Computer hacking laws in india
One cannot really blame the inspector at your neighbourhood for not being too keen on registering a cyber crime case, now can we? Prominent cybercrime cases:. First conviction for a cybercrime in India. A month after the items were delivered to the individual, Sony Entertainment was informed by the credit card agency that the card owner had denied making the purchase.
Luckily, digital photographs taken at the time of delivery were evidence enough for the CBI to convict the individual under several sections of the Indian Penal Code.
First conviction under the IT Act, Obscene and defamatory messages regarding a divorced woman were posted on a Yahoo message group, which resulted in phone calls to the woman in the belief that she was soliciting. Investigating based on a complaint made by the victim in February , the police traced the source of the message to a Mumbai resident who was a family friend of the victim.
He had resorted to harassing the victim as she had rejected his marriage offer. However, the court found the accused guilty based on the statements by the Cyber Cafe owner where the messages originated as well as expert witness provided by Naavi.
Hackers deface the official website of the. Maharashtra Government. Patil stated that, if needed, the government would seek help of private IT experts to find the hackers. Online credit card scam solved; three held guilty. A bank employee who had access to credit card details of the banks customers used them along with two other individuals to book tickets online and sell them to third parties.
According to the information provided by the police, the scam was detected when one of the customers received an SMS alert for purchasing an airline ticket even though he had the card on him and had not used it.
The alert customer immediately informed the bank who then involved the police. I Kate resulted in the arrests of the three involved. Murder solved with aid from MySpace. Whose law applies? A hacker sitting in Iceland may use a proxy in Thailand to hack into servers of the London Stock Exchange. The decentralized nature of the crime makes it that much tougher to demarcate jurisdiction, further compounded by that fact that cyberlaws are not consistent across nations what may be a cybercrime in India may be perfectly legal in Sri Lanka.
For instance, the provisions of the Indian IT Act, applies, not only to the whole of India, but also to offences committed outside outside Indian territory, provided the offence involved a computer, computer system, or computer network located in India.
Where do we go from here? Hacking is a technique of attaining the weak links or flaws in the computer network and thereafter gaining unauthorized access of the computer system to change the settings of the targeted network or computer system.
Hacking in itself is an adverse term and often seen as a criminal act. Nonetheless, an ethical hacker uses those same skills as an unethical hacker but in a legitimate, lawful manner to try to find vulnerabilities and fix them before the bad guys can get there and try to bust in.
A hacker is any skilled computer specialist who uses its technological knowledge to overcome a technical glitch or a problem. Hackers with wicked intent are known as crackers. Hackers may be able or dangerous depending upon the intentions or motivation behind their work. Some of the hackers barge into a system out of wonder and some of the hackers have a reasonable motivation or are authorized by legitimate officials and some of the hackers are appointed for the security of safeguarding the vulnerable data.
Hackers can be classified into the following classes which are listed below:. A black hat hacker is also acknowledged as a cracker, as these kinds of hackers possess a piece of sound knowledge in computer networking, Network protocols, and system administration, but these kind of hackers are a reason for cybercrime as they hack the systems for wrong reasons. A white hat hacker is the opposite version of the Blackhat hacker, these hackers maintain the same amount of knowledge as black hat hackers but they use the information in an ethical way and they are system security professional so known as ethical hackers.
A grey hat hacker is somebody who is among the Black Hat and white hat hacker; the grey hat hacker shows the vulnerabilities of the network system and then may in return offer assistance to fix the loopholes for money. Script kiddle can be described as an amateur hacker who breaks into the system with the help of hacking tools recorded by another hacker.
A hacktivist is a politically motivated hacker, he is equivalent to all other hackers but his aim is to bring public intention to a political matter. Similarly, online pedophiles, using internet to induce minor children into sex, are as much Cybercriminals as any others. Cybercrimes can be basically divided into 3 major categories being Cybercrimes against persons, property and Government. Cybercrimes committed against persons include various crimes like transmission of child-pornography, harassment of any one with the use of a computer such as e-mail, and cyber-stalking.
The trafficking, distribution, posting, and dissemination of obscene material including pornography, indecent exposure, and child pornography, constitutes one of the most important Cybercrimes known today. The potential harm of such a crime to humanity can hardly be overstated. This is one Cybercrime which threatens to undermine the growth of the younger generation as also leave irreparable scars and injury on the younger generation, if not controlled.
Cyber harassment is a distinct Cybercrime. Various kinds of harassment can and does occur in cyberspace, or through the use of cyberspace. Harassment can be sexual, racial, religious, or other. Persons perpetuating such harassment are also guilty of cybercrimes. Cyber harassment as a crime also brings us to another related area of violation of privacy of netizens. Violation of privacy of online citizens is a Cybercrime of a grave nature. No one likes any other person invading the precious and extremely touchy area of his or her own privacy which the medium of Internet grants to the netizen.
The second category of Cybercrimes is that of Cybercrimes against all forms of property. These crimes include unauthorized computer trespassing through cyberspace, computer vandalism, transmission of harmful programs, and unauthorized possession of computerized information. Hacking and cracking are amongst the gravest Cybercrimes known till date.
It is a dreadful feeling to know that a stranger has broken into your computer systems without your knowledge and consent and has tampered with precious confidential data and information. Coupled with this , the actuality is that no computer system in the world is hacking proof. It is unanimously agreed that any and every system in the world can be hacked. The recent denial of service attacks seen over the popular commercial sites like E-bay, Yahoo, Amazon and others are a new category of Cybercrimes which are slowly emerging as being extremely dangerous.
