LawPutra ®

Committed To Your Success

HIJACKING POSITION UNDER INDIAN LAW

Internship Opportunity @Centre for Banking and Finance (CBF) & SLS, Hyderabad, Apply by 20th July

by Yamini saini

INTRODUCTION

The word “cyber” is slang for anything relating to computers, information technology, internet and virtual reality. Therefore, it stands to reason that “cyber-crimes” are offences relating to computers, information technology, internet and virtual reality.

One finds laws that penalise cyber-crimes in a number of statutes and even in regulations framed by various regulators. The Information Technology Act, 2000 (“IT Act”) and the Indian Penal Code, 1860 (“IPC”) penalise a number of cyber-crimes and unsurprisingly, there are many provisions in the IPC and the IT Act that overlap with each other.

The information technology act, 2000 (IT act) come into force on 17th October 2000. The primary purpose of the act is to provide legal recognition to electronic commerce and to facilitate filing of electronic records with the government.
 Information technology act 2000 consisted of 94, sections segregated into 13 chapters.

Objective Of The Act
-To provide legal recognition for transactions.
-To facilitate electronic filing of documents with the govt. agencies.
– To amend the IPC, the Indian evidence act 1872, the bankers book evidence act    1891 and the reserve bank of India act 1934.
 -Aims to provide the legal frame work to all electronic records.

Cyber law is the law governing cyber space .Cyber space includes computers, networks, soft wards, data storage devices such as hard disks, USB disks, the internet, websites, emails and even cell phones, ATM machines Etc[1]


Cyber law deals with-
–  Cyber crimes
–  Electronic or digital signatures
–  Intellectual properties
–  Data protection & privacy

Importance Of Cyber Law

– We are living in highly digital world  .

– All companies depend upon their computer net works & keep their valuable data  in electronic form .

– Govt. forms including income tax returns, company law forms etc., are now filled  in electronic form .

– Consumers are increasingly using credit cards for shopping.

–  Most people are using email, cell phone, SMS for communication

– Even in “non-cyber crime” cases also important evidence is found in computers/cell phones etc. in case of divorce, murder, kidnapping organized crime, terrorist operations.[2]

Cyber Crime And It’s Categories –

Any   crime where either the computer is used as an object or subject.

Any crime with   the help of computer and telecommunication technology.

Categories of Cyber Crime-

  1. Cybercrimes against government– Computer Viruses, Cyber Terrorism, Cyber Extortion ,Hacking of Government websites
  2.  Cybercrimes against property – Computer vandalism, Unauthorized Computer Trespassing  , Copy Right
  3. Cybercrimes against persons– Harassment with the use of computer, Transmission of Obscene Material, Loss of Privacy , Impersonation ,Cyber stalking

HIJACKING

Cyber hijacking, or computer hijacking, is a type of network security attack in which the attacker takes control of computer systems, software programs and/or network communications.

A wide range of cyber attacks rely on hijacking in one form or another, and similar to other hijackings, such as an airplane hijacker or criminals seizing control of an armored transport vehicle .

cyber  hijacking is often, but not always, highly illegal with severe consequences for both the attacker and the victim.

There are several different kinds of cyber hijacking, among them:


-Browser Hijacking– It  is most often used to redirect web traffic, alter default browser settings or force a victim to click advertisements.[3]

-Session Hijacking– It is a type of computer hijacking where hackers gain unauthorized access to a victim’s online account or profile by intercepting or cracking session tokens. Session tokens are cookies sent from a web server to users to verify their identity and website settings

-Domain Hijacking-When a person or group tries to seize ownership of a web domain from its rightful owner, they are attempting a domain hijacking.

Clipboard Hijacking-When you use your device to copy and paste images, text and other information, the act of copying temporarily stores that data in random access memory (RAM). This section of RAM is known as the hijacking.

Domain Name System (DNS) Hijacking-DNS hijacking and domain hijacking are similar in that both are attempts to hijack control of a web domain. DNS hijacking describes the takeover in a technical sense, however, whereas domain hijacking is a takeover by way of legal coercion or social engineering.

Internet Protocol (IP) Hijacking-happens when an attacker hacks or masquerades as an internet provider claiming to own an IP address it doesn’t.

-Page Hijacking-Also known as 302 redirect hijacking or Uniform Resource Locator (URL) hijacking, a page hijacking attack tricks web crawlers used by search engines to redirect traffic the hacker’s way.[4]

Important Cyber Law Provisions in India

Offences

Section-43Tampering with Computer source documents (with out the permission of incharge), If any person uses a computer or system network without permission of the owner or any other person who is incharge &  Changes Account Settings, Damages any computer network or computer.

Punishment -He shall be liable to pay damages by the way of compensation not exceeding 1 Crore to affected person.

Section -65  Tampering with computer source document.

 Punishment-Offences are punishable with imprisonment up to 3 yrs. And/or fine up to Rs. 2 lakh.

Section-66 Hacking with Computer systems, Data alteration ,  Information residing in a computer resources must be either:

 • Destroyed • Deleted • Altered • Diminished in value or utility

Punishment -3 years. Or Fine up to 2 lakh.

Section-67 Publishing obscene information Publication or transmitted in the electronic form any material which contains sexually explicit acts or conduct.

