Dr.

RAM MANOHAR LOHIYA NATIONAL LAW

UNIVERSITY

Final Draft

2020-21

SUBJECT: CYBER LAW

CYBER HACKING IN INDIA

Submitted to: Submitted by:

Dr. Amandeep Singh Aniket Sachan

Assistant Professor (Law) Enrolment ID-170101028

RMLNU Section-A

Page | 1
 ACKNOWLEDGEMENT

This is to acknowledge that I, Aniket Sachan, Enrolment number-170101028, BA.LLB 7TH

SEMESTER has made this project work entitled “CYBER HACKING IN INDIA”. This
submission is done by me under the guidance of Dr. Amandeep Singh and Dr. Shakuntla,
assistant professors of CYBER LAW at RMLNLU. The project is original and has been carried
out with the help of research. The study of this project shall involve doctrinal research
methodology. Study of this project has been done through articles, magazines, journals and
internet databases. Thus, I am thankful to my teacher for giving me this opportunity and
providing all kind of help to me in finishing it. Last but definitely not the least I would like to
thank my family and friends for providing the necessary things and help for completing the
project on time.

Page | 2
 CONTENTS
Introduction ................................................................................................................................ 4

Hacking in India Hacker Vs Cracker ......................................................................................... 5

The liability of the cracker ......................................................................................................... 6

 Civil liability ................................................................................................................... 6

 Penal liability .................................................................................................................. 6

Laws on hacking in India ........................................................................................................... 7

Cases on Cyber Hacking in India............................................................................................... 7

 Syed Asifuddin and Ors. v The State of Andhra Pradesh And Anr. ............................... 7

 Nirav Navinbhai Shah & 4 ors. v State of Gujarat and Anr ........................................... 8

 State v/s Amit Prasad ...................................................................................................... 9

PHENOMENON OF CYBER CRIMES AND OTHER ECONOMIC OFFENCES IN

RELATION TO ONLINE BANKING ...................................................................................... 9

How to file a complaint about hacking .................................................................................... 10

Statistics relating to cyber crime .............................................................................................. 11

Conclusion ............................................................................................................................... 12

Page | 3
 Introduction
The hacker culture began in the 1960s and 1970s as an intellectual movement: exploring the
unknown and doing what others cannot. Many hacker subcultures developed independently
and in parallel at various universities throughout the United States: Stanford, MIT, CalTech,
Carnegie Mellon, UC Berkeley, and many others. The completion of the ARPANET linked
these campuses and they were able to share their collective experiences, their knowledge,
humor and skills. Together, they formed the first hacker culture. Many hackers began as expert
programmers: programming gurus like Richard M. Stallman, founder of the Free Software
Movement, and Linus Torvalds, creator of the Linux kernel. These programmers were able to
found new loosely-connected organizations that would push the boundaries of accepted
software engineering, and also technology. These figures serve to popularize the efforts of
hacking to a society increasingly focused on computing. In the realm of computer security,
with the advent of ubiquitous networking, a distinction began to form between two groups: the
so-called black hat and white hat hackers. The black hat culture is known for flouting authority
and embracing anarchy, committing acts of mischief and malice and knowingly breaking and
entering secured systems—these are the hackers most often seen in the news and popular
culture. The white hats, the "ethical hackers", focus on other aspects of the hacker ethic: they
seek to understand, to satiate curiosity, and to inform. While it is intractable to provide even a
definite definition of "hacker" due to the constant merging and fracturing of the English
language, the Word "Hacker" was coined by Carmelo Kintana as to use a computer science
metaphor.1 The word “hacker” acts as a pointer to three different groups of people, the expert
programmers, the black hats, and the white hats.

As the country progresses towards a digital age where everything would be available with the
click of a button, the threat of data and private information being stolen has constantly been
disturbing. It is ironical to see that the most trusted source of information and a store for data
can turn out to be a wide platform for some to steal information. The Information and
Technology Act, 2000 (IT Act) covers all types of cyber crime committed in the country
including hacking.

1
Abhishek Jaiswal, “Cyber Hacking Laws In India” <http://www.legalservicesindia.com/articles/cyhac.htm&gt;
assessed on 2 nd November’19.

