“ETHICAL HACKING LEGAL OR NOT”

A report
Submitted for A.S.E. End Sessional Examination (VI semester) for the Bachelor
degree in B.C.A. to the R.N.B. Global University (Bikaner, Rajasthan)

Submitted By

Amit Modi

RNB Global University, Bikaner October, 2018

1
Acknowledgement
We would like to express our sincere gratitude to Mr. K.K. Bajaj Sir, Vice Chairperson, R.N.B. Global
University for allowing us to undertake this work.
We are grateful to our supervisors Dr. Kumud Sarin, Dean of School of Basic and Applied Sciences for
her continuous guidance advice effort and invertible suggestion throughout the research.
We are also grateful to Mrs. Manjoo Saraswat for providing me the logistic support and her valuable
suggestion to carry out our research successfully.
Lastly we would like to express our sincere appreciation to our parents especially for encouraging and
supporting us throughout the study.

2
Executive Summary
The study attempt to investigate the role of microbes in daily life. In addition the study focused on
the general account of all the microbes. And also comprehend the social acceptance and industrial
applications of these for the manufacturing of different products along with their past and future
aspects.
Beside this the industrial applications and social acceptance of these products were examined through
computational tools.
The report contains all facts and figures and names of some ethical Hackers who owned their name in
2017, ethical hacking laws and acts, professionalism in ethical hacking, ground rules of ethical
hacking, debate on education related to ethical hacking and many more.

3
Abstract
The internet has considerably enhanced various business critical operations of company’s indifferent
industry sectors across the globe. However, as more and more organizations become partially or
completely dependent on the internet, computer security and the serious threat of computer criminals
comes to the foreground. The explosive growth of the Internet has brought many good things:
electronic commerce, easy access to vast stores of reference material, collaborative computing, e-
mail, and new avenues for advertising and information distribution, to name a few.
As with most technological advances, there is also a dark side: criminal hackers. Governments,
companies, and private citizens around the world are anxious to be a part of this revolution, but they
are afraid that some hacker will break into their Web server and replace their logo with pornography,
read their e-mail, steal their credit card number from an on-line shopping site, or implant software
that will secretly transmit their organization’s secrets to the open Internet. With these concerns and
others, the ethical hacker can help.
Unfortunately, most organizations across the globe continue to remain oblivious of the threat.posed
by computer criminals, corporate espionage and cyber terrorism. Ethical Hacking attempts to pro-
actively increase security protection by identifying and patching known security vulnerabilities on
systems owned by other parties.

4
Table of Contents
S.No. Topic Pages
1 Acknowledgement
2 Executive Summary
3 Abstract
4 Introduction
5 History
6 Constitutional Argument
7 Trespass
8 Civil Law
9 Criminal Law
10 Hacking Acts
11 Ethical Hacking as a Profession
12 Needs of becoming an Ethical Hacker
13 Specialized Courses
14 Institutes for courses
15 Important Examinations
16 Countering the Problems
17 List of Indian Ethical Hackers
18 Conclusion
19 References

5
Introduction

Ethical hacking is a branch of study where computer security experts (ethical hackers/white hat
hackers) find the vulnerabilities and weaknesses of a system with the permission of the owner of the
system who is responsible for fixing of vulnerability. So it can be called a good hacking which finds
out any probable way to hack the system and fixes it before it is hacked by black hat hackers. It is also
understood as a preemptive action by the original owner of the system.

The term “Ethical hacking” has always been contentious. Many people question the existence of this
term because the two words ethical and hacking are themselves contradictory. At the end of the day,
hacking is an unauthorized intrusion which is a negative connotation and is never considered an ethical
thing to do therefore the term is always questioned. Ethical hacking is also known as penetration
testing, intrusion testing, or red teaming but it is not only limited to penetration testing. If hacking is
offensive, ethical hacking is defensive.
White hat hackers are normal computer hackers who possess expertise in computer security research,
work independently or with other researchers. Nowadays ethical hacking has become a profession.
These people ensure the security of an organization’s information systems.

