Friday, 10 August 2007

What is hacking?

Whenever the word 'Hacking' or 'Hacker' comes to our mind, the picture or the image which is created is that of an intelligent being who is criminal by nature, who attacks other computer systems, damages it, break codes and passwords, send viruses etc. Their mindset are as if the 'hackers' are the computer criminals. They have a very wrong notion in this regard and have a completely negative attitude and utter dislike for the 'Hackers'.

In this regard, the media has wrongly associated the computer criminals as 'Hackers'. The media has played a major role and has its hands behind this creation of negative connotation of the word 'hacker'. General public may spread rumors but it is hard to believe, someone speaking about completely new term, which is also a totally new concept to him.

But the fact is that the terms 'Hacker' and so called 'Computer Criminal' are absolutely two different terms and are not linked with each other in any respect. They speak what they read and listen from others. For this, whenever any cyber crime occurred, by unauthorized use of other computer systems, the news published and delivered in public was by the use of the term 'hacking'. So we can say that it is because of media why people have hatred or negative feeling for the 'hackers'.

Now if such cyber criminals are not hackers then two major question which arises are:

1. Who are Hackers? And,
2. What are such cyber criminals called?

Actually, 'Hackers' are very intelligent people who use their skill in a constructive and positive manner. They help the government to protect national documents of strategic importance, help organizations to protect documents and company secrets, and even sometimes help justice to meet its end by extracting out electronic evidence. Rather, these are people who help to keep computer criminals on the run.

Now dealing with the second part, i.e., what are such cyber criminals called? The actual word for such criminals is not 'hacker' but 'cracker'.

First I would like to explain the term 'Hacker', because there is a great misconception regarding it. Ankit Fadia, who is a great master mind of India in the field of 'Hacking', has said:

"Traditionally, hackers were computer geeks who knew almost everything about computers and were widely respected for their wide array of knowledge. But over the years, the reputation of hackers has been steadily going down. Today, they are feared by most people and are looked upon as icons representing the underground community of our population."

In the light of this general allusion of the term 'hacking', which is generally construed by people, The word 'hacker' can be used to describe all of these: -

1. Code Hackers - They know computers inside out. They can make the computer do nearly anything they want it to.

2. Crackers - They break into computer systems. Circumventing Operating Systems and their security is their favorite past time. It involves breaking the security on software applications.

3. Cyber Punks - They are the masters of cryptography.

4. Phreakers - They combine their in-depth knowledge of the Internet and the mass telecommunications system.

5. Virus Builders - Virus incidents have resulted in significant and data loss at some stage or the other. The loss could be on account of: -
* Viruses - A virus is a program that may or may not attach itself to a file and replicate itself. It can attack any area: from corrupting the data of the file that it invades, using the computer's processing resources in attempt to crash the machine and more.

* Worms - Worms may also invade a computer and steal its resources to replicate themselves. They use the network to spread themselves. "Love bug" is a recent example.

* Trojan horse - Trojan horse is dicey. It appears to do one thing but does something else. The system may accept it as one thing. Upon execution, it may release a virus, worm or logic bomb.

* Logic bomb - A logic bomb is an attack triggered by an event, like computer clock reaching a certain date. Chernobyl and Melissa viruses are the recent examples.

Hacking v/s Cracking
The term hacker is a term used by some to mean 'a clever programmer' and by others, especially journalists or their editors, to mean 'someone who tries to break into computer systems'. Programmers who use their skills to cause trouble, crash machines, release computer viruses, steal credit card numbers, make free long distance calls (the phone system is so much like a computer system that it is a common target for computer criminals), remove copy-protection, and distribute pirated software may also call themselves 'hackers', leading to more confusion. Hackers in the original sense of the term, however, look down on these sorts of activities. Hackers generally deplore cracking. Among the programming community, and to a large extent even amongst the illegal programming community, these people are called 'crackers' and their activities known as 'cracking' to distinguish it from hacking.

A cracker is generally someone who breaks into someone else's computer system, often on a network, bypasses passwords or licenses in computer programs or in other ways intentionally breaches computer security. A cracker can be doing this for profit, maliciously, for some altruistic purpose or cause, or because the challenge is there. Some breaking-and-entering has been done ostensibly to point out weaknesses in a site's security system.

