Legal Issues Involving Hacking

Seminar on Ethical Hacking

Organized By

Integrated Academy of Management & Technology

On
st
Saturday, 1 September, 2007

Copyright Reserved
 Hackers Vs. Crackers
Common Mans Perspective

HACKERS are the good guys who break into a

system and then tell the system owner how to
prevent other people from getting in

CRACKERS are bad guys who break in and do

damage

Amarjit & Associates, New Delhi

 Legal Meaning of Hacking

According to S. 66, IT Act, 2000

Whoever with the intent to cause or knowing that he

is likely to cause wrongful loss or damage to the public or
any person destroys or deletes or alters any information
residing in a computer resource or diminishes its value or
utility or affects injuriously by any means, commits
hacking

Amarjit & Associates, New Delhi

 When Hacking is Said to be Committed

Hacking comes in when an unauthorized

access to a system is done with an intention
of committing further crimes like fraud,
misrepresentation, downloading data in
order to commit infringement of copyright,
accessing sensitive and top secret data from
defense etc.

Amarjit & Associates, New Delhi

 Liabilities Under Indian Penal Code

Sec. 378 Theft

Whoever, intending to take

dishonestly any moveable property out of the
possession of any person without that
persons consent, moves that property in
order to such taking, is said to commit theft

Amarjit & Associates, New Delhi

 Liabilities Under Indian Penal Code

Sec. 405 Criminal Breach of Trust

Whoever, being in any manner entrusted with
property, or with any dominion over property, dishonestly
misappropriates or converts to his own use that property,
or dishonestly uses or disposes of that property in
violation of any direction of law prescribing the mode in
which such trust is to be discharged, or of any legal
contract, express or implied, which he has made touching
the discharge of such trust, or wilfully suffers any other
person so to do, commits "criminal breach of trust"

Amarjit & Associates, New Delhi

 Liabilities Under Indian Penal Code

Sec 441 Criminal Trespass

Whoever enters into or upon property in the

possession of another with intent to commit an
offence or to intimidate, insult or annoy any
person in possession of such property,
or having lawfully entered into or upon such
property, unlawfully remains there with intent
thereby to intimidate, insult or annoy any such
person, or with intent to commit an offence.
is said to commit criminal trespass

Amarjit & Associates, New Delhi

 Penalties under IT Act, 2000

S. 66 (2) Hacking with Computer System

Whoever commits hacking shall be

punished with imprisonment up to
three years or with fine which may
extend upto two lakh rupees, or both.

Amarjit & Associates, New Delhi

 Penalties under IT Act, 2000
S. 72 Penalty for Breach of Confidentiality and privacy

If any person who, in pursuance of any powers

conferred under this Act, Rules or Regulations made
thereunder, has secured access to any electronic record,
book register, correspondence, information, document or
other material without the consent of the person concerned
discloses such electronic record, book, register,
correspondence, information, document, or other material
to any other person shall be punished with imprisonment
for a term which may extend to two years, or with fine
which may extend to one lakh rupees, or with both.

Amarjit & Associates, New Delhi

 Penalties under Indian Penal Code

S. 379 Punishment for Theft

Whoever commits theft shall be

punished with imprisonment of either
description for a term which may
extend to three years, or with fine, or
with both.
Amarjit & Associates, New Delhi
 Penalties under Indian Penal Code

S. 406 Punishment for criminal breach of

trust.

Whoever commits criminal breach of

trust shall be punished with imprisonment of
either description for a term which may
extend to three years, or with fine, or with
both.

Amarjit & Associates, New Delhi

 Penalties under Indian Penal Code

S. 447 Punishment for criminal trespass

Whoever commits criminal trespass shall

be punished with imprisonment of either
description for a term which may extend to
three months, or with fine which may extend
to five hundred rupees, or with both.