6
History of Ethical Hacking

The first instance of hacking took place around 1960 at MIT which gave birth to the word hacker. By
the end of 1980, the internet had been acknowledged by the market. People had started utilizing the
internet for their business, internet-based businesses were also coming up with advertisements, e-
commerce etc. This time people were also worried about hackers because if the system is hacked they
may lose control of private and personal information regarding its employees, the organization, and its
clients. So it was the time when people felt the need of ethical hacker and thought of hiring a computer
expert who could hack their system with their permission but instead of damaging the system he would
evaluate the system security and report the vulnerabilities that they have found. Moreover, they would
provide instructions for fixing those remedies.

Initial ethical hacks were conducted by United States Military to evaluate their operating systems to
determine whether they should employ a two-level (secret/top secret) classification system.

7
Ethical Hacking in India

Before going into the legality of ethical hacking, we have to keep in mind that hacking and ethical
hacking are different. Hacking is a wrongful act under Indian legal system. Although ethical hacking
is not so prevalent in India yet it is an evolving profession. There are various institutes and colleges in
different cities of India which offer courses of ethical hacking. India emerged as the third most
vulnerable country in terms of risk of cyber threats, such as malware, spam, and ransomware, in 2017,
moving up one place over the previous year, according to a report by security solutions provider
Symantec.

Although Indian laws do not specifically deal with ethical hacking yet hacking is a punishable offense
in India. The act of Hacking contravenes the underlying principles of India legal system. The subject
of ethical hacking has not been dealt with explicitly in Indian laws, therefore, it enjoyed neutral status
under Indian legal system.

8
Constitutional Argument

As per constitutional principles hacking interferes with Article 21 which deals with the right to life and
personal liberty which includes right to live with dignity. Moreover, the act of hacking also infringes
the right to privacy of an individual which is a fundamental right now. By intruding upon the system,
black hats invade the private information of a person or organization whereas ethical hacking ensures
that such things do not happen. Thus ethical hacking is legal as it stands true on constitutional
parameters.

9
Not a Crime

Two elements are required for the constitution of a crime and these two elements are

1.) mens rea i.e. bad intention

2.) actus reus i.e. physical act.

In ethical hacking, the first and the basic ingredient i.e. mens rea itself is missing, therefore, the
question of it being a crime does not arise. Moreover, ethical hacking is done in order to prevent
hacking, therefore, it is necessary.

10
Trespass

Trespass is mainly divided into 2 sections namely

1. Trespass to the person, and

2. Trespass to property.

For this article, the only trespass to property is relevant. The general definition of trespass states that it
is an unauthorized intrusion upon the property of another without the permission of the true owner.
The trespass is a wrong under both the branches of laws i.e. civil law and criminal law. In Civil laws,
the intention is irrelevant whereas in the latter intention is essential.

The wrong of trespass is the only offense which is often attributed to ethical hacking but it is actually
applicable to the act of hacking and not ethical hacking.

11
Civil Law

Under civil law, trespass means entering in the property of another without the permission of the owner.
It is a part of the Law of Torts which is an uncodified law and based on the case laws. Although the
law of torts only covers tangible property so it will neither be applicable to hacking nor is it applicable
to ethical hacking. In furtherance of the same, ethical hacking does not invoke any liability because it
is done with the permission of the owner so the question of it being a civil wrong will never arise.

12
Criminal Law

Under Indian criminal law, trespass is defined under section 441 of Indian Penal Code (IPC), 1860 with
a very wide scope. In short, it defines trespass as entering upon the property of another with malice or
with the intention to cause some harm or to intimidate the owner of the concerned property. Here, it is
not specified that what kind of property is needed to constitute the crime of trespass.

Trespass is a wrong against the property which is of two types

1). tangible

2). intangible.

Hacking is trespass to a computer system which is an intangible property. Physical intrusion and
physical harm are not always important to determine the liability for trespass. Nowadays computer
system, software, websites all are construed as property. The expressions like homepage, visiting a
website, domain or traveling to a site etc. are used in the internet world, this suggests that the websites
are property. Therefore any kind of unauthorized intrusion on them with bad intention can come under
the purview of criminal trespass. All the essentials such as intent to commit an offense or to intimidate,
insult or annoy are absent in the act of ethical hacking, therefore, it is legal and doesn’t invoke any
liability.

