Saturday, January 1, 2011

HACKING AND CYBER CRIMES: Some basic facts about Hacking,Cyber Crimes&its Legal Regulation

HACKING &CYBER CRIMES: Some basic facts about, Hacking,cyber &its Legal Regulation 

What is hacking?

'Hacking'  means to steal precious information about a person or institution and sometimes use these information against us.

What hackers do?

    * Steal and delete files
    * Load dangerous programs onto your PC.
    * Involve you in cyber crimes.

How does hacker operate?

1. Hackers look for easy targets and find out information about them and their systems.

2. Breaking into your system.

3. Getting authority to control everything on your system.

4. Hiding the evidence of their break-in.

5. They load programs and passwords on your PC to give them easy access in the future.

What action to be taken, if our IP is hacked?

  *Conduct internal enquiry whether some known person has helped by supplying information like I.P address for committing cyber crime for undue gain.
  *Wait for cyber police to visit your computer lab for gathering evidence

Whom to report the hacking? Where to report? 

 *Investigating Authority :These issues are handled by C.B.I, Cyber Crime Cell and Cyber Crime Research &Development Unit and state police headed by a Dy S.P rank officer*.who will coordinate &liaise. Report the matter to nearest Cyber Crime Cell for necessary action under the provisions of Information Technology Act, 2000(Section 65-66) and under the provisions of Indian Penal Code, 1872. (Section 420).

 *Information Technology Amendment Act, 2008 is passed  and received the Hon’ble president assent and relevant rules were framed in 2009, in this amended provision Inspector of Police(C.I) can investigate the cyber crime ] was notified on 27th Oct,2009.

 *If no cyber Crime Cell exists, lodge a complaint before the concerned Dy. Superintendent of Police of the District.

As per Information Technology Act, 2000{as amended in 2008}, the act extents to whole of India, it also envisages any offences or contravention there under committed outside India by any person including a foreign national. any person irrespective of his territorial location and nationality using a computer located in India to commit an offence or contravention outside India is also liable under the Information Technology Act.

From this an inference can be drawn that if somebody sitting in USA hacks our web site in India or spreads virus in a computer system in India, that person will be liable to be prosecuted under the I T Act, 2000[as amended in 2008]

*Competent Court: 
The Information Technology Act also provides for the establishment of appellate tribunals known as Cyber Regulations Appellate Tribunal* (CRAT) .It provides that any person who is aggrieved by an order made by the Controller or Adjudicating officer may file an appeal with the CRAT*. The CRAT is required to follow the principles of natural justice in deciding matters and has the same powers as are vested in the civil court under the Code of Civil Procedure, 1908.

  *These courts are in formative stage.

* Liability of Network Provider

 Network Service provider is the person who is an intermediary dealing in transmission of information from one party to another. It may be a web space provider or a web-site owner. A network service provider is considered to be liable for the information provided by the third party through the service provider unless he is able to prove that he had exercised all due diligence to prevent the commission of such offence or contravention. So, report the matter to the Internet Service Provider about the hacking immediately on occurrence.

What points to be covered in complaint/statement of witness?

*Draft a complaint in simple language covering all facts and answering questions like where, when, what, how, who etc.
*When it was hacked?
*What is the extent of hacking?

*Report about the hacking P.C by loading dangerous programs [virus].
* Report about the hacker deleting files.
*Report about involvement of hacker by using your I.P address.
*How much is the effect of hacking? The Extent of damage to institution‘s revenue.

*It is advisable to carry all documents about P.C and Internet Provider registration. [Important documents about institution activities]
1. Your internet connection registration details.
2.Your internet connections bills payment.
3.Any complaints lodged with Internet service       provider about high browsing  bills.
4. Any other specific documents [threat e-mails].
5. Suspected personnel names. If any.
6. Statements of witnesses.

What cyber crime cells do?

 * Take the complaint.
 * Gather all evidences like use of I.P address.
 *Make list of possible suspects associated with organization for undue gain.
 * Questioning the suspects.
 * Take attendance details.
 *Take information about the employees seating arrangement and operating P.C
 *Take machines [PC’s] for forensic lab for processing by experts.

How case is processed?

*Initially, Police register the case of cyber crime and visit the scene of offences.
 *Start gathering all evidence.
 *Record the statement under provisions of Section 161, Cr.PC.
  *Collect all material objects like P. C [hardware] for further processing.
  *Questioning the suspects.
  *Pin down the suspect basing on preliminary investigation.

What defenses are available to cyber criminals?

    * Feign  ignorance of crime committed.
    * Pleading the ignorance of computer expertise.
    * Plead Alibi.
    * Shifting the blame on others.

How to prevent cybercrimes? What precautions/steps to be taken to prevent hacking/cyber crime.

Tips in nutshell:

 *It is advisable to use firewalls[Firefox Mozilla], if you have DSL or a cable modem

  *Never open emails sent by unknown persons.

  * Keep regular backups of all your important files.

  *Regularly update the anti-virus software programs along with other applications.
*Appoint experts IT security professionals, who have taken formal embedded system training, network security training or information security training to ensure security to your network system.

 *It is advisable to turn off computers not in use. This is especially important,if you have an "always on" type of connection.

 *Don't visit chat rooms unless they are closed and you know the chat room administrator [unknown user can know your I.P address and it is easy to hack]

*Change your passwords frequently. [Strong password with numeric values +alphabets+ character example : *&1234abcd]

*Develop a consciousness amongst the employees about the need for security and an understanding of what could happen if a disastrous hacking takes place for lack of security culture 

* Find out the potential weaknesses in your system with the help of anti- hacking software.

*Carry out regular backups of your data and test the backups to ensure they are in good working condition.

*If necessary store the backup files off line for ensuring security.

*Strictly maintain the documents about computer usage.

*Encrypt the data, with the help of encrypting software, which carry important details about your company that are in transit mode such as email messages traveling in and out of the business.

*Regularly update the software programs you are using to ensure that the security patches are installed properly and all default passwords have been reset.

About the Author 
M Ravi Kumar  B.A,LL.M

Advocate,A.P High Court&Former Legal Consultant ,A.P Women Commission ,Hyderabad ,A.P

Note:This is only informative piece of articles with inputs drawn from different website sources
Post a Comment

Total Pageviews

Follow by Email