Purpose of Project
The purpose of the this project which state as “The Vital Role of Cyber Law and Ethical Guideline in Computer Hacking” is to assist countries in understanding the legal aspects of cyber crime knowledge and to help harmonize legal frameworks. As such, the report aims to help developing countries better understand the national and international implications of growing cyber threats, to assess the requirements of existing national, regional and international instruments, and to assist countries in establishing a sound legal foundation.
This report provides a comprehensive overview of the most relevant topics linked to the legal aspects of cybercrime and focuses on the demands of developing countries. Due to the transnational dimension of cybercrime, the legal instruments are the same for developing and developed countries. However, the references used were selected for the benefit of developing countries, in addition to a broad selection of resources provided for a more in-depth study of the different topics.
Ethical hacking may not be a familiar term to most people, but to data and corporate security personnel, the concept is well known and the practice is essential.
Government regulators, industry groups, and pundits all agree that challenging one’s own data security construct by critical assessment and testing is a fundamental component of any effective data security regime. Likewise, protection of intellectual assets from corporate espionage and the mischievous hobbyist hacker requires monitoring and making controlled attempts to break the defenses described in written policy and procedures.
Security assessments can take many forms.
Many companies are familiar with perimeter scans that test a system’s ability to withstand attempts to break through the perimeter firewalls — the wall between outside hackers and inside users. Companies employ tools developed over time to prod and punch the network architecture to locate potential vulnerabilities. Using the same techniques and methods of a criminal hacker, these individuals became known as ethical or white hat hackers. The important difference is that unlike the criminal hacker who turns his or her tools to malicious and destructive purposes, companies employ ethical hackers to learn from the experience and further improve security if the lessons learned are properly analyzed, changes implemented, and information is disseminated to all interested parties. But as security threats have evolved, so too have the types of assessments being conducted. Companies have learned that data security threats and vulnerabilities do not end at the wall built around their data infrastructure. Today, a company may assess its applications to identify any vulnerability in the code or architecture. The areas of review vary based on the company’s needs but can include security of e-mail, Web and wireless access, instant messaging, application development, and database management. Many companies also are looking at their susceptibility to social engineering and pretesting.
A Cyber space is a virtual space that has become as important as real space for business, education and politics. The growing danger from crimes committed against computers, or against information on computers, is beginning to claim attention in the India. The digital age has dramatically changed the scope of a crime by adding the electronic component and it comes a new form of science ≴Computer Forensic Science≵. Computer Forensic allows for the evidence of cyber crime to be admissible in court when prosecuting the cyber criminal. In most countries, existing laws are likely to be unenforceable against such crime. Cyber laws, as it stand today, gives rise to both positive & negative consequences. The main negative consequences is the digital soup so vague that many refer to it as the dark sides of technology and that cyber criminal currently have upper hand. The applicability and effectiveness of our existing laws need to be constantly reviewed to face the risk coming from the cyber world. In this paper we are going to firstly describe the computer forensic, cyber crimes, cyber laws of nation & technology challenges. Aim of this paper is to act as a catalyst to raise awareness regarding computer forensic which continues to grow as one of the most important branch of science and help in investigation of cyber crime which continues to grow as one of the most potent threats to the Internet and computer users of the cyber society of 21st century in India.
The rapid change occurring in the present era of Information Technology and the computer has gained popularity in every aspect of our lives. This includes the use of computers by persons involved in the commission of crimes. Today, computers play a major role in almost every crime that is committed. Every crime that is committed is not necessarily a computer crime, but it does mean that law enforcement must become much more computer literate just to be able to keep up with the criminal element. Extending the rule of law into cyberspace is a critical step to create a trustworthy environment for people and different activities. Computer forensic science helps in maintaining the trustworthy environment for cyber society by applying a set of procedure and integrated analytical techniques to extract evidence when computer is used as evidence in criminal investigation.
To provide this self-protection, computer forensic science should focus on implementing cyber security plans addressing people, process, and technology issues. There is need to commit the resources to educate employees on security practices, develop thorough plans for the handling of sensitive data, records and transactions, and incorporate robust security technology, such as firewalls, anti-virus software, intrusion detection tools, and authentication services, throughout the organizations’ computer systems. One of the major challenges, we are facing in law improvement in this new era is keeping up with growing demands of technology. Computer technology changes are so rapid that if a department is up to date today; their equipment will probably be outdated. Since the budgets have not been increased to keep pace with the rapid change in technology its becoming difficult for law enforcement agencies to keep up with this rapid change. The criminal element is not as challenged to keep pace, and being usually well financed and having the resources to continue purchasing the newer technologies.
