Whenever the word 'Hacking' or 'Hacker' comes to our mind, the picture or the image which is created is that of an intelligent being who is criminal by nature, who attacks other computer systems, damages it, break codes and passwords, send viruses etc. Their mindset are as if the 'hackers' are the computer criminals. They have a very wrong notion in this regard and have a completely negative attitude and utter dislike for the 'Hackers'.
In this regard, the media has wrongly associated the computer criminals as 'Hackers'. The media has played a major role and has its hands behind this creation of negative connotation of the word 'hacker'. General public may spread rumours but it is hard to believe, someone speaking about completely new term, which is also a totally new concept to him.
But the fact is that the terms 'Hacker' and so called 'Computer Criminal' are absolutely two different terms and are not linked with each other in any respect. They speak what they read and listen from others. For this, whenever any cyber crime occurred, by unauthorised use of other computer systems, the news published and delivered in public was by the use of the term 'hacking'. So we can say that it is because of media why people have hatred or negative feeling for the 'hackers'.
Now if such cyber criminals are not hackers then two major question which arises are:
1. Who are Hackers? And,
2. What are such cyber criminals called?
Actually, 'Hackers' are very intelligent people who use their skill in a constructive and positive manner. They help the government to protect national documents of strategic importance, help organisations to protect documents and company secrets, and even sometimes help justice to meet its end by extracting out electronic evidence. Rather, these are people who help to keep computer criminals on the run.
Now dealing with the second part, i.e., what are such cyber criminals called? The actual word for such criminals is not 'hacker' but 'cracker'.
First I would like to explain the term 'Hacker', because there is a great misconception regarding it. I made a field study by a questionnaire method taking few samples amongst the youths across the country. In that study, for the question regarding explaining the term 'hacking', most of the samples were just beating around the bush. The responses were as follows: -
Knowledge About The Term Hacking
# 30% Do Not Know At All
# 5% Know Exactly What It Is
# 65% have Wrong Idea
Analyzing the above chart, we can see that it is only 5% of people who know exactly, what hacking means. Rest all other either don't know at all or they have a wrong notion about it. 65% of them believe hacking to be of a criminal nature.
So as to eliminate the fallacies in its connotation, I would like to begin with its meaning. Hackers are generally computer programmers who maintain network systems, secure documents, etc. So anyone who has a good hand on computer programming can be termed as 'hacker' in general.
Ankit Fadia, who is a great master mind of India in the field of 'Hacking', has said:
"Traditionally, hackers were computer geeks who knew almost everything about computers and were widely respected for their wide array of knowledge. But over the years, the reputation of hackers has been steadily going down. Today, they are feared by most people and are looked upon as icons representing the underground community of our population."
In the light of this general allusion of the term 'hacking', which is generally construed by people, The word 'hacker' can be used to describe all of these: -
1. Code Hackers - They know computers inside out. They can make the computer do nearly anything they want it to.
2. Crackers - They break into computer systems. Circumventing Operating Systems and their security is their favourite past time. It involves breaking the security on software applications.
3. Cyber Punks - They are the masters of cryptography.
4. Phreakers - They combine their in-depth knowledge of the Internet and the mass telecommunications system.
5. Virus Builders - Virus incidents have resulted in significant and data loss at some stage or the other. The loss could be on account of: -
* Viruses - A virus is a programme that mayor may not attach itself to a file and replicate itself. It can attack any area: from corrupting the data of the file that it invades, using the computer's processing resources in attempt to crash the machine and more.
* Worms - Worms may also invade a computer and steal its resources to replicate themselves. They use the network to spread themselves. "Love bug" is a recent example.
* Trojan horse - Trojan horse is dicey. It appears to do one thing but does something else. The system may accept it as one thing. Upon execution, it may release a virus, worm or logic bomb.
* Logic bomb - A logic bomb is an attack triggered by an event, like computer clock reaching a certain date. Chernobyl and Melissa viruses are the recent examples.