Punishment– 1st conviction with 2 to 5 years of imprisonment and fine of 1 lakh rupees.

 2nd or subsequent conviction with the imprisonment up to 7-10 years and also with fine which may extend to 10 lakh rupees.

Section- 69 Interception, monitoring of any information regarding the integrity, Security or defense of India, friendly relations with foreign countries. [5]

Punishment -2 lakh and /or jail not extending 5 years

Section-70 Un-authorized access to protected system

Section-72 Breach of Confidentiality and Privacy

Section-73Publishing false digital signature certificates

Section 502A– Publishing, Transmitting images of the private area of a person without his or her consent.

Punishment –2yrs./2 lakh.

Section 419A- Cheating by any communication device or computer resource Punishment – 5years.

Section 72- Violation of the privacy policy

 Punishment– Fine up to 5 lakh jail not extending 2 years.

Section 417AIdentity Theft

Punishment- 2years.[6]

Crimes under Indian Penal Code and Special Laws Offence

– Section 463 IPC-Forgery of electronic records

– Section 420 IPC -Bogus websites, cyber frauds

– Section 420 IPC -Email spoofing & Abuse

– Section 383 IPC -Web-Jacking

– Online sale of Drugs NDPS Act

-Online sale of Arms Act

The legislative framework concerning Cyber Law in India comprises the Information Technology Act, 2000 (hereinafter referred to as the “IT Act”) and the Rules made there under.

The IT Act is the parent legislation that provides for various forms of Cyber Crimes, punishments to be inflicted thereby, compliances for intermediaries, and so on.

However, the IT Act is not exhaustive of the Cyber Law regime that exists in India. There are some judgments that have evolved the Cyber Law regime in India to a great extent. To fully understand the scope of the Cyber Law regime, it is pertinent to refer to the following landmark Cyber Law cases in India:

SHANKAR VS. STATE
Facts
– The petitioner approached the Court under Section 482, CRPC to quash the charge sheet filed against him. The petitioner secured unauthorized access to the protected system of the Legal Advisor of Directorate of Vigilance and Anti-Corruption (DVAC) and was charged under Sections 66, 70, and 72 of the IT Act.

Decision-
The Court observed that the charge sheet filed against the petitioner cannot be quashed with respect to the law concerning non-granting of sanction of prosecution under Section 72 of the IT Act.

SHAMSHER SINGH VERMA VS. STATE OF HARYANA

In this case, the accused preferred an appeal before the Supreme Court after the High Court rejected the application of the accused to exhibit the Compact Disc filed in defence and to get it proved from the Forensic Science Laboratory.

The Supreme Court held that a Compact Disc is also a document. It further observed that it is not necessary to obtain admission or denial concerning a document under Section 294 (1) of CRPC personally from the accused, the complainant, or the witness.
Provisions regarding anti-hacking in India

Sections 43 and 66 of the IT Act cover fraud or manipulation of data on civil and criminal offences. Pursuant to Section 43, a simple civil offence, where a person without the owner’s consent accesses the device and removes any data or harm to the data stored therein, shall be liable to civil liability and shall be liable to pay compensation to the individuals concerned. Under the IT Act 2000, the overall pay-out limit was fine for Rs. One Crore. However, this limit was removed in the change made in 2008.[7]

Section 43A was introduced in the 2008 amendment to include the business shed where workers stole information from the company’s confidential files. Section 66B refers to fines for obtaining stolen computer resources or information. The penalty requires one year’s imprisonment or a fine of one lakh rupee or both. Mens rea is an essential element of Section 66A.

The purpose or information to inflict unjust harm to others, i.e. the presence of criminal intent and evil mind, i.e. the principle of men’s rea, degradation, deletion, modification or loss of value or use of data, are all main ingredients for bringing any act under this Act.[8]


SHREYA SINGHAL VS. UOI
In the instant case, the validity of Section 66A of the IT Act was challenged before the Supreme Court.

Facts- Two women were arrested under Section 66A of the IT Act after they posted allegedly offensive and objectionable comments on  Facebook concerning the complete shutdown of Mumbai after the demise of a political leader. Section 66A of the IT Act provides punishment if any person using a computer resource or communication, such information which is offensive, false, or causes annoyance, inconvenience, danger, insult, hatred, injury, or ill will.

The women, in response to the arrest, filed a petition challenging the constitutionality of Section 66A of the IT Act on the ground that it is violative of the freedom of speech and expression.

Decision-The Supreme Court based its decision on three concepts namely: discussion, advocacy, and incitement. It observed that mere discussion or even advocacy of a cause, no matter how unpopular, is at the heart of the freedom of speech and expression. It was found that Section 66A was capable of restricting all forms of communication and it contained no distinction between mere advocacy or discussion on a particular cause which is offensive to some and incitement by such words leading to a causal connection to public disorder, security, health, and so on.

In response to the question of whether Section 66A attempts to protect individuals from defamation, the Court said that Section 66A condemns offensive statements that may be annoying to an individual but not affecting his reputation. [9]

However, the Court also noted that Section 66A of the IT Act is not violative of Article 14 of the Indian Constitution because there existed an intelligible difference between information communicated through the internet and through other forms of speech. Also, the Apex Court did not even address the challenge of procedural unreasonableness because it is unconstitutional on substantive grounds