Objective:To Understand how hacking impacts the Professional World

INTRODUCTION
WHAT IS HACKING?
Hacking is the practice of modifying the features of a system, in order to accomplish a goal outside of the creator's original purpose. The most prominent definition of hacking is the act of gaining access without legal authorization to a computer or computer network. In computer networking, hacking is any technical effort to manipulate the normal behaviour of network connections and connected systems. A hacker is any person engaged in hacking.The term "hacking" historically referred to constructive, clever technical work that was not necessarily related to computer systems. Today, however, hacking and hackers are most commonly associated with malicious programming attacks on the Internet and other networks. , the noun "hack" also has two senses. It can be either a compliment or an insult. It's called a hack when you do something in an ugly way. But when you do something so clever that you somehow beat the system, that's also called a hack. The word is used more often in the former than the latter sense, probably because ugly solutions are more common than brilliant ones.

Origins of Hacking
M.I.T. engineers in the 1950s and 1960s first popularized the term and concept of hacking. Starting at the model train club and later in the mainframe computer rooms, the so-called "hacks" perpetrated by these hackers were intended to be harmless technical experiments and fun learning activities. Later, outside of M.I.T., others began applying the term to less honourable pursuits. Before the Internet became popular, for example, several hackers in the U.S. experimented with methods to modify telephones for making free long-distance calls over the phone network illegally. As computer networking and the Internet exploded in popularity, data networks became by far the most common target of hackers and hacking.

Findings and Observations

WHO ARE HACKERS? The person who is consistently engaging in hacking activities, and has accepted hacking as a lifestyle and philosophy of their choice, is called a hacker. Hackers usually use social engineering to gain most of their knowledge. Social Engineering is the act of getting someone to tell you about sensitive information through trust. This unadulterated trust becomes a weakness for most companies. Early hackers needed to be very knowledgeable so that they were able to identify bugs themselves (a task requiring extensive knowledge about the operating system, and reading complex manuals) and often write their own programs to exploit them. They had to keep track of the leading developments in the field (latest bugs, latest patches, latest bugs in the patches, etc.). Later hackers were able to increasingly rely upon the hacking community to identify bugs and write programs that could be adapted for their specific purpose. Brute Force, Exploit and dictionary attacks are usually started through the use of software on the hacker's computer. To avoid detection, the hacker's may use proxies or zombie machines so that their location cannot be determined. This is just a small list of the different attacks hackers can use. With knowledge being power in the hacker culture, an Elite hacker is someone who has great technical skills. Hackers may and may not have ethics. This separates black hats, white hats, grey hats and script kiddies. Hackers ethics can vary and most believe that information and computer unauthorized access are o.k. as long as no harm is done. To the popular press, "hacker" means someone who breaks into computers. Among programmers it means a good programmer. But the two meanings are connected. To programmers, "hacker" connotes mastery in the most literal sense: someone who can make a computer do what he wantswhether the computer wants to or not. A hacker first attacks an easy target, and then uses it to hide his or her traces for launching attacks at more secure sites. The goal of an attack is to gain complete control of the system (so you can edit, delete, install, or execute any file in any users

directory), often by gaining access to a "super-user" account. This will allow both maximum access and the ability to hide your presence. Who are these telematics "pirates" who surf the net and go beyond boundaries not geographical ones but those of cyberspace - and sneak their way into computers and the networks that make up Internet? Initially, they were computer experts who spent their time, for pleasure as well as work, exploring the functional limits of programmes and operating systems, with the intention of perfecting them and searching out their imperfections and weaknesses. Now things have changed. It is estimated that Internet is currently made up of more than 200 million calculators, 800 million cyber-nauts and tens of thousands of independent network. The first important case of a breach in computer security occurred in November 1988, with the so-called "Morris worm", which gave rise to the creation of the first Coordination Centre (CERT, "Computer Emergency Response Team") to gather information on computer security incidents. Since then, other CERTs have been created in many countries to provide a centralized and coordinated response to on-line cyber-attacks and to facilitate the defence of calculators. Unfortunately, computer piracy has continued to evolve and is still developing; the number of cases officially reviewed by CERT coordinating centres, with regard to attacks on computers and data transmission networks, increased from 6 in 1988 to over 137,000 in 2003.