13
Information Technology Act, 2000

Information technology (IT) Act, 2000 is a watershed movement in Indian legal system and a landmark
in the cyber law arena. If we look at the provisions of IT act cautiously, we can deduce that it covers
almost all the wrongs that emerge from hacking because hacking is such offence which is very wide
and covers a lot of other offenses e.g. a person who hacks the system of another person can leak the
private information of the owner, it can also be used to extort money, a black hat hacker can also use
the information to enrich himself etc.

Chapter XI Section 66 of IT Act, 2000 particularly deals with the act of hacking. Section 66(1) defines
a hack as, any person, dishonestly or fraudulently, does any act referred to in Section 43 is called
hacking, and Section 66(2) prescribes the punishment for it. Hacking is a punishable offense in India
with imprisonment up to 3 years, or with fine up to two lakh rupees, or with both.

Chapter IX Section 43 of IT act, 2000 prescribes a penalty for the damage to computer or computer
system. It is a common thing which happens whenever a computer system is hacked. Black hats
damage the system that they hack and steal the information. This enumerative provision includes a lot
of activities.

Chapter XI Section 65 of the said act makes tampering with computer source documents an offense.
Section 72 of the same chapter makes the breach of confidentiality and privacy, a punishable offense.
This is the most common aftermath of hacking.

All the above-mentioned provisions mandatorize the need of mala fide i.e intention to cause harm
which is absent in ethical hacking therefore ethical hacking is not illegal in India.

14
2ND Act - The Need of the Hour

India is ranked third among countries which are facing highest number of cyber threats as per security
software firm Symantec. The same research also ranked second in terms of targeted attacks (see here).
Keeping this data in mind, it is unjustified to ignore the necessity and importance of ethical hacking in
the current legal scenario. It is a legal way of hacking a networking system and has to work under some
rules. As far as the governing rules are complied with, the act is justified. Furthermore, ethical hacking
includes the permission of the owner of the system and that is done in compliance with the law which
again strengthens the legal of ethical hacking.

On the one side, a black hat can break in the system and use the points of entry to promote illegal
activity, on the other hand a white hat enters into a computer system with the prior permission of the
owner to find the points of entry which may be used by black hats to promote illegal activity. Therefore
white hats obstruct the invasion of black hats and ensure safety.

The era we live in is the era of internet, a computer system is a home to infinite information and
accounts so the threat is omnipresent. As a result of this mass storage of information, our computer
system needs to be updated timely and required action should be taken to prevent black hats from
gaining such data.

Therefore ethical hacking is legal.

15
Ethical Hacking as a Profession

Cyber Security and Networking are booming Industries of the world today. Every country in the world
seeks efficient utilization of the Internet. Companies use the Internet to run them and manage their
activities. Internet utilization has eased the work of such entities but at the same time, it also poses a
threat to them. Thus the ethical hacking is altogether a new profession in itself and its growing day by
day. The dream of the digitized country further strengthens the need for ethical hacking in India
because it seeks utmost utilization of the Internet.

We need to understand that cyber-security is a process and not a product and there is no server or cyber
system which is beyond hacking. Everything on the internet can b hacked depends upon the expertise
of hacker and the efforts given. White hats work with the government and private firms to test their
networks for vulnerabilities, loopholes, and bugs to stop an actual black hat from encroaching upon
the network.

The profession of Ethical Hacking can be of two types namely:-

 Ethical Hackers are hired by companies to hack their own respective company

In the age of information, the most dangerous things s the information itself. It is in your favor as long
as you possess it but as soon as it escapes and reaches to wrong hands it overshadows any other most
dangerous things. In such scenario, big companies face the biggest cyber security threats from their
competitors. They always live under the threat of their system being hacked. All the information
pertaining to their business are stored on the server which if hacked can ramshackle the business Ethical
hackers are euphemistically called cyber security experts. The profession of Ethical hacking is not only
limited to IT companies but other companies also hire ethical hacker now. Companies like Wipro,
Infosys and IBM Wipro, Infosys, IBM, TCS, Tech Mahindra, HCL, Airtel, Reliance are some of the
examples of the companies which are known for ethical hacker recruiters.

