June 8, 2023

Cyber crimes relating to unauthorised access: a critical study

 This article has been written by Mr. Arjun Singh Tamang, a 2nd year student of Faculty of Law, University of Delhi.

As Technology has made progress with the coming of software like ChatGPT, artificial intelligence etc, humans are again pondering on the question whether science & Technology is a boon or a bane. Humans, with their application of intellect have made everything possible with a few clicks on mobiles, computers or laptops. Everything is within the reach of us and includes storage of data, online education, online shopping, gaming, stock market trading etc.

Just like coins, everything has 2 sides, while this progress is the positive side. There is also a negative side of this increased dependency on the internet for everything, i.e. Cybercrime. Although it is not defined anywhere specifically, but it is similar to traditional crime like fraud and cheating, but the difference is the manner of commission of crime.

Cybercrime: Overview

Cybercrime in the general sense means a crime or unlawful activity in which a computer is either a tool or a target or sometimes both. These crimes are done by hackers who are specialists in computer coding or by people who have got access of data which can be used to defraud people.

Cybercrime can take many different forms, such as email or internet fraud, identity theft, ransom ware or malware attacks, cyber extortion, phishing, distributed denial-of-service attacks, web hijacking, cyber stalking, salami attacks, the sale of illegal goods, online gambling, email spoofing, cyber-defamation, forgery, data manipulation, and cyber terrorism, among others. 12.67 lakhs cyber attack has been reported in India by the month of November 2022, and it was reported by the MeitY in parliament.

Unauthorised Access – It means when someone who is not the real owner or user uses another person’s account or any other method to obtain access to a website, software, server, service or other system. A simple example of unauthorised access is if someone keeps on guessing a password or username for access which was not his until he gained access, it would be considered as unauthorised access. Unauthorised access has been defined as an offence punishable a penalty of Rs. 1 Crore.

How is Unauthorised Access being done?

Hacking is the term for breaking into a network or computer system without authorization. Hacking is the term for any action taken to gain access to a computer system or network. Hackers create their own computer programmes or use pre-made ones to attack the target computer. They have a strong urge to destroy, and they enjoy doing so. Some cybercriminals hack for their own financial advantage, such as by collecting credit card data, transferring funds from other bank accounts to their own account, and then withdrawing the funds. Government websites are the ones that hackers target the most.

Indian Statutes regarding Cybercrime

Cybercrime is punishable by a number of statutes and rules that have been passed by various authorities. Many cybercrime are punishable under the Indian Criminal Code of 1860 (IPC) and the Information Technology Act of 2000 (IT Act), and as is to be expected, many of their acts are more similar or overlap each other.

There have been several cases around the world regarding unauthorized access cyber crime. Here are a few notable ones:

1. The Pune Citibank Mphasis Call Center Fraud Case

In this fraud, some ex-employees of BPO dishonestly transferred 350000 US dollars from accounts of four US customers to a bogus account. This case was committed to using “unauthorised access” to the Electronic Account Space of US customers. Employees gained the confidence of the victims in the guise of helping them out from a difficult situation and got their PIN number to commit fraud. This offence was recognized under section 66 and 43 of IT Act 2000 and the accused involved were held liable for imprisonment and to pay the damage to the victims to the maximum to the extent of 1 crore per victim.

2. State of Tamil Nadu v. Suhas Katti (2014)

In this case, Suhas Katti, a software engineer, was arrested by the Tamil Nadu police for unauthorized access to a computer system. He had hacked into the website of the Tamil Nadu Public Service Commission (TNPSC) and obtained confidential information of over 50,000 candidates who had applied for government jobs. Katti was charged under Section 66 of the Information Technology Act, 2000 (IT Act), and was sentenced to two years imprisonment.

3. Shreya Singhal v. Union of India (2015) 

The Supreme Court of India struck down Section 66A of the IT Act, which criminalized the sending of offensive messages through a computer or communication device. The court held that the provision was vague and overbroad, and violated the freedom of speech and expression guaranteed by the Constitution of India. The judgment is significant as it has set a precedent for the protection of online free speech in India.

Best practices to prevent unauthorised access – there are various methods to safeguard the data from breach, like as follows:

1. Strong Password policy – According to NordPass’ latest list of top 200 most common passwords in 2022, “password” is the most popular choice, followed by “123456”, “123456789”, “guest” and “qwerty“. Users or organization should make a password of combination of alphanumeric, symbols and keep on changing them on a regular basis.

2. Principle of Least Privilege (POLP)

This approach aims that in an organization least access should be provided to individual so that he can perform his responsibilities but not more than that. Access should be given only for the performance of “core responsibilities” because access more than this invites chances of unauthorised access though temporary access is there for completion of responsibilities.

3. Network Security

Network security measures such as firewalls, intrusion detection systems, and antivirus software can prevent unauthorized access by detecting and blocking suspicious traffic.

4. Employee Training: Employee training is essential to prevent unauthorized access. Employees should be trained on safe computing practices, such as not sharing passwords, not opening suspicious emails, and not downloading files from unknown sources.

5. Regular Security Audits: Regular security audits can identify security weaknesses and vulnerabilities that could be exploited by cybercriminals. A security audit can help to prevent unauthorized access by addressing security issues before they can be exploited.

Conclusion

With the advancement of technological development, it has led to the emergence of unpleasant aspects on the dark web. Some people have decided to use internet technology as a tool for unlawful and malicious activities which are either for financial gains or personal vengeance. This is where cyber laws comes into picture as there are some actions on which there are no legal legislation formulated till now and often recognised as grey activities. This is why a great mechanism of laws and regulations is required as cyberspace is a very challenging area to manage for any government. 

In the 21st century whole world has become global village and after pandemic more and more people have relied & understood the significance of internet technology due to remote work. This is a high time to update and improvised cyber laws to keep up with cyber crimes as imposters are really into high technology to commit crime. Strict legislation is required on that grey area which are not yet regulated and explored. Legislators while making regulations need to be extra cautious as not to badly affect the victims and more emphasis should be given on cyber awareness as how to safeguard ourselves and more importantly what to do if someone becomes victim of cyber crime. In the end being aware and taking steps is the only way to tackle this menace of cybercrime.

References 

https://www.medianama.com/2022/12/223-12-67-lakh-cyber-attacks-reported-november-2022-meity/
https://www.computerhope.com/jargon/u/unauacce.htm
https://www.legalserviceindia.com/legal/article-4998-cyber-crime-in-india-an-overview.html

https://blog.ipleaders.in/cyber-crime-laws-in-india/https://blog.ipleaders.in/cyber-crime-laws-in-india/

https://lawbhoomi.com/cybercrimes-relating-to-unauthorised-access-a-critical-study/
https://www.cyberralegalservices.com/detail-casestudies.php

Aishwarya Says:

Law students often face problems, which they cannot share with their friends and families. We have started a column on our website Student’s Corner. In this column we are talking to several law students about the challenges that they face. Students who are interested in participating in the same, can fill this Google Form.

IF YOU ARE INTERESTED IN PARTICIPATING IN THE SAME, DO LET ME KNOW.

The copyright of this Article belongs exclusively to Ms. Aishwarya Sandeep. Reproduction of the same, without permission will amount to Copyright Infringement. Appropriate Legal Action under the Indian Laws will be taken.

If you would also like to contribute to my website, then do share your articles or poems to aishwarya@aishwaryasandeep.com

Join our  Whatsapp Group for latest Job Opening

Related articles