With the advance of Information Technology, new threats and unauthorized actions arise each day. To be able to protect information assets against these threats and actions is one of the most important issues nowadays. But sometimes technical and technological measures are not enough to protect an information asset. Additional measures must be employed because there are a lot of parameters when it comes to information security. One of these parameters is people. These people can be system administrators, security professionals, employees and users. These are the people that interact with information system. In order to secure people parameter in an information system, a measure that employs moral judgment must be introduced. Computer and information ethics are studied by many researchers, scholars and practitioners. To include ethical layer to information security is very important because it can fill the gap that people create. In this project role of ethics in information security is discussed. First of all law, ethics and information security concepts are briefly introduced. Some ethical concerns and perspectives of several researchers in information security are given. To emphasize role of ethics in information security, several studies are reviewed. Mechanisms to make ethical rules effective in an organization/community are discussed..
1. On the development of the Internet, see: Yang, Miao, ACM International Conference Proceeding Series; Vol. 113; Proceedings of the 7th International Conference on Electronic Commerce, page 52 – 56; The World Information Society Report 2007, available at: www.itu.int/osg/spu/publications/worldinformationsociety/2007/.
2. Data Security and Ethical Hacking Points to Consider for Eliminating Avoidable Exposure By Ronald I. Raether Jr. Business Law Today Volume 18, Number 1 September/October 2008
3. New Vision of Computer Forensic Science: Need of Cyber Crime Law P Tomar, B Rai, L Kharb
Light and Dark Area of Computer Hacking
The common perception in the world of the security system is that hire the hacker who has broken the security because he know the flaws of your system and can do better job than your team of software engineers, and yes it is true. It’s easy to break in but creating security which is unbreakable is a tough job to do even for experienced person.
Hiring hackers to create system which can be safe from hackers is not an easier task. Hiring hacker is like adopting snake, chances are that it will bite you.
One should hire a hacker or not, is one of the hot debated topic and often meetings for systems securities faces these kinds of debates where they consider the pros and cons of hiring former hackers. Most of the meeting ends with two angry participants who were arguing pros and cons but there is no doubt that hiring a former hacker is a risky game which can cost you at a grand level as well as they have their own benefits.
Pros of Hiring Hackers
Cons of Hiring Hackers:
Experience
Criminal background
Focus only on security
Unsatisfied clients
Can consult to make improvement
Lack of trust
Latest security system
No legal policies
Pros of Hiring Hackers:
Hiring former hacker is good or bad, it is an ongoing debate for a while and it will be there till we are using systems and the internet, that means it is a never ending debate but by weighing pros and cons you can decide whether you are going to hire a former hacker for your security consultant or not. There is no doubt the person who is breaking in the system can tell more clearly about the problem than your system security employees because they work to keep it running and make sure to resolve day to day issues, But Hackers can break into your system and tell you about loopholes in your company’s security system. The main benefits of using former hacker are.
1. Experience:
The main thing they have to qualify for the job is experience. Hackers have experience of breaking in the security system which needs different techniques and method to do so. Different systems need different techniques to break in and hackers have experienced so that they have knowledge how to break in a system that’s why they will be best candidates to tell you what the problems are in your security system. Hackers work to break the security and know the loopholes in your system way better than the team you have in your office simply because they have done the task of breaking. Their experience is what you need for your company to enhance your system security and if they are changed now and have working experience with organizations, there is no problem in hiring a hacker.
2. Focus only on security:
Your dedicated team of software engineers can do so much. They already have so many tasks and a network to manage. They can check manually and can do system analysis to understand the problem in the system and fix it but they cannot find out loopholes in your system by simply checking it. A former hacker who is reformed now can do that for you. They will only focus on finding loopholes in your system and send you to report about the problems. Your engineers can fix it because your security team can manage the network and solve day to day issue but unable to work like hackers. When you hire a hacker they only focus on the system security and finding vulnerable points which can be on the target of criminals to break in your system, they work to find faults not to improve them. That way you have individual attention just on your security system and you can protect it better.
3. Can consult to make improvement:
Another benefit of hiring former hacker is that you can consult them to make improvement in your system. Improvements are what a system needs to fight with the current threat; your old security system may need some improvements to make it strong. Hackers know where to find weak points and what the sensitive areas to attack are. When you consult a hacker to the analysis they do the hacking in your system with your permission and find out that area of problem and tell you about the problems, that way you have a better chance of getting rid of the problem.
4. Latest security system:
Another pro of having a hacker on your security team is that you have latest exploits for your systems. Having former reformed hacker can help you in having the latest security system or upgrading your existing one. The hacker knows the techniques to hack into your system and tell you the vulnerable points and loopholes so that your software engineers can do the necessary changes and you will have latest system security exploits. Most hackers keep an update of latest techniques to break in system security but your security team mostly has limited knowledge and updates due to their busy schedule. When hiring a former hacker who is reformed, make sure your security system is advanced and strong and it is also important to stay alerted. Do all the necessary background check and consult more than one hacker, only then take decisions.
