Showing posts with label hacking. Show all posts
Showing posts with label hacking. Show all posts

Sunday, September 2, 2018

5 key factors about hacking and the laws

CYBER CRIME AGAINST WOMEN BY DEBARATI HALDER

Photo curtsy: Google 

Hacking is undoubtedly one of the worst issues that one wants to deals with. Often I get to see women complaining about hacking of their social media accounts, people including men and women fearing about and getting victimized by way of hacking of their email accounts , net banking profiles and overall, the computer devices. New netizens are more prone to getting victimized by hacking; so are their parents if these netizens are pre-teens or teenagers. It is important to know some key factors which are associated with hacking. These are as below:
The five key factors which everyone should know about hacking:
1.    The term hacking is not defined in any uniform style. Different researchers have defined hacking in different ways. All most all academic definitions have indicated that computer hacking or cyber hacking may mean unauthorized access to the computer, computer data etc, changing the data without any authorization etc. In a way, it is directly related to unauthorized data privacy infringement. A ‘smart’ example could be the allegedly unauthorized access into the personal documents including bank access details of the TRAI chief by the ethical hackers when the TRAI chief threw challenge that  ADHAR ‘hack proof’.[1]
2.    Indian laws especially Information Technology Act, 2000 (amended in 2008) does not address the issue as “hacking”. The issue is dealt with by not one, but three Sections, namely, Ss. 65 which prescribes punishment for tampering with computer source documents, 66, which prescribes punishment for computer related offences and 43, which speaks about Penalty and compensation for damage to computer, computer system etc.
3.    Hacking may literally start with unauthorized access or securing to the computer, computer system, computer network etc. Accessing or ‘securing access’ can be done by various ways. This may also include giving way to the hackers by opening suspicious mails/messages or links. It is for this reason that new users of internet and digital technology must be extremely cautious while opening suspicious mails/links etc.
4.    Hacking may also include downloading/extracting data etc, modifying such data, reproducing that data in an altered form etc. It may also include unauthorized access to the computer or computer system or data etc and infecting the same with viruses which will immediately or gradually destroy all data, software etc stored in the computer and computer system. Hacking may necessarily include unauthorized accessing and then using of the computer network, email id, phone number or social media profile for impersonating and unethical gain. It is for this reason that often people complaint about hacking when their accounts have been unauthorisedly accessed, data extracted/accessed and modified and email ID/social media profiles etc are used for impersonating by way of a fake avatar.
5.    Hacking may also involve denial of services, which is why a computer or computer system  thus affected may not get connected to the internet easily and according to the wish of the real owner of the computer or computer system etc, but according to the wishes of the hacker only.
Now you may understand that when your computer shows activities which are not generally expected, you must be alarmed that your computer or the computer network or the computer system has been affected by hacking : typically your device may slow down for no reason, you may start getting to see that the data is altered, your net banking account or email or social media account’s password and username and the related phone number and email id may get changed without your authorization, your documents including your photo may get published or circulated elsewhere without your knowledge. Most scary of these is the camera device of your phone or laptop or Ipad (when they are on switch on mode) etc may become active even when you are not using the camera. It is for this reason that  cyber security experts suggest to not to use the electronic devices when one expects complete privacy from the outside world, like when one is in the washroom.

So, what about the punishment?
Do Indian laws address hacking as “hacking” ? The answer is NO.  But this does not mean that the act of hacking is not punishable.  As discussed above, when the constituting elements mentioned under points nos 3, 4 and 5 create unauthorized access to the computer, computer system,  data etc, Sections 65, 66 and 43 may immediately be applicable for booking the offences for tampering the computer source code, computer related offences and damage to the computer  system etc. As such there are two types of punishments that are prescribed for hacking related offences : punishment as per civil offences which are regulated by S.43 and punishments as per criminal nature of the offence, which are regulated by Ss. 65 and 66. In the later, the punishments may include imprisonment for a period upto three years  and/or fine which may extend to Rs. two lakhs. In case S.66 is applied, then the fine amount increases upto Rs. 5 lakhs. Again, if the act of hacking is judged as per S.43, then the provision would be read with S. 45 of the Information technology Act, which indicates that, a maximum of Rs. 25, 000/ may be paid as compensation to the victim for such offences (this is especially so because S.43 does not mention any specific amount of compensation and this lacuna is filled by S.45 which prescribes residuary penalty).  However, the recent trend may show that most of hacking related cases had been booked under Ss. 66, 65 and 43 so that the perpetrators may undergo jail term as well as are bound to pay fine.
Interestingly, the Information Technology Act does not restrict the criminal liability to a specific age as is seen in the Indian penal code. Hence, even if it is a computer genius as young as 10 or 12 years of age, he/she may not escape the clutches of law in case he/she has done the offence/s which may constitute hacking. Considering their age and maturity level, Juvenile Justice  (care and protection) Act , 2015 may also be applicable.  Again, this would NOT mean that parents would be considered completely innocent. Very recently the courts in Gujarat had made the parents liable for underage kids driving two and four wheelers.  If the children are arrested, the parents may have to pay for negligence in monitoring the wrong doing of their children.
I end this piece with a positive note: if we adults are aware, then our children will also be aware and we can prevent the digital as well as real life privacy infringement in a swift way.

