In this blog post, Surbhi Kapoor, a student of Amity Law School, Delhi IP University writes about hacking, a cyber crime covered under the Information and Technology Act, 2002. The article differentiates between a hacker and cracker, which not many people know. It also talks about laws against hacking in India, the essentials that constitute hacking and how a complaint against hacking should be filed.

Introduction

As the country progresses towards a digital age where everything would be available with the click of a button, the threat of data and private information being stolen has constantly been disturbing. It is ironical to see that the most trusted source of information and a store for data can turn out to be a wide platform for some to steal information. The Information and Technology Act, 2000 (IT Act) covers all types of cyber crime committed in the country including hacking.

Hacking earlier used to refer to a crime under section 43 of the IT Act but at the same time, ethical hacking or better known as white collar hacking was considered legal. Ethical hacking is also being taught by various professionals at schools and colleges. So a need was felt to differentiate between good and bad hacking. Under the amendment IT Act in 2008, the word ‘hacker was removed from the act. The reason for the same was that ethical hacking is taught by a lot of professionals at various schools and colleges, and colleges cannot teach anything illegal. So the same word should not be used. The amendment rephrased section 66 and section 43 by removing the word hacking from the Act.

Hacking in India

There have been numerous hacking attacks on Indian government websites where state government websites or defense websites have been hacked. Some time back, the Principal Comptroller of defense accounts website was hacked due to which defense officials could not access their salary information. The government, to reduce hacking of precise work, has agreed to the proposal of DEITY, which is the department of information and technology to stop using popular email ids for official purpose and has sanctioned a budget of Rs. 100 cores to safeguard the data. The websites of state governments have also been hacked in the past. The official website of Maharashtra government was hacked, and the hackers were not traceable.There have been some professional hackers in India who have taken huge amounts to hack data from websites. In the infamous case of Amit Tiwari, who was a global hacker, he has hacked more than 950 accounts since 2003 and was caught by the police only in 2014. This shows the lack of evidence and the difficulty in arresting a hacker.

Hacker Vs Cracker

There is a very slight line of demarcation drawn between the two words- hacking and cracking after the amendment of the IT act in 2008. Hackers are those people who are very good at computer programming and use their skills in a constructive way to help the government and various other organizations to protect their important information and company secrets. They try to discover loopholes in the software and find reasons for the same. They constantly try to improve the programs to improve the programming. They never intentionally damage the data. Whereas cracker id the one who intentionally breaks into the computer programs of others without having the authority to do so and has a malicious intention to harm the network security. However, there is a huge misconception about the two and both the terms are used interchangeably in today’s context even when they mean different.

The liability of the cracker 

Civil liability

Section 43A of the IT Act deals with the civil liability of cyber offenders. The section deals with the compensation that should be made for failure of protection of the date. His was introduced under the amendment of the act in 2008. The corporate responsibility for data protection is greatly emphasized by inserting Section 43A whereby corporate are under an obligation to ensure adoption of reasonable security practices. Further, what is sensitive personal data has since been clarified by the central government vide its Notification dated 11 April 2011 giving the list of all such data which includes password, details of bank accounts or card details, medical records, etc.

Penal liability

Penal liability of cracking arises when the intention or the liability of the cracker to harm the system or steal any important information gets established. If the cracker only trespasses the system without any intention to harm, it only remains a form of civil liability under section 43A. The criminal trespass can also result in other penal activities punishable under Indian Penal Code like cyber theft that can be punishable under section 378 of Indian Penal Code.

Essentials of hacking under section 66

Intention-whoever with a malicious intention breaks into the computer of the other to tamper or steal the data or destroy it has a wrong intention.

A wrongful act or damage to the data or tries to diminish the value of the data will cover under hacking.

Laws on hacking in India

Section 43 and section 66 of the IT Act cover the civil and criminal offenses of data theft or hacking respectively.

Under section 43, a simple civil offense where a person without permission of the owner accesses the computer and extracts any data or damages the data contained therein will come under civil liability. The cracker shall be liable to pay compensation to the affected people. Under the ITA 2000, the maximum cap for compensation was fine at Rs. One crore. However in the amendment made in 2008, this ceiling was removed. Section 43A was added in the amendment in 2008 to include corporate shed where the employees stole information from the secret files of the company.

Section 66B covers punishment for receiving stolen computer resource or information. The punishment includes imprisonment for one year or a fine of rupees one lakh or both. Mens rea is an important ingredient under section 66A. Intention or the knowledge to cause wrongful loss to others i.e. the existence of criminal intention and the evil mind i.e. concept of mens rea, destruction, deletion, alteration or diminishing in value or utility of data are all the major ingredients to bring any act under this Section.²

.The jurisdiction of the case in cyber laws is mostly disputed. Cyber crime does not happen in a particular territory. It is geography less and borderless. So it gets very difficult to determine the jurisdiction under which the case has to be filed. Suppose a person works from multiple places and his data gets stolen from a city while he resides in someother city, there will be a dispute as to where the complaint should be filed.

How to file a complaint about hacking

A complaint about the cyber crime can be filed at any cyber cell globally. There are various cyber crime cells in India; a complaint can be filled at any of these

Firstly write an application to the head of the cyber cell department and the complaint should contain the name, address, e-mail and telephone number.

Secondly, submit the following documents with the cell;

1. Server logs- log files that get automatically with the server when files are opened. It saves a list of activities performed on day to day basis.
2. Hardcopy and soft copy of the defected material- all the material that has been tempered with by the hacker needs to be submitted with the cyber cell as evidence.
3. A hard copy of the original web pages and the defaced ones- copies of both the original and defaced material should be submitted so that it makes the work easy to locate the defaced or tampered material.
4. Details of the control mechanism where the complainant needs to tell the details of those who had the access to the password and the computer.
5. If there is any suspicion on any person, a list of the suspects should also be given for further reference that could help the cyber cell in investigation

Now days there are even provisions for the complainant to get the access of the complaint filed and to check the status online without going anywhere.

Conclusion

There is no doubt that hacking poses a serious threat to the virtual world. Not many people in the country are aware of this theft. There needs to be more awareness in the country regarding hacking and cracking. The laws made by the government are stringent but lack a bit of enforceability and awareness in the society. Most of the minor cases of hacking go unnoticed because people abstain from filing cases for petty crimes even when there is harsh punishment for it.Also, it is very difficult to track a virtual hacker due to lack equipment. Since hacking can happen anywhere in the world, it gets tough for the police to trace him and punish him in another country. The punishment can also be a bit more harsh to prevent people from indulging in such acts.

LawSikho has created a telegram group for exchanging legal knowledge, referrals and various opportunities. You can click on this link and join:  

https://t.me/joinchat/J_0YrBa4IBSHdpuTfQO_sA