Hacking v/s Cracking
The term hacker is a term used by some to mean 'a clever programmer' and by others, especially journalists or their editors, to mean 'someone who tries to break into computer systems'. Programmers who use their skills to cause trouble, crash machines, release computer viruses, steal credit card numbers, make free long distance calls (the phone system is so much like a computer system that it is a common target for computer criminals), remove copy-protection, and distribute pirated software may also call themselves 'hackers', leading to more confusion. Hackers in the original sense of the term, however, look down on these sorts of activities. Hackers generally deplore cracking. Among the programming community, and to a large extent even amongst the illegal programming community, these people are called 'crackers' and their activities known as 'cracking' to distinguish it from hacking.
A cracker is generally someone who breaks into someone else's computer system, often on a network, bypasses passwords or licenses in computer programs or in other ways intentionally breaches computer security. A cracker can be doing this for profit, maliciously, for some altruistic purpose or cause, or because the challenge is there. Some breaking-and-entering has been done ostensibly to point out weaknesses in a site's security system.
Construing the responses of the third question from the questionnaire, the responses I got were: -
Heard The Term "Cracking"
# 15% Yes
# 85% No
And further when I asked to distinguish 'hacking' with 'cracking', it was only 5% of them who did it correctly
Hacking V/s Cracking
# 5% Distinguished Correctly
# 30% Cannot Distinguished At All
# 65 % Distinguished Wrongly
Rest all either cannot distinguish it at all or they distinguished it wrongly. The wrong distinction was seen to be vice-versa of the actual definition. Out of 65% of such people, nearly 75% of them said that cracking is just breaking codes and when it is of an illegal nature, it becomes hacking.
So we can see that even though people have some rough idea about these terms but the way they are employing it to real life, it is completely changing the real meaning and giving a false impression about the hackers. It is rightly said that 'Little knowledge is more dangerous than no knowledge at all.'
When they were asked about the reasons so as why people indulge in 'hacking' (the graph of which is given later) it was seen that 27% of them said that because of 'Social Status'.
I failed to understand what kind of 'social status', they were talking about. But when I analyzed the next question and saw that 75% of them says that 'hacking' is not socially justified, I came to know that they were talking about the negative status, which is not of respect but of hatred.
Hacking Socially Justified Or Not
# 15% YES
# 75% NO
# 10% DON'T KNOW
Perceiving the text of FN1, we see that Ankit Fadia talks about the underground community of our population. So this social status can only be amongst that small part of our population, i.e., the underground world. Whereas, a hacker who is popular among the normal people is also desired and respected by crackers.
Sending Viruses v/s Hacking
Even though hacking is not at all an offence but if construed in a manner which is generally used by he public the question comes up is that whether sending viruses can be termed as hacking.
For this, again in the survey there was a question for which the correct answers were only 15%. Rest all others said that even sending viruses means Hacking.
Sending Virus V/s Hacking
# 15 % Correct
# 85% In correct
The term cracking means, 'illegal access'. Now, 'access' comprises the entering of the whole or any part of a computer system (hardware, components, stored data of the system installed, directories, traffic and content-related data). However, it does not include the mere sending of an e-mail message or file to that system. 'Access' includes the entering of another computer system, where it is connected via public telecommunication networks or to a computer system on the same network, such as a LAN (local area network) or Intranet within an organisation. The method of communication (e.g. from a distance, including via wireless links or at a close range) does not matter. So if a virus is send through an e-mail, it is not an illegal 'access' and hence cannot be termed as 'cracking'.
Cyber Hacking (or rather Cyber Cracking in verity), is one of the Cyber Crimes and Cyber Crime is a universal term that allude to all criminal activities done using the medium of computers, internet, cyber space and the world wide web (www). In India, the law regulating such crimes is the Information Technology Act, 2000 (or the IT Act, 2000). If studied in detail, we will find that there are still many areas in the said Act, which need Amendments. Like, it does not even define the term 'Cyber Crime' and the crimes mentioned in Chap. XI named 'offences' have been declared penal offences punishable by imprisonment or fine. Then Sec.66 defines hacking, but it went on defining what is in reality 'cracking'. The definition of hacking provided in Sec.66 of the Act is also very wide and capable of misapplication. There is every possibility of this section being misapplied.
So in light of Sec.66 of the Act read along with this project topic I will now use the words 'Hacking' and 'Cracking' interchangeably as per the demand of the chapter.
