Hacking-PP Document for Jury Final

8/3/2019 Hacking-PP Document for Jury Final

1/28

Objective: To Understand how hacking impacts the Professional World

INTRODUCTION

WHAT IS HACKING?

Hacking is the practice of modifying the features of a system, in order to accomplish

a goal outside of the creator's original purpose.

The most prominent definition of hacking is the act of gaining access without legal

authorization to a computer or computer network.

In computer networking, hacking is any technical effort to manipulate the normal

behaviour of network connections and connected systems. A hacker is any person

engaged in hacking.The term "hacking" historically referred to constructive, clever

technical work that was not necessarily related to computer systems. Today,

however, hacking and hackers are most commonly associated with malicious

programming attacks on the Internet and other networks.

, the noun "hack" also has two senses. It can be either a compliment or an insult. It's

called a hack when you do something in an ugly way. But when you do something soclever that you somehow beat the system, that's also called a hack. The word is

used more often in the former than the latter sense, probably because ugly solutions

are more common than brilliant ones.


2/28

Origins of Hacking

M.I.T. engineers in the 1950s and 1960s first popularized the term and concept of

hacking. Starting at the model train club and later in the mainframe computer rooms,

the so-called "hacks" perpetrated by these hackers were intended to be harmless

technical experiments and fun learning activities.

Later, outside of M.I.T., others began applying the term to less honourable pursuits.

Before the Internet became popular, for example, several hackers in the U.S.

experimented with methods to modify telephones for making free long-distance calls

over the phone network illegally.

As computer networking and the Internet exploded in popularity, data networksbecame by far the most common target of hackers and hacking.


3/28

Findings and Observations

WHO ARE HACKERS?

The person who is consistently engaging in hacking activities, and has acceptedhacking as a lifestyle and philosophy of their choice, is called a hacker. Hackers

usually use social engineering to gain most of their knowledge. Social Engineering is

the act of getting someone to tell you about sensitive information through trust. This

unadulterated trust becomes a weakness for most companies.

Early hackers needed to be very knowledgeable so that they were able to identify

bugs themselves (a task requiring extensive knowledge about the operating system,

and reading complex manuals) and often write their own programs to exploit them.They had to keep track of the leading developments in the field (latest bugs, latest

patches, latest bugs in the patches, etc.). Later hackers were able to increasingly

rely upon the hacking community to identify bugs and write programs that could be

adapted for their specific purpose.

Brute Force, Exploit and dictionary attacks are usually started through the use of

software on the hacker's computer. To avoid detection, the hacker's may use proxies

or zombie machines so that their location cannot be determined. This is just a small

list of the different attacks hackers can use.

With knowledge being power in the hacker culture, an Elite hacker is someone who

has great technical skills. Hackers may and may not have ethics. This separates

black hats, white hats, grey hats and script kiddies. Hackers ethics can vary and

most believe that information and computer unauthorized access are o.k. as long as

no harm is done.

To the popular press, "hacker" means someone who breaks into computers. Among

programmers it means a good programmer. But the two meanings are connected. To

programmers, "hacker" connotes mastery in the most literal sense: someone who

can make a computer do what he wants whether the computer wants to or not.

A hacker first attacks an easy target, and then uses it to hide his or her traces for

launching attacks at more secure sites. The goal of an attack is to gain complete

control of the system (so you can edit, delete, inst all, or execute any file in any users


4/28

directory), often by gaining access to a "super-user" account. This will allow both

maximum access and the ability to hide your presence.

Who are these telematics "pirates" who surf the net and go beyond boundaries not

geographical ones but those of cyberspace - and sneak their way into computersand the networks that make up Internet? Initially, they were computer experts who

spent their time, for pleasure as well as work, exploring the functional limits of

programmes and operating systems, with the intention of perfecting them and

searching out their imperfections and weaknesses. Now things have changed.

It is estimated that Internet is currently made up of more than 200 million calculators,

800 million cyber-nauts and tens of thousands of independent network. The first

important case of a breach in computer security occurred in November 1988, with

the so-called "Morris worm", which gave rise to the creation of the first Coordination

Centre (CERT, "Computer Emergency Response Team") to gather information on

computer security incidents. Since then, other CERTs have been created in many

countries to provide a centralized and coordinated response to on-line cyber-attacks

and to facilitate the defence of calculators.

Unfortunately, computer piracy has continued to evolve and is still developing; thenumber of cases officially reviewed by CERT coordinating centres, with regard to

attacks on computers and data transmission networks, increased from 6 in 1988 to

over 137,000 in 2003.


5/28

Raymond lists five possible characteristics that qualify one as a

hacker are:

A person who enjoys learning details of a programming language or system

A person who enjoys actually doing the programming rather than just dealing with

it theoretically

A person capable of appreciating someone else's hacking capabilities

A person who picks up programming quickly

A person who is an expert in a particular programming language or system


6/28


7/28


8/28

Hacking vs. Cracking

Malicious attacks on computer networks are officially known as cracking, while

hacking truly applies only to activities having good intentions. Most non-technical

people fail to make this distinction, however. Outside of academia, its extremely

common to see the term "hack" misused and be applied to cracks as well.