Amarjit & Associates, New Delhi

 Civil Liability Under IT Act, 2000
Sec. 43 Of IT Act, 2000

If any person without permission of the owner or any other person

who is incharge of a computer, computer system or
computer network,
(a) accesses or secures access to such computer, computer system or
computer network;
(b) downloads, copies or extracts any data, computer data base or
information from such computer, computer system
or computer network including information or data held or stored in
any removable storage medium;
(c) introduces or causes to be introduced any computer contaminant
or computer virus into any computer, computer
system or computer network;

Amarjit & Associates, New Delhi

 Civil Liability Under IT Act, 2000
(d) damages or causes to be damaged any computer, computer system or
computer network, data, computer data
base or any other programmes residing in such computer, computer system
or computer network;
(e) disrupts or causes disruption of any computer, computer system or
computer network;
(f) denies or causes the denial of access to any person authorised to access
any computer, computer system or
computer network by any means;
(g) provides any assistance to any person to facilitate access to a computer,
computer system or computer network in
contravention of the provisions of this Act, rules or regulations made
thereunder;
(h) charges the services availed of by a person to the account of another
person by tampering with or manipulating
any computer, computer system, or computer network,

he shall be liable to pay damages by way of compensation not exceeding one

crore rupees to the person so affected.
 Hacking Case in Karnataka
Background :

The complainant approached the police stating that she had been receiving obscene
and pornographic material at her e-mail address and mobile phone. She stated that
this person appeared to know a lot about her and her family and believed that her e-
mail account had been hacked.

Investigation

The investigating team using a different e-mail ID tried to chat with the accused
using the complainants e-mail ID. Subsequently the investigating team was able to
identify the IP address of the computer system being used and it was tracked to an
organization in Delhi.

The investigating team visited the company and through its server logs was able to
identify the system from which the obscene material was sent. Using forensic disk
imaging and analysis tools the e-mails were retrieved from the system. The residence
of the accused was located and the hard disk of his personal computer was
seized. On the basis of the evidence gathered the accused was arrested.

Amarjit & Associates, New Delhi

 Student Held for Hacking Airtel Website
The Special Cell of Delhi police last year held a 28-year-old man for allegedly
hacking into the website of telecom service provider Airtel and obtaining call
details of 26 central government employees including some high-ranking
officials

According to the police, the accused tried to get call details of 59 officials. He
finally got details of 26 officials and demanded Rs1 crore from the company
for not disclosing it.

Ankit Srivastava, 29, a PhD student, was arrested from his Gaziabad
residence and produced before a city court which remanded him to seven
days of police custody.

Ankit alleged that Airtels complaint against him was a counter move, after
he had lodged an FIR against the company with Senior Superintendent of
Police Ghaziabad on June 21 claiming that the companys system and the
data of its subscribers, was not safe.

Amarjit & Associates, New Delhi

 IT Manager Sentenced in Hacking Case
Mark Erfurt broke into the computer systems of Santa Clara,
California's Manufacturing Electronic Sales(MESC)

He deleted data, read e-mail, and downloaded a proprietary

database from the network using the PC Anywhere remote
control software

At the time of the break-in, Erfurt was an employee of an MESC

competitor, Centaur

"This was a private individual that happened to use a computer

system at our office," Centaur said. "We're not involved in this."
Amarjit & Associates, New Delhi
Monster Case
 Monster Case
The theft of contact information for job seekers in the database of
Monster Worldwide Inc was reported last month

While investigating the recent theft, the company learned that its
Web site had previously been hacked

"We're assuming it is a large number. It could easily be in the

millions," Iannuzzi said in an interview. To be safe, he said, each
Monster.com user should assume that his or her contact information
has been taken

The company,said last month it would invest $80 million to $100

million over 18 months to improve its technology, will dedicate "a
large measure of that money" to fixing the security issue

Amarjit & Associates, New Delhi

 Things to Consider While Opting for
Ethical Hacking
Always Enter Into a Written Contract.

Confidentiality Agreement Should be Entered.

Back to Back Confidentiality Agreement with Employees

of Ethical Hackers.

Scope of Hacking to be clearly specified in the Contract.

Prohibitions, if any, to be clearly specified.

Amarjit & Associates, New Delhi

 Future References
For Updates on Cyber Laws www.cybersmart.in

For Updates on Intellectual Property & Information

Technology Laws www.lawarcade.com

For Articles and Regulatory Updates www.iprfirm.com

For any Queries relating to Legal Aspects

www.amarjitassociates.com or

E-mail : gurpreet@amarjitassociates.com
Amarjit & Associates, New Delhi
THANKS