Crackers are becoming a peril so uncontrollable that even the largest companies in the world are finding it difficult to cope up with their perpetual attacks. Some crackers just crack systems and gain access to them, for 'fun'. Their intention is not to commit any crime. Now, it is a question of debate whether such act in itself constitutes an offence or not. They may not be brought within the ambit of existing laws because the IT Act uses the word 'destroys or deletes or alters any information' and in this case they just gain access to the system and nothing else. The act of such a cracker can perhaps, most appropriately, be considered in the light of laws relating to criminal trespass.
Trespass to Property
In common language the word 'trespass', means to go on another's property without permission or right. Though it is ordinarily a civil wrong, if trespass is done with criminal intention, it is treated as criminal trespass. The ingredients of the offence of criminal trespass have been laid down under sec.441 of the Indian Penal Code. The object of making trespass a criminal offence is to keep the trespasser away from the premises of individuals so the one may enjoy his/her property uninterrupted by any intruder.
In applying the section to hacking on the Internet, the question which arises is "whether websites are property". Many of the words used to describe websites have a basis in real property: the word 'site' itself is one, as are such expressions as 'home' pages, 'visiting' Websites, 'travelling' to a site and the like. This usage suggests that the trespass action might appropriately be applied to websites as well. That analogies to real property trespass can be made does not suggest, however, that they should be made. The fundamental issue is whether the treatment of websites as property makes sense in light of the justifications for the institution of property generally.
Thus, as trespass actions are stranded in the idea of protecting an owner's control over his property and as even the websites should be considered as a species of property, there is no reason for not allowing a cause of action for 'trespass to websites'.
The next question that is of importance arises when a cracker has no intention to commit any further crimes. The question is 'whether such cracking is enough to constitute threats or annoyance? Under Indian law it has been clearly laid down in Smt. Mathri v. State of Punjab that for establishing the offence of criminal trespass it is not enough to merely show that the person entering upon the property of another had knowledge that his act would cause annoyance. The rule that a person must be presumed to intend the natural consequences of his act is not a binding rule, if any other intention can be shown. This interpretation may be problematic while dealing with crimes on the Internet.
There is no doubt as far as liability is concerned when a Cracker is caught. Now this liability can be of two types.
1. Civil Liability
2. Penal Liability
As like in the case of trespass, when just cracking is there by the cracker, it is of a civil nature but once the intention to cause harm or rather damage the system is proved, the liability becomes that of a penal nature.
Now it is not just criminal trespass, which can be done by cracking but cracking may also result in many other crimes which are mentioned in the Indian Penal Code, 1860. Like, if a cracker cracks an e-banking website and transfers money into his own account, this may constitute a crime under Sec.378 of the Penal Code, which in this case may also be termed as Cyber Theft. This kind of act is completely of a penal liability.
In R. v. Gold prestel systems provided it subscribers free e-mail facilities and access to its database. The accused - Gold and Schifreen cracked into its computer and were charged in England under the Forgery and Counterfeiting Act, 1981. They were convicted but the Court of Appeal and the House of Lords as well acquitted them as an instrument was necessary to commit the offence under the said Act, which had to be similar to other examples in the statutory definitions, which were physical objects.
For this, then the Law Commission in England recommended that cracking be made penal and proposed: -
* A broad offence that seeks to deter the general practice of hacking by imposing penalties of a moderate nature on all types of unauthorized access; and
* A narrower but more serious offence imposes much heavier penalties.
Similar considerations apply in our country also. The IT Act tries to achieve this by providing civil and penal consequences for cracking and other wrongful activities. The case concerning Sec.66 of the IT Act, 2000, in India was first lodged in Lucknow in February, 2001.
Interestingly, the victim of the first cyber crime was none other than a police employee. The FIR was lodged by junior engineer, police range, V K Chauhan, whose password for Internet access was hacked and 100 hours of connectivity time exhausted even before he could use it once. The case was registered under Sec.66 of the IT Act.
Interest in Hacking
There were questions in the questionnaire regarding movies (question no. 6(i), 6(ii) and 7) on hacking by which I assessed the interest of the youth in hacking and henceforth their knowledge about hacking and the laws regarding it.
What I found is as follows: -
Interest In Hacking
# 55% No
# 10% Yes & Hacking Reasons
# 35 % Yes But Other Reasons
By this, we can see that only 35% of the samples had seen hacking based movies and that too because the storyline of the movie was of Hacking. Rest are not interested in it.