Hacking on computer networks is often done through scripts or other network

programming. These programs generally manipulate data passing through a network

connection in ways designed to obtain more information about how the target system

works. Many such pre-packaged scripts are posted on the Internet for anyone,

typically entry-level hackers, to use. More advanced hackers may study and modify

these scripts to develop new methods. A few highly skilled hackers work for

commercial firms with the job to protect that company's software and data from

outside hacking.

Cracking techniques on networks include creating worms, initiating denial of service

(DoS) attacks, or in establishing unauthorized remote access connections to a

device.

Hacking is unauthorized use of computer and network resources. (The term "hacker"

originally meant a very gifted programmer. In recent years though, with easier

access to multiple systems, it now has negative implications.)

Over time a particular jargon has developed, with terms such as "Hacker", used to

describe an innovative programmer, often expert in several programming languages

and operating systems, who gets into computers mainly to satisfy his own curiosity.

His aim is to show everyone that he can penetrate the system, find out whatinformation it contains and possibly let the administrator know of the weaknesses he

has identified. Basically, it is an intellectual challenge, not necessarily with a negative

outcome. However, the hacker can unexpectedly change into a "Cracker" i.e.

someone who gets into systems with the intention of committing an act of vandalism

or theft, often organized in groups who surround themselves with an aura of secrecy.


9/28

HACKERS ATTITUDE

Several subgroups of the computer underground with different attitudes and aimsuse different terms to demarcate themselves from each other, or try to exclude somespecific group with which they do not agree. Eric S. Raymond (author of The NewHacker's Dictionary) advocates that members of the computer underground shouldbe called crackers. Instead of a hacker/cracker dichotomy, they give more emphasisto a spectrum of different categories, such as white hat, grey hat, black hat and scriptkiddie. In contrast to Raymond, they usually reserve the term cracker. According to acracker cracking is to gain unauthorized ac cess to a computer in order to commitanother crime such as destroying information contained in that system . Thesesubgroups may also defined by the legal status of their activities.

According to Steven Levy an American journalist who has written several books oncomputers, technology, cryptography, and cyber security said most hacker motives

are reflected by the Hackers Ethic. These ethic are as follows:" Access to computers and anything that might teach you something about the

way the world works should be unlimited and always yield to the Hands-onimperative!

All information should be free. Mistrust authority and promote decentralization. Hackers should be judged by their hacking, not bogus criteria such as

degrees, age, race, or position. You can create art and beauty on a computer. Computers can change your life for the better."

WHITE HAT

A white hat hacker breaks security for non-malicious reasons, for instance testingtheir own security system. This classification also includes individuals who performpenetration tests and vulnerability assessments within a contractual agreement.Often, this type of 'white hat' hacker is called an ethical hacker.

GREY HAT

A gray hat hacker is a combination of a Black Hat Hacker and a White Hat Hacker. AGrey Hat Hacker will surf the internet and hack into a computer system for the solepurpose of notifying the administrator that their system has been hacked. Then theywill offer to repair their system for a small fee.

BLUE HAT

A blue hat hacker is someone outside computer security consulting firms who isused to bug test a system prior to its launch, looking for exploits so they can be

closed.


10/28

BLACK HAT

A black hat hacker, sometimes called "cracker", is someone who breaks computersecurity without authorization or uses technology (usually a computer, phone systemor network) for vandalism, credit card fraud, identity theft, piracy, or other types ofillegal activity.

ELITE

Elite is a term used to describe the most advanced hackers who are said to be on"the cutting edge" of computing and network technology. These would be individualsin the earliest 2.5 percentile of the technology adoption lifecycle curve, referred to as"innovators." As script kiddies and noobs utilize and exploit weaknesses in systemsdiscovered by others, elites are those who bring about the initial discovery.

SCRIPT KIDDIEA script kiddie is a non-expert who breaks into computer systems by using pre-packaged automated tools written by others, usually with little understanding of theunderlying concept hence the term script (i.e. a prearranged plan or set ofactivities) kiddie (i.e. kid, child an individual lacking knowledge and experience,immature).

NEOPHYTE

A neophyte or "newbie" is a term used to describe someone who is new to hackingand has almost no knowledge or experience of the workings of technology, andhacking.

HACTIVISM

A hacktivist is a hacker who utilizes technology to announce a social, ideological,religious, or political message. In general, most hacktivism involves websitedefacement or denial-of-service attacks. In more extreme cases, hacktivism is usedas tool for Cyber terrorism.


11/28

Ten Commandments of Computer Ethics

The ethical values as defined in 1992 by the Computer Ethics Institute

Thou shalt not use a computer to harm other people.Thou shalt not interfere with other people's computer work.Thou shalt not snoop around in other people's computer files.Thou shalt not use a computer to steal.Thou shalt not use a computer to bear false witness.Thou shalt not copy or use proprietary software for which you have not paid.Thou shalt not use other people's computer resources without authorization orproper compensation.Thou shalt not appropriate other people's intellectual output.Thou shalt think about the social consequences of the program you are writing or thesystem you are designing.Thou shalt always use a computer in ways that ensure consideration and respect foryour fellow humans.


