cyber hacking
TRANSCRIPT
THE CONCEPTUAL VIEW OF CYBER HACKING UNDER THE
CYBER LAW REGIME
Meaning of Hacking
Hacking (English verb to hack, singular noun a hack) refers to
the re-configuring or re-programming of a system to function in ways
not facilitated by the owner, administrator or designer. The term(s) have
several related meanings in the technology and computer science fields,
wherein a "hack" may refer to a clever or quick fix to a computer
program problem, or to what may be perceived to be a clumsy or
inelegant (but usually relatively quick) solution to a problem
The terms "hack" and "hacking" are also used to refer to a
modification of a program or device to give the user access to features
that were otherwise unavailable, such as DIY circuit bending. It is from
this usage that the term "hacking" is often incorrectly used to refer to
more nefarious criminal uses such as identity theft, credit card fraud or
other actions categorized as computer crime there being a distinction
between security breaking and hacking, a better term for security
breaking would be "cracking.”1
Meaning of Computer Hacking
1 http://en.wikipedia.org/wik/Hack_(technology)
Computer hacking is broadly defined as intentionally accesses a
computer without authorization or exceeds authorized access.
Various state and federal laws govern computer hacking.
Cyber Hacking of Unique Identification Data in India2
India seems to be following the hit and trial method for some of the most
crucial projects in India. The end result is obvious, i.e., wastage of
crores of public money and violation of civil liberties of the Indian
Citizens.
India is notoriously infamous for creating authorities and agencies
without any legal sanction and framework. Surprisingly, a majority of
them pertains to law enforcement and intelligence agencies like CBI, IB,
RAW, etc. What India is actually doing is using administrative circulars
and executive orders to give legitimacy to these institutions. Why these
circulars and orders have still not been declared “unconstitutional” by
Indian judiciary is still a bigger mystery?
The latest in the league is the Unique Identification Authority of India
(UIAI) managing the proposed Unique Identification Cards for Indian
citizens. Where is that authority, what are its rules and regulations, what
legal framework is supporting it, what are the legal and technical
2 Information collected from the Internet : http://Inav.wordpress.com
safeguards available for the possible misuse of the same, etc are some of
the questions that would always vex the Indians.
It seems India has developed a habit of constituting “multiple agencies”
without and legal framework and sanctions. This would result in more
troubles than solutions. None can dispute that the unique identification
number’s database is too precious to be handled so casually.
On the front of security and safety of unique identification number’s
database, even Nandan Nilekani has accepted these concerns to be
“legitimate one”. For instance, it would be a big task to secure such
database from possible hacking and free from any misuse.
Invasion of Privacy of Indian citizens by Indian Government and its
Agencies is certainly going to be there in future. This is more so when
the Indian Government has openly declared its Policy to adopt endemic
surveillance and e-surveillance over Indian citizens. The Indian
Government would spend 800 Crores hard earned public money for
tapping all phones in real time. Ironically, Indian citizens’ money would
be used against Indian only and that also in an illegal and
unconstitutional manner.
With the “Judicial Silence Strategy” adopted by the Delhi High Court
and Supreme Court of India, the fate of the already scarce Privacy and
Data Protection Rights in India is going to face extermination. It would
be a good idea to call for explanation form Indian Government and
stressing upon establishment of proper safeguards before departing with
any sensitive information to the Unique Identification Authority of India
(UIAI).
Cyber Hacking : A Legal Overview
Whenever the word 'Hacking' or 'Hacker' comes to
our mind, the picture or the image which is created is
that of an intelligent being who is criminal by nature, who
attacks other computer systems, damages it, break codes
and passwords, send viruses etc. Their mindset are as if
the 'hackers' are the computer criminals. They have a
very wrong notion in this regard and have a completely
negative attitude and utter dislike for the 'Hackers'.
In this regard, the media has wrongly associated the
computer criminals as 'Hackers'. The media has played a
major role and has its hands behind this creation of
negative connotation of the word 'hacker'. General public
may spread rumours but it is hard to believe, someone
speaking about completely new term, which is also a
totally new concept to him.
But the fact is that the terms 'Hacker' and so
called 'Computer Criminal' are absolutely two different
terms and are not linked with each other in any respect.
