Hacking

Hacking

        

  Author – Anchal Aggarwal, a Student of Bharati Vidyapeeth Institute of Management       and Research  

Hacking is the act of attempting, or succeeding in obtaining, unapproved access to a computer resource. The hacker is the individual who attempted to carry out this technique. A hacker is someone who gains unauthorized access to computer networks in order to read, copy, and modify data. They also look for and take advantage of vulnerabilities in computer systems or networks in order to further their personal agendas. According to Sections 3 and 4 of the Computer Crimes Act of 1997, hacking is defined as gaining unauthorized access to computer material with the aim to conduct additional crimes.

What causes this issue with hacking? 

First of all, illegal conduct is extremely difficult to quickly identify due to the rapid operating speed of modern computer hardware. Second, to deal with this illegal conduct, law enforcement frequently lacks the technological skills.

Unauthorized access is defined as follows by Section 2(5) CCA 1997: he does not have the right or exceeds any consent to access the program or data of the kind in question on his own, nor does he have the consent of any person who is entitled to provide it to him.

The many circumstances in which gaining unauthorized access to computer material constitutes a crime are listed in Section 3(1). Individuals found guilty of violating section 3 face a maximum penalty of 50,000 ringgits in fines, a maximum sentence of five years in jail, or both. In PP v. Vishnu Devarajan, the defendant was prosecuted under section 3 of the CCA for gaining unauthorized access to a broadcast center’s servers and a Malaysian radio network company’s database.

CCA 1997, Section 3(3). Section 4 of the Criminal Code of 1997 addresses offenses including ulterior intent. Offenders face a maximum fine of 50,000 ringgits, a maximum term of 10 years in jail, or both. According to Section 5(1), it is illegal for anyone to do any action that they know will result in the unauthorized modification of any computer’s contents.

In Basheer Ahmad Maula Sahul Hameed v. PP, two accused parties—a husband and wife team whose wife worked at a bank—were found guilty under CCA section 4(1) of using another person’s debit card.

HISTORY OF HACKING

The term “hacking” originally referred to roughly chopping or cutting something with an uneven edge many years ago. However, it wasn’t until 1955, during a meeting of the Technical Model Railroad Club, that the word “hacking” was coined to describe the technological alterations club members made to their train systems.

In the 1960s and 1970s, the word’s meaning shifted to become more technological and computational in nature. Furthermore, a more formal definition of hacking was published in 1975 by The Jargon File, a compilation of technical terms used by computer programmers. It defined hacking as “a hostile meddler who seeks to find sensitive information by poking around.” Thus, password and network hackers.

The term “hacker” was now commonly used to describe cybercriminals, often referred to as “security hackers.” It wasn’t until a code fault in the late 1980s that the first “denial of service” attack was launched by Internet hacker Robert Morris. The incident, which is widely referred to as the 1986 Morris Worm, was intended to highlight security holes but instead caused serious damage that lasted for several days.

The severity of these worries at this era of fast technological advancement was brought to light by several devastating hacking incidents. In the end, this led to the first cybercrime laws being drafted. With the rapid advancement of computer systems and technology, hacking became an increasingly sophisticated activity. Cybercriminals refined their techniques to steal data, perpetrate fraud.

HACKING TYPES AND TECHNIQUES 

These days, there are many different types of computer and network hacks, from complex SQL injection assaults to more conventional denial-of-service attacks. Some of the most common forms of cyber hacking include the following, even though many of these hacking tactics also apply to more broad sorts of

cyber-attacks:

1. Malware Attacks

Malware attacks encompass any form of malicious software intended to inflict harm or damage on a computer, server, client, computer network, and/or infrastructure without the end user’s awareness.

Malware is produced, utilized, and sold by cybercriminals for a variety of purposes, but the most common one is data theft—personal, financial, or commercial. Cyber attackers almost always center their tactics, methods, and procedures (TTPs) on obtaining privileged credentials and accounts in order to complete their task, despite the fact that their motivations could differ.