Please Note: Do not violate copyright of this blog. If you would like to use informations provided in this blog for your own assignment/writeup/project/blog/article, please cite it as “Halder D. (2018), " 5 key factors  about hacking and the laws”  3rd September, published in http://debaraticyberspace.blogspot.com



[1] See Rachel Chitra(2018), Hackers deposit Re 1 in Trai chief's account. Published in https://timesofindia.indiatimes.com/india/hackers-deposit-re-1-in-trai-chiefs-account/articleshow/65190556.cms on 30/07/2018

Thursday, June 22, 2017

The Facebook way of saving “face” : The profile picture guard by Facebook

CYBER CRIME AGAINST WOMEN BY DEBARATI HALDER
Long back in 2005 when I was newly introduced to a very popular social media “orkut”, I proudly showed off my profile with my own picture  which was clicked during a family wedding. Internet communication technology was new to India and we women were regularly being targeted because of the easy availability of our presence. This was largely due to lack of security in the social media as well as internet. We did not have two step verification for Gmail; Yahoo chat messenger, which was extremely popular during those days, almost made everyone’s personal information that were uploaded for the website, available to anyone who wanted access the user. It was during that period that I learnt about cloning of profiles which were made to harass individuals, especially women. The profiles may not be hacked, may neither be directly accessed by way of sending friends’ request; but the profile pictures may be downloaded and a new profile may be created with the available profile picture and profile information. Way back in 2006-7 I already had several women victims who contacted me for help and guidance. Almost all of them had common problem : harassment by way of creation of fake avatars. I have been part of the feminist movement which vehemently protested making women as ‘sex object’ on internet. Indeed women are made as ‘sex objects’ and they are regularly targeted by  misogynists, perverts and online traffickers who may selectively pick up women and girls by seeing their profiles, profile pictures and shadowing their online activities.
Let me go back to my own experiences where I received the first harassing comment (which was not stalking, neither resulted due to hacking) which was plainly nothing but ‘bullying’. My first profile picture in Orkut received a remark which mocked at my supposedly ‘over made-up   face’ and ‘blood red lipstick’. I knew this was just the beginning and if reciprocated, the bully may be extremely provoked to reply back. But this was not the first and last incident. I have received various negative comments, I have had my own period of being victim of a female stalker who monitored me and did send defamatory mails about me to my husband and again I had noticed several attempts to open Facebook accounts with my name and email ids. The later was detected and prevented by me because I never neglect the security messages sent by websites in my mails.
In my research I have seen that often the police and lawyers refuse to help the women victims and start the blame game. This is because they may not be aware of the mechanism to help and counsel the victims. In my opinion, websites must also be made responsible for third party victimization of women especially when the genuine reports of violation fail to move the websites.   However, the websites concerned, may constantly develop safety policy guidelines for users to make the users take self prevention mechanisms. I have been part of Facebook women safety program for quite some times now.  I continue to demand for more liability on the part of the websites especially for women and this time my concern was safety of profile pictures of women.  I was extremely happy to see the developments in the security and policies of Facebook which was introduced in India on 22nd June, 2017: ‘The profile picture guard’. Every woman must avail this opportunity to safeguard their profile picture since this is the most chosen target of all the images that may be uploaded by a user. The step by step guide to how to use this ‘guard’ is explained by Facebook team @ https://newsroom.fb.com/news/2017/06/giving-people-more-control-over-their-facebook-profile-picture/
However, I understand that it is not the women only, but children are also extremely vulnerable targets of sexual predators. Men are neither excluded. All users must use this facility and it may definitely help to reduce ‘image stealing’ for various malicious purposes including morphing, hacking and creation of fake avatars. But we need to understand that is not the ultimate answer to prevent revenge porn cases. While image of an individual may be saved because Facebook may detect the particular stolen image easily after receiving the report, there is a still remains a lacuna for other photographs which are in the personal albums. We must also note that the website will not suomotu take action for the cloned or stolen images. The victim must report the profile and the concerned profile picture along with the “shielded picture” as evidence.