They speak what they read and listen from others. For
this, whenever any cyber crime occurred, by
unauthorised use of other computer systems, the news
published and delivered in public was by the use of the
term 'hacking'. So we can say that it is because of media
why people have hatred or negative feeling for the
'hackers'.
Now if such cyber criminals are not hackers then two
major question which arises are:
1. Who are Hackers? And,
2. What are such cyber criminals called?
Actually, 'Hackers' are very intelligent people
who use their skill in a constructive and positive manner.
They help the government to protect national documents
of strategic importance, help organisations to protect
documents and company secrets, and even sometimes
help justice to meet its end by extracting out electronic
evidence. Rather, these are people who help to keep
computer criminals on the run.
Now dealing with the second part, i.e., what are such
cyber criminals called? The actual word for such criminals
is not 'hacker' but 'cracker'.
First let us explain the term 'Hacker', because there is a
great misconception regarding it. Hackers are generally
computer programmers who maintain network systems,
secure documents, etc. So anyone who has a good hand
on computer programming can be termed as 'hacker' in
general.
Ankit Fadia, who is a great master mind of India in the
field of 'Hacking', has said:
"Traditionally, hackers were computer geeks who knew
almost everything about computers and were widely
respected for their wide array of knowledge. But over the
years, the reputation of hackers has been steadily going
down. Today, they are feared by most people and are
looked upon as icons representing the underground
community of our population."
Types of Cyber Hackers
In the light of this general allusion of the term 'hacking',
which is generally construed by people, The word 'hacker'
can be used to describe all of these: -
1. Code Hackers - They know computers inside out.
They can make the computer do nearly anything they
want it to.
2. Crackers - They break into computer systems.
Circumventing Operating Systems and their security is
their favourite past time. It involves breaking the security
on software applications.
3. Cyber Punks - They are the masters of cryptography.
4. Phreakers - They combine their in-depth knowledge
of the Internet and the mass telecommunications system.
5. Virus Builders - Virus incidents have resulted in
significant and data loss at some stage or the other. The
loss could be on account of: -
* Viruses - A virus is a programme that mayor may not
attach itself to a file and replicate itself. It can attack any
area: from corrupting the data of the file that it invades,
using the computer's processing resources in attempt to
crash the machine and more.
* Worms - Worms may also invade a computer and steal
its resources to replicate themselves. They use the
network to spread themselves. "Love bug" is a recent
example.
* Trojan horse - Trojan horse is dicey. It appears to do one
thing but does something else. The system may accept it
as one thing. Upon execution, it may release a virus,
worm or logic bomb.
* Logic bomb - A logic bomb is an attack triggered by an
event, like computer clock reaching a certain date.
Chernobyl and Melissa viruses are the recent examples.
The Federal Computer Fraud and Abuse Act provides in part
as follows:
"(a) Whoever--
1. having knowingly accessed a computer without authorization
or exceeding authorized access, and by means of such
conduct having obtained information that has been
determined by the United States Government pursuant to an
Executive order or statute to require protection against
unauthorized disclosure for reasons of national defense or
foreign relations, or any restricted data, as defined in
paragraph of Section 11 of the Atomic Energy Act of 1954,
with reason to believe that such information so obtained
could be used to the injury of the United States, or to the
advantage of any foreign nation, willfully communicates,
delivers, transmits, or causes to be communicated, delivered,
or transmitted, or attempts to communicate, deliver, transmit
or cause to be communicated, delivered, or transmitted the
same to any person not entitled to receive it, or willfully
retains the same and fails to deliver it to the officer or
employee of the United States entitled to receive it;
2. intentionally accesses a computer without authorization or
exceeds authorized access, and thereby obtains--
A. information contained in a financial record of a
financial institution, or of a card issuer as defined in
section 1602(n) of title 15, or contained in a file of a
consumer reporting agency on a consumer, as such
terms are defined in the Fair Credit Reporting Act (15
U.S.C. 1681 et seq.);
B. information from any department or agency of the
United States; or
C. information from any protected computer if the conduct
involved an interstate or foreign communication;
3. intentionally, without authorization to access any nonpublic
computer of a department or agency of the United States,
accesses such a computer of that department or agency that is
exclusively for the use of the Government of the United
States or, in the case of a computer not exclusively for such
use, is used by or for the Government of the United States
and such conduct affects that use by or for the Government of