12/28

Ethical vs. Unethical Hacking

In a broad sense, hacking is an act by which someone gains access to a computersystem or network without any authorisation to do so. Such unauthorised entry mayor may not be used to harm the system.

The explosive growth of the Internet has brought many good things like ecommerce,online information distribution, collaborative computing and e-mail.

As with most technological advances, there is also a dark side: criminal hackers.Hacking is getting more sophisticated and, in many cases, a lot nastier. And it ischipping away at the ability of the government, the military, and the businesscommunity to protect proprietary information and preserve individual privacy.Organisations are afraid that some hacker will break into their Web server andreplace their logo with pornography, read their e-mail, steal their credit card number

from an online shopping site, or implant software that will secretly transmit theirorganisation's secrets to the open Internet.

Techniques adopted by hackers to gather information about systems are portscanning, sniffing and social engineering. Port scanning automatically detectssecurity weaknesses in servers either locally or remotely. Sniffer is a piece ofhardware or Software, which grabs all information tranversing Social engineering isan act by which valuable information about the network, passwords, accessrestrictions and user accounts are gathered from unsuspecting people.

A hacker could use the information thus collected to launch Denial of Service

attacks, spoofing some ones source IP address, cracking passwords, lauching dataattacks and packet fragmentation attacks. This is what is called blackhat or criminalhacking.

There is also good side to hacking in the form of whitehat or ethical hackers. Theyexplore and experiment to evaluate target systems security and report back to theowners with the vulnerabilities found and also provide instructions to remedy them.These ethical hackers employ the same tools and techniques as the criminalhackers, but they neither damage the target systems nor steal information.Companies use ethical hackers to hackproof the security of their networks,ecommerce products or security products. Besides having to know the techniques ofthe criminal hackers, ethical hackers need to know how to detect their activities andalso how to stop them.


13/28

Different Ways of Hacking

A typical approach in an attack on Internet-connected system is:

Network -enumeration: Discovering information about the intended target.

Vulnerability analysis: Identifying potential ways of attack.

Exploitation: Attempting to compromise the system by employing the vulnerabilitiesfound through the vulnerability analysis.

Security exploits: A security exploit is a prepared application that takes advantageof a known weakness. Common examples of security exploits are SQL injection, Cross Site Scripting and Cross Site Request Forgery which abuse security holes thatmay result from substandard programming practice. Other exploits would be able tobe used through FTP, HTTP, PHP, SSH, Telnet and some web-pages. These arevery common in website/domain hacking.

Techniques of Hacking:

Vulnerability scanner: A vulnerability scanner is a tool used to quickly checkcomputers on a network for known weaknesses. Hackers also commonly use portscanners. These check to see which ports on a specified computer are "open" oravailable to access the computer, and sometimes will detect what program or service

is listening on that port, and its version number. (Note that firewalls defendcomputers from intruders by limiting access to ports/machines both inbound andoutbound, but can still be circumvented.)

Password cracking: Password cracking is the process of recovering passwordsfrom data that has been stored in or transmitted by a computer system. A commonapproach is to repeatedly try guesses for the password.

Packet sniffer: A packet sniffer is an application that captures data packets, whichcan be used to capture passwords and other data in transit over the network.

Spoofing attack (Phishing): A spoofing attack involves one program, system, orwebsite successfully masquerading as another by falsifying data and thereby beingtreated as a trusted system by a user or another program. The purpose of this isusually to fool programs, systems, or users into revealing confidential information,such as user names and passwords, to the attacker.

Social engineering: When a Hacker, typically a black hat, is in the second stage ofthe targeting process, he or she will typically use some social engineering tactics toget enough information to access the network. A common practice for hackers who

use this technique, is to contact the system administrator and play the role of a userwho cannot get access to his or her system.
http://en.wikipedia.org/wiki/SQL_injectionhttp://en.wikipedia.org/wiki/Cross_Site_Scriptinghttp://en.wikipedia.org/wiki/Cross_Site_Request_Forgeryhttp://en.wikipedia.org/wiki/FTPhttp://en.wikipedia.org/wiki/HTTPhttp://en.wikipedia.org/wiki/PHPhttp://en.wikipedia.org/wiki/Secure_Shellhttp://en.wikipedia.org/wiki/Telnethttp://en.wikipedia.org/wiki/Port_scannerhttp://en.wikipedia.org/wiki/Port_scannerhttp://en.wikipedia.org/wiki/Firewall_(networking)http://en.wikipedia.org/wiki/Firewall_(networking)http://en.wikipedia.org/wiki/Port_scannerhttp://en.wikipedia.org/wiki/Port_scannerhttp://en.wikipedia.org/wiki/Telnethttp://en.wikipedia.org/wiki/Secure_Shellhttp://en.wikipedia.org/wiki/PHPhttp://en.wikipedia.org/wiki/HTTPhttp://en.wikipedia.org/wiki/FTPhttp://en.wikipedia.org/wiki/Cross_Site_Request_Forgeryhttp://en.wikipedia.org/wiki/Cross_Site_Scriptinghttp://en.wikipedia.org/wiki/SQL_injection


14/28

Denial-of-service attack (DoS attack): Itis an attempt to make a computer ornetwork resource unavailable to its intended users. Although the means to carry out,motives for, and targets of a DoS attack may vary, it generally consists of theconcerted efforts of a person, or multiple people to prevent an Internetsite or service

from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of DoSattacks typically target sites or services hosted on high-profile web servers such asbanks, credit card payment gateways, and even root nameservers.

