trespass to
websites'.
Mens Rea
The next question that is of importance arises when a cracker has no
intention to commit any further crimes. The question is 'whether such
cracking is enough to constitute threats or annoyance? Under Indian law
it has been clearly laid down in Smt. Mathri v.
State of Punjab that for establishing the offence of criminal
trespass it is not enough to merely show that the person entering upon
the property of another had knowledge that his act would cause
annoyance. The rule that a person must be presumed to intend the natural
consequences of his act is not a binding rule, if any other intention
can be shown. This interpretation may be problematic while dealing with
crimes on the Internet.
Liability
There is no doubt as far as liability is concerned when a Cracker is
caught. Now this liability can be of two types.
1. Civil Liability
2. Penal Liability
As like in the case of trespass,
when just cracking is there by the cracker, it is of a civil nature but
once the intention to cause harm or rather damage the system is proved,
the liability becomes that of a penal nature.
Now it is not just criminal
trespass, which can be done by cracking but cracking may also result in
many other crimes which are mentioned in the Indian Penal Code, 1860.
Like, if a cracker cracks an e-banking website and transfers money into
his own account, this may constitute a crime under Sec.378 of the Penal
Code, which in this case may also be termed as Cyber Theft. This kind of
act is completely of a penal liability.
In R. v. Gold prestel systems
provided it subscribers free e-mail facilities and access to its
database. The accused - Gold and Schifreen cracked into its computer and
were charged in England under the Forgery and Counterfeiting Act, 1981.
They were convicted but the Court of Appeal and the House of Lords as
well acquitted them as an instrument was necessary to commit the offence
under the said Act, which had to be similar to other examples in the
statutory definitions, which were physical objects.
For this, then the Law Commission in
England recommended that cracking be made penal and proposed: -
* A broad offence that seeks to deter the general practice of hacking by
imposing penalties of a moderate nature on all types of unauthorized
access; and
* A narrower but more serious offence imposes much heavier
penalties.
Similar considerations apply in our
country also. The IT Act tries to achieve this by providing civil and
penal consequences for cracking and other wrongful activities. The case
concerning Sec.66 of the IT Act, 2000, in India was first lodged in
Lucknow in February, 2001.
Interestingly, the victim of the
first cyber crime was none other than a police employee. The FIR was
lodged by junior engineer, police range, V K Chauhan, whose password for
Internet access was hacked and 100 hours of connectivity time exhausted
even before he could use it once. The case was registered under Sec.66
of the IT Act.
Interest in
Hacking
There were questions in the questionnaire regarding movies (question no.
6(i), 6(ii) and 7) on hacking by which I assessed the interest of the
youth in hacking and henceforth their knowledge about hacking and the
laws regarding it.
What I found is as follows: -
Interest In Hacking
# 55% No
# 10% Yes & Hacking Reasons
# 35 % Yes But Other Reasons
By this, we can see that only 35% of
the samples had seen hacking based movies and that too because the
storyline of the movie was of Hacking. Rest are not interested in it.
Henceforth, we can also see that
very few percentage of them are aware about hacking and the laws
regarding it.
Knowledge
About Its Tools:
# 55% Do Not Know At All
# 30% Have Some Idea
# 15% have No Idea
Knowledge About The
Laws:
# 10% YES
# 90% NO
Regarding, the insurance cover
against Hacking only 25% of them has said that it can be done, rest all
either outrageously said 'no' or they are unaware about it. What is
interesting over here is that though the insurance is being offered for
the first time in India, and that too in the month of February, 2001, at
least there are few of them who knew about it so early. Insurance is
being offered against all kinds of cyber crime, including loss of
airtime, to the extent of $25 million.
This insurance is to cover
reasonable ransom demands, litigation costs, third party liabilities,
etc. It will also offer a reward for any information that could lead to
the arrest of the hacker and also a crisis management fund.
Insurance
Cover:
# 25% Yes
# 10% No
# 65% Don't Know
So what we can conclude from this is
that most of the youth today are though unaware about Hacking but its an
emerging field and is on its way to be the upcoming field of study. This
can be said because there was another question regarding why one resort
to hacking and the responses I got, also includes 'Academic Reasons'.
Hacking
Reasons:
# 27% Fun
# 31% Economic Reason
# 6% Security
# 27% Social Status
# 6% Academic
# 3% Never
Then, when asked to name any famous
hacker, at least 30% of them easily named few of them.
The effectiveness of a judicial
system is anchored by regulations which define every aspect of a
system's functioning and primarily, its jurisdiction. A court must have
jurisdiction, venue, and appropriate service of process in order to hear
a case and deliver an effective judgement. Jurisdiction is the power of
a court to hear and determine a case. Without jurisdiction, a court's
judgement is futile and impotent. Such jurisdiction is essentially of
two types, namely subject matter jurisdiction and personal jurisdiction
, and these two must be conjunctively satisfied for a judgement to take
effect. It is the presence of jurisdiction that ensures the power of
enforcement to a court and in the absence of such power, the decree of a
court, is, to say the least, which is of little or of no use. Moreover,
only generally accepted principles of jurisdiction would ensures that
courts abroad also enforce the orders of other judicial bodies.
The Cyber Crimes like cracking can
be seen as multi-jurisdictional because of the ease which a user can
access the website from anywhere in the world. It can even be viewed as
'a jurisdictional' in the sense that from the users' perspective as
state and national borders are essentially transparent.
The Indian jurisprudence with regard
to jurisdiction over the hacking is almost non-existent. In the first
place, there has been very few cases or rather only one case regarding
hacking, to the best of my knowledge, in India and then secondly, it is
an emerging field and that too where the place of action for the dispute
is very difficult to decide. But an interesting feature of the IT Act is
that it is applicable to offences and contraventions committed by any
person not just in India but also outside India, as per sec.1(2) . This
principle has been elaborated in sec.75 of the Act which provides that
Indian Courts will have jurisdiction over acts committed outside India
as well as over foreigners committing such acts, if the act amounts to
an offence or contravention involving a computer, computer system or
computer network located in India. Thus the determining factor is the
location of computer, computer system or computer network that is
involved in an act or transaction.
In India, the court would assume
jurisdiction over a defendant, if even a part of the cause of action for
the dispute arose within its jurisdiction. Now these may appear to be
distinct and disparate points of view but when you get down to examining
the essential ingredients that must be fulfilled in order to satisfy the
requirements of these principles, there are several similarities between
them which may allow the Indian Courts to assume jurisdiction.
First of all, to conclude I would
like to state that there are lots and lots of fallacies regarding the
term hacking. Even though people are not aware about it today but by the
study of various samples and researches made, I have found that it is
very rapidly expanding its scope and day by day more and more people are
interested in it.
Again it has two aspects. It can
help the society to a great extent but it may also prove to be
otherwise. In such cases punishments must be proportionate and serve as
a sufficient deterrent. As computer data often contain personal
information a cracker can also infringe one's right to privacy
guaranteed by Art.21 of the Constitution of India.
Cracking can also be taken as an
offence under Indian Penal Code. For this there are two types of
liabilities, i.e., 'civil' and 'penal'.
Then for deciding the applicability
of jurisdiction of a case, the court faces a lot of problem, due to its
insensitiveness to local constraints. So, even when inventions and
discoveries had widened the scientific horizons, it has also posed new
challenges for the legal world. This Information Technology has posed
new problems in jurisprudence to which it is very difficult to give a
concrete shape.
|