the United States;
4. knowingly and with intent to defraud, accesses a protected
computer without authorization, or exceeds authorized
access, and by means of such conduct furthers the intended
fraud and obtains anything of value, unless the object of the
fraud and the thing obtained consists only of the use of the
computer and the value of such use is not more than $5,000
in any 1-year period;
A. knowingly causes the transmission of a program,
information, code, or command, and as a result of such
conduct, intentionally causes damage without
authorization, to a protected computer;
B. intentionally accesses a protected computer without
authorization, and as a result of such conduct,
recklessly causes damage; or
C. intentionally accesses a protected computer without
authorization, and as a result of such conduct, causes
damage;
5. knowingly and with intent to defraud traffics (as defined in
section 1029) in any password or similar information through
which a computer may be accessed without authorization, if--
(a)trafficking affects interstate or foreign commerce; or
such computer is used by or for the Government of the
United States; with intent to extort from any person, firm,
association, educational institution, financial institution,
government entity, or other legal entity, any money or
other thing of value, transmits in interstate or foreign
commerce any communication containing any threat to
cause damage to a protected computer; shall be punished
as provided in subsection (c) of this section. (b) Whoever
attempts to commit an offense under subsection (a) of this
section shall be punished as provided in subsection (c) of
this section. (c) The punishment for an offense under
subsection (a) or (b) of this section is--
A. a fine under this title or imprisonment for not more than
ten years, or both, in the case of an offense under
subsection (a)(1) of this section which does not occur
after a conviction for another offense under this section,
or an attempt to commit an offense punishable under
this subparagraph; and
B. a fine under this title or imprisonment for not more than
twenty years, or both, in the case of an offense under
subsection (a)(1) of this section which occurs after a
conviction for another offense under this section, or an
attempt to commit an offense punishable under this
subparagraph; and
(A) a fine under this title or imprisonment for
not more than one year, or both, in the case of
an offense under subsection (a)(2), (a)(3), (a)
(5)(C), or (a)(6) of this section which does not
occur after a conviction for another offense
under this section, or an attempt to commit an
offense punishable under this subparagraph;
and
i. the offense was committed for purposes of
commercial advantage or private financial
gain;
ii. the offense was committed in furtherance of
any criminal or tortious act in violation of
the Constitution or laws of the United States
or of any State; or
iii. the value of the information obtained
exceeds $5,000;
(B) a fine under this title or imprisonment for
not more than 5 years, or both, in the case of
an offense under subsection (a)(2), if--
(C) a fine under this title or imprisonment for
not more than ten years, or both, in the case of
an offense under subsection (a)(2), (a)(3) or
(a)(6) of this section which occurs after a
conviction for another offense under this
section, or an attempt to commit an offense
punishable under this subparagraph; and
(A) a fine under this title or imprisonment for
not more than five years, or both, in the case
of an offense under subsection (a)(4), (a)(5)
(A), (a)(5)(B), or (a)(7) of this section which
does not occur after a conviction for another
offense under this section, or an attempt to
commit an offense punishable under this
subparagraph; and (B) a fine under this title or
imprisonment for not more than ten years, or
both, in the case of an offense under
subsection (a)(4), (a)(5)(A), (a)(5)(B), (a)(5)
(C), or (a)(7)of this section which occurs after
a conviction for another offense under this
section, or an attempt to commit an offense
punishable under this subparagraph; and
[former paragraph (4) stricken effective Oct.
11, 1996].
The United States Secret Service shall, in
addition to any other agency having such
authority, have the authority to investigate
offenses under subsections (a)(2)(A), (a)(2)
(B), (a)(3), (a)(4), (a)(5), and (a)(6) of this
section. Such authority of the United States
Secret Service shall be exercised in
accordance with an agreement which shall be
entered into by the Secretary of the Treasury
and the Attorney General."
The Inter-relationship between Hacking and Cracking
The term hacker is a term used by some to mean
'a clever programmer' and by others, especially
journalists or their editors, to mean 'someone who tries
to break into computer systems'. Programmers who use
their skills to cause trouble, crash machines, release
computer viruses, steal credit card numbers, make free
long distance calls (the phone system is so much like a
computer system that it is a common target for
computer criminals), remove copy-protection, and
distribute pirated software may also call themselves
'hackers', leading to more confusion. Hackers in the
original sense of the term, however, look down on these
sorts of activities. Hackers generally deplore cracking.