Trojan Horse

A Trojan horse is a program which seems to be doing one thing, but is actually doinganother. A trojan horse can be used to set up a back door in a computer systemsuch that the intruder can gain access later. (The name refers to the horse from theTrojan War, with conceptually similar function of deceiving defenders into bringing anintruder inside.)

Virus

A virus is a self-replicating program that spreads by inserting copies of itself intoother executable code or documents. Therefore, a computer virus behaves in a waysimilar to a biological virus, which spreads by inserting itself into living cells. Whilesome are harmless or mere hoaxes most computer viruses are consideredmalicious.

Worm

Like a virus, a worm is also a self-replicating program. A worm differs from a virus inthat it propagates through computer networks without user intervention. Unlike avirus, it does not need to attach itself to an existing program. Many people conflatethe terms "virus" and "worm", using them both to describe any self-propagatingprogram.

Analysis:

Application of Ethical Hacking

Ethical Hacking is employed by organizations to test their Application Security andexpose flaws in their system; so that they may be removed, ergo creating a moresecure environment.

Application of Unethical Hacking

Unethical Hacking is intended to obtain sensitive information illegally and use it toones advantage, with an intention of malice.
http://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/Web_servicehttp://en.wikipedia.org/wiki/Web_serverhttp://en.wikipedia.org/wiki/Credit_cardhttp://en.wikipedia.org/wiki/Root_nameserverhttp://en.wikipedia.org/wiki/Backdoor_(computing)http://en.wikipedia.org/wiki/Trojan_Horsehttp://en.wikipedia.org/wiki/Trojan_Warhttp://en.wikipedia.org/wiki/Virushttp://en.wikipedia.org/wiki/Virushttp://en.wikipedia.org/wiki/Trojan_Warhttp://en.wikipedia.org/wiki/Trojan_Horsehttp://en.wikipedia.org/wiki/Backdoor_(computing)http://en.wikipedia.org/wiki/Root_nameserverhttp://en.wikipedia.org/wiki/Credit_cardhttp://en.wikipedia.org/wiki/Web_serverhttp://en.wikipedia.org/wiki/Web_servicehttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/Internet


15/28

Conclusion:

Hacking affects the Professional World in a significant way as it is a NetworkSecurity measure protecting the company network and systems as well as aMalacious activity which threatens organizational security.

Recommendations To Prevent Unethical Hacking:

Comment Attacks

Comments are one of most prized features for blogs, and helps create a greatrelationship between the author and the reader, and also between readers in thewider community. It would also be easy for someone to insert HTML code that

causes trouble.

You need to validate the form input before its accepted, to strip out all but the mostbasic HTML tags, for example and also if you re using WordPress you can utilizethe Keyword Filter to block out any harsh words that might raise an issue or two.

Unsolicited Installation of Scripts

It can be dangerous to install third-party scripts and programs on your websiteunless you understa nd what they are actually doing. Even if you dont fullyunderstand the programming, you can read through the code and look for tell-talesigns such as references to third-party URLS.

You can also visit community forums such as SitePoint and DigitalPoint to askaround for better advice.

Avoid Scam/Spammy Websites

In a desperate attempt to get visitors you might consider try extensive viral marketingand other means of gaining the attention, this may cause a few people in the wrongcommunity to raise a few eyebrows.

The last thing you need as a settled web-master is to cause a stir amongst the wrongpeople. Stay away from websites and especially forums that offer information or get traffic quick that uses illegal spam lists and such.

Clear the Cookies!


16/28

Personally, I use a lot of public computers to blog and do other online activities,maybe because its convenient or my unreliable ISP crashed on my once more.Inevitable theres many, many webmasters like me that use public services for either a quick access or regular work.

Just dont forget to clear out the cookies and cache before you leave! Even if theservice provider claims no tracking of privacy or anything along those lines, a quickclean before you leave wouldnt hurt anyone.

Prevent illegal f armers from harvesting your lists

Hacking techniques are used to harvest email addresses, which are then used byspammers and other hackers for malicious activities. If you are storing email data onyour website, for what-ever required reason, make su re its stored in a secureformat, such as a MySQL Database.

Most top- CMS such as WordPress and Joomla make this compulsory but theres

many self- written CMSs too. If your script simply writes data to a text calledemails.txt it wont be long before som eone sniffs it out.

Dont use Generic Usernames

Using common words for usernames such as admin , administrator or SiteOwner can cause many implications because you are simply making the job of thehackers a lot easier. By using such common words for your username, you areincredibly increasing the success rate of the hacker by at least a few points of apercentage, which is consider a lot where only one answer can be right from anunlimited range of combinations.

Securing your Ports

To put in simple words, a PORT is used to access data from outside the server. Italso utilized to transfer data both ways, into the server and also outgoing. Most ofthis activity is behind closed doors and happens automatically, and only trainedprofessionals tend to play around with such details.