Check consultant firm’s background and their former client as well as do not open your all cards to the hackers, after all, what are they doing for you is still the hacking which is legal now and you are paying for it. They are useful because they have knowledge and experience but beware because their knowledge and experience is their greatest tool.
Cons of Hiring Hackers:
Hiring a former hacker to check your security system is like inviting a criminal to your house and then leave the house alone for him to rob. You cannot trust someone who has a criminal background simply because they are criminal for a reason. Hiring hackers is the latest trend in the market and people hiring them on high pay packages to make their security systems better and protected but do they really protect your system or cause you more trouble. There are cons of hiring hackers in your company.
1. Criminal background:
One of the main problems of hiring former hacker is their criminal background. Associating with a criminal can put a damp on your image in the marketplace as well as can cause problems if you are dealing with government agencies. There are the chances that they are not reformed or what it takes for a former criminal do some major damage when you have served your company security system on a silver platter? You are going to pay to a certified criminal to break in your security system as it is the greatest disadvantage of hiring former hackers. There are the chances that hackers are not reformed after the visit and staying in jail.
2. Unsatisfied clients:
Your clients may be unsatisfied with your choice of hiring former hackers. They may not like that their system is checked by the former hacker and now he has the built up design of the system, it can make them uncomfortable and put doubts in their mind about your company.
Dealing with former hacker may cause your clients to leave you or termination of the contract before the time limit and both the cases will damage your reputation as well as other business ventures. This is the main problem you have to get ready for because your clients are more important.
3. Lack of trust:
This is another problem, how can you trust former hackers? How can you be 100% sure that they will not do something illegal with your system or break in your administrative to have passwords and other necessary detail and then use it against you? Having former hacker who are now reformed and out of jail seems risky and you cannot trust former criminal to just change and start working like an honest man. Can you make sure that they are changed now? If he can do it once then he can do it again. Lack of trust is a major issue in hiring hackers because you cannot just trust a thief to be your bodyguard.
4. No legal policies:
When the former hacker goes out of jail and said they are now changed and ready to have a stable job and will work to improve security system instead of hacking it, it look too good to be true. There are no legal policies to hire a reformed former hacker. If you hire them to work for you then they will have all the benefits and authorities like any regular employee, as they are your security consultant who has access to your system security. They can easily do what they are doing before and now you cannot even complain to the legal authorities.
5. Direct access to company security system:
Yes without losing anything a hacker can have direct access to your security system and salary from you on the side. Hiring a reformed former hacker may look a good idea but when you do that you put your whole security system on the stack. Now they have no problem in accessing your security system even you will never know the changes they can make while working with you and you will be dependent on them to fix it. They can say your system has major security loopholes only they can fix or if you need upgrades only they can do. What will you do other than take their help?
It may be in trend to hire former hacker in your system security team to keep your system safe from illegal hackers but hiring a person with a criminal background to make your security system advance seems bit risky and has many flaws than benefits. You cannot just trust someone with confidential information who has a criminal background. There are possibilities that the person you hired may bleed you dry of your money and use your system security for own use. Hence, there are more cons than pros of hiring a former hacker who are reformed now.
Hiring a hacker to improve your system security is good or bad? This is the debate which is never going to end not anytime soon. There are benefits of hiring a former hacker and problems as well. After discussing pros and cons of hiring a hacker we can only say that it never going to be 100% secure to hire a hacker no matter how reformed they are. Precautions are the only solution companies have when they want to hire a hacker to improve company security system. Make sure to never trust only one person for consultation and have as much opinion as possible for you. Do all necessary background checks and take a look at the previous work they had done, also never had any confidential information to the person you are hiring with a criminal background. It is true that every person deserves second chance and if they are good in what they do then we should definitely make them comfortable by providing them work but it doesn’t mean hand your whole system in their hand. They are criminals first and no matter how much they deserve second chance don’t trust them completely.
Take precautionary steps and draw service contract where to mention each term and condition clearly with security clause. Ask your partners and other business organizations about their experiences of hiring former hackers. Take time before trusting someone with your organization, it is better to be safe than sorry. No doubt some of the former hackers are now the world best-known security consultant and many have a stable job with high pay packages but there are frauds as well who just use their criminal background to get the job as a security consultant and then bleed you dry without your information.
1. The Pros & Cons of Ethical Hacking, By Allen Bernard, Posted January 23, 2004. The use of ethical hackers to test for security vulnerabilities is as old as the IT hills. But, unless there are clear goals outlining why and to what extent your organization is engaging them, the outcome could be useless information — or worse.
Applications of Computer Hacking.
Modern Computer Hacking
According to many hackers, hacking places them “at the heart of the development of our societies”, that is, at the heart of information and information sharing. This place at the center of the development of certain new technologies and methodologies is mainly due to the curiosity of hackers. Some self-proclaimed hacker communities promote the sharing of information for main purposes of problem solving, and the distribution of free software is an excellent example of this.