Henceforth, we can also see that very few percentage of them are aware about hacking and the laws regarding it.
Knowledge About Its Tools:
# 55% Do Not Know At All
# 30% Have Some Idea
# 15% have No Idea
Knowledge About The Laws:
# 10% YES
# 90% NO
Regarding, the insurance cover against Hacking only 25% of them has said that it can be done, rest all either outrageously said 'no' or they are unaware about it. What is interesting over here is that though the insurance is being offered for the first time in India, and that too in the month of February, 2001, at least there are few of them who knew about it so early. Insurance is being offered against all kinds of cyber crime, including loss of airtime, to the extent of $25 million.
This insurance is to cover reasonable ransom demands, litigation costs, third party liabilities, etc. It will also offer a reward for any information that could lead to the arrest of the hacker and also a crisis management fund.
# 25% Yes
# 10% No
# 65% Don't Know
So what we can conclude from this is that most of the youth today are though unaware about Hacking but its an emerging field and is on its way to be the upcoming field of study. This can be said because there was another question regarding why one resort to hacking and the responses I got, also includes 'Academic Reasons'.
# 27% Fun
# 31% Economic Reason
# 6% Security
# 27% Social Status
# 6% Academic
# 3% Never
Then, when asked to name any famous hacker, at least 30% of them easily named few of them.
The effectiveness of a judicial system is anchored by regulations which define every aspect of a system's functioning and primarily, its jurisdiction. A court must have jurisdiction, venue, and appropriate service of process in order to hear a case and deliver an effective judgement. Jurisdiction is the power of a court to hear and determine a case. Without jurisdiction, a court's judgement is futile and impotent. Such jurisdiction is essentially of two types, namely subject matter jurisdiction and personal jurisdiction , and these two must be conjunctively satisfied for a judgement to take effect. It is the presence of jurisdiction that ensures the power of enforcement to a court and in the absence of such power, the decree of a court, is, to say the least, which is of little or of no use. Moreover, only generally accepted principles of jurisdiction would ensures that courts abroad also enforce the orders of other judicial bodies.
The Cyber Crimes like cracking can be seen as multi-jurisdictional because of the ease which a user can access the website from anywhere in the world. It can even be viewed as 'a jurisdictional' in the sense that from the users' perspective as state and national borders are essentially transparent.
The Indian jurisprudence with regard to jurisdiction over the hacking is almost non-existent. In the first place, there has been very few cases or rather only one case regarding hacking, to the best of my knowledge, in India and then secondly, it is an emerging field and that too where the place of action for the dispute is very difficult to decide. But an interesting feature of the IT Act is that it is applicable to offences and contraventions committed by any person not just in India but also outside India, as per sec.1(2) . This principle has been elaborated in sec.75 of the Act which provides that Indian Courts will have jurisdiction over acts committed outside India as well as over foreigners committing such acts, if the act amounts to an offence or contravention involving a computer, computer system or computer network located in India. Thus the determining factor is the location of computer, computer system or computer network that is involved in an act or transaction.
In India, the court would assume jurisdiction over a defendant, if even a part of the cause of action for the dispute arose within its jurisdiction. Now these may appear to be distinct and disparate points of view but when you get down to examining the essential ingredients that must be fulfilled in order to satisfy the requirements of these principles, there are several similarities between them which may allow the Indian Courts to assume jurisdiction.
First of all, to conclude I would like to state that there are lots and lots of fallacies regarding the term hacking. Even though people are not aware about it today but by the study of various samples and researches made, I have found that it is very rapidly expanding its scope and day by day more and more people are interested in it.
Again it has two aspects. It can help the society to a great extent but it may also prove to be otherwise. In such cases punishments must be proportionate and serve as a sufficient deterrent. As computer data often contain personal information a cracker can also infringe one's right to privacy guaranteed by Art.21 of the Constitution of India.
Cracking can also be taken as an offence under Indian Penal Code. For this there are two types of liabilities, i.e., 'civil' and 'penal'.
Then for deciding the applicability of jurisdiction of a case, the court faces a lot of problem, due to its insensitiveness to local constraints. So, even when inventions and discoveries had widened the scientific horizons, it has also posed new challenges for the legal world. This Information Technology has posed new problems in jurisprudence to which it is very difficult to give a concrete shape.