Among the programming community, and to a large
extent even amongst the illegal programming
community, these people are called 'crackers' and their
activities known as 'cracking' to distinguish it from
hacking.
A cracker is generally someone who breaks into someone
else's computer system, often on a network, bypasses
passwords or licenses in computer programs or in other
ways intentionally breaches computer security. A cracker
can be doing this for profit, maliciously, for some
altruistic purpose or cause, or because the challenge is
there. Some breaking-and-entering has been done
ostensibly to point out weaknesses in a site's security
system.
Even though hacking is not at all an offence but if
construed in a manner which is generally used by he
public the question comes up is that whether sending
viruses can be termed as hacking.
The term cracking means, 'illegal access'. Now,
'access' comprises the entering of the whole or any part
of a computer system (hardware, components, stored
data of the system installed, directories, traffic and
content-related data). However, it does not include the
mere sending of an e-mail message or file to that system.
'Access' includes the entering of another computer
system, where it is connected via public
telecommunication networks or to a computer system on
the same network, such as a LAN (local area network) or
Intranet within an organisation. The method of
communication (e.g. from a distance, including via
wireless links or at a close range) does not matter. So if a
virus is send through an e-mail, it is not an illegal 'access'
and hence cannot be termed as 'cracking'.
Cyber Hacking (or rather Cyber Cracking in
verity), is one of the Cyber Crimes and Cyber Crime is a
universal term that allude to all criminal activities done
using the medium of computers, internet, cyber space
and the world wide web (www). In India, the law
regulating such crimes is the Information Technology Act,
2000 (or the IT Act, 2000). If studied in detail, we will find
that there are still many areas in the said Act, which need
Amendments. Like, it does not even define the term
'Cyber Crime' and the crimes mentioned in Chap. XI
named 'offences' have been declared penal offences
punishable by imprisonment or fine. Then Sec.66 defines
hacking, but it went on defining what is in reality
'cracking'. The definition of hacking provided in Sec.66 of
the Act is also very wide and capable of misapplication.
There is every possibility of this section being misapplied.
Crackers are becoming a peril so uncontrollable
that even the largest companies in the world are finding
it difficult to cope up with their perpetual attacks. Some
crackers just crack systems and gain access to them, for
'fun'. Their intention is not to commit any crime. Now, it is
a question of debate whether such act in itself constitutes
an offence or not. They may not be brought within the
ambit of existing laws because the IT Act uses the word
'destroys or deletes or alters any information' and in this
case they just gain access to the system and nothing
else. The act of such a cracker can perhaps, most
appropriately, be considered in the light of laws relating
to criminal trespass.
Is Trespass to Property : Hacking or not ?
In common language the word 'trespass', means to
go on another's property without permission or right.
Though it is ordinarily a civil wrong, if trespass is done
with criminal intention, it is treated as criminal trespass.
The ingredients of the offence of criminal trespass have
been laid down under sec.441 of the Indian Penal Code.
The object of making trespass a criminal offence is to
keep the trespasser away from the premises of
individuals so the one may enjoy his/her property
uninterrupted by any intruder.
In applying the section to hacking on the Internet, the
question which arises is "whether websites are property".
Many of the words used to describe websites have a basis
in real property: the word 'site' itself is one, as are such
expressions as 'home' pages, 'visiting' Websites,
'travelling' to a site and the like. This usage suggests that
the trespass action might appropriately be applied to
websites as well. That analogies to real property trespass
can be made does not suggest, however, that they should
be made. The fundamental issue is whether the
treatment of websites as property makes sense in light of
the justifications for the institution of property generally.
Thus, as trespass actions are stranded in the idea of
protecting an owner's control over his property and as
even the websites should be considered as a species of
property, there is no reason for not allowing a cause of
action for 'trespass to websites'.
The Liability of the Cyber Hacker in the act of Cyber
Hacking
There is no doubt as far as liability is concerned when
a Cracker is caught. Now this liability can be of two types.