Hacking Etiquette According to MIT
An ethical code for the hacker has been formalized at MIT and includes 11 guidelines:
1. Be Safe – Your safety, the safety of others, and the safety of anyone you hack should never be compromised.
2. Be Subtle – Leave no evidence that you were ever there.
3. Leave things as you found them – or better.
4. If you find something broken call F-IXIT.
5. Leave no damage.
6. Do not steal anything.
7. Brute force is the last resort of the incompetent.
8. Do not hack while under the influence of alcohol or drugs.
9. Do not drop things off (a building) without a ground crew.
10. Do not hack alone.
11. Above all exercise some common sense.
The Conscience of a Hacker
The author of the modern hack ethic, Lloyd Blankenship, invites us not to look at a single hacker as simply an imaginative and audacious student, or a computer specialist, but to extend this hacker vision to the whole of society and even to the planet. According to him , hacking should therefore be considered in a broader, rather than a more restricted, view. Here he is, speaking on “The Conscience of a Hacker”.
According to Pekka Himanen, hacking functions to solve or help solve problems in many areas of life. Hacking has several ideological aspects that are the extension of the ethics created at MIT. The community aspect is one of the strengths of hacking. The organization of such communities allows for the extension of information sharing, as communities are interconnected, which helps speed the spread of information along quickly. The organization of such a community allows for the mutual assistance between people, and also to people of young ages who wish to learn new things.
The interconnection of people, who do not know each other, allows an aid that places people on the same level, and this without value judgment. This aspect leads to the generalization and sharing of knowledge without this being done on the basis of criteria such as “position, age, nationality, or diplomas”.
P2P, Warez, and Moral Ambiguity
There is a point where the individual must decide what is ethical and what is not, and make a choice, based on what they can do and what they should do. This becomes relevant to hackers when certain information is granted to them, or they have the power to “take” information, or files, illegally. Since hacking is, in part, about circumventing authority and / or copyright, individuals must, at some point, decide if they are going to cross this line of ambiguous morality.
In this way, such concepts as P2P and warez communities become extremely relevant in the realm of hacking, as information is often passed between individuals in this way, and both hackers and non-hackers alike tend to embrace the credo that “Information should be free”, which can also be taken as “I want something so I will take it regardless of the consequences”.
Anti-Authoritarian Tendencies
In general, black hat or immoral computer hacking tends to find a security hole, and then find a way to exploit it. An effective way to find a flaw in a software program that hackers often use is to send it anything until it bugs or glitches.
Then it remains only for the hacker to understand why the bug occurs, or at least how to exploit this case which was unforeseen by the programmer. The flaw can be insignificant and give access to very little information or power, but, by exploiting this system in this small way, it is possible to bring down the entire infrastructure eventually, eg. denial of service. However, these attitudes and desires to “bring down the system” do not apply to all hackers. The motivations vary according to the hacker communities, as well as their ideology.
Current Hacker Techniques
Hacking brings together a large number of techniques that come along with varying degrees of success. Here are some of the techniques used by hackers today:
· Social Engineering;
· Stack Overflows and Heap Overflows (buffer overflow),
· Writing shellcode ;
· Exploitation of “format bugs”;
· Sniffing ; snarfing; scanning; spoofing;
· Hijacking;
· Phishing;
· Fingerprinting ;
· Misuse and use of WEB data ( Cookie , CSS , CGI , vulnerabilities in PHP , ASP , SQL , etc.);
· Network attacks
· Distributed Denial of Service (DDoS). It brings together many techniques. The goal is to overload the server (program) to make it fall.
· Attack of the middle man (MITM),
· ARP Spoofing or ARP Poisoning ,
· Fragments attacks, Tiny Fragments, Fragment Overlapping,
· TCP Session Hijacking, DNS Spoofing, DNS ID Spoofing and DNS cache poisoning (DNS Cache Poisoning 10 )
· IP spoofing (IP spoofing)
· Cross-site scripting (XSS)
· Port hopping
Hacktivism – CCC, RTMARK, Anonymous
Hacktivism is the act of hacking a computer system in order to convey a message, an opinion. The mission can be to defend the freedom of expression and to carry out a counter-power on companies and the government.
One of the first groups is the CCC (Chaos Computer Club). It was created in Berlin in the 1980s. Its main purpose is to defend freedom of information and to show that hacking can be used to defend ideological interests. In 1984, the CCC manages to penetrate the network of a German bank, stealing 134000 DM (68500 EUR) which it returned the next day.
Another group appeared in 1990 11 as the RTMARK, the purpose of which is “against abuses of corporations for the law and democracy”. Anonymous is a hacker group that enlists many cyber-militants and claims to operate against all those who oppose freedom of expression.