16
  When Ethical hackers are hired by Government as cyber security experts

Nowadays government of different countries is facing a problem with respect to their cyber security.
Although Government of India does not offer Job of the ethical hacker in any of its departments. In
various government departments, cyber security experts are employed for the cyber-related work.

Moreover, various government agencies and wings of the military and law enforcement, defense
organizations, forensic laboratories, detective companies, and investigative services need ethical
hackers. Investigative agencies like the Central Bureau of Investigation (CBI), the National Security
Agency (NSA) and the Federal Bureau of Information (FBI) employ cyber security experts but don’t
divulge their information in public.

Some of the government departments where government recruits cyber security experts are Department
of Electronics and Information Technology and under which there is ICERT (Indian Computer
Emergency Response Team), Intelligence Bureau, Ministry of Communications & Information
Technology, Department of Telecom, National Technical Research Organisation, Defence Research
and Development Organisation, Army etc. This is not an exhaustive list and nowadays other
departments of government also need computer experts. There are proper written exams and interviews
for such jobs.

17
What do you need to become an ethical hacker

To become an ethical hacker the first thing you need is the love for computers. Your passion and
creativity make you different from other computer experts. The more one knows about the computer
the better cyber security expert he can become. In India, there are a lot of institutes which provides
courses for ethical hacking.

Basic Requirement

The first and foremost requirement for becoming an Ethical Hacker is a strong foundation in Computer
Science or Information Technology through for which people opt B.Tech or B.Sc. It is the first
requirement of ethical hacking and needs to be fulfilled before taking specialized courses in Internet
Security. Knowledge of the programming languages like C, C++, Python, Ruby etc. is prerequisite for
this profession. Good understanding of operating systems like Windows, Linux and Firefox etc. is also
an important part of the ethical hacking profession.

18
Specialized Courses

Following are some of the courses which are opted for choosing ethical profession as a profession:-

 Certificate course in Ethical Hacking

 PG Diploma in Information Security and System Administration
 M.Sc in Cyber Forensics and Information Security
 M.Tech in Cyber Security and Information Security
 Certificate Course in Cyber Laws
 M.Sc. Cyber Forensics and Information Security
 Post Graduate Diploma in Cyber Laws
 Post Graduate Diploma in Digital and Cyber Forensics and Related Laws
 Advance Diploma in Ethical Hacking
 Certificate in Information Security and Ethical Hacking
 Certified Information System Security Professional (CISSP)
 CCNA Certification
 Post Graduate Diploma in IT Security

These are available both online and offline. The vital point to note in all above the courses is the
availability of the certificate. Without a valid certificate, a person cannot become because legality is
the first and foremost principle of this profession.

19
Institutes which are prevalent for Ethical Hacking

 Institute of Information Security, Mumbai, Chandigarh

 Ethical Hacking Training Institute, New Delhi
 Ankit Fadia Training Center, Delhi, Bihar, Chhattisgarh, Tamil Nadu, Jharkhand, Punjab,
Tripura, Rajasthan, Andhra Pradesh
 National Institute of Electronics and Information Technology, Calicut
 University of Madras, Madras
 Indian Institute of Information Technology (IIIT), Allahabad
 SRM University, Tamil Nadu
 IMT, Ghaziabad
 Tech Defence, Ahmedabad, Delhi
 Amrita School of Engineering, Coimbatore
 School of Vocational Education and Training, Indira Gandhi National Open University
(IGNOU)
 Indian School of Ethical Hacking, Kolkata

20
Important Examinations

Many colleges conduct their own exams for these courses, whereas there are colleges and institutes
which have their own criteria for admission in these courses. Besides this, the Graduate Aptitude Test
in Engineering (GATE) is the most common Entrance examination used for the admission in Masters
Courses on Information Security such as M. Tech and M. Sc.

21
A. Education and training

The problem of teaching students to hack is still a very serious issue that we face today; course
leaders feel that they will teach students how to improve intrusion. To understand the true intentions
of students is very hard to pinpoint so the reason why ethical hacking should be used is very much
a debate. Teaching a student to hack and later discover that knowledge was used to commit crimes
will definitely have an impact on society as to why he was allowed to understand how to hack in the
first place, but we cannot, simply, pinpoint our argument to say that it