1. Civil Liability
2. Penal Liability
As like in the case of trespass, when just cracking is there
by the cracker, it is of a civil nature but once the intention
to cause harm or rather damage the system is proved,
the liability becomes that of a penal nature.
Now it is not just criminal trespass, which can be done by
cracking but cracking may also result in many other
crimes which are mentioned in the Indian Penal Code,
1860. Like, if a cracker cracks an e-banking website and
transfers money into his own account, this may constitute
a crime under Sec.378 of the Indian Penal Code, which in
this case may also be termed as Cyber Theft. This kind of
act is completely of a penal liability.
In R. v. Gold, prestel systems provided it subscribers free
e-mail facilities and access to its database. The accused -
Gold and Schifreen cracked into its computer and were
charged in England under the Forgery and Counterfeiting
Act, 1981. They were convicted but the Court of Appeal
and the House of Lords as well acquitted them as an
instrument was necessary to commit the offence under
the said Act, which had to be similar to other examples in
the statutory definitions, which were physical objects.
For this, then the Law Commission in England
recommended that cracking be made penal and
proposed: -
* A broad offence that seeks to deter the general practice
of hacking by imposing penalties of a moderate nature on
all types of unauthorized access; and
* A narrower but more serious offence imposes much
heavier penalties.
Similar considerations apply in our country also. The IT
Act tries to achieve this by providing civil and penal
consequences for cracking and other wrongful activities.
The case concerning Sec.66 of the IT Act, 2000, in India
was first lodged in Lucknow in February, 2001.
Interestingly, the victim of the first cyber crime was none
other than a police employee. The FIR was lodged by
junior engineer, police range, V K Chauhan, whose
password for Internet access was hacked and 100 hours
of connectivity time exhausted even before he could use
it once. The case was registered under Sec.66 of the IT
Act.
The effectiveness of a judicial system is anchored
by regulations which define every aspect of a system's
functioning and primarily, its jurisdiction. A court must
have jurisdiction, venue, and appropriate service of
process in order to hear a case and deliver an effective
judgement. Jurisdiction is the power of a court to hear
and determine a case. Without jurisdiction, a court's
judgement is futile and impotent. Such jurisdiction is
essentially of two types, namely subject matter
jurisdiction and personal jurisdiction, and these two must
be conjunctively satisfied for a judgement to take effect.
It is the presence of jurisdiction that ensures the power of
enforcement to a court and in the absence of such power,
the decree of a court, is, to say the least, which is of little
or of no use. Moreover, only generally accepted principles
of jurisdiction would ensures that courts abroad also
enforce the orders of other judicial bodies.
The Cyber Crimes like cracking can be seen as multi-
jurisdictional because of the ease which a user can
access the website from anywhere in the world. It can
even be viewed as 'a jurisdictional' in the sense that from
the users' perspective as state and national borders are
essentially transparent.
The Indian jurisprudence with regard to jurisdiction over
the hacking is almost non-existent. In the first place,
there has been very few cases or rather only one case
regarding hacking, to the best of my knowledge, in India
and then secondly, it is an emerging field and that too
where the place of action for the dispute is very difficult
to decide. But an interesting feature of the IT Act is that it
is applicable to offences and contraventions committed
by any person not just in India but also outside India, as
per Sec.1(2) . This principle has been elaborated in
Sec.75 of the Act which provides that Indian Courts will
have jurisdiction over acts committed outside India as
well as over foreigners committing such acts, if the act
amounts to an offence or contravention involving a
computer, computer system or computer network located
in India. Thus the determining factor is the location of
computer, computer system or computer network that is
involved in an act or transaction.
In India, the court would assume jurisdiction over a
defendant, if even a part of the cause of action for the
dispute arose within its jurisdiction. Now these may
appear to be distinct and disparate points of view but
when you get down to examining the essential
ingredients that must be fulfilled in order to satisfy the
requirements of these principles, there are several
similarities between them which may allow the Indian
Courts to assume jurisdiction.
First of all, to conclude I would like to state that there are
lots and lots of fallacies regarding the term hacking. Even
though people are not aware about it today but by the
study of various samples and researches made, I have
found that it is very rapidly expanding its scope and day
by day more and more people are interested in it.