Its nonetheless a big step in the history of cyber security for women and I congratulate Facebook for taking this initiative. But again, ……… accidents do happen and we need to be stronger to recover.
Please Note: Do not violate copyright of this blog. If you would like to use informations provided in this blog for your own assignment/writeup/project/blog/article, please cite it as “Halder D. (2017), "The Facebook way of saving “face” : The profile picture guard by Facebook”  23rd June, 2017, published in http://debaraticyberspace.blogspot.com

Sunday, December 25, 2016

Hacking is no fun

CYBER CRIME AGAINST WOMEN BY DEBARATI HALDER
This December we got to see a bout of hacking attacks on renowned politicians, journalists, business magnets in India. Apparently their purpose was to reveal corrupted people who are disrupting good governance in India. Almost all the news media channels ran stories on who these hackers are, why the targeting specific people are and what may be their next target etc.  Very recently I got to meet  a group of people who hack for various reasons. While most of us are concerned about our own digital data security, it is interesting to know why our accounts in social media or email may get hacked.  There is a difference between unauthorised access of financial data, social media profiles, emails and digital data that may be stored in our own devices. They may be interconnected. But definitely their motives may be different. In my recently published monograph “Cyber crime against women in India’ (https://in.sagepub.com/en-in/sas/cyber-crimes-against-women-in-india/book253900) I showed that  revenge porn may be a result of unauthorised access of social media profiles as well as digital albums for revenge to destroy the reputation. Similarly there are hackers who may access  financial data for illegal monetary gain.
However, there is a group of people who hack for fun. This ‘voyeuristic pleasure’ is exercised especially when the hacker/s may want to establish how an organisation or particular individuals may poorly maintain their  cyber security . I do often get to hear from senior citizens and women that their social media accounts or emails or Whatsapp profiles have been hacked.  An in-depth research may reveal that hackers may have done this for fun. To me, it relates to those pre internet  days when youngsters took pleasure in peeping into well guarded private diaries maintained by young girls and boys or individuals who loved to treasure their secrets. But hacking is no fun especially when the information thus gathered can be used for various detrimental causes including extortion and sextortion. Especially Women may feel extremely traumatised when such hackers for fun target them. The reason is, if a woman’s digital data is unauthorisedly accessed, it may misused and damage to her reputation may compel her to take extreme steps like suicide due to fear of social taboo. What I strongly condemn is teaching school children about hacking with the tag line that hacking is for fun. It is like giving a loaded gun to children to experiment it and learn it for fun. It is indeed a fact that ethical hackers are used for many positive reasons and internet companies may pay them a hefty amount too. But, teaching hacking to children must be done with utmost concern. We definitely do not need Frankensteins . It must be understood that any individual who may not understand the responsibilities attached with power may definitely misuse the power.  We need to understand that our Information Technology Act, 2000(amended in 2008) has recognised unauthorised access to digital data, tampering of the data etc as penal offences and the provisions are wide enough to cover offenders of all age. Further, our Indian Penal Code also recognises cyber stalking and voyeurism as an offence which may necessarily involve hacking. Any child psychology expert or educator may understand that children tend to experiment (often with disastrous first few results) for a better understanding of the subject. Hacking is such a tool which may at the outset show the child how to gain illegal profit by using it if he/she is not told about the risks that may be caused to others as well as to his target victims.  
This Christmas let all take a vow that our knowledge must be used for positive purposes and not for victimising others. We must remember that if we use our knowledge and expertise to check the weakness of others, that must be done in a prescribed way and not to humiliate the later.
Please Note: Do not violate copyright of this blog. If you would like to use informations provided in this blog for your own assignment/writeup/project/blog/article, please cite it as “Halder D. (2016), “Hacking is no fun
25th December 2016, published in http://debaraticyberspace.blogspot.com/