Legal action you can take when your website is Hacked
WHAT IS HACKING?
There are several types of computer crimes, but some of the most high-profile examples involve hacking. With data breaches increasingly becoming daily occurrences, hackers have affected everything from the economical to the political by invading every aspect of our lives. However, hacking doesn't always rise to the level of a crime. Because of the varying degrees of hacking and its increasing prevalence in our society, it's important to understand where the lines are drawn.
Hacking is broadly defined as the act of breaking into a computer system. Hacking isn't always a crime as "ethical hacking" occurs when a hacker is legally permitted to exploit security networks. In other words, it's when a hacker has the appropriate consent or authorization. However, hacking crosses the criminal line when a hacker accesses someone's computer system without such consent or authority. For instance, if an individual act without consent or any lawful authorization (i.e. from law enforcement agency and/or court order) and penetrates a business' firewall to access private servers and cloud storage systems or uses phishing to install malware to desktop and laptop computers with the intent to monitor communications and activities, they can be charged with a crime.
With the evolution of technology and the cheap data rates, India has become the second-largest internet user’s country in the world, with around 451 million monthly active users in the year 2018. Further, it is also expected that internet users will rapidly grow in the coming years. So, Does the Indian law protect us like the law in developed nations does? What action can we take against data theft?
LEGAL ACTION AGAINST HACKER AND HACKING
In India, the Information Technology act, 2008 tries to protect every individual from Hackers. The major sections which protect the online users from this threat are:
Section 43 of the Information Technology Act: Penalty for damages to computer, computer, computer system, etc.- The act defines that if any person accesses a computer, or computer system or computer network without the permission of the owner, or downloads, copies and extracts any data, or causes disruption and any system; inter alia, they will be liable to pay damages by way of compensation to the person so affected, and may also be punished with imprisonment for term of up to three years or with the fine of up to five lakh rupees, or with both.
This section specifies almost every kind of hacking/cracking offence from illegal access, extraction of data, contamination of data, network disruption, denial of access, manipulation of data, destruction, removal or alteration of data to data theft, illegal concealment of data, etc.
Section 66 of the Information Technology act Computer Related Offences- If any person, dishonestly or fraudulently, does any act referred to in section 43, he shall be punishable with imprisonment for a term which may extend to three years or with fine which may extend to five lakh rupees or with both.
Therefore, relying on these provisions, one should rest assured that the Indian law duly supports the innocent people against the act of hacking.
Dr.Rishi Dixit &Ors. Vs. Ms. Preventive Life Care Pvt. Ltd.
The Appellants were employed in a Respondent company i.e. Preventive Life Care Pvt. Ltd. engaged in the business of providing diagnostic services related to genetic disorder for new born babies. Appellant no. 1 was employed as senior manager in charge of business development activities and appellant no. 2 was working as senior research associates. The Appellants while working with the respondent company collected data and sensitive information, replicated the business model of the company and formed new company called M/s Navigene Genetic Pvt. Ltd. The Appellant dishonestly and secretly stole sensitive and confidential information, algorithm, formulas, reports of life cell and data base of hospitals, clients information and other analysis reports and sent them to their personal email addresses.
The Respondent Company filed a civil suit and criminal complaint against the Appellants. The Adjudicating officer held that the appellant sent official documents and data to their personal emails and the slight modifications for their own use lead to stealing of data under section 43 of the IT Act. The Appellants were thus held guilty of Data theft under section 43(b) of the IT Act, read with 43(i), 43(j) and 66 of the said act.
Gagan Harsh Sharma & Anr v State of Maharashtra & Anr
The case arose out of an FIR filed by M/s Manorama Infosolutions Private Limited (Manorama) against the accused under Sections 43, 65 and 66 of the IT Act and under sections 408 and 420 of the IPC for, inter alia theft of healthcare software of Manorama. It was alleged that certain employees of Manorama along with third parties had gained access to the computer system of Manorama and stolen certain source code to create their own software.
The question for consideration of the Bombay High Court was, whether the offences alleged under sections 43, 65 and 66 of the IT Act could be tried together with the same offence alleged to have been committed under the IPC. It was held by Bombay High court that the offences in question are covered under the IT Act and therefore such a special law (i.e. the IT Act) would override the general law (i.e. the IPC). The Court found that the offence in question involved the use of computer source code and computer systems for stealing software, an offence covered under Section 43 and Section 66 of the IT Act. It further held that the definition of 'dishonestly' and 'fraudulently' as stated under Section 66 referred to the IPC. It was found that if an offender is prosecuted under both enactments, it would amount to being prosecuted for the same offence as the ingredients of the offence alleged under IT Act are the same as compared to the offence alleged IPC. Hence, would amount to a violation of the principle of double jeopardy.
While ethical and unethical hacking is old concepts. But many people in the country are not aware of it. People are not aware of the potential harm which could be posed by the act of hacking in their lives and the remedies available against these illegal acts. the corporations/individual should know that in India the Information Technology act, 2008 under its section 43 allows the victim to recover the damage without any cap on recovery, although before 2008 there was a cap on the recovery of damages, which was limited to one crore Rupees. The organization/individual should seek a legal remedy, by filing a cyber complaint on the matter. Laws against the hacking are stringent, but they are often unenforceable, as the majority of minor hacking/cracking cases are unnoticed, because the victim is unaware of their legal remedies. Therefore, the government should also promote awareness about the remedies available against cybercrime.