Page | 4
Hacking earlier used to refer to a crime under section 43 of the IT Act but at the same time,
ethical hacking or better known as white collar hacking was considered legal. Ethical hacking
is also being taught by various professionals at schools and colleges. So a need was felt to
differentiate between good and bad hacking. Under the amendment IT Act in 2008, the word
‘hacker was removed from the act. The reason for the same was that ethical hacking is taught
by a lot of professionals at various schools and colleges, and colleges cannot teach anything
illegal. So the same word should not be used. The amendment rephrased section 66 and section
43 by removing the word hacking from the Act2. It means unauthorized control/access over
computer system and act of hacking completely destroys the whole data as well as computer
programmes. Hackers usually hacks telecommunication and mobile network.

Unauthorized access means any kind of access without the permission of either of the rightful
or person in charge of the computer, computer system or computer network. Hacking means
an illegal intrusion into a computer system and/or network. Every act committed towards
breaking into a computer and/or network is hacking. Hackers write or use ready-made
computer programs to attack the target computer. Some hackers hack for personal monetary
gains, such as stealing the credit card information, transferring money from various bank
accounts to their own account followed by withdrawal of money. Government websites are the
most targeted sites for the hackers.3

Hacking in India: Hacker Vs Cracker

There is a very slight line of demarcation drawn between the two words- hacking and cracking
after the amendment of the IT act in 2008. Hackers are those people who are very good at
computer programming and use their skills in a constructive way to help the government and
various other organizations to protect their important information and company secrets. They
try to discover loopholes in the software and find reasons for the same. They constantly try to
improve the programs to improve the programming. They never intentionally damage the data.
Whereas cracker is the one who intentionally breaks into the computer programs of others
without having the authority to do so and has a malicious intention to harm the network
security. However, there is a huge misconception about the two and both the terms are used
interchangeably in today’s context even when they mean different.

2
Sylvine. “Laws Against Hacking In India”(Oct. 30, 2020 19:34 PM), https://blog.ipleaders.in/laws-hacking-
india/.
3
Akbar Khan, Cyber Crimes and Cyber Torts: A Comparative and Analytical Perspective, 24 ALJ (2016-17) 93.

Page | 5
 The liability of the cracker
 Civil liability
Section 43A of the IT Act deals with the civil liability of cyber offenders. The section deals
with the compensation that should be made for failure of protection of the date. This was
introduced under the amendment of the act in 2008. The corporate responsibility for data
protection is greatly emphasized by inserting Section 43A whereby corporate are under an
obligation to ensure adoption of reasonable security practices. Further, what is sensitive
personal data has since been clarified by the central government vide its Notification dated 11
April 2011 giving the list of all such data which includes password, details of bank accounts or
card details, medical records, etc.

 Penal liability
Penal liability of cracking arises when the intention or the liability of the cracker to harm the
system or steal any important information gets established. If the cracker only trespasses the
system without any intention to harm, it only remains a form of civil liability under section
43A. The criminal trespass can also result in other penal activities punishable under Indian
Penal Code like cyber theft that can be punishable under section 378 of Indian Penal Code.

Essentials of hacking under section 66

Intention-whoever with a malicious intention breaks into the computer of the other to tamper
or steal the data or destroy it has a wrong intention.

A wrongful act or damage to the data or tries to diminish the value of the data will cover under
hacking.4

Section 66-Computer related offences. -If any person, dishonestly or fraudulently, does
any act referred to in section 43, he shall be punishable with imprisonment for a term,
which may extend to three years or with fine, which may extend to five lakh rupees or
with both.

4
Prof. (Dr.) K.P.S. Mahalwar, Praveen Kumar and Varun Kumar, Crimes and the Law: Evaluation of the
Information Technology, (2011).

Page | 6
 Laws on hacking in India
Section 43 and section 66 of the IT Act cover the civil and criminal offenses of data theft or
hacking respectively. Under section 43, a simple civil offense where a person without
permission of the owner accesses the computer and extracts any data or damages the data
contained therein will come under civil liability. The cracker shall be liable to pay
compensation to the affected people. Under the ITA 2000, the maximum cap for compensation
was fine at Rs. One crore. However, in the amendment made in 2008, this ceiling was removed.
Section 43A was added in the amendment in 2008 to include corporate shed where the
employees stole information from the secret files of the company.