Raymond lists five possible characteristics that qualify one as a hacker are:
A person who enjoys learning details of a programming language or system A person who enjoys actually doing the programming rather than just dealing with it theoretically A person capable of appreciating someone else's hacking capabilities A person who picks up programming quickly A person who is an expert in a particular programming language or system

Ethical Hacking
The explosive growth and advancement of the Internet has brought many good things and services: Electronic commerce, easy access to vast stores of reference material and information, collaborative computing, e-mail, and new avenues for advertising and information distribution, online gaming, socializing sites to name a few. As with most technological advances, there is also a dark (Negative) side also: criminal hackers and Hacking. Governments, companies, and private citizens around the world are anxious to be a part of this revolution for the purpose of evolution and development, but they are afraid that some hacker will break (creep) into their Web server and replace their logo with pornography or some undesired stuff and all, read their e-mail, steal their credit card number from an on-line shopping and money transferring site, or implant software that will secretly transmit their organization's secrets to the open Internet (spyware etc). With these concerns and others, the ethical hacker can help with the same problem. The term HACKER has a dual usage and meaning in the computer industry today. Originally, the term was defined as: 1. A person who enjoys learning the details of computer systems and how to stretch their capabilities. 2. One who programs enthusiastically or who enjoys programming rather than just theorizing or mugging up the programming.

Hacking vs. Cracking

Malicious attacks on computer networks are officially known as cracking, while hacking truly applies only to activities having good intentions. Most non-technical people fail to make this distinction, however. Outside of academia, its extremely common to see the term "hack" misused and be applied to cracks as well. Hacking on computer networks is often done through scripts or other network programming. These programs generally manipulate data passing through a network connection in ways designed to obtain more information about how the target system works. Many such pre-packaged scripts are posted on the Internet for anyone, typically entry-level hackers, to use. More advanced hackers may study and modify these scripts to develop new methods. A few highly skilled hackers work for commercial firms with the job to protect that company's software and data from outside hacking. Cracking techniques on networks include creating worms, initiating denial of service (DoS) attacks, or in establishing unauthorized remote access connections to a device. Hacking is unauthorized use of computer and network resources. (The term "hacker" originally meant a very gifted programmer. In recent years though, with easier access to multiple systems, it now has negative implications.) Over time a particular jargon has developed, with terms such as "Hacker", used to describe an innovative programmer, often expert in several programming languages and operating systems, who gets into computers mainly to satisfy his own curiosity. His aim is to show everyone that he can penetrate the system, find out what information it contains and possibly let the administrator know of the weaknesses he has identified. Basically, it is an intellectual challenge, not necessarily with a negative outcome. However, the hacker can unexpectedly change into a "Cracker" i.e. someone who gets into systems with the intention of committing an act of vandalism or theft, often organized in groups who surround themselves with an aura of secrecy.

HACKERS ATTITUDE
Several subgroups of the computer underground with different attitudes and aims use different terms to demarcate themselves from each other, or try to exclude some specific group with which they do not agree. Eric S. Raymond (author of The New Hacker's Dictionary) advocates that members of the computer underground should be called crackers. Instead of a hacker/cracker dichotomy, they give more emphasis to a spectrum of different categories, such as white hat, grey hat, black hat and script kiddie. In contrast to Raymond, they usually reserve the term cracker. According to a cracker cracking is to gain unauthorized access to a computer in order to commit another crime such as destroying information contained in that system. These subgroups may also defined by the legal status of their activities. According to Steven Levy an American journalist who has written several books on computers, technology, cryptography, and cyber security said most hacker motives are reflected by the Hackers Ethic. These ethic are as follows:"

Access to computers and anything that might teach you something about the way the world works should be unlimited and always yield to the Hands-on imperative! All information should be free. Mistrust authority and promote decentralization. Hackers should be judged by their hacking, not bogus criteria such as degrees, age, race, or position. You can create art and beauty on a computer. Computers can change your life for the better."

WHITE HAT A white hat hacker breaks security for non-malicious reasons, for instance testing their own security system. This classification also includes individuals who perform penetration tests and vulnerability assessments within a contractual agreement. Often, this type of 'white hat' hacker is called an ethical hacker. GREY HAT A gray hat hacker is a combination of a Black Hat Hacker and a White Hat Hacker. A Grey Hat Hacker will surf the internet and hack into a computer system for the sole purpose of notifying the administrator that their system has been hacked. Then they will offer to repair their system for a small fee. BLUE HAT A blue hat hacker is someone outside computer security consulting firms who is used to bug test a system prior to its launch, looking for exploits so they can be closed.