Hacking in the News
In 2011, Anonymous hackers enter the Internet server of HBGary Federal, an IT security company. They access the passwords of two executives of the company.
These two people had simple passwords consisting of 2 digits and 6 lower case letters. As a result, hackers were given access to the company’s research documents and emails.Also in 2011, Sony’s PlayStation Network (PSN) is hacked. The company subsequently acknowledged that credit card numbers were stolen. Reports subsequently reveal that on a computer piracy site, 2.2 million credit card numbers had been offered for sale.
The Proliferation of Cyber Security Watchdogs
There have been many cyber security watchdog agencies that have emerged in the past 20 years, designed to either to protect the privacy of personal computers or a entire large companies via antivirus, firewall, VPN, etc. On the contrary, some are designed to carry out cyber-attacks (cyber-spying, theft of information, denial of services, etc.). Such entities related to cyber security appeared before the 2000’s, with companies spearheading such movements, such as IBM , Microsoft , Cisco, and many others offering their services to outside firms and individuals needing such protection.
The NSA supports many IT security startups, including Trusted Information Systems (TIS), established in 1983, which works mainly in four areas of security: firewalls, antivirus, VPN and hacker intrusion detection software. In 1998, Microsoft equipped itself with an internal group of “hackers” to protect themselves from any potential breaches.
As of June 6, 2013, Edward Snowden makes public documents revealing many methods of cyber espionage conducted by the NSA. In 2013, Mandiant (a FireEye company) published a report in which they claimed to have evidence of the link between the People’s Army of China Unit 61398 and a global cyber-espionage campaign. This report would serve to propel the insurance market for hacking. In 2015, The Wall Street Journal found at least 29 countries with a military unit dedicated to cyberwar.
In 2016, the United States have spent $ 14 billion on computer security. On March 7, 2017, 8761 documents incriminating the CIA of global cyber-espionage are revealed by WikiLeaks.
Defensive Use
As we learn from Tom McCourt and Patrick Burkart in a publication, computer flaws are constantly being discovered, and personal information is thus at risk of being fully exposed.
A first initiative is set to detect and correct these flaws before software or updates are published. Since all loopholes can not be found, insurance against losses due to piracy and identity theft have been created.Companies are required to invest doubly, first to try to avoid these flaws, but also to regain the confidence of customers or investors after a computer flaw. The investments that Sony had to make following hack of the PlayStation Network to try to compensate for the fall in the stock due to this flaw illustrates well this last point.
Offensive Use
Italian company Hacking Team sells software for cyber espionage. By 2015, the software can range from one to several hundred thousand people, costing between US $ 50,000 and US $ 2 million per year, depending on the number of targets to be attacked. The problem with software of this type is that they can have a dual-use. They are intended to track threats but can be used to monitor domestic activities. While users of this kind of software (the security agencies of some countries) advocate a use against terrorism or crime, it turns out that the uses are mainly domestic surveillance or surveillance for political purposes. An archive of WikiLeaks also reveals that independent firms sell vulnerabilities Zero Day, malware, or spyware .
Professionalization of Hackers
There are 4 types of professionalization that a hacker can follow: paid employment, self-employment, rogue activity, or both activities in parallel and therefore a dual identity.
Employee Activity
Hackers can be recruited for IT security tasks, especially for software development. They may also be solicited by computer security consulting firms or even as consultants.
For example, Secure Point hired Sven Jaschan, arrested not long ago by the police for spreading computer viruses.
Independent Activity
Some hackers refuse to be employed, simply because they want to be free. Self-employment often begins with the desire to contribute to computer security by making free licenses available.
Then the author becomes dissatisfied that his work is used without consideration. This is how they start to set up their own business. Independence is a form of ideal for some hackers.
Scammer Activity
The creation of botnets, a computer network infected and controlled remotely by the hacker, is a crooked activity. This type of computer piracy is based on the naivety and neglect of users.
The hacker then offers its services to spamming companies so that the attack is quickly disseminated. Botnets can also be rented to launch denial of service attacks or steal information.
Double Identity
The dual identity of a hacker is the fact that he has both a professional activity and a crook.
This is just the reality of the situation, and those of us who are concerned about such breaches of security need to be more aware of it.
Not everyone is looking to become a “hacker”, but most of us would benefit from knowing more about what is going on out there in the world of cyberspace.
Determining Whether You’ve Been Hacked
It can be difficult to determine, but the more you educate yourself, the more likely you are to detect tampering with your system. Following is a short list of signs that could mean your system has been penetrated:
· Antivirus Software Disabled. If your antivirus software is disabled and you didn’t turn it off – or if it can’t be turned back on – then you may have a problem. Other programs to check for the same symptoms are the Windows Task Manager and Registry Editor.
· Unfamiliar Software Has Been Installed. Beware of unfamiliar toolbars, plugins, or any other kind of software that has recently appeared.
