Ethical Hacking and Law

Updated on 9th December 2020
By sumita
4 Minutes Read
166 Views

Hacking – It sounds curious to the tech-savvy youth. Many of them do wish to learn hacking for fun, to satisfy their ego, to steal/damage someone’s data, or for joblessness. While Hacking is a serious crime, most of them might not be aware of the consequences of committing one knowingly or unknowingly.

Hacking is not limited to stealing personal details, harming the data or hardware resources, fraudulent financial transactions. It also has different offline mechanisms such as calling the victims on mobile and trying to convince them to get his/her details, financial details by impersonating as an official call. This is just the beginning to the planned damage. Recently, a web series called Jamtara on Netflix has presented these crimes based on real events.

The novice hacker often commits the crime thinking that he knows all tricks to hide in the hacking activities. There are various tools and techniques to hack anonymously. However, the law enforcing bodies do hire ethical hackers who are skilled to trace hacker’s details. Though it is difficult to investigate the crime, ethical hackers get support from ISP (Internet Service Providers) to track.

Types of hackers

There are many names given to hackers depending on the target they try to achieve. The most popular type of hackers are listed below

Black Hat, White Hat, Grey Hat hacker

  1. Black Hat Hackers are those bad guys who do all the criminal activities such as stealing data or locking, damaging data, financial damage, reputation damage, etc.

Different types of crimes Black hat hackers do:

  • Steal personal details of customers of a well-known company to leak it on the dark web for monetary benefits
  • Encrypt important files/data of the company and then blackmail by demanding a ransom to restore original files
  • Spreading viruses, malware to gain unauthorized access to computers and computer networks
  • Steal financial details of individuals to withdraw money fraudulently
  • Gain remote access to an individual’s computer or a smartphone

 

  1. White Hat Hackers or Ethical Hackers are the good guys who are recruited by the law enforcing agencies to help in criminal investigations or cyber-attacks. They are also hired by organizations to do penetration testing. i.e, to intentionally attack their own systems with permission to test how secured the organization’s systems are against the cyber threats, discover vulnerabilities, security loopholes in the system.

 

  1. Gray Hat Hackers are the ones who still steal or gain unauthorized access to data for fun or test their capabilities, but they don’t intend to damage. They are not so bad as they don’t damage, but are bad because they don’t have permission from the organization.

 

Law

India has laws under IPC and IT Act to penalize cyber criminals. While the law also protects ethical hackers. 

The IT Act has sections 43 and 66 to penalize hacking activities including spreading viruses, gaining unauthorized access to computers and networks, stealing data, deny access to computer systems to authorized persons, etc. The punishment for these offenses is imprisonment up to 3 years or a fine of Rs. 5 lacs or both.

IT Act section 66B prescribes punishment for dishonestly receiving stolen computer resources or communication devices. Punishment for this offense is imprisonment up to 3 years or a fine of up to Rs. 1 lac or both. 

IT Act section 66C is for identity theft and cheating by personation.

There are various other laws that exist in the IT Act and IPC which are explained in detail here at mondaq.

The crime of hacking could be as small as just stealing personal details but can go as serious as to destroy the data, make financial damages, reputational damages to individuals/companies or worst bring damages to national sovereignty, the security of the country. The intensity of the punishment for the crime depends on the seriousness of the crime.

Case study: In 2018, there was a crime committed by a DRDO employee. He was in fact honey-trapped by the Pakistani hackers by communicating with him on Facebook and later making him reveal sensitive details of national defense which he knew as part of his employment at DRDO. This is an example of a very serious crime as it might lead to compromises in national security.

The internet technology is so vast that very few skillful do get successful in hacking without getting identified or making investigation difficult. Anyone trying to involve in intended or unintended hacking activities should be aware of the law around it.

 

Ethical Hacking

Contrary to hacking, there is a legal profession called Ethical Hacking. An ethical hacker is a skilled and hacking enthusiast who is hired by Government agencies for helping out in solving crime investigations, or by private organizations to help them protect their data against cyber attacks.

Why learn Ethical Hacking

Cybersecurity is one of the hot areas in IT that every other company sought after. It is critical for every company and government organizations to protect their systems against cyber attacks. While some are business-critical, there are life-critical systems too which can not afford to be attacked.

There is a deficit in the supply of ethical hacking professionals in the industry. Thus the pay for skillful ethical hackers is high.

Where to learn Ethical Hacking

While there are various ways online resources to learn Ethical hacking and get certified, universities are offering Masters’s degree courses in Cyber Forensics. One should have strong skills in programming in Python, Bash scripting., computer networking concepts, operating systems internals, and various tools. Most important, curious, and crazy nature to think out of the box.

Few online resources to learn ethical hacking:

Apart from the above list, you can also learn Ethical Hacking from PurpleSynapz. This course is designed by my teammate Murali who has been praised by many students for his excellent skills Ethical Hacking – Red Team Essentials (purplesynapz.com) 

Some of the certifications are:

  • CEH – Certified Ethical Hacking from EC Council (www.eccouncil.org)
  • OSCP – Offensive Security Certified Professional
  • GIAC Penetration Tester

 

Sumita Narshetty
Sumita Narshetty
Security Researcher at QOS Technology

Leave a Reply

Your email address will not be published. Required fields are marked *

Learn Check Point, Red Team Skills, Wireshark, OSSIM, and Splunk from certified and top-rated security practitionersEnroll Now
+