BLACK HAT A black hat hacker, sometimes called "cracker", is someone who breaks computer security without authorization or uses technology (usually a computer, phone system or network) for vandalism, credit card fraud, identity theft, piracy, or other types of illegal activity. ELITE Elite is a term used to describe the most advanced hackers who are said to be on "the cutting edge" of computing and network technology. These would be individuals in the earliest 2.5 percentile of the technology adoption lifecycle curve, referred to as "innovators." As script kiddies and noobs utilize and exploit weaknesses in systems discovered by others, elites are those who bring about the initial discovery. SCRIPT KIDDIE A script kiddie is a non-expert who breaks into computer systems by using prepackaged automated tools written by others, usually with little understanding of the underlying concepthence the term script (i.e. a prearranged plan or set of activities) kiddie (i.e. kid, childan individual lacking knowledge and experience, immature). NEOPHYTE A neophyte or "newbie" is a term used to describe someone who is new to hacking and has almost no knowledge or experience of the workings of technology, and hacking.

HACTIVISM A hacktivist is a hacker who utilizes technology to announce a social, ideological, religious, or political message. In general, most hacktivism involves website defacement or denial-of-service attacks. In more extreme cases, hacktivism is used as tool for Cyber terrorism.

Ten Commandments of Computer Ethics

The ethical values as defined in 1992 by the Computer Ethics Institute Thou shalt not use a computer to harm other people. Thou shalt not interfere with other people's computer work. Thou shalt not snoop around in other people's computer files. Thou shalt not use a computer to steal. Thou shalt not use a computer to bear false witness. Thou shalt not copy or use proprietary software for which you have not paid. Thou shalt not use other people's computer resources without authorization or proper compensation. Thou shalt not appropriate other people's intellectual output. Thou shalt think about the social consequences of the program you are writing or the system you are designing. Thou shalt always use a computer in ways that ensure consideration and respect for your fellow humans.

Ethical vs. Unethical Hacking

In a broad sense, hacking is an act by which someone gains access to a computer system or network without any authorisation to do so. Such unauthorised entry may or may not be used to harm the system. The explosive growth of the Internet has brought many good things like ecommerce, online information distribution, collaborative computing and e-mail. As with most technological advances, there is also a dark side: criminal hackers. Hacking is getting more sophisticated and, in many cases, a lot nastier. And it is chipping away at the ability of the government, the military, and the business community to protect proprietary information and preserve individual privacy. Organisations are afraid that some hacker will break into their Web server and replace their logo with pornography, read their e-mail, steal their credit card number from an online shopping site, or implant software that will secretly transmit their organisation's secrets to the open Internet. Techniques adopted by hackers to gather information about systems are port scanning, sniffing and social engineering. Port scanning automatically detects security weaknesses in servers either locally or remotely. Sniffer is a piece of hardware or Software, which grabs all information tranversing Social engineering is an act by which valuable information about the network, passwords, access restrictions and user accounts are gathered from unsuspecting people. A hacker could use the information thus collected to launch Denial of Service attacks, spoofing some ones source IP address, cracking passwords, lauching data attacks and packet fragmentation attacks. This is what is called blackhat or criminal hacking. There is also good side to hacking in the form of whitehat or ethical hackers. They explore and experiment to evaluate target systems security and report back to the owners with the vulnerabilities found and also provide instructions to remedy them. These ethical hackers employ the same tools and techniques as the criminal hackers, but they neither damage the target systems nor steal information. Companies use ethical hackers to hackproof the security of their networks, ecommerce products or security products. Besides having to know the techniques of the criminal hackers, ethical hackers need to know how to detect their activities and also how to stop them.

Different Ways of Hacking

A typical approach in an attack on Internet-connected system is: Network -enumeration: Discovering information about the intended target. Vulnerability analysis: Identifying potential ways of attack. Exploitation: Attempting to compromise the system by employing the vulnerabilities found through the vulnerability analysis. Security exploits: A security exploit is a prepared application that takes advantage of a known weakness. Common examples of security exploits are SQL injection, Cross Site Scripting and Cross Site Request Forgery which abuse security holes that may result from substandard programming practice. Other exploits would be able to be used through FTP, HTTP, PHP, SSH, Telnet and some web-pages. These are very common in website/domain hacking.