Types of Malware Attacks

One of the following categories best describes the majority of malware types:

• Computer Virus: A computer virus can replicate itself through program modification and the insertion of malicious code when it is executed. Being one of the hardest kinds of malware to get rid of, it is the only kind that has the ability to “infect” other files.
• Worm: By fast spreading from one machine to another, worms have the ability treplicate themselves without the help of end users and quickly infect whole networks.

2. Ransomware Attacks

A user or organization’s ability to access files on their computer might be restricted by spyware known as ransomware. Cyber attackers put companies in a situation where paying the ransom is the simplest and least expensive option to get access to their files again by encrypting these files and demanding payment for the decryption key. For the purpose of giving ransomware victims even more motivation to pay the ransom, several variants have included further functionality, like data stealing. Malware that isn’t difficult to spot has emerged as the most common and obvious kind. The ability of hospitals to deliver essential services has been affected by recent ransomware attacks, which have also severely damaged other enterprises and city public agencies.

1. Phishing Attacks

The word “phishing” refers to an attempt to get personal information with the purpose of utilizing or selling it. This information is typically in the form of usernames, credit card numbers, bank account information, passwords, or other vital data. The way an attacker lures in a victim is by assuming the identity of a trustworthy person and making a seductive request; this is similar to how a fisherman uses bait to catch meat.

2. Brute Force Attacks

Threat actors employ a technique known as a brute force attack, which involves methodically testing every conceivable combination until the right one is identified. Though time-consuming, it frequently works against weak or easy passwords.

3. Man-in-the-Middle Attacks

MitM, also referred to as data eavesdropping, is the interception and modification of communications between two parties with the intention of stealing confidential or sensitive material or causing harm.

4. SQL Injection Attacks

Harmful code is inserted into a SQL statement to take advantage of weaknesses in web apps that use SQL databases to steal or alter data.

5. Distributed Denial-of-Service Attacks:

A malicious attempt to stop a targeted server, service, or network’s regular activity by flooding the target or the infrastructure around it with excessive amounts of Internet traffic is known as a distributed denial-of-service (DDoS) assault.

Many compromised computer systems are used as sources of attack traffic by DDoS attacks, which makes them effective. In addition to computers, other networked resources like Internet of Things devices can also be exploited machines.

In essence, a denial-of-service assault resembles an unforeseen gridlock on the highway that stops ordinary traffic from reaching its intended destination.

6.  One-Day Malfunctions

Taking advantage of flaws in computer software or systems that the developer or users are unaware of in order to obtain illegal access or do harm.

 Viral.

7. Cross-Site Scripting (XSS) Incidents

Using flaws in online applications to introduce malicious scripts that let people to see a webpage and steal information or carry out unapproved actions.

8. Taking Over a Session

Taking control of a user’s web session maliciously is known as session hijacking. In online browsing terms, a session is a sequence of exchanges between two communication endpoints that share a special session token for security and continuity. In this type of attack, the session token is either stolen or altered by a malicious party in order to obtain unauthorized access to data or services.

Which Technology Is Cyberattack Riskiest?

Although a variety of devices can be targeted by cybercriminals, some of the most well-known ones are as follows:

• Electronic devices: Common computer systems, such laptops and PCs, are frequently targeted by hackers because they contain a lot of sensitive and personal data, such as login passwords, financial information, and private documents. Business and corporate computer systems are particularly susceptible to cyberattacks because of the significance of the assets they are connected to.

Because they usually contain private information like emails, messages, and photos, mobile devices—which include smartphones and tablets—are susceptible to hacking. They can be particularly vulnerable to hackers if they use public Wi-Fi and sharing networks.

• Internet of Things (IoT) Devices: Smart home appliances, security cameras, and even medical equipment are examples of IoT devices that hackers frequently target. These gadgets are frequently not properly protected, and they are frequently compromised in order to obtain personal data or even take remote control of the device.

• Network Routers: Hackers frequently target network routers, which are in charge of dispersing Wi-Fi signals. Hackers can access large networks of devices using compromised routers, giving them access to private information and priceless digital assets.
• ATMs – Due to their potential to be linked to an insecure network and the fact that they frequently run outdated software, bank ATMs are also susceptible to hacking attempts by financially motivated hackers. 

