Written by Ankit Shukla, pursuing Diploma in Cyber Law, Fintech Regulations and Technology Contracts offered by Lawsikho as part of his coursework. Ankit is an Advocate at the District Court and is a law graduate from Himachal Pradesh University.
The Internet is the global system of interconnected computer networks which originated 40 years back. The internet and computer networks have increased rapidly. The Internet has spread its root beyond the United States after its evolution, social media users in India have reached 226 million till date. The internet was originated to share research through computer networks but the aspects have changed in the present day, now internet carries a lot of information resources on one network to another. Exchanging emails, World Wide Web, hypertext documents, file sharing; E-commerce etc. are examples of information resources and services.
With positive impacts the internet does have some negative impact on the society, like the crimes that are seen in the real world internet has also witnessed crimes that infringe a person’s right. Cybercrime is a crime that involves a computer and network, examples of cybercrime can be quoted as hacking, pornography, cyberwarfare, sextortion, copyright infringement.
With advancement in technology and social interaction on virtual space personal information of an individual has become vulnerable with increased use of the internet. A cyber offender can access a person’s information without the authorization of the victim, which leads to hacking.
In nutshell hacking refers to an unauthorized intrusion into computer or network and the person who gain this unauthorized access is known as a hacker.
Hacking is one of the serious cyber crimes that are evolving in the era of internet, England grabbed the first rank among the victim countries by cyber attack which was affected by 9 crores cyber attacks as reported this year and India was on the 21st place in the list of victim countries which was affected by 6.95 lakh cyber attack.
Hacking is a technique of finding the weak links or flaws in the computer network and thereafter gaining unauthorized access of the computer system to change the settings of the targeted network or computer system. Hacking in itself is a negative term and often seen as a criminal act. However, an ethical hacker uses those same skills as an unethical hacker but in a legitimate, lawful manner to try to find vulnerabilities and fix them before the bad guys can get there and try to break in.
Hacker As A Guardian?
A hacker is any skilled computer expert who uses its technological knowledge to overcome a technical glitch or a problem. Hackers with malicious intent are known as crackers. The word hacker is derived from the word “lusty laborers” who harvested fields by dogged and rough swings of a hoe.
Hacker and its shades
Hackers may be good or bad depending upon the intentions or motivation behind their work. Some of the hackers barge into a system out of curiosity and some of the hackers have a legitimate motivation or are authorized by legitimate officials and some of the hackers are appointed for protection of safeguarding the vulnerable data. Hackers can be classified into the following categories which are listed below:
Black Hat Hacker
A black hat hacker is also known as a cracker, as these kinds of hackers possess a piece of good knowledge in computer networking, Network protocols, and system administration, but these kind of hackers are a reason for cybercrime as they hack the systems for unethical reasons.
White Hat Hacker/ Ethical Hacker
A white hat hacker is the opposite version of the Blackhat hacker, these hackers possess the same amount of knowledge as black hat hackers but they use the knowledge in an ethical way and they are network security professional so known as ethical hackers.
Grey Hat Hacker
A grey hat hacker is somebody who is between the Black Hat and white hat hacker; the grey hat hacker exposes the vulnerabilities of the network system and then may in return offer services to fix the loopholes for money.
Script Kiddle
Script kiddle can be defined as an amateur hacker who breaks into the system with the help of hacking tools written by another hacker.
Hacktivists
A hacktivist is a politically motivated hacker, he is equivalent to all other hackers but his intention is to bring public intention to a political matter.
Phreakers
Phreaker is a telecom network hacker who hacks the telephone system illegally.
When does the term Hacking become legal?
With the increased use of internet the word hacking has lost its worth and is seen more of illegal activity or as a cybercrime, unethical hackers or commonly known as black hat hackers are responsible for the darker side of hacking as they are the one who breaches the cybersecurity with their skills and techniques. To tackle cyber criminals like black hat hackers there is a need of law as well as of ethical hackers.
The white hat hackers work according to the ethics of hacking and protect the interest of individuals on the internet as they are the cybersecurity professional. Ethical hacking is the authorized way of gaining permission for the same.
How is Ethical Hacking different from Black Hat Hacking?
Ethical hackers are involved in an organization to penetrate networks and systems with the purpose of discovering the vulnerabilities and fixing them. The role of the ethical hacker is similar to that of a penetration tester, but they break into the systems legally and ethically, the legality of hacking depends upon the ethics and it creates the differentiation between the two.
How does Ethical hacking work?