Techniques of Hacking:
Vulnerability scanner:A vulnerability scanner is a tool used to quickly check computers on a network for known weaknesses. Hackers also commonly use port scanners. These check to see which ports on a specified computer are "open" or available to access the computer, and sometimes will detect what program or service is listening on that port, and its version number. (Note that firewalls defend computers from intruders by limiting access to ports/machines both inbound and outbound, but can still be circumvented.) Password cracking: Password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password. Packet sniffer: A packet sniffer is an application that captures data packets, which can be used to capture passwords and other data in transit over the network. Spoofing attack (Phishing): A spoofing attack involves one program, system, or website successfully masquerading as another by falsifying data and thereby being treated as a trusted system by a user or another program. The purpose of this is usually to fool programs, systems, or users into revealing confidential information, such as user names and passwords, to the attacker. Social engineering: When a Hacker, typically a black hat, is in the second stage of the targeting process, he or she will typically use some social engineering tactics to get enough information to access the network. A common practice for hackers who use this technique, is to contact the system administrator and play the role of a user who cannot get access to his or her system.

Denial-of-service attack (DoS attack):Itis an attempt to make a computer or network resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person, or multiple people to prevent an Internetsite or service from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers.

Trojan Horse A Trojan horse is a program which seems to be doing one thing, but is actually doing another. A trojan horse can be used to set up a back door in a computer system such that the intruder can gain access later. (The name refers to the horse from the Trojan War, with conceptually similar function of deceiving defenders into bringing an intruder inside.) Virus A virus is a self-replicating program that spreads by inserting copies of itself into other executable code or documents. Therefore, a computer virus behaves in a way similar to a biological virus, which spreads by inserting itself into living cells. While some are harmless or mere hoaxes most computer viruses are considered malicious. Worm Like a virus, a worm is also a self-replicating program. A worm differs from a virus in that it propagates through computer networks without user intervention. Unlike a virus, it does not need to attach itself to an existing program. Many people conflate the terms "virus" and "worm", using them both to describe any self-propagating program. Analysis: Application of Ethical Hacking Ethical Hacking is employed by organizations to test their Application Security and expose flaws in their system; so that they may be removed, ergo creating a more secure environment. Application of Unethical Hacking Unethical Hacking is intended to obtain sensitive information illegally and use it to ones advantage, with an intention of malice.

Conclusion:
Hacking affects the Professional World in a significant way as it is a Network Security measure protecting the company network and systems as well as a Malacious activity which threatens organizational security.

Recommendations To Prevent Unethical Hacking:

Comment Attacks Comments are one of most prized features for blogs, and helps create a great relationship between the author and the reader, and also between readers in the wider community. It would also be easy for someone to insert HTML code that causes trouble. You need to validate the form input before its accepted, to strip out all but the most basic HTML tags, for example and also if youre using WordPress you can utilize the Keyword Filter to block out any harsh words that might raise an issue or two. Unsolicited Installation of Scripts It can be dangerous to install third-party scripts and programs on your website unless you understand what they are actually doing. Even if you dont fully understand the programming, you can read through the code and look for tell-tale signs such as references to third-party URLS. You can also visit community forums such as SitePoint and DigitalPoint to ask around for better advice. Avoid Scam/Spammy Websites In a desperate attempt to get visitors you might consider try extensive viral marketing and other means of gaining the attention, this may cause a few people in the wrong community to raise a few eyebrows. The last thing you need as a settled web-master is to cause a stir amongst the wrong people. Stay away from websites and especially forums that offer information or get traffic quick that uses illegal spam lists and such. Clear the Cookies!

Personally, I use a lot of public computers to blog and do other online activities, maybe because its convenient or my unreliable ISP crashed on my once more. Inevitable theres many, many webmasters like me that use public services for either a quick access or regular work. Just dont forget to clear out the cookies and cache before you leave! Even if the service provider claims no tracking of privacy or anything along those lines, a quick clean before you leave wouldnt hurt anyone. Prevent illegal farmers from harvesting your lists Hacking techniques are used to harvest email addresses, which are then used by spammers and other hackers for malicious activities. If you are storing email data on your website, for what-ever required reason, make sure its stored in a secure format, such as a MySQL Database. Most top-CMS such as WordPress and Joomla make this compulsory but theres many self-written CMSs too. If your script simply writes data to a text called emails.txt it wont be long before someone sniffs it out. Dont use Generic Usernames Using common words for usernames such as admin, administrator or Site Owner can cause many implications because you are simply making the job of the hackers a lot easier. By using such common words for your username, you are incredibly increasing the success rate of the hacker by at least a few points of a percentage, which is consider a lot where only one answer can be right from an unlimited range of combinations. Securing your Ports To put in simple words, a PORT is used to access data from outside the server. It also utilized to transfer data both ways, into the server and also outgoing. Most of this activity is behind closed doors and happens automatically, and only trained professionals tend to play around with such details. Nevertheless, ports are constantly opened & closed for easy-access, for programs such as a FTP (File Transfer Protocol). This can be favorable for any hackers attempting to access your sensitive files, so make sure any unwanted ports are properly closed.