· Random Pop-Ups. If they persist even after you have ended your web browsing session, you may have a problem. Fake antivirus messages are the most dangerous. Never click on these.
· Internet Searches Are Redirected. Say you search for an apple pie recipe and your browser displays an ad for a hair restoration clinic – the culprit may be an innocent-looking toolbar a hacker may have placed on your system.
· Passwords Have Been Changed. If you have been locked out of your social media or email accounts, you may also find that your friends are being bombarded by spam emails and messages that seem like they are coming from you.
· Mouse Moves By Itself. Usually when this happens it is a minor or temporary glitch in your computer. However, when it moves in a non-random fashion by opening folders and starting applications, a hacker is controlling your system remotely.
If your personal computer has displayed any of these symptoms, you need to put a stop to the intrusion. IT security professionals are expensive, but fortunately there are a number of good resources on the web, such as BleepingComputer.com, that can help you deal with the problem yourself. Better yet is avoiding it altogether by protecting yourself before you become a hacker’s next victim.
How to Protect Yourself
There is no way to make your personal computer completely impenetrable to a cyberattack. Even a corporate enterprise system with a full-time computer security team cannot guarantee this. Luckily, the harder you make it for hackers to break into your system, the less likely they are to devote the time and effort to try. The list below is composed of steps you can take, and should keep your system safe from almost all security threats.
1. Install or Update Antivirus Software. If it has capabilities to let you surf the web safely or protect your identity online, turn these options on. Norton and McAfee products are fine, but if you want freeware, check out Avast and Malwarebytes.
2. Secure Your Home Network. Make sure it is password-protected and be certain to set up a firewall to keep out intruders. Many routers come with pre-installed firewalls.
3. Update Your Software. This fixes known security holes. Your operating system and web browser should be updated as often as possible.
4. Download Only From Trusted Sources. Even if the site administrator is trustworthy, without proper security measures in place the site might be compromised.
5. Be Vigilant With Email Attachments. These are a favorite with hackers. Be careful what you click on, even if the email says it’s from the government or your bank.
6. Never Visit Questionable Sites. If you’re not sure whether a website is secure, verify it first with online site checking services such as Norton Safe Web.
7. Maintain Your Passwords. Create passwords that are difficult to guess, change them regularly, and never use the same one for multiple sites
8. Try Not to Use Free WiFi. When using a WiFi connection at your local café, always assume someone is eavesdropping on your connection and take the appropriate measures.
9. Turn Off Your Computer. When not in use for long periods of time, turn off your computer. This is a surefire way to protect your system against any intrusion.
The single best thing you can do to keep the bad guys out of your computer system is to educate yourself, understand the security setting of the software and operating system you use, and exercise caution when online. A healthy dose of mistrust when surfing the uncharted waters of the web can’t hurt either.
1. Curtis, Sophie. “Wearable tech how hackers could turn your most private data against you.” The Telegraph. telegraph.co.uk, 25 Jun. 2014. Web. 24 Apr. 2015.
2. “Cyber’s Most Wanted.” Federal Bureau of Investigation. fbi.gov. Web. 24 Apr. 2015. http://www.fbi.gov/wanted/cyber/evgeniy-mikhailovich-bogachev/view.
3. Hess, Ken. “What is a hacker?” ZDNet. zdnet.com. 27 Sep. 2011. Web. 24 Apr. 2015.
4. Poulsen, Kevin. (2012). Kingpin How One Hacker Took Over the Billion-Dollar Cybercrime Underground. New York: Crown Publishers. Print.
5. Krebs, Brian. “Banks: Credit Card Breach at Home Depot.” Krebs on Security. krebsonsecurity.com, 02 Sep 2014. Web. 24 Apr. 2015.
6. Paget, Francois. “Hacktivism: Cyberspace has become the new medium for political voices.” McAfee. mcafee.com, 2012. Web. 24 Apr. 2015.
7. Poulsen, Kevin. (2012). Kingpin How One Hacker Took Over the Billion-Dollar Cybercrime Underground. New York: Crown Publishers. Print.
8. Scherer, Michael. “The Geeks Who Leek.” Time. time.com, 13Jun. 2013. Web. 24 Apr. 2015.
9. Swarts, Phillip. “Mike Rogers NSA Chief, says Edward Snowden’s revelations hurt counterterrorism capabilities.” The Washington Times. washingtontimes.com, 23 Feb. 2015. Web. 24 Apr. 2015.
Goals and Application of Cyber law in Computer Hacking
Cyber Law :-
Cyber law is any law that applies to the internet and internet-related technologies. Cyber law is one of the newest areas of the legal system. This is because internet technology develops at such a rapid pace. Cyber law provides legal protections to people using the internet. This includes both businesses and everyday citizens. Understanding cyber law is of the utmost importance to anyone who uses the internet. Cyber Law has also been referred to as the ‘law of the internet.’