Nevertheless, ports are constantly opened & closed for easy-access, for programssuch as a FTP (File Transfer Protocol). This can be favorable for any hackersattempting to access your sensitive files, so make sure any unwanted ports areproperly closed.


17/28

Updated Security Patches

If your web hosting provider hasnt already done so, you should check that all thelatest security patches for various aspects of the service are properly installed. Asyou might know, WordPress (self-hosted) is one of the most popular Content

Management Systems out there on the market.

It is used by millions- so its not surprising to see many hackers working day/nighttrying to hack it. Updates and patches are regularly released, so keep an eye out forall your plug-ins/core files.

Use Strong Passwords!

The number one technique you can possibly implement. Hackers are experts atprogramming computers to plough through huge amounts of data very quickly.Thats the reason longer passwords are more secure; the number of possiblecombinations grows exponentially with every extra character added.

Hackers employ a technique called dictionary attack where they repeatedly tryusername and password combinations by running through hundreds of commonwords , phrases, numbers and combination them till they get lucky. Its important youuse random strings like j@m13s(!) instead of perhaps jamie123

Lastly, this cannot be a tip instead a complusory step in setting up your onlinecommunity. Make sure your .htaccess and .htpasswrd is properly formatted withthe secure CHMOD of 644. This is important and adds the best out-layer ofprotection for you and your visitors.


18/28

Effective steps that small business owners and networkadministrators can take to protect their systems

Implement a firewall A firewall is a barrier that keeps hackers and viruses out ofcomputer networks. Firewalls intercept network traffic and allow only authorized datato pass through.

Develop a corporate security policy Establish a corporate security policy thatdetails practices to secure the network. The policy should direct employees tochoose unique passwords that are a combination of letters and numbers. Passwordsshould be changed every 90 days to limit hackers ability to g ain possession of afunctioning password. When someone leaves company, immediately delete the username and password. The corporate policy should outline consequences for network

tampering and unauthorized entry.

Install anti-virus software All computers should run the most recent version of ananti-virus protection subscription.Ideally a server should be configured to push virus updates out periodically to allclient systems. Employees should be educated about viruses and discouraged fromopening e-mail attachments or e-mail from unknown senders.

Keep operating systems up to date Upgrade operating systems frequently and

regularly install the latest patches or versionsof software, which are often free over the Web. If you use Microsoft Windows, checkwww.windowsupdate.com periodically for the latest patches.Vulnerabilities in Java and Adobe are well known exploit paths for malware writersso it is just as critical that these software applications are kept up to date. Irecommend visiting Securia Online Software Inspector to scan for out of datesoftware applications.

Dont run unnecessary network services When installing systems, any non-essential features should be disabled. If a feature is installed but not actively used, itis less likely to be updated regularly, presenting a larger security threat. Also, allowonly the software employees need to do their job effectively.

Conduct a vulnerability test Conducting a vulnerability test is a cost-effectiveway to evaluate the current security program. This test highlights flaws andlimitations in the program, and experts can offer suggestions for improvement. Thebest method for conducting a vulnerability test is to contact a computer consultingcompany and provide access to your system for a day or two. This will provide ampletime for network appraisal and follow-up discussion and planning.

Keep informed about network security Numerous books, magazines and online

resources offer information about effective security tools and lessons learned. Also,


19/28

the Web provides ample and very current information about security type in the keywords network security.


20/28

CYBER LAWS AND INDIAN PENAL CODE

Cyber crime

If there are laws that could govern the Internet, then it appears that such laws wouldbe fundamentally different from laws that geographic nations use today. The uniquestructure of the Internet has raised several judicial concerns. There is a substantialliterature and commentary that the Internet is not only "regulable," but is alreadysubject to substantial law regulations, both public and private, by many parties and atmany different levels. Since the Internet defies geographical boundaries, nationallaws can not apply globally and it has been suggested instead that the Internet canbe self-regulated as being its own trans-national "nation

Cyber-crime was broken into two categories and defined thus:

a. Cybercrime in a narrow sense (computer crime): Any illegal behaviour directed bymeans of electronic operations that targets the security of computer systems and thedata processed by them.

b. Cybercrime in a broader sense (computer-related crime): Any illegal behaviourcommitted by means of, or in relation to, a computer system or network, includingsuch crimes as illegal possession [and] offering or distributing information by meansof a computer system or network.

In Indian law, cyber-crime has to be voluntary and wilful, an act or omission thatadversely affects a person or property. The IT Act provides the backbone for e-

commerce and Indias approach has been to look at e -governance and e-commerceprimarily from the promotional aspects looking at the vast opportunities and the needto sensitize the population to the possibilities of the information age. There is theneed to take in to consideration the security aspects.

In the present global situation where cyber control mechanisms are important weneed to push cyber laws. Cyber Crimes are a new class of crimes to India rapidlyexpanding due to extensive use of internet. Getting the right lead and making theright interpretation are very important in solving a cyber-crime. The 7 stagecontinuum of a criminal case starts from perpetration to registration to reporting,investigation, prosecution, adjudication and execution. The system cannot be

stronger than the weakest link in the chain. In India, there are 30 million policemen totrain apart from 12,000 strong Judiciary.