Section 66B covers punishment for receiving stolen computer resource or information. The
punishment includes imprisonment for one year or a fine of rupees one lakh or both. Mens rea
is an important ingredient under section 66A. Intention or the knowledge to cause wrongful
loss to others i.e. the existence of criminal intention and the evil mind i.e. concept of mens rea,
destruction, deletion, alteration or diminishing in value or utility of data are all the major
ingredients to bring any act under this Section.

The jurisdiction of the case in cyber laws is mostly disputed. Cyber crime does not happen in
a particular territory. It is geography less and borderless. So it gets very difficult to determine
the jurisdiction under which the case has to be filed. Suppose a person works from multiple
places and his data gets stolen from a city while he resides in someother city, there will be a
dispute as to where the complaint should be filed.

Cases on Cyber Hacking in India

 Syed Asifuddin and Ors. v The State of Andhra Pradesh5
These two petitions are filed by different persons under section 482 of Code of Criminal
Procedure, 1973 (Cr. P.C.) seeking similar relief. Both the matters were admitted on the same
day and since then both the matters are being disposed of as such, this common order covers
both the matters. The petitioners in both the matters seek the relief of quashing FIR registered
under section 409, 420 and 120B of Indian Penal Code, 1860 (for short, IPC), Section 65 of
the Information Technology Act, 2000 and section 63 of the copyright Act, 1957.

5
Syed Asifuddin and Ors. v The State of Andhra Pradesh, 2005 CriLJ 4314.

Page | 7
The main allegation against the petitioners is that the MIN of Reliance phone is irreversibly
integrated with ESN and the petitioners hacked ESN so as to wean away RIM customer to
TATA Indicom service. The question is whether the manipulation of this electronic 32-bit
number (ESN) programmed into Samsung N191 and LG-2030 cell phone instrument
exclusively franchised to second respondent amounts to altering source code used by these
computer handsets i.e., cell phone instruments. In the background facts, a question would also
arise whether such alteration amounts to hacking with computer system? If the query answered
in the affirmative, it is always open to the police to alter the FIR or it is always open to the
criminal Court to frame a charge specifically with regard to hacking with computer system,
which is an offence under Section 66 of the It Act. At this stage, we may read Sections 65 and
66 of the IT Act.

 Nirav Navinbhai Shah v. State of Gujarat6

The applicants, original accused in crime were registered for offences punishable under
sections 381, 408, 415, 418, 420 read with sections 34 and 120B of the Indian Penal Code and
section 66 and 72 of the Information Technology Act, 2000 have preferred this application
under section 482 of the Code of Criminal Procedure 1973 for quashing of FIR. The case
mainly premised on the grounds that the facts and allegation leading to lodging FIR show that
the real dispute was a civil dispute and as the same has been amicably settled between the
parties, no useful purpose would be served in continuing the criminal proceedings, rather
continuation of same would be counter productive to the interest of justice.

The compliant also does not contain any essential ingredient for maintaining criminal
proceeding for the alleged offences. As it’s stated in the arguments of the learned counsels that
the parties have filed civil suits also in respect of the same dispute. The entire dispute between
the parties is resolved by amicable settlement. The alleged hacking is perpetrated on the
Complainants computer system only which said to have data pertaining to its client. The
Counsels have submitted that on same of the web sites these data are already available. The
dispute appears to be private in nature. The offence alleged is not strictly affecting or infringing
any other individual or citizen. Thus looking to the nature of the disputes, it can well be said
that continuation of the same is not in interest of justice. It was held that the FIR deserve to be
quashed in the interest of justice.

6
Nirav Navinbhai Shah v State of Gujarat, Criminal Misc. Application No. 10291 of 2006.

Page | 8
  State v/s Amit Prasad
State v/s Amit Prasad, was India's first case of hacking registered under Section 66 of the
Information Technology Act 2000. A case with unique facts, this case demonstrated how the
provisions of the Indian Cyber law could be interpreted in any manner, depending on which
side of the offence you were on.

