This article is written by Gaurav Lall pursuing BBA LL.B. (Hons.) at United World School of Law. The article speaks about the brief explanation of cyber hacking and the laws for the protection of humans from hackers. 


Cyber Hacking is identifying weakness in computer systems or networks to exploit its weaknesses to gain access. Example of Hacking: Using password cracking algorithm to gain access to a system. Computers have become mandatory to run a successful business. It is not enough to have isolated computers systems; they need to be networked to facilitate communication with external businesses. It is ironical to see that the most trusted source of information and a store for data can turn out to be a wide platform for some to steal information. It means using computers to commit fraudulent acts such as fraud, privacy invasion, stealing corporate/personal data, etc. Cybercrimes cost many organizations millions of dollars every year. Businesses need to protect themselves against such attacks.

Unlike the majority of computer crimes which are regarded as clear cut in terms of legality issues, computer hacking is somewhat ambiguous and difficult to define. In all forms, however, computer hacking will involve some degree of infringement on the privacy of others or the damaging of a computer-based property such as web pages, software, or files. 

As a result of this definition, the impact of computer hacking will vary from a simple invasive procedure to an illegal extraction of confidential or personal information.

Different forms of Cyber Hacking

One of the most frequent threats of hacking is those faced by the websites. It is very common to see a particular website or online account being hacked open intentionally using unauthorized access and its contents being changed or made public. The web sites of political or social organizations are the frequent targets by groups or individuals opposed to them. It is also not uncommon to see governmental or national information website being hacked. Some of the well-known methods in website hacking are:


This implies replicating the original website so that the unsuspecting user enters the information like account password, credit card details, which the hacker seizes and misuses. The banking websites are the frequent target for this.


These are released by the hacker into the files of the website once they enter into it. The purpose is to corrupt the information or resources on the website.

UI redress

In this method, the hacker creates a fake user interface and when the user clicks with the intent of going to a certain website, they are directed to another site altogether.

Cookie theft

Hackers access the website using malicious codes and steal cookies which contain confidential information, login passwords etc.

DNS Spoofing

This uses the cache data of a website or domain that the user might have forgotten about. It then directs the data to another malicious website.

Laws on Hacking in India

Section 43 and Section 66 of the Information Technology Act (IT) Act cover the civil and criminal offences of data theft or hacking respectively.

Under Section 43, a simple civil offence where a person without the permission of the owner accesses the computer and extracts any data or damages the data contained therein will come under civil liability. The cracker shall be liable to pay compensation to the affected people. Under the ITA 2000, the maximum cap for compensation was fine at Rs 1 crore. However, in the amendment made in 2008, this ceiling was removed. Section 43A was added in the amendment in 2008 to include corporate shed where the employees stole information from the secret files of the company.

Section 66B covers punishment for receiving stolen computer resource or information. The punishment includes imprisonment for one year or a fine of rupees one lakh or both. Mens rea is an important ingredient under section 66A. Intention or the knowledge to cause wrongful loss to others i.e. the existence of criminal intention and the evil mind i.e. the concept of mens rea, destruction, deletion, alteration or diminishing in value or utility of data are all the major ingredients to bring any action under this Section.

The jurisdiction of the case in cyber laws is mostly disputed. Cybercrime does not happen in a particular territory. It is geography less and borderless. So it gets very difficult to determine the jurisdiction under which the case has to be filed. Suppose a person works from multiple places and his data gets stolen from a city while he resides in some other city, there will be a dispute as to where the complaint should be filed.


It can be seen that the threat of computer crime is not as big as the authority claim. This means that the methods that they introduce to combat, it represents an unwarranted attack on human rights and is not proportionate to the threat posed by cyber-criminals. Part of the problem is that there are no reliable statistics on the problem; this means that it is hard to justify the increased powers that the Regulation of Investigatory Powers Act has given to the authorities. These powers will also be ineffective in dealing with the problem of computer. The international treaties being drawn up to deal with it are so vague that they are bound to be ineffective in dealing with the problem. It will also mean the civil liberties will be unjustly affected by the terms of the treaties since they could, conceivably, imply that everybody who owns a computer fitted with a modem could be suspected of being a hacker. The attempts to outlaw the possession of hacking software could harm people who trying to make the internet more secure as they will not be able to test their systems. The cyber hacking is protected under the IT Act which performs as prevention not cure. 

Latest Posts


Leave a Reply

Your email address will not be published. Required fields are marked *