Sending Viruses v/s Hacking
Even though hacking is not at all an offense but if construed in a manner which is generally used by he public the question comes up is that whether sending viruses can be termed as hacking.

The term cracking means, 'illegal access'. Now, 'access' comprises the entering of the whole or any part of a computer system (hardware, components, stored data of the system installed, directories, traffic and content-related data). However, it does not include the mere sending of an e-mail message or file to that system. 'Access' includes the entering of another computer system, where it is connected via public telecommunication networks or to a computer system on the same network, such as a LAN (local area network) or Intranet within an organization. The method of communication (e.g. from a distance, including via wireless links or at a close range) does not matter. So if a virus is send through an e-mail, it is not an illegal 'access' and hence cannot be termed as 'cracking'.

Cyber Hacking
(or rather Cyber Cracking in verity), is one of the Cyber Crimes and Cyber Crime is a universal term that allude to all criminal activities done using the medium of computers, internet, cyber space and the world wide web (www). In India, the law regulating such crimes is the Information Technology Act, 2000 (or the IT Act, 2000). If studied in detail, we will find that there are still many areas in the said Act, which need Amendments. Like, it does not even define the term 'Cyber Crime' and the crimes mentioned in Chap. XI named 'offenses' have been declared penal offenses punishable by imprisonment or fine. Then Sec.66 defines hacking, but it went on defining what is in reality 'cracking'. The definition of hacking provided in Sec.66 of the Act is also very wide and capable of misapplication. There is every possibility of this section being misapplied.

So in light of Sec.66 of the Act read along with this project topic I will now use the words 'Hacking' and 'Cracking' interchangeably as per the demand of the chapter.

Crackers are becoming a peril so uncontrollable that even the largest companies in the world are finding it difficult to cope up with their perpetual attacks. Some crackers just crack systems and gain access to them, for 'fun'. Their intention is not to commit any crime. Now, it is a question of debate whether such act in itself constitutes an offence or not. They may not be brought within the ambit of existing laws because the IT Act uses the word 'destroys or deletes or alters any information' and in this case they just gain access to the system and nothing else. The act of such a cracker can perhaps, most appropriately, be considered in the light of laws relating to criminal trespass.

Trespass to Property
In common language the word 'trespass', means to go on another's property without permission or right. Though it is ordinarily a civil wrong, if trespass is done with criminal intention, it is treated as criminal trespass. The ingredients of the offense of criminal trespass have been laid down under sec.441 of the Indian Penal Code. The object of making trespass a criminal offense is to keep the trespasser away from the premises of individuals so the one may enjoy his/her property uninterrupted by any intruder.

In applying the section to hacking on the Internet, the question which arises is "whether websites are property". Many of the words used to describe websites have a basis in real property: the word 'site' itself is one, as are such expressions as 'home' pages, 'visiting' Websites, 'traveling' to a site and the like. This usage suggests that the trespass action might appropriately be applied to websites as well. That analogies to real property trespass can be made does not suggest, however, that they should be made. The fundamental issue is whether the treatment of websites as property makes sense in light of the justifications for the institution of property generally.

Thus, as trespass actions are stranded in the idea of protecting an owner's control over his property and as even the websites should be considered as a species of property, there is no reason for not allowing a cause of action for 'trespass to websites'.

Mens Rea
The next question that is of importance arises when a cracker has no intention to commit any further crimes. The question is 'whether such cracking is enough to constitute threats or annoyance? Under Indian law it has been clearly laid down in Smt. Mathri v. State of Punjab that for establishing the offense of criminal trespass it is not enough to merely show that the person entering upon the property of another had knowledge that his act would cause annoyance. The rule that a person must be presumed to intend the natural consequences of his act is not a binding rule, if any other intention can be shown. This interpretation may be problematic while dealing with crimes on the Internet.

Liability

There is no doubt as far as liability is concerned when a Cracker is caught. Now this liability can be of two types.
1. Civil Liability
2. Penal Liability

As like in the case of trespass, when just cracking is there by the cracker, it is of a civil nature but once the intention to cause harm or rather damage the system is proved, the liability becomes that of a penal nature.

Now it is not just criminal trespass, which can be done by cracking but cracking may also result in many other crimes which are mentioned in the Indian Penal Code, 1860. Like, if a cracker cracks an e-banking website and transfers money into his own account, this may constitute a crime under Sec.378 of the Penal Code, which in this case may also be termed as Cyber Theft. This kind of act is completely of a penal liability.