PHENOMENON OF CYBER CRIMES AND OTHER ECONOMIC

OFFENCES IN RELATION TO ONLINE BANKING

Hacking in simple terms means an illegal intrusion into a computer system and/or network.
There is an equivalent term to hacking i.e. cracking, but from Indian Laws perspective there is
no difference between the term hacking and cracking. Every act committed towards breaking
into a computer and/or network is hacking. Hackers write or use ready-made computer
programs to attack the target computer. They possess the desire to destruct and they get the
kick out of such destruction. Some hackers hack for personal monetary gains, such as to
stealing the credit card information, transferring money from various bank accounts to their
own account followed by withdrawal of money. They extort money from some corporate giant
threatening him to publish the stolen information which is critical in nature. Government
websites are the hot targets of the hackers due to the press coverage, it receives. Hackers enjoy
the media coverage. A total of 112 government websites in India were hacked from December
to February, a federal minister said on March 13th, reflecting India's continuing problem with
online security. CBI website hacked by 'Pak Cyber Army' and IMD-Kolkata's webpage, was
also hacked.7

Hacktivists launch politically motivated attacks on public web pages or e-mail servers. The
hacking groups and individuals, or Hacktivists, overload e-mail servers by sending massive
amounts of e-mail to one address and hack into web sites to send a political message.
Employees that steal confidential information and trade secrets account for thirty-five percent
of the theft of proprietary information.8 In fact, data suggests that serious economic losses
linked to computer abuse have been and continue to be attributed to current and former
employees of the victimized organization rather than to outside hackers with modems.

7
NDTV, CBI Website hacked by Pak Cyber Army, (Nov. 2, 2020 20:24 PM), https://www.ndtv.com/india-
news/cbi-website-hacked-by-pak-cyber-army-441049.
8
NDTV, CBI Website hacked by Pak Cyber Army, (Nov. 2, 2020 20:24 PM), https://www.ndtv.com/india-
news/cbi-website-hacked-by-pak-cyber-army-441049.

Page | 9
“Recreational hackers” break into computer networks for the thrill of the challenge or for
bragging rights in the hacking community. While hacking once required a fair amount of skill
or computer knowledge, the recreational hacker today can now download attack scripts and
protocols from the Internet and launch them against victim sites with little knowledge of the
systems they are attacking.9 There are countless web sites on the Internet that provide
“newbies” (inexperienced hackers, or “wannabes”) with detailed instructions on hacking
techniques and downloadable, do-it-yourself hacking tools.10 Cyber crimes in form of
Economic offences and Online banking Money is the most common motive behind all crime.
In terms of financial value it is as big as illegal drugs trade. In 2011 USD $388 Billion lost due
to Cyber Crime.

How to file a complaint about hacking

A complaint about the cyber crime can be filed at any cyber cell globally. There are various
cyber crime cells in India; a complaint can be filled at any of these.

Firstly write an application to the head of the cyber cell department and the complaint should
contain the name, address, e-mail and telephone number.

Secondly, submit the following documents with the cell-

a) Server logs- log files that get automatically with the server when files are opened. It saves
a list of activities performed on day to day basis.
b) Hardcopy and soft copy of the defected material- all the material that has been tempered
with by the hacker needs to be submitted with the cyber cell as evidence. A hard copy of
the original web pages and the defaced ones- copies of both the original and defaced
material should be submitted so that it makes the work easy to locate the defaced or
tampered material.
c) If there is any suspicion on any person, a list of the suspects should also be given for further
reference that could help the cyber cell in investigation

There have been numerous hacking attacks on Indian government websites where state
government websites or defense websites have been hacked. Some time back, the Principal
Comptroller of defense accounts website was hacked due to which defense officials could not

9
Internet Security Systems, (Nov. 2, 2020, 18:36 PM),
http://www.iss.net/customer_care/resource_center/whitepapers.
10
Hackers learn hacking techniques from a variety of sources, hacking web sites such as
<http://www.flashback.se> and <http://www.lopht.com>

Page | 10
access their salary information. The government, to reduce hacking of precise work, has agreed
to the proposal of DEITY, which is the department of information and technology to stop using
popular email ids for official purpose and has sanctioned a budget of Rs. 100 cores to safeguard
the data. The websites of state governments have also been hacked in the past. In the infamous
case of Amit Tiwari, who was a global hacker, he has hacked more than 950 accounts
since 2003 and was caught by the police only in 2014. This shows the lack of evidence and
the difficulty in arresting a hacker.