Cybercrime and Cybersecurity :-
Areas that are related to cyber law include cybercrime and cybersecurity. With the right cybersecurity, businesses and people can protect themselves from cybercrime. Cybersecurity looks to address weaknesses in computers and networks. The International Cybersecurity Standard is known as ISO 27001.
Cybersecurity policy is focused on providing guidance to anyone that might be vulnerable to cybercrime. This includes businesses, individuals, and even the government. Many countries are looking for ways to promote cybersecurity and prevent cybercrime. For instance, the Indian government passed the Information Technology Act in 2000. The main goal of this law is to improve transmission of data over the internet while keeping it safe.
Information is another important way to improve cybersecurity. Businesses, for example, can improve cybersecurity by implementing the following practices:
· Offering training programs to employees.
· Hiring employees who are certified in cybersecurity.
· Being aware of new security threats.
Cybercrimes can be committed against governments, property, and people.
Categories of Cyber Crime
Generally, there are three major categories of cybercrimes that you need to know about. These categories include:
· Crimes Against People. While these crimes occur online, they affect the lives of actual people. Some of these crimes include cyber harassment and stalking, distribution of child pornography, various types of spoofing, credit card fraud, human trafficking, identity theft, and online related libel or slander.
· Crimes Against Property. Some online crimes happen against property, such as a computer or server. These crimes include DDOS attacks, hacking, virus transmission, cyber and typo squatting, computer vandalism, copyright infringement, and IPR violations.
· Crimes Against Government. When a cybercrime is committed against the government, it is considered an attack on that nation’s sovereignty and an act of war. Cybercrimes against the government include hacking, accessing confidential information, cyber warfare, cyber terrorism, and pirated software.
Most of these types of cybercrimes have been addressed by the IT ACT of 2000 and the IPC. Cybercrimes under the IT ACT include:
· Sec. 65, Tampering with Computer Source Documents.
· Sec. 66, Hacking Computer Systems and Data Alteration.
· Sec. 67, Publishing Obscene Information.
· Sec. 70, Unauthorized Access of Protected Systems.
· Sec. 72, Breach of Confidentiality and Privacy.
· Sec. 73, Publishing False Digital Signature Certificates.
Special Laws and Cybercrimes under the IPC include:
· Sending Threating Messages by Email, Indian Penal Code (IPC) Sec. 503.
· Sending Defamatory Messages by Email, Indian Penal Code (IPC) Sec. 499
· Forgery of Electronic Records, Indian Penal Code (IPC) Sec. 463
· Bogus Websites & Cyber Fraud, Indian Penal Code (IPC) Sec. 420
· Email Spoofing, Indian Penal Code (IPC) Sec. 463
· Web-Jacking, Indian Penal Code (IPC) Sec. 383
· Email Abuse, Indian Penal Code (IPC) Sec. 500
There are also cybercrimes under the Special Acts, which include:
· Online Sale of Arms Under Arms Act, 1959
· Online Sale of Drugs Under Narcotic Drugs and Psychotropic Substances Act, 1985
Cyber Law Trends
Cyber law is increasing in importance every single year. This is because cybercrime is increasing. To fight these crimes, there have been recent trends in cyber law. These trends include the following:
· New and more stringent regulations.
· Reinforcing current laws.
· Increased awareness of privacy issues.
· Cloud computing.
· How virtual currency might be vulnerable to crime.
· Usage of data analytics.
Creating awareness of these issues will be a primary focus of governments and cyber law agencies in the very near future. India, for instance, funded cyber trend research projects in both 2013 and 2014. In addition, India held an international conference related to cyber law in 2014. This was meant to promote awareness and international cooperation.
Cyber Law and Intellectual Property
An important part of cyber law is intellectual property. Intellectual property can include areas like inventions, literature, music, and businesses. It now includes digital items that are offered over the internet. IP rights related to cyber law generally fall into the following categories:
· Copyright.
This is the main form of IP cyber law. Copyrights provide protection to almost any piece of IP you can transmit over the internet. This can include books, music, movies, blogs, and much more.
· Patents.
Patents are generally used to protect an invention. These are used on the internet for two main reasons. The first is for new software. The second is for new online business methods.
· Trademarks/Service Marks.
Trademarks and service marks are used the same online as they are in the real world. Trademarks will be used for websites. Service marks are used for websites that provide services.
· Trade Secrets.
Trade secret laws are used to protect multiple forms of IP. This includes formulas, patterns, and processes. Online businesses can use trade secret protections for many reasons. However, it does not prevent reverse engineering.
· Domain Disputes.
This is related to trademarks. Specifically, domain disputes are about who owns a web address. For instance, the person who runs a website may not be the person who owns it. Additionally, because domains are cheap, some people buy multiple domains hoping for a big payday.