Again it has two aspects. It can help the society to a great
extent but it may also prove to be otherwise. In such
cases punishments must be proportionate and serve as a
sufficient deterrent. As computer data often contain
personal information a cracker can also infringe one's
right to privacy guaranteed by Art. 21 of the Constitution
of India.
Cracking can also be taken as an offence under Indian
Penal Code. For this there are two types of liabilities, i.e.,
'civil' and 'penal'.
Then for deciding the applicability of jurisdiction of a
case, the court faces a lot of problem, due to its
insensitiveness to local constraints. So, even when
inventions and discoveries had widened the scientific
horizons, it has also posed new challenges for the legal
world. This Information Technology has posed new
problems in jurisprudence to which it is very difficult to
give a concrete shape.
IS HACKING AN OFFENCE UNDER THE INDIAN LAW ?
After the Recent Amendments in the Information Technology Act of
2000, the scope has been widened. Under the Indian Law by virtue of
Sections 43 and Sections 66 of the Act, which talks about Penalties and
Compensation for damage to computer, computer system, etc and
Computer related offences respectively. So, it can be easily identifiable
that yes hacking is an offence in India under the terms of Information
Technology Act, and Section 66 clearly lays down, “If any person,
dishonestly or fraudulently, does any act referred to in Section 43, he
shall be punishable with imprisonment for a term which may extend to
three years or with fine which may extend to five lakh rupees or with
both.”3
14 CASE LAWS RELATING TO CYBER HACKING
Case Laws on Hacking
There are very few cases on Hacking around the world, let alone a
selected few in India. There exists the case of DPP v. Bignell4, here two
police officers were charged for using the police national computer to
gain access to details of motor cars for private purposes and they were
charged with unauthorized access to computer material. Their appeal
was allowed by the Crown Court and later confirmed by the QB
Divisional Court. It was observed that the police officers were entitled to
access such computer information as part of their normal duties thereby
decided that no offence had occurred. Another case is of Nirav
Navinbhai Shah and Others. V/s. State of Gujarat and Another5, here it
was alleged that hacking was done with a computer system and that the
accused has stolen important data, the court held that the complainant
does not contain any essential ingredient for maintaining criminal
proceedings for the alleged offence which resulted in the quashing of the
FIR has the defense submitted that the alleged material that has been
said to be stolen exists on other sites and the courts believed that the
3 http://www.mediaverso.com/cyber-hacking-welcome-to-the-21st-century.html4 1998 1 Cr App R 85 Criminal Miscellaneous Application No. 10291 of 2006 decided on 28.09.2006
offence alleged is not strictly affecting or infringing any individual or
citizen, so the continuation of the same is not in interest of justice and
the dispute is resolved by amicable settlement.
15. THE SECURITY MEASURES THAT PREVENT CYBER
HACKING
There are various security measures that can prevent cyber
hacking.6 They are as follows :
Passwords
Passwords are one of the earliest “devices” developed in the main-frame
environment to prevent access to intruders. Hacker dictionary
programme helps in finding out the password. The comprehensive
hacker dictionary programmes combined with high speed of computers
make breaking of common passwords possible within minutes or hours.
These security breaches can be detected even by an ordinary security
program.7
Firewalls
Firewalls create a ‘wall’ of protection between a network and possible
intruders. It was developed in the mid 1980s by the American
Department of Defence for protecting classified documents from being
6 Cyber Law in India – Law on the Internet : Dr. Farooq Ahmed – Page No. 3357 Winn Schwartau New keys to Network Security, INFO World, may 15,1995, at 51.
accessed or leaked.8 Firewalls prevent information from exiting or
entering a firm’s computer or LAN via a modern. If firewall is
configured to accept and process only a particular request of specified
addressees, it will not accept any other request of the person whose
address does not figure in the specified address.9
Encryption
Encryption refers to any algorithm applied to an electronic record that
converts plaintext into cyhertext, rendering it meaningless for all except
the one who has a key to decrypt it. Encryption technology has
significantly increased the security on-line commerce. Initially, most
secure systems used single key algorithm but now public key/private key
encryption technology is used which is now considered as a practical
solution for secure Internet transactions.10
Digital Signatures
Digital signatures are now considered a part of legal infrastructure in the
information security field.11 These digital signatures help in signer
authentication, document authentication affirmative acts signifying a
signature and efficacy.