Updated Security Patches If your web hosting provider hasnt already done so, you should check that all the latest security patches for various aspects of the service are properly installed. As you might know, WordPress (self-hosted) is one of the most popular Content Management Systems out there on the market. It is used by millions- so its not surprising to see many hackers working day/night trying to hack it. Updates and patches are regularly released, so keep an eye out for all your plug-ins/core files. Use Strong Passwords!

The number one technique you can possibly implement. Hackers are experts at programming computers to plough through huge amounts of data very quickly. Thats the reason longer passwords are more secure; the number of possible combinations grows exponentially with every extra character added. Hackers employ a technique called dictionary attack where they repeatedly try username and password combinations by running through hundreds of common words, phrases, numbers and combination them till they get lucky. Its important you use random strings like j@m13s(!) instead of perhaps jamie123 Lastly, this cannot be a tip instead a complusory step in setting up your online community. Make sure your .htaccess and .htpasswrd is properly formatted with the secure CHMOD of 644. This is important and adds the best out-layer of protection for you and your visitors.

Effective steps that small business owners and network administrators can take to protect their systems

Implement a firewallA firewall is a barrier that keeps hackers and viruses out of computer networks. Firewalls intercept network traffic and allow only authorized data to pass through. Develop a corporate security policy Establish a corporate security policy that details practices to secure the network. The policy should direct employees to choose unique passwords that are a combination of letters and numbers. Passwords should be changed every 90 days to limit hackers ability to gain possession of a functioning password. When someone leaves company, immediately delete the user name and password. The corporate policy should outline consequences for network tampering and unauthorized entry. Install anti-virus software All computers should run the most recent version of an anti-virus protection subscription. Ideally a server should be configured to push virus updates out periodically to all client systems. Employees should be educated about viruses and discouraged from opening e-mail attachments or e-mail from unknown senders.

Keep operating systems up to date Upgrade operating systems frequently and regularly install the latest patches or versions of software, which are often free over the Web. If you use Microsoft Windows, check www.windowsupdate.com periodically for the latest patches. Vulnerabilities in Java and Adobe are well known exploit paths for malware writers so it is just as critical that these software applications are kept up to date. I recommend visiting Securia Online Software Inspector to scan for out of date software applications. Dont run unnecessary network services When installing systems, any nonessential features should be disabled. If a feature is installed but not actively used, it is less likely to be updated regularly, presenting a larger security threat. Also, allow only the software employees need to do their job effectively. Conduct a vulnerability test Conducting a vulnerability test is a cost-effective way to evaluate the current security program. This test highlights flaws and limitations in the program, and experts can offer suggestions for improvement. The best method for conducting a vulnerability test is to contact a computer consulting company and provide access to your system for a day or two. This will provide ample time for network appraisal and follow-up discussion and planning. Keep informed about network security Numerous books, magazines and online resources offer information about effective security tools and lessons learned. Also,

the Web provides ample and very current information about security type in the key words network security.

CYBER LAWS AND INDIAN PENAL CODE

Cyber crime If there are laws that could govern the Internet, then it appears that such laws would be fundamentally different from laws that geographic nations use today. The unique structure of the Internet has raised several judicial concerns. There is a substantial literature and commentary that the Internet is not only "regulable," but is already subject to substantial law regulations, both public and private, by many parties and at many different levels. Since the Internet defies geographical boundaries, national laws can not apply globally and it has been suggested instead that the Internet can be self-regulated as being its own trans-national "nation Cyber-crime was broken into two categories and defined thus: a. Cybercrime in a narrow sense (computer crime): Any illegal behaviour directed by means of electronic operations that targets the security of computer systems and the data processed by them. b. Cybercrime in a broader sense (computer-related crime): Any illegal behaviour committed by means of, or in relation to, a computer system or network, including such crimes as illegal possession [and] offering or distributing information by means of a computer system or network. In Indian law, cyber-crime has to be voluntary and wilful, an act or omission that adversely affects a person or property. The IT Act provides the backbone for ecommerce and Indias approach has been to look at e-governance and e-commerce primarily from the promotional aspects looking at the vast opportunities and the need to sensitize the population to the possibilities of the information age. There is the need to take in to consideration the security aspects. In the present global situation where cyber control mechanisms are important we need to push cyber laws. Cyber Crimes are a new class of crimes to India rapidly expanding due to extensive use of internet. Getting the right lead and making the right interpretation are very important in solving a cyber-crime. The 7 stage continuum of a criminal case starts from perpetration to registration to reporting, investigation, prosecution, adjudication and execution. The system cannot be stronger than the weakest link in the chain. In India, there are 30 million policemen to train apart from 12,000 strong Judiciary. Police in India are trying to become cyber-crime savvy and hiring people who are trained in the area. Many police stations in Delhi have computers which will be soon connected to the Head Quarters. Cyber Police Stations are functioning in major Cities all over the Country. The pace of the investigations can become faster; judicial sensitivity and knowledge need to improve. Focus needs to be on educating the police and district judiciary. IT Institutions can also play a role in this area. We need to sensitize our investigators and judges to the nuances of the system. National judicial Academy at Bhopal (MP) and State Judicial Academies are also running short-term Cyber Courses for Judges but much more is needed to be done.