Police in India are trying to become cyber-crime savvy and hiring people who aretrained in the area. Many police stations in Delhi have computers which will be soonconnected to the Head Quarters. Cyber Police Stations are functioning in majorCities all over the Country. The pace of the investigations can become faster; judicialsensitivity and knowledge need to improve. Focus needs to be on educating thepolice and district judiciary. IT Institutions can also play a role in this area. We needto sensitize our investigators and judges to the nuances of the system. National

judicial Academy at Bhopal (MP) and State Judicial Academies are also runningshort-term Cyber Courses for Judges but much more is needed to be done.


21/28

Technology nuances are important in a spam infested environment where privacycan be compromised and individuals can be subjected to become a victimunsuspectingly. Most cyber criminals have a counter part in the real world. If loss ofproperty or persons is caused the criminal is punishable under the IPC also. Sincethe law enforcement agencies find it is easier to handle it under the IPC, IT Act

cases are not getting reported and when reported are not necessarily dealt withunder the IT Act. A lengthy and intensive process of learning is required.

A whole series of initiatives of cyber forensics were undertaken and cyber lawprocedures resulted out of it. This is an area where learning takes place every dayas we are all beginners in this area. We are looking for solutions faster than theproblems can get invented. We need to move faster than the criminals.

The real issue is how to prevent cyber-crime. For this, there is need to raise theprobability of apprehension and conviction. India has a law on evidence thatconsiders admissibility, authenticity, accuracy, and completeness to convince the

judiciary. The challenge in cyber-rime cases includes getting evidence that will standscrutiny in a foreign court. For this India needs total international cooperation withspecialised agencies of different countries. Police has to ensure that they haveseized exactly what was there at the scene of crime, is the same that has beenanalysed and the report presented in court is based on this evidence. It has tomaintain the chain of custody. The threat is not from the intelligence of criminals butfrom our ignorance and the will to fight it. The law is stricter now on producingevidence especially where electronic documents are concerned.

The computer is the target and the tool for the perpetration of crime. It is used for thecommunication of the criminal activity such as the injection of a virus/worm whichcan crash entire networks. The Information Technology (IT) Act, 2000, specifies theacts which have been made punishable. Since the primary objective of this Act is tocreate an enabling environment for commercial use of I.T., certain omissions andcommissions of criminals while using computers have not been included. With thelegal recognition of Electronic Records and the amendments made in the severalsections of the IPC vide the IT Act, 2000, several offences having bearing on cyber-arena are also registered under the appropriate sections of the IPC.

As per the report of National Crime Records Bureau, in 2005, a total 179 cases wereregistered under IT Act 2000, of which about 50 percent (88 cases) were related to

Obscene Publications / Transmission in electronic form, normally known as cyberpornography. 125 persons were arrested for committing such offences during 2005.There were 74 cases of Hacking of computer systems during the year wherein 41persons were arrested. Out of the total (74) Hacking cases, those relating toLoss/Damage of computer resource/utility under Sec 66(1) of the IT Act were 44.6percent (33 cases) whereas the cases related to Hacking under Section 66(2) of ITAct were 55.4 percent (41 cases). Tamil Nadu (15) and Delhi (4) registeredmaximum cases under Sec 66(1) of the IT Act out of total 33 such cases at theNational level. Out of the total 41 cases relating to Hacking under Sec. 66(2), most ofthe cases (24 cases) were reported from Karnataka followed by Andhra Pradesh (9)and Maharashtra (8).


22/28

During the year, a total of 302 cases were registered under IPC Sections ascompared to 279 such cases during 2004 thereby reporting an increase of 8.2percent in 2005 over 2004. Gujarat reported maximum number of such cases, nearly50.6 percent of total cases (153 out of 302) like in previous year 2004 followed byAndhra Pradesh 22.5 percent (68 cases). Out of total 302 cases registered under

IPC, majority of the crimes fall under 2 categories viz. Criminal Breach of Trust orFraud (186) and Counterfeiting of Currency/Stamps (59). Though, these offences fallunder the traditional IPC crimes, the cases had the cyber tone wherein computer,Internet or its related aspects were present in the crime and hence they werecategorised as Cyber Crimes under IPC. Out of the 53,625 cases reported underhead Cheating during 2005, the Cyber Forgery (48 cases) accounted for 0.09percent. The Cyber frauds (186) accounted for 1.4 percent out of the total CriminalBreach of Trust cases (13,572).

The Forgery (Cyber) cases were highest in Andhra Pradesh (28) followed by Punjab(12). The cases of Cyber Fraud were highest in Gujarat (118) followed by Punjab(28) and Andhra Pradesh (20). A total of 377 persons were arrested in the countryfor Cyber Crimes under IPC during 2005. Of these, 57.0 percent (215) of total suchoffenders (377) were taken into custody for offences under 'Criminal Breach ofTrust/Fraud (Cyber)', 22.0 percent (83) for Counterfeiting of Currency/Stamps and18.8 percent (71) for offences under Cyber Forgery. The States such as Gujarat(159), Andhra Pradesh (110), Chhattisgarh and Punjab (51 each) have reportedhigher arrests for Cyber Crimes registered under IPC. Bangalore (38), Chennai (20)and Delhi (10) cities have reported high incidence of such cases (68 out of 94 cases)accounting for more than half of the cases (72.3%) reported under IT Act, 2000.Surat city has reported the highest incidence (146 out of 163 cases) of casesreported under IPC sections accounting for more than 89.6 percent.

