Hacking
Upcoming SlideShare
Loading in...5
×
 

Hacking

on

  • 9,117 views

 

Statistics

Views

Total Views
9,117
Views on SlideShare
9,111
Embed Views
6

Actions

Likes
6
Downloads
654
Comments
0

2 Embeds 6

http://www.slideshare.net 4
http://www.lastknight.com 2

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Hacking Hacking Presentation Transcript

  • Legal Issues Involving Hacking Seminar on Ethical Hacking Organized By – Integrated Academy of Management & Technology On Saturday, 1 st September, 2007 Presentation By -: Gurpreet Singh, Advocate Amarjit & Associates Suite 404 Law Arcade 18 – Pusa Road New Delhi – 110005 E Mail : [email_address] Web: www.amarjitassociates.com . Copyright Reserved
  • Hackers Vs. Crackers
    • Common Man’s Perspective
    • HACKERS are the good guys who break into a system and then tell the system owner how to prevent other people from getting in
    • CRACKERS are bad guys who break in and do damage
    • Amarjit & Associates, New Delhi
  • Legal Meaning of Hacking
    • According to S. 66, IT Act, 2000
    • “ Whoever with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person destroys or deletes or alters any information residing in a computer resource or diminishes its value or utility or affects injuriously by any means, commits hacking”
    • Amarjit & Associates, New Delhi
  • When Hacking is Said to be Committed
    • “ Hacking” comes in when an unauthorized access to a system is done with an intention of committing further crimes like fraud, misrepresentation, downloading data in order to commit infringement of copyright, accessing sensitive and top secret data from defense etc.
    • Amarjit & Associates, New Delhi
  • Liabilities Under Indian Penal Code
    • Sec. 378 – Theft
    • “ Whoever, intending to take dishonestly any moveable property out of the possession of any person without that person’s consent, moves that property in order to such taking, is said to commit theft”
    • Amarjit & Associates, New Delhi
  • Liabilities Under Indian Penal Code
    • Sec. 405 – Criminal Breach of Trust
    • Whoever, being in any manner entrusted with property, or with any dominion over property, dishonestly misappropriates or converts to his own use that property, or dishonestly uses or disposes of that property in violation of any direction of law prescribing the mode in which such trust is to be discharged, or of any legal contract, express or implied, which he has made touching the discharge of such trust, or wilfully suffers any other person so to do, commits "criminal breach of trust"
    • Amarjit & Associates, New Delhi
  • Liabilities Under Indian Penal Code
    • Sec 441 – Criminal Trespass
    • “ Whoever enters into or upon property in the possession of another with intent to commit an offence or to intimidate, insult or annoy any person in possession of such property,
    • or having lawfully entered into or upon such property, unlawfully remains there with intent thereby to intimidate, insult or annoy any such person, or with intent to commit an offence.
    • is said to commit “criminal trespass”
    • Amarjit & Associates, New Delhi
  • Penalties under IT Act, 2000
    • S. 66 (2) – Hacking with Computer System
    • “ Whoever commits hacking shall be punished with imprisonment up to three years or with fine which may extend upto two lakh rupees, or both.”
    • Amarjit & Associates, New Delhi
  • Penalties under IT Act, 2000
    • S. 72 – Penalty for Breach of Confidentiality and privacy
    • “ If any person who, in pursuance of any powers conferred under this Act, Rules or Regulations made thereunder, has secured access to any electronic record, book register, correspondence, information, document or other material without the consent of the person concerned discloses such electronic record, book, register, correspondence, information, document, or other material to any other person shall be punished with imprisonment for a term which may extend to two years , or with fine which may extend to one lakh rupees, or with both.”
    • Amarjit & Associates, New Delhi
  • Penalties under Indian Penal Code
    • S. 379 – Punishment for Theft
    • “ Whoever commits theft shall be punished with imprisonment of either description for a term which may extend to three years , or with fine, or with both.”
    • Amarjit & Associates, New Delhi
  • Penalties under Indian Penal Code
    • S. 406 – Punishment for criminal breach of trust.
    • “ Whoever commits criminal breach of trust shall be punished with imprisonment of either description for a term which may extend to three years , or with fine, or with both.”
    • Amarjit & Associates, New Delhi
  • Penalties under Indian Penal Code
    • S. 447 – Punishment for criminal trespass
    • “ Whoever commits criminal trespass shall be punished with imprisonment of either description for a term which may extend to three months , or with fine which may extend to five hundred rupees, or with both.”
    • Amarjit & Associates, New Delhi
  • Civil Liability Under IT Act, 2000
    • Sec. 43 Of IT Act, 2000
    • If any person without permission of the owner or any other person who is incharge of a computer, computer system or computer network, — (a) accesses or secures access to such computer, computer system or computer network; (b) downloads, copies or extracts any data, computer data base or information from such computer, computer system or computer network including information or data held or stored in any removable storage medium; (c) introduces or causes to be introduced any computer contaminant or computer virus into any computer, computer system or computer network;