Technology nuances are important in a spam infested environment where privacy can be compromised and individuals can be subjected to become a victim unsuspectingly. Most cyber criminals have a counter part in the real world. If loss of property or persons is caused the criminal is punishable under the IPC also. Since the law enforcement agencies find it is easier to handle it under the IPC, IT Act cases are not getting reported and when reported are not necessarily dealt with under the IT Act. A lengthy and intensive process of learning is required. A whole series of initiatives of cyber forensics were undertaken and cyber law procedures resulted out of it. This is an area where learning takes place every day as we are all beginners in this area. We are looking for solutions faster than the problems can get invented. We need to move faster than the criminals. The real issue is how to prevent cyber-crime. For this, there is need to raise the probability of apprehension and conviction. India has a law on evidence that considers admissibility, authenticity, accuracy, and completeness to convince the judiciary. The challenge in cyber-rime cases includes getting evidence that will stand scrutiny in a foreign court. For this India needs total international cooperation with specialised agencies of different countries. Police has to ensure that they have seized exactly what was there at the scene of crime, is the same that has been analysed and the report presented in court is based on this evidence. It has to maintain the chain of custody. The threat is not from the intelligence of criminals but from our ignorance and the will to fight it. The law is stricter now on producing evidence especially where electronic documents are concerned. The computer is the target and the tool for the perpetration of crime. It is used for the communication of the criminal activity such as the injection of a virus/worm which can crash entire networks. The Information Technology (IT) Act, 2000, specifies the acts which have been made punishable. Since the primary objective of this Act is to create an enabling environment for commercial use of I.T., certain omissions and commissions of criminals while using computers have not been included. With the legal recognition of Electronic Records and the amendments made in the several sections of the IPC vide the IT Act, 2000, several offences having bearing on cyberarena are also registered under the appropriate sections of the IPC. As per the report of National Crime Records Bureau, in 2005, a total 179 cases were registered under IT Act 2000, of which about 50 percent (88 cases) were related to Obscene Publications / Transmission in electronic form, normally known as cyber pornography. 125 persons were arrested for committing such offences during 2005. There were 74 cases of Hacking of computer systems during the year wherein 41 persons were arrested. Out of the total (74) Hacking cases, those relating to Loss/Damage of computer resource/utility under Sec 66(1) of the IT Act were 44.6 percent (33 cases) whereas the cases related to Hacking under Section 66(2) of IT Act were 55.4 percent (41 cases). Tamil Nadu (15) and Delhi (4) registered maximum cases under Sec 66(1) of the IT Act out of total 33 such cases at the National level. Out of the total 41 cases relating to Hacking under Sec. 66(2), most of the cases (24 cases) were reported from Karnataka followed by Andhra Pradesh (9) and Maharashtra (8).