The latest statistics show that cybercrime is actually on the rise. However, it is truethat in India, cybercrime is not reported too much about. Consequently there is afalse sense of complacency that cybercrime does not exist and that society is safefrom cybercrime. This is not the correct picture. The fact is that people in our countrydo not report cybercrimes for many reasons. Many do not want to face harassmentby the police. There is also the fear of bad publicity in the media, which could hurttheir reputation and standing in society. Also, it becomes extremely difficult toconvince the police to register any cybercrime, because of lack of orientation andawareness about cybercrimes and their registration and handling by the police.

A recent survey indicates that for every 500 cybercrime incidents that take place,only 50 are reported to the police and out of that only one is actually registered.These figures indicate how difficult it is to convince the police to register acybercrime. The establishment of cybercrime cells in different parts of the countrywas expected to boost cybercrime reporting and prosecution. However, these cellshavent quite kept up with expectations.

Netizens should not be under the impression that cybercrime is vanishing and theymust realize that with each passing day, cyberspace becomes a more dangerousplace to be in, where criminals roam freely to execute their criminals intentions

encouraged by the so-called anonymity that internet provides.


23/28

The absolutely poor rate of cyber-crime conviction in the country has also not helpedthe cause of regulating cybercrime. There have only been few cybercrimeconvictions in the whole country, which can be counted on fingers. We need toensure that we have specialized procedures for prosecution of cybercrime cases soas to tackle them on a priority basis,. This is necessary so as to win the faith of the

people in the ability of the system to tackle cybercrime. We must ensure that oursystem provides for stringent punishment of cybercrimes and cyber criminals so thatthe same acts as a deterrent for others.

We can categorize Cyber-crimes in two ways

1.The Computer as a Target: Using a computer to attack other computers; e.g.Hacking, Virus/Worm attacks,DoS attack etc.2.The computer as a weapon: Using a computer to commit real world crimes; e.g.Cyber Terrorism, IPR violations, Credit card frauds, EFT frauds, Pornography etc.

Information Technology Lawyer

An information technology attorney is a professional who handles a variety of legalmatters related to IT. The attorney gets involved in drafting, negotiating, andinterpreting agreements in the areas of software licensing and maintenance, ITconsulting, e-commerce, web site hosting and development, andtelecommunications agreements, as well as handling dispute resolution andassisting with the client's Internet domain name portfolio. An information technologyattorney works with engineering, IT, and other business units and ensures thatcustomer information gathered by company is collected, stored and used incompliance with privacy policies and applicable laws.

Duties also include providing high quality, specialized and practical advice inbusiness-to-business and business-to-consumer arrangements and advising onissues like IT outsourcing arrangements, software and hardware supply andimplementation agreements. An information technology attorney contracts for website developers and consultants in relation to on-line projects. Provides support andmaintains confidentiality/know how agreements. Contracts for Internet serviceproviders and data protection advice. An information technology attorney shouldhave a JD degree or an LL.M degree with admission to the local state bar.


24/28

Hacking

According to section 66 of the IT Act (1)Whoever with the intent to cause orknowing that he is likely to cause wrongfulloss or damage to the public or any persondestroys or deletes or alters anyinformation residing in a computer resourceor diminishes its value or utility or affects itinjuriously by any means, commits hacking.(2)Whoever commits hacking shall be punished with imprisonment up to three years, or with fine which may extend upto two lakh rupees, or with both.

There are 2 elements to this section:-

1. Intention to cause wrongful loss or damage or Knowledge of the likelihood ofwrongful loss or damage

2. Destruction or deletion or alteration of information in a computer Ordiminishingvalue or utility of a computer resourc or injuriously affecting a computer resource

Loss signifies detriment or disadvantage. Loss can be temporary or permanent. Losscan relate to something that the loser hascurrently or is likely to get in the future.This term is bestunderstood through the following illustrations


25/28

INDIAN PENAL CODE

CIVIL LIABILITY UNDER IT ACT,2000

SEC.43 of IT ACT 2000If a person ,without permission of the owner or any other person who is inchargeof a computer,computer system or computer network.

a) Acess or secures access to such computer ,computer system or computernetwork.

b) Download,copies or extracts any data ,computer data base or informationfrom such computer,computer system or computer network includinginformation or data held or stored in any removable storage medium.

c) Introduces or causes to be introduced ,any computer constraints or computervirus into any computer,computer system or computer network

d) Damages or causes to be damaged any computer .computer system orcomputer network,data,computer data base of any other programmes residingin such computer ,computer system or computer network

e) Discharges or causes disruption of any computer ,computer system orcomputer network

f) Denies or causes the denial of accesss to any computer ,computer system orcomputer network by any means

g) Provides any assistance to any person to facilitate access to computer,computer system or computer network in contravention of the provisions ofthis act,rules or regulations made there under.

h) Changes the service availed of by a person to the account of another personby tampering with or manipulating any computer,computer system orcomputer network.