· Contracts.
Most people don’t think contracts apply online. This is not the case. For example, when you register for a website, you usually have to agree to terms of service. This is a contract.
· Privacy.
Online businesses are required to protect their customer’s privacy. The specific law can depend on your industry. These laws become more important as more and more information is transmitted over the internet.
· Employment.
Some employee contract terms are linked to cyber law. This is especially true with non-disclosure and non-compete clauses. These two clauses are now often written to include the internet. It can also include how employees use their company email or other digital resources.
· Defamation.
Slander and libel law has also needed updating because of the internet. Proving defamation was not altered substantially, but it now includes the internet.
· Data Retention.
Handling data is a primary concern in the internet age. An area where this has become a big issue is in terms of litigation. In lawsuits, it is now common to request electronic records and physical records. However, there are no current laws that require keeping electronic records forever. This is not true for physical records.
· Jurisdiction.
Jurisdiction is a key part of court cases. Cybercrime has complicated this issue. If a cybercriminal is located in Minnesota and their victim is located in North Carolina, which state has jurisdiction? Different states have different rules about this issue. Also, it can depend on in what court, federal or state, a case was filed. Protecting IP can be difficult over the internet. An example of this would be the popularity of pirated movies and music. Each business that relies on the internet needs to develop strategies for protecting their IP. Governments can also take part in this process. In 1999, India did just this by updating their IP laws.
Cyber Security Strategies
Besides understanding cyber law, organizations must build cybersecurity strategies. Cybersecurity strategies must cover the following areas:
· Ecosystem.
A strong ecosystem helps prevent cybercrime. Your ecosystem includes three areas—automation, interoperability, and authentication. A strong system can prevent cyberattacks like malware, attrition, hacking, insider attacks, and equipment theft.
· Framework.
An assurance framework is a strategy for complying with security standards. This allows updates to infrastructure. It also allows governments and businesses to work together in what’s known as ‘enabling and endorsing’.
· Open Standards.
Open standards lead to improved security against cybercrime. They allow business and individuals to easily use proper security. Open standards can also improve economic growth and new technology development.
· Strengthening Regulation.
This speaks directly to cyber law. Governments can work to improve this legal area. They can also found agencies to handle cyber law and cybercrime. Other parts of this strategy include promoting cybersecurity, proving education and training, working with private and public organizations, and implementing new security technology.
· IT Mechanisms.
There are many useful IT mechanisms/measures. Promoting these mechanisms is a great way to fight cybercrime. These measures include end-to-end, association-oriented, link-oriented, and data encryption.
· E-Governance.
E-governance is the ability to provide services over the internet. Unfortunately, e-governance is overlooked in many countries. Developing this technology is an important part of cyber law.
· Infrastructure.
Protecting infrastructure is one of the most important parts of cybersecurity. This includes the electrical grid and data transmission lines. Outdated infrastructure is vulnerable to cybercrime.
Mitigating Risk
The purpose of cyber law is to reduce risk. This can be done in several ways. Some of the most effective risk reduction strategies of cyber law include the following:
· Cybersecurity Research and Development.
· Threat Intelligence.
· Improved Firewalls.
· The Use of Protocols and Algorithms.
· Authentication.
· Focusing on Cloud and Mobile Security.
· Cyber Forensics.
Another way cyber law can prevent cybercrime is by protecting the supply chain. Interruptions in the supply chain pose big security risks. This is especially true when equipment is allowed to be altered. Protecting the supply chain is key in preventing cybercrime.
Human resource departments can also reduce risk. There are three major ways to do this:
1. Realizing employees may be security risks.
2. Promoting ethical and realistic security mechanisms.
3. Recognizing employees that may be risks.
4. Promoting awareness.
Information sharing is also a key risk-reduction strategy. The best way to do this is with mandatory reporting. When a business is a victim of cybercrime, reporting it right away can reduce further threats. The U.S. promoted this with the Cybersecurity Information Sharing Act of 2014 (CISA).
Lastly, businesses can use a strong security framework. A good framework has three parts:
· The Core. These are activities that allow business to identify, protect, detect, respond, and recover from cyber threats.
· Implementation Tiers. This describes how advanced a business’s security system is. The tiers are Partial, Risk-Informed, Repeatable, and Adaptive. Businesses should strive for the Adaptive tier.
· Framework Profile. This is a database where businesses record information about their strategies. This can include concerns and plans for new cybersecurity.
Network Security
Every network needs advanced security. This includes home networks. The most effective way to improve network security is by using the right technology. Network security technology includes the following:
· Active Dev
Goals And Application Of Cyber Law In Computer Hacking With Legal Remedies. (2022, May 12). Retrieved from https://paperap.com/goals-and-application-of-cyber-law-in-computer-hacking-with-legal-remedies/