During the year, a total of 302 cases were registered under IPC Sections as compared to 279 such cases during 2004 thereby reporting an increase of 8.2 percent in 2005 over 2004. Gujarat reported maximum number of such cases, nearly 50.6 percent of total cases (153 out of 302) like in previous year 2004 followed by Andhra Pradesh 22.5 percent (68 cases). Out of total 302 cases registered under IPC, majority of the crimes fall under 2 categories viz. Criminal Breach of Trust or Fraud (186) and Counterfeiting of Currency/Stamps (59). Though, these offences fall under the traditional IPC crimes, the cases had the cyber tone wherein computer, Internet or its related aspects were present in the crime and hence they were categorised as Cyber Crimes under IPC. Out of the 53,625 cases reported under head Cheating during 2005, the Cyber Forgery (48 cases) accounted for 0.09 percent. The Cyber frauds (186) accounted for 1.4 percent out of the total Criminal Breach of Trust cases (13,572). The Forgery (Cyber) cases were highest in Andhra Pradesh (28) followed by Punjab (12). The cases of Cyber Fraud were highest in Gujarat (118) followed by Punjab (28) and Andhra Pradesh (20). A total of 377 persons were arrested in the country for Cyber Crimes under IPC during 2005. Of these, 57.0 percent (215) of total such offenders (377) were taken into custody for offences under 'Criminal Breach of Trust/Fraud (Cyber)', 22.0 percent (83) for Counterfeiting of Currency/Stamps and 18.8 percent (71) for offences under Cyber Forgery. The States such as Gujarat (159), Andhra Pradesh (110), Chhattisgarh and Punjab (51 each) have reported higher arrests for Cyber Crimes registered under IPC. Bangalore (38), Chennai (20) and Delhi (10) cities have reported high incidence of such cases (68 out of 94 cases) accounting for more than half of the cases (72.3%) reported under IT Act, 2000. Surat city has reported the highest incidence (146 out of 163 cases) of cases reported under IPC sections accounting for more than 89.6 percent. The latest statistics show that cybercrime is actually on the rise. However, it is true that in India, cybercrime is not reported too much about. Consequently there is a false sense of complacency that cybercrime does not exist and that society is safe from cybercrime. This is not the correct picture. The fact is that people in our country do not report cybercrimes for many reasons. Many do not want to face harassment by the police. There is also the fear of bad publicity in the media, which could hurt their reputation and standing in society. Also, it becomes extremely difficult to convince the police to register any cybercrime, because of lack of orientation and awareness about cybercrimes and their registration and handling by the police. A recent survey indicates that for every 500 cybercrime incidents that take place, only 50 are reported to the police and out of that only one is actually registered. These figures indicate how difficult it is to convince the police to register a cybercrime. The establishment of cybercrime cells in different parts of the country was expected to boost cybercrime reporting and prosecution. However, these cells havent quite kept up with expectations. Netizens should not be under the impression that cybercrime is vanishing and they must realize that with each passing day, cyberspace becomes a more dangerous place to be in, where criminals roam freely to execute their criminals intentions encouraged by the so-called anonymity that internet provides.

The absolutely poor rate of cyber-crime conviction in the country has also not helped the cause of regulating cybercrime. There have only been few cybercrime convictions in the whole country, which can be counted on fingers. We need to ensure that we have specialized procedures for prosecution of cybercrime cases so as to tackle them on a priority basis,. This is necessary so as to win the faith of the people in the ability of the system to tackle cybercrime. We must ensure that our system provides for stringent punishment of cybercrimes and cyber criminals so that the same acts as a deterrent for others.

We can categorize Cyber-crimes in two ways

1.The Computer as a Target: Using a computer to attack other computers; e.g. Hacking, Virus/Worm attacks,DoS attack etc. 2.The computer as a weapon: Using a computer to commit real world crimes; e.g. Cyber Terrorism, IPR violations, Credit card frauds, EFT frauds, Pornography etc.

Information Technology Lawyer An information technology attorney is a professional who handles a variety of legal matters related to IT. The attorney gets involved in drafting, negotiating, and interpreting agreements in the areas of software licensing and maintenance, IT consulting, e-commerce, web site hosting and development, and telecommunications agreements, as well as handling dispute resolution and assisting with the client's Internet domain name portfolio. An information technology attorney works with engineering, IT, and other business units and ensures that customer information gathered by company is collected, stored and used in compliance with privacy policies and applicable laws. Duties also include providing high quality, specialized and practical advice in business-to-business and business-to-consumer arrangements and advising on issues like IT outsourcing arrangements, software and hardware supply and implementation agreements. An information technology attorney contracts for web site developers and consultants in relation to on-line projects. Provides support and maintains confidentiality/know how agreements. Contracts for Internet service providers and data protection advice. An information technology attorney should have a JD degree or an LL.M degree with admission to the local state bar.