    • Amarjit & Associates, New Delhi
  • Civil Liability Under IT Act, 2000
    • (d) damages or causes to be damaged any computer, computer system or computer network, data, computer data base or any other programmes residing in such computer, computer system or computer network; (e) disrupts or causes disruption of any computer, computer system or computer network; (f) denies or causes the denial of access to any person authorised to access any computer, computer system or computer network by any means; (g) provides any assistance to any person to facilitate access to a computer, computer system or computer network in contravention of the provisions of this Act, rules or regulations made thereunder; (h) charges the services availed of by a person to the account of another person by tampering with or manipulating any computer, computer system, or computer network,
    • he shall be liable to pay damages by way of compensation not exceeding one crore rupees to the person so affected.
  • Hacking Case in Karnataka
    • Background :
    • The complainant approached the police stating that she had been receiving obscene and pornographic material at her e-mail address and mobile phone.  She stated that this person appeared to know a lot about her and her family and believed that her e-mail account had been hacked.
    • Investigation
    • The investigating team  using a different e-mail ID tried to chat with the accused using the complainant’s e-mail ID.  Subsequently the investigating team was able to identify the IP address of the computer system being used and it was tracked to an organization in Delhi.
    • The investigating team visited the company and through its server logs was able to identify the system from which the obscene material was sent.  Using forensic disk imaging and analysis tools the e-mails were retrieved from the system.  The residence of the accused was located and the hard disk of his personal computer was seized.  On the basis of the evidence gathered the accused was arrested.
    • Amarjit & Associates, New Delhi
  • Student Held for ‘Hacking’ Airtel Website
    • The Special Cell of Delhi police last year held a 28-year-old man for allegedly hacking into the website of telecom service provider Airtel and obtaining call details of 26 central government employees including some high-ranking officials
    • According to the police, the accused tried to get call details of 59 officials. He finally got  details of 26 officials and demanded Rs1 crore from the company for not disclosing it.
    • Ankit Srivastava, 29, a PhD student, was arrested from his Gaziabad residence and produced before a city court which remanded him to seven days of police custody.
    • Ankit alleged that Airtel’s complaint against him was a ‘counter move’, after he had lodged an FIR against the company with Senior Superintendent of Police Ghaziabad on June 21 claiming that the company’s system and the data of its subscribers’, was not ‘safe’.
    • Amarjit & Associates, New Delhi
  • IT Manager Sentenced in Hacking Case
    • Mark Erfurt broke into the computer systems of Santa Clara, California's Manufacturing Electronic Sales(MESC)
    • H e deleted data, read e-mail, and downloaded a proprietary database from the network using the PC Anywhere remote control software
    • At the time of the break-in, Erfurt was an employee of an MESC competitor, Centaur
    • "This was a private individual that happened to use a computer system at our office," Centaur said. "We're not involved in this."
    • Amarjit & Associates, New Delhi
  • Monster Case
  • Monster Case
    • The theft of contact information for job seekers in the database of Monster Worldwide Inc was reported last month
    • While investigating the recent theft, the company learned that its Web site had previously been hacked
    • "We're assuming it is a large number. It could easily be in the millions," Iannuzzi said in an interview. To be safe, he said, each Monster.com user should assume that his or her contact information has been taken
    • The company,said last month it would invest $80 million to $100 million over 18 months to improve its technology, will dedicate "a large measure of that money" to fixing the security issue
    • Amarjit & Associates, New Delhi
  • Things to Consider While Opting for “Ethical Hacking”
    • Always Enter Into a Written Contract.
    • Confidentiality Agreement Should be Entered.
    • Back to Back Confidentiality Agreement with Employees of Ethical Hackers.
    • Scope of Hacking to be clearly specified in the Contract.
    • Prohibitions, if any, to be clearly specified.
    • Amarjit & Associates, New Delhi
  • Future References
    • For Updates on Cyber Laws – www.cybersmart.in
    • For Updates on Intellectual Property & Information Technology Laws – www.lawarcade.com
    • For Articles and Regulatory Updates – www.iprfirm.com
    • For any Queries relating to Legal Aspects – www.amarjitassociates.com or
    • E-mail : [email_address]
    • Amarjit & Associates, New Delhi
  • THANKS Gurpreet Singh Suite 404 Law Arcade 18- Pusa Road New Delhi – 110005 Tel: +91 11 28755155, 28752796 Fax: +91 11 28754798 Email : [email_address] Web: www.amarjitassociates.com