Types of hackers 

• Cyber Security Hacker or White Hat Hackers: These are generally hackers who have authorized access to test bugs within a network or a website and in case any gets detected the same is reported to the owner of the network. The work of such hackers is to gather all possible information regarding the network from the owners themselves. 

• Black Hat Hackers or Crackers: These hackers steal data by unethically getting inside a website and even manipulate such data causing immense harm and losses to the victim. Such also leads to adverse consequences.
• Grey Hat Hackers: These are usually a mix of both hackers and crackers. Such hackers are often seen as working for the common good and might in some cases violate the   laws to gain data access.

 Legal aspects of Ethical hacking 

Section 84 of the Information Technology Act, 2000 provides for the safeguard that is given to the government or any other person appointed by the government to undertake hacking activities in good faith. For such ethical hackers, it is a must to abide by the said Act of 2000 and such other rules, regulations and bylaws associated with the Information Technology Laws.

Examining Section 43 of the IT Act, 2000, we discover that anyone who gains unauthorized access to a person’s computer or network with the intent to cause harm, alter, delete, or extract information that could be harmful if used improperly faces civil penalties. If authorization is acquired, on the other hand, no responsibility exists.  and Section 43 A of the same Act provide that anybody with authorized access to sensitive data, including ethical hackers, faces penalties if they are unable to ensure the security of that data.

 In accordance with Sections 70 A and B of the Act, the Army, the Criminal Bureau of Investigation, the Ministry of Communication and Information Technology, the Intelligence Bureau, and other law enforcement agencies are included in the list of government agencies that may appoint cybersecurity experts for the protection of critical infrastructure and other cyber-terrorist attacks (as defined by Section 66 F).

Hackers who access a network or computer system without the required authority are subject to legal scrutiny and penalties under India’s Information Technology Law. The law only protects ethical hacking, though, if the hacker is selected by the government; it does not protect other individuals who have authorized access to hacking but are not appointed by the government. This is an obvious problem. 

As per the provisions of Sections 70 A and B of the Act, government agencies that are permitted to designate cybersecurity experts for safeguarding critical infrastructure against cyber-terrorist attacks (as delineated by Section 66 F) comprise the Army, the Criminal Bureau of Investigation, the Ministry of Communication and Information Technology, the Intelligence Bureau, and other law enforcement agencies.

India’s Information Technology Law subjected hackers who enter a network or computer system without authorization to legal scrutiny and penalties. However, ethical hacking is only protected by law if the hacker is chosen by the government; other people with permitted access to hacking who are not government appointed are not covered. This is a clear issue.

Hacking laws in India

India is one of the top five countries in the world for cybercrime victims, per a 2021 study published by the US Federal Bureau of Investigation. Law enforcement organizations face a great threat from the virtual space medium of cybercrime, which has no territorial limits. Internet users are bound by state law, but this idea becomes murky when it comes to issues at the international level. Criminals exploited computer technology to perpetrate crimes because of this loophole, which decreased the likelihood that they would be apprehended. To preserve people’s privacy and personal information, laws and regulations against these kinds of crimes are required. The Indian government instead passed the Information Technology Act, 2000 (IT Act, 2000).

The Information Technology Act, 2000 provides for several types of penalties for cyberspace crimes.

•  Chapter IX, Section 43 of the Act stipulates that “anyone who accesses, downloads any data, introduces a computer virus, or causes denial of access without the permission of the person in-charge of the computer system will be liable to a penalty up to rupees one crore.”
• According to Section 65 of Chapter XI, “whoever tampers with computer source documents knowingly or intentionally conceals, destroys or alters any computer source code wall or causes another to conceal, destroy, or alter any computer source code wall be punishable with imprisonment up to three years or with fine which may extend up to rupees two lakhs or with both.”

● According to Section 66 of the Act, “hacking is the act of any person who, knowing or intending to cause wrongful loss or damage to the public, destroys, deletes, or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means.” A punishment of up to two lakh rupees or three years in prison, or both, may be imposed on anyone found guilty of hacking.

CONCLUSION

Addressing the threat of hacking requires a comprehensive and proactive approach that spans technological, procedural, and educational dimensions. No system can be completely impervious to hacking attempts, but implementing a combination of security measures significantly reduces the risk and mitigates potential damage.