Hacking
According to section 66 of the IT Act (1)Whoever with the intent to cause orknowing that he is likely to cause wrongfulloss or damage to the public or any persondestroys or deletes or alters anyinformation residing in a computer resourceor diminishes its value or utility or affects itinjuriously by any means, commits hacking.(2)Whoever commits hacking shall be punished with imprisonment up to three years, or with fine which may extend upto two lakh rupees, or with both. There are 2 elements to this section:1. Intention to cause wrongful loss or damage or Knowledge of the likelihood of wrongful loss or damage 2. Destruction or deletion or alteration of information in a computer Ordiminishing value or utility of a computer resourc or injuriously affecting a computer resource Loss signifies detriment or disadvantage. Loss can be temporary or permanent. Loss can relate to something that the loser hascurrently or is likely to get in the future. This term is bestunderstood through the following illustrations

INDIAN PENAL CODE CIVIL LIABILITY UNDER IT ACT,2000 SEC.43 of IT ACT 2000
If a person ,without permission of the owner or any other person who is incharge of a computer,computer system or computer network. a) Acess or secures access to such computer ,computer system or computer network. b) Download,copies or extracts any data ,computer data base or information from such computer,computer system or computer network including information or data held or stored in any removable storage medium. c) Introduces or causes to be introduced ,any computer constraints or computer virus into any computer,computer system or computer network d) Damages or causes to be damaged any computer .computer system or computer network,data,computer data base of any other programmes residing in such computer ,computer system or computer network e) Discharges or causes disruption of any computer ,computer system or computer network f) Denies or causes the denial of accesss to any computer ,computer system or computer network by any means g) Provides any assistance to any person to facilitate access to computer ,computer system or computer network in contravention of the provisions of this act,rules or regulations made there under. h) Changes the service availed of by a person to the account of another person by tampering with or manipulating any computer,computer system or computer network.

LIABILITIES UNDER INDIAN PENAL CODE

SEC.405-CRIMINAL BREACH OF TRUST Whoever being in any manner entrusted with property ,or with any domination over property,dishonesty,misappropriates,or converts to his own use that property or dishonesty uses or disposes of that property in violation of any direction of the law prescribing the mode in which such trust is to be discharged , of any legal contract ,express or implied ,which he was made touching the discharge of such trust or willfully suffers any other person ,so to do,commit criminal breach of trust

SEC.441-CRIMINAL TRESPASS Whoever enters into or upon property in the possession of another with intent to commit an offence or to intimidate,insult or annoy any person in the possession of such property, or having lawful entered into or upon such property,unlawful remains there with intent thereby to intimidate,insult or annoy any such person or with intent to commit an offence to said to commit criminal trespass

PENALITIES UNDER IT ACT,2000 SEC.66-HACKING WITH COMPUTER Whoever commits hacking shall be punished with imprisonment upto three years or with fine which may extend upto two lakh rupees or both.

SEC.72-PENALTY FOR BREACH OF CONFIDENTIALITY AND PRIVACY If any person who,in pursuance of any power conferred under this act,rules or regulation made thereunder,has secured access to any electronic record ,book,register,correspondence,information,document or other material without the consent of the person concerned discloses such electronic record book,register,correspondence,information,document,or other material to any other person shall be punished with imprisonment for a term which may extend to two years ,or with fine which may extend to one lakh rupees,or with both.

SEC.379-PUNISHMENT FOR THEFT whoever commits theft shall be punished with imprisonment of either description for a term which may extend to three years,or with fine,or with both. Sec.406-Punishment for criminal breach of trust

whoever commit criminal breach of trust shall be punished with imprisonment of either description for a term which may extend to three years or with fine ,or with both

SEC.447-PUNISHMENT FOR CRIMINAL TRESPASS Whoever commits criminal trespass shall be punished with imprisonment of either description for a term which may extend to three months ,or with fine which may extend to five hundred rupees ,or with both.

Bibliography
http://en.wikipedia.org/wiki/Legal_aspects_of_computing http://www.cyberlawsindia.net/ http://www.cyberlaws.net/cyberindia/whycyberlaw.htm http://whatishacking.org/ http://www.crime-research.org/news/05.05.2004/241/ www.gohacking.com/ http://compnetworking.about.com/od/networksecurityprivacy/f/what-ishacking.htm 8. http://www.campusactivism.org/html-resource/hackers/section6.html 9. http://searchsecurity.techtarget.com/definition/hacker 10. http://www.scienzagiovane.unibo.it/english/hackers/1-who.html 11. http://www.paulgraham.com/gba.html 12. http://www.brighthub.com/computing/enterprise-security/articles/5299.aspx
1. 2. 3. 4. 5. 6. 7.