As ethical hacking is likely to be done with the permission of the victim or the targeted system, the only way to tackle black hat hacking is tackling it through ethical hacking, the techniques used in penetration are created in a way to emulate the real attacks without causing any damage and safeguard the organization or an individual against the cyber attacks. After it is discovered how the attackers work the Network administrators, engineers and security professional emulate the environment of security level to conduct a penetration test. The things important to know are what the victim is looking for, to make the tests easy and effective.
The Steps that are involved in Penetration tests are as follows:
• Ground rules should be established: to set the expectation, to identify the parties involved, written permissions or an agreement of access mainly known as Statement of work in the United state
• Passive Scanning: Gathering information about the target without his knowledge also known as Open Source Intelligence, information such as Social Networking Site, Online databases etc.
• Active Scanning and Enumeration: Using investigating tools to scan the target’s public exposure.
• Fingerprinting: Performing investigation of the target systems to identify, operating system, applications, and patch level open ports, user accounts etc.
• Selecting a target system.
• Exploiting the uncovered vulnerabilities: executing the appropriate tools targeted at the suspected exposures.
• Escalating privilege: escalate the security context so the ethical hacker has more control like gaining root or administrative rights, using cracked passwords for unauthorized access
• Documenting and reporting: A file shall be maintained about every technique used or every tool that was used, vulnerabilities that were exploited and much more.
Laws To Remember as an Ethical Hacker
Hacking has traveled from being an intellectual curiosity to a cybercrime around the world and has bothered the nations with the security, data breach, financial breach, only frauds etc. An unethical hacking is clearly an offence in the eyes of every nation. These offences have risen tremendously; Information technology and law were two different fields which never intersected but with the misuse of technology the law had to safeguard the rights of the netizens. Various legislations and laws have been framed across the world to safeguard the right of an individual in the virtual world of which ethical hacker has to keep in mind while working in good faith.
With the growth in usage of internet in India, cyber attacks have impacted the security of the computer networks as well; India adopted the model law on electronic commerce which was adopted by the United Nations Commission on International Trade Law consequently Information Technology Act of 2000 came into force, the purpose of the act was an Act to provide legal recognition for transactions by means of electronic data interchange and, commonly referred to as “electronic commerce”, which involve the use of alternatives to paper-based methods of communication and storage of information.
There is a thin line between a black hat hacker and a white hat hacker which is laid in section 84 stating that the protection granted to the government, the controller or any person acting on behalf of them to act in good faith. If an ethical hacker is appointed by a government or a controller and the person has to act in pursuance of this act or any rule and regulation or order.
Section 43 of the Act states that if any person without permission of the owner or any other person who is an in charge of a computer, computer system or computer network, if modifies, damages, disrupts computer network, downloads, copies or extract any data or information from such computer network or accesses to such computer system he may be penalized for damages. The term used in this provision is without permission of the owner that gives an impression if a person is working under the authority or in a good faith he may not be liable for the damages.
Section 43- A of the Act states that if any person fails to protect the data he is liable for compensation, so if an ethical hacker is a body corporate and he fails to protect the data he his handling he will be liable under section 43-A of IT Act.
Section 66 of the IT Act deals with the computer-related offences which state that any person who dishonestly and fraudulently does any act mentioned in section 43 of the Act he shall be penalized with 3 year years.
The government agencies like CBI, Army and law enforcement bodies, Intelligence Bureau, Ministry of Communication and Information Technology under the Information Technology Act can form government agency under section 70-A and Section 70-B for the Critical Information Infrastructure Protection can recruit the cybersecurity experts to protect itself from cyber terrorism as laid down in section 66-F of the Information Technology Act where it has been mentioned without authorization or exceeds authorized access.
The IT law of India does penalize a hacker who does not have proper authorization to get access to the computer hacker but it does not protect ethical hackers unless he is employed by the government under section 84. Ethical hackers cannot be ignored, as their presence is much required to protect the computer networks against cyber terrorism and cyber attacks.
Conclusion
As compared to the other countries Ethical Hacker is protected in the eyes of law as UK laws define Mens Rea and Actus Rea and in countries like Japan have provided an identification code to safeguard the interest of Ethical Hacker whereas in India Legislations like IPC lacks provision regarding hacking and his intention. Cr.P.C lacks provisions where police can carry on the investigation with the help of the Ethical Hackers because it deals with the interference of electronic evidence and once somebody gain access to electronic evidence because of its delicate nature it may lose its authenticity.
India is in need of a law to protect its ethical hackers as the time and technology will advance so will cyber crimes increase and the and black hat hackers cannot be tackled unless white hat hackers are differentiated from them and are provided with proper identity.
Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skills.