Using one's own programming abilities as also various programmes with malicious intent to gain unauthorized access to a computer or network are very serious crimes. Similarly, the creation and dissemination of harmful computer programs or virus which do irreparable damage to computer systems is another kind of Cybercrime. Software piracy is also another distinct kind of Cybercrime which is perpetuated by many people online who distribute illegal and unauthorised pirated copies of software.
The third category of Cybercrimes relate to Cybercrimes against Government. Cyber Terrorism is one distinct kind of crime in this category. The growth of Internet has shown that the medium of Cyberspace is being used by individuals and groups to threaten the international governments as also to terrorise the citizens of a country. Since Cybercrime is a newly specialised field, growing in Cyberlaws, a lot of development has to take place in terms of putting into place the relevant legal mechanism for controlling and preventing Cybercrime.
As of now, there is absolutely no comprehensive law on Cybercrime any where in the world. This is reason that the investigating agencies like FBI are finding the Cyberspace to be an extremely difficult terrain. These various Cybercrimes fall into that grey area of Internet law which is neither fully nor partially covered by the existing laws and that too in some countries. The case of the virus "I love you" demonstrates the need for having cyberlaws concerning Cybercrimes in different national jurisdictions.
It is worth noting that the IT Act contains a non-obstante clause in section 81, stating that provisions of any other statute that may be inconsistent with those of the IT Act are overridden by the IT Act. However, the IT Amendment Act clarifies that this does not restrict any person from exercising any rights conferred under the Copyright Act, , or the Patents Act, There are no industry- or sector-specific statutes making direct reference to cybersecurity requirements for operators of essential services or critical infrastructure.
However, various national and industry bodies, some of which are established and empowered by statute, oversee cyber-hygiene and maintain industry standards. The framework requires all banks to adhere to strict cybersecurity and data protection guidelines. Generally speaking, the RBI sets the minimum standards and norms for banks and non-banking finance companies, and other lenders and payment services.
Similarly, the Indian Medical Council issues guidelines for the protection and security of health and medical data and ethical practices by physicians and medical services providers and oversees adherence thereto. If so, please describe what measures are required to be taken.
The IT Act requires all data processors, controllers and handlers to be bound by obligations of transparency, have a lawful basis for the processing of data and adhere to purpose limitation and data retention requirements. The legislation does not prescribe specific measures to be taken for monitoring, detection, prevention or mitigation of Incidents. If so, please provide details of: a the circumstance in which this reporting obligation is triggered; b the regulatory or other authority to which the information is required to be reported; c the nature and scope of information that is required to be reported; and d whether any defences or exemptions exist by which the organisation might prevent publication of that information.
Any individual, organisation or corporate entity affected by cybersecurity Incidents may report the Incident to Cert-In. The Annexure to the Rules identifies certain Incidents that shall be mandatorily reported to Cert-In as soon as possible.
These are as follows:. Rule 12 also requires service providers, intermediaries, data centres and bodies corporate to report cybersecurity Incidents to CERT-In within a reasonable time in order to facilitate timely action. The Cert-In website provides methods and formats for reporting cybersecurity Incidents and provides information on vulnerability reporting and Incident response procedures. If so, please provide details of: a the circumstance in which this reporting obligation is triggered; and b the nature and scope of information that is required to be reported.
The legislation mandates only reporting Incidents to the relevant authorities. There are no obligations to voluntarily report Incidents to affected individuals or third parties. Rule 5 6 of the Information Technology Reasonable Security Practices and Procedures and Sensitive Personal Data or Information Rules mandates that the body corporate or any person on its behalf must permit data principals to review any information they may have provided to an organisation or body corporate that is processing said data.
The Personal Data Protection Bill , which was tabled in Parliament as of December but has not yet passed into law, will broaden the scope of this right for data principals. The Bill provides the data principal with the option to obtain from the data fiduciary in a clear and concise manner, confirmation of whether its personal data is being or has been processed and a brief summary of processing activities.
Arguably, when this information is solicited, the organisation in question is obligated to include any information with regard to an Incident if it directly affects the individual requesting this information.
The Bill states that the data principal shall also have the right to access in one place the identities of the data fiduciaries with whom their personal data has been shared, along with the categories of such personal data. The Ministry of Electronics and Information Technology specifies the functions of the agency as follows:.
Pursuant to the IT Act, any person aggrieved by an order made by the Controller of Certifying Authorities or by an adjudicating officer under this Act may prefer an appeal before the CAT. The CAT is headed by a chairperson who is appointed by the central government by notification, as provided under Section 49 of the IT Act Before the IT Amendment Act, the chairperson was known as the presiding officer.
Provisions have been made in the amended Act for CAT to comprise a chairperson and such a number of other members as the central government may notify or appoint. Section 70B 7 of the IT Amendment Act states that any service provider, intermediaries, data centres, body corporate or person who fails to provide the information called for or to comply with the directions of CERT-In under section 70B 6 shall be punishable with imprisonment for up to one year or a fine of INR ,, or both.
Section 44 b of the IT Act states that if a person who is required to furnish information under this Act or rules or regulations made thereunder fails to do so, he shall be liable to a penalty not exceeding INR , for each failure.
This section also states that if a person who is required to furnish information fails to do so within a time period specified by the Authority, he shall be liable to a penalty not exceeding INR 5, for each day of delay until the failure continues. Section 45 of the IT Act also provides for a residual penalty.
0コメント