8 Gary H. Authes, Hackers Stay a Step Ahead, COMPUTERWORLD, Oct. 17, 1994, at 14.9 Michael Rustad and Lori. E. Eisenschmidt, The Commercial Law of Internet Security, High Technology Law Journal (Vol. 10:2) 1995 at 22710 See Bruce Schneier, Applied Cyrptography 273-74 (1994)11 See American Bar Association Digital Signature Guidelines Draft July 26, 1995
Clipper Chip
Clipper Chip is used to prevent cellular based security breaches. It is a
single key based algorithm SKIPJACK. It is a Government sponsored
designed by the American National Security Agency (NSA) with a sole
object to prevent private parties from using encrypted cellular-based
communications for illegal purposes.12 The Chipper Chip has two keys
which are of two parts, to be kept with two different Government
departments.13 The law enforcement officers would be able to decode
the clipper encrypted communications with the help of secret keys.
Routers or Gateways
A router is a device that employs special communication protocols. A
gateway is either hardware or software that is used to translate protocols
between two or more systems. Routers or gateways filter messages
which are destined for recipients outside the local network and receive
messages from remote networks to be delivered locally on the LAN.
These help in detecting errors with the help of additional protocols.
12 Privacy Issues in the Telecommunications Industry : Testimony before the Subcomm on Technology and the Law of the Sennate Comm on the Judiciary 103d Cong. 2d Sess (1994)13 The departments are : Treasury Department’s Automated Systems Division and Commerce Departments’ NIST
Conclusion
The concept of hacking is seen as one of the gravest cyber
crimes in India. It is one of the noteable and most common form of
cyber crimes easily recognized under law attracting criminal action.
Though we have many security agencies to protect hacking in the cyber
world, much needs to be done in the changing era of times when it
comes to cyber crime is concerned. In the world of cyber crimes and
cyber hacking in particular, evil bytes are fast replacing whizzing
bullets. The Indian authorities are aware of the fight ahead. But the
future does not look optimistic, shares experts. Life is about a mix of
good and evil. So is the Internet. For all the good it does us, cyberspace
has its dark sides too. Unlike conventional communities though, there
are no policemen patrolling the information superhighway, leaving it
open to everything from Trojan horses and viruses to cyber stalking,
trademark counterfeiting and cyber terrorism. Awareness is very much
important, and any matter should be reported at once. More importantly,
users must try and save any electronic information trail on their
computers. That's all one can do, then, until laws become more stringent
or technology more advanced.
The cyber crimes in general have become a biggest problem in
this whole world and is increasing day by day, precise from my paper,
and the offenders are out of the reach of the punishment due to which it
has put forth a new challenge to the whole world as well as to our
country.
Suggestions
Many countries in the world have come up with new law to deal with
cyber crimes and India has passed a law controlling all kinds of cyber
crimes including cyber hacking under the Information Technology Act
of 2000. Inspite of coming this effective law the offenders are out of
reach of the police as it is committed online by simply sitting on the net
and unnecessarily causing illegal computer hacking in India. Our
country’s police face so many problems to trace the offenders and
ultimately in large number of cases they failed to catch the offender. The
reason behind such failure is lack of competence amongst the police
officers and ignorance of cyber crime, cyber hacking and cyber world.
They are well educated in this field due to which all such problem
comes.14
Our government should recruit and appoint competent persons to deal
with such matters and should also setup a new department where such
type of cases can be registered and immediate action with skilled and
effective team can be taken.
The new legislation which can cover all the aspects of the Cyber Crimes
(especially cyber hacking) should be passed so the grey areas of the law 14 Information collected from a website : http : // airwebworld.com
can be removed. Moreover, I personally believe that only the technology
and its wide expansion can give strong fight to the problems. The
software’s are easily available for download should be restricted by the
Government by appropriate actions. New amendments to curb cyber
hacking should be included to the Information and Technology Act,
2000 to make it efficient and active against the crimes. The training and
public awareness programs should be organized in the Companies as
well as in common sectors. The number of the cyber cops in India
should be increased. The jurisdiction problem is there in the
implementation part which should be removed because the cyber
criminals engaging in cyber hacking does not have any jurisdiction limit
then why do the laws have, after all they laws are there, to punish the
criminal but present scenario gives them the chance to escape.