26/28

LIABILITIES UNDER INDIAN PENAL CODE

SEC.405-CRIMINAL BREACH OF TRUST

Whoever being in any manner entrusted with property ,or with any dominationover property,dishonesty,misappropriates,or converts to his own use thatproperty or dishonesty uses or disposes of that property in violation of anydirection of the law prescribing the mode in which such trust is to be discharged ,of any legal contract ,express or implied ,which he was made touching thedischarge of such trust or willfully suffers any other person ,so to do,commitcriminal breach of trust

SEC.441-CRIMINAL TRESPASS

Whoever enters into or upon property in the possession of another with intent tocommit an offence or to intimidate,insult or annoy any person in the possessionof such property, or having lawful entered into or upon such property,unlawfulremains there with intent thereby to intimidate,insult or annoy any such person orwith intent to commit an offence to said to commit criminal trespass

PENALITIES UNDER IT ACT,2000

SEC.66-HACKING WITH COMPUTER

Whoever commits hacking shall be punished with imprisonment upto three years orwith fine which may extend upto two lakh rupees or both.

SEC.72-PENALTY FOR BREACH OF CONFIDENTIALITY AND PRIVACY

If any person who,in pursuance of any power conferred under this act,rules orregulation made thereunder,has secured access to any electronic record,book,register,correspondence,information,document or other material without theconsent of the person concerned discloses such electronic record

book,register,correspondence,information,document,or other material to any otherperson shall be punished with imprisonment for a term which may extend to twoyears ,or with fine which may extend to one lakh rupees,or with both.

SEC.379-PUNISHMENT FOR THEFT

whoever co mmits theft shall be punished with imprisonment of either description fora term which may extend to three years,or with fine,or with both.

Sec.406-Punishment for criminal breach of trust


27/28

whoever commit criminal breach of trust shall be punished with imp risonment ofeither description for a term which may extend to three years or with fine ,or withboth

SEC.447-PUNISHMENT FOR CRIMINAL TRESPASS

Whoever commits criminal trespass shall be punished with imprisonment of either description for a term which may extend to three months ,or with fine which mayextend to five hundred rupees ,or with both.


28/28

Bibliography

1. http://en.wikipedia.org/wiki/Legal_aspects_of_computing2. http://www.cyberlawsindia.net/ 3. http://www.cyberlaws.net/cyberindia/whycyberlaw.htm4. http://whatishacking.org/ 5. http://www.crime-research.org/news/05.05.2004/241/ 6. www.gohacking.com/ 7. http://compnetworking.about.com/od/networksecurityprivacy/f/what-is-

hacking.htm8. http://www.campusactivism.org/html-resource/hackers/section6.html9. http://searchsecurity.techtarget.com/definition/hacker10. http://www.scienzagiovane.unibo.it/english/hackers/1-who.html11. http://www.paulgraham.com/gba.html

12. http://www.brighthub.com/computing/enterprise-security/articles/5299.aspx
http://en.wikipedia.org/wiki/Legal_aspects_of_computinghttp://www.cyberlawsindia.net/http://www.cyberlaws.net/cyberindia/whycyberlaw.htmhttp://whatishacking.org/http://www.crime-research.org/news/05.05.2004/241/http://compnetworking.about.com/od/networksecurityprivacy/f/what-is-hacking.htmhttp://compnetworking.about.com/od/networksecurityprivacy/f/what-is-hacking.htmhttp://compnetworking.about.com/od/networksecurityprivacy/f/what-is-hacking.htmhttp://www.campusactivism.org/html-resource/hackers/section6.htmlhttp://searchsecurity.techtarget.com/definition/hackerhttp://www.scienzagiovane.unibo.it/english/hackers/1-who.htmlhttp://www.scienzagiovane.unibo.it/english/hackers/1-who.htmlhttp://www.paulgraham.com/gba.htmlhttp://www.paulgraham.com/gba.htmlhttp://www.brighthub.com/computing/enterprise-security/articles/5299.aspxhttp://www.brighthub.com/computing/enterprise-security/articles/5299.aspxhttp://www.brighthub.com/computing/enterprise-security/articles/5299.aspxhttp://www.paulgraham.com/gba.htmlhttp://www.scienzagiovane.unibo.it/english/hackers/1-who.htmlhttp://searchsecurity.techtarget.com/definition/hackerhttp://www.campusactivism.org/html-resource/hackers/section6.htmlhttp://compnetworking.about.com/od/networksecurityprivacy/f/what-is-hacking.htmhttp://compnetworking.about.com/od/networksecurityprivacy/f/what-is-hacking.htmhttp://www.crime-research.org/news/05.05.2004/241/http://whatishacking.org/http://www.cyberlaws.net/cyberindia/whycyberlaw.htmhttp://www.cyberlawsindia.net/http://en.wikipedia.org/wiki/Legal_aspects_of_computing

Hacking-PP Document for Jury Final

Documents

Transcript of Hacking-PP Document for Jury Final