In R. v. Gold prestel systems provided it subscribers free e-mail facilities and access to its database. The accused - Gold and Schifreen cracked into its computer and were charged in England under the Forgery and Counterfeiting Act, 1981. They were convicted but the Court of Appeal and the House of Lords as well acquitted them as an instrument was necessary to commit the offence under the said Act, which had to be similar to other examples in the statutory definitions, which were physical objects.

For this, then the Law Commission in England recommended that cracking be made penal and proposed: -
* A broad offense that seeks to deter the general practice of hacking by imposing penalties of a moderate nature on all types of unauthorized access; and

* A narrower but more serious offense imposes much heavier penalties.

Similar considerations apply in our country also. The IT Act tries to achieve this by providing civil and penal consequences for cracking and other wrongful activities. The case concerning Sec.66 of the IT Act, 2000, in India was first lodged in Lucknow in February, 2001.

Interestingly, the victim of the first cyber crime was none other than a police employee. The FIR was lodged by junior engineer, police range, V K Chauhan, whose password for Internet access was hacked and 100 hours of connectivity time exhausted even before he could use it once. The case was registered under Sec.66 of the IT Act.

Interest in Hacking


The effectiveness of a judicial system is anchored by regulations which define every aspect of a system's functioning and primarily, its jurisdiction. A court must have jurisdiction, venue, and appropriate service of process in order to hear a case and deliver an effective judgment. Jurisdiction is the power of a court to hear and determine a case. Without jurisdiction, a court's judgment is futile and impotent. Such jurisdiction is essentially of two types, namely subject matter jurisdiction and personal jurisdiction , and these two must be conjunctively satisfied for a judgment to take effect. It is the presence of jurisdiction that ensures the power of enforcement to a court and in the absence of such power, the decree of a court, is, to say the least, which is of little or of no use. Moreover, only generally accepted principles of jurisdiction would ensures that courts abroad also enforce the orders of other judicial bodies.

The Cyber Crimes like cracking can be seen as multi-jurisdictional because of the ease which a user can access the website from anywhere in the world. It can even be viewed as 'a jurisdictional' in the sense that from the users' perspective as state and national borders are essentially transparent.

The Indian jurisprudence with regard to jurisdiction over the hacking is almost non-existent. In the first place, there has been very few cases or rather only one case regarding hacking, to the best of my knowledge, in India and then secondly, it is an emerging field and that too where the place of action for the dispute is very difficult to decide. But an interesting feature of the IT Act is that it is applicable to offenses and contraventions committed by any person not just in India but also outside India, as per sec.1(2) . This principle has been elaborated in sec.75 of the Act which provides that Indian Courts will have jurisdiction over acts committed outside India as well as over foreigners committing such acts, if the act amounts to an offence or contravention involving a computer, computer system or computer network located in India. Thus the determining factor is the location of computer, computer system or computer network that is involved in an act or transaction.

In India, the court would assume jurisdiction over a defendant, if even a part of the cause of action for the dispute arose within its jurisdiction. Now these may appear to be distinct and disparate points of view but when you get down to examining the essential ingredients that must be fulfilled in order to satisfy the requirements of these principles, there are several similarities between them which may allow the Indian Courts to assume jurisdiction.

First of all, to conclude I would like to state that there are lots and lots of fallacies regarding the term hacking. Even though people are not aware about it today but by the study of various samples and researches made, I have found that it is very rapidly expanding its scope and day by day more and more people are interested in it.

Again it has two aspects. It can help the society to a great extent but it may also prove to be otherwise. In such cases punishments must be proportionate and serve as a sufficient deterrent. As computer data often contain personal information a cracker can also infringe one's right to privacy guaranteed by Art.21 of the Constitution of India.

Cracking can also be taken as an offense under Indian Penal Code. For this there are two types of liabilities, i.e., 'civil' and 'penal'.

Then for deciding the applicability of jurisdiction of a case, the court faces a lot of problem, due to its insensitiveness to local constraints. So, even when inventions and discoveries had widened the scientific horizons, it has also posed new challenges for the legal world. This Information Technology has posed new problems in jurisprudence to which it is very difficult to give a concrete shape.

No comments:

Post a Comment