Statistics relating to cyber crime

As per the report of National Crime Records Bureau, in 2005, a total 179 cases
were registered under the IT Act, 2000, of which about 50% (88 cases) were related to obscene
publications/transmission in electronic form, normally known as cyber pornography. There
were 74 cases of hacking of computer systems during the year wherein 41 persons were
arrested. Out of the total (74) hacking cases, those relating to loss/damage of computer
resource/utility under Section 66(1) of the IT Act were 44.6% (33 cases) whereas the cases
related to hacking under Section 66(2) of the IT Act were 55.4% (41 cases).

The latest statistics show that cyber crime is actually on the rise. However, it is true that in
India, cyber crime is not reported too much about. Consequently, there is a false sense of
complacency that cyber crime does not exist and that society is safe from cyber crime. This is
not the correct picture. The fact is that people in our country do not
report cyber crimes for many reasons. Many do not want to face harassment by the police.
There is also the fear of bad publicity in the media, which could hurt their reputation. Also, it
becomes extremely difficult to convince the police to register any cyber crime, because of lack
of orientation, awareness about cyber crimes and their registration and handling by the police.

A recent survey indicates that for every 500 cyber crime incidents that take place, only 50 are
reported to the police and out of that only one is actually registered. These figures indicate how
difficult it is to convince the police to register a cyber crime. The establishment of cyber crime
cells in different parts of the country was expected to boost cyber crime reporting and
prosecution. However, these cells have not quite kept up with expectations. Citizens should not
be under the impression that cyber crime is vanishing and they must realise that with each
passing day, cyberspace becomes a more dangerous place to be in.

The absolutely poor rate of cyber crime conviction in the country has also not helped the cause
of regulating cyber crime. There have only been few cyber crime convictions in the whole

Page | 11
country, which can be counted on fingers. We need to ensure that we have specialised
procedures for prosecution of cyber crime cases so as to tackle them on a priority basis. This
is necessary so as to win the faith of the people in the ability of the system to tackle cyber crime.

Conclusion
The new legislation, which can cover all the aspects of the cyber crimes, should be passed so
the grey areas of the law can be removed. The recent blasts in Ahmedabad, Bangalore and
Delhi reflect the threat to the mankind by the cyberspace activities and against this we believe
that only the technology and its wide expansion can give strong fight to the problems. The
software’s easily available for download should be restricted by the Government by
appropriate actions. New amendment should be included to the IT Act, 2000 to make it efficient
and active against the crimes. The training and public awareness programs should be organised
in the companies as well as in common sectors. The number of the cyber cops in India should
be increased. The jurisdiction problem is there in the implementation part which should be
removed because the cyber criminals do not have any jurisdiction limit then why do the laws
have, after all the laws are there, to punish the criminal but present scenario gives them the
chance to escape.

Today in the present era there is a need to evolve a “cyber-jurisprudence” based on which
“cyber ethics” can be evaluated and criticised. Further, there is a dire need for evolving a code
of ethics on the cyberspace and discipline. The Information Technology Act, 2000 was passed
when the country was facing the problem of growing cyber-crimes. Since the internet is the
medium for huge information and a large base of communications around the world, it is
necessary to take certain precautions while operating it. Therefore, in order to
prevent cyber crime, it is important to educate everyone and practice safe computing.

There is no doubt that hacking poses a serious threat to the virtual world. Not many people in
the country are aware of this theft. There needs to be more awareness in the country regarding
hacking and cracking. The laws made by the government are stringent but lack a bit of
enforceability and awareness in the society. Most of the minor cases of hacking go unnoticed
because people abstain from filing cases for petty crimes even when there is harsh punishment
for it. Since hacking can happen anywhere in the world, it gets tough for the police to trace him
and punish him in another country. The punishment can also be a bit harsher to prevent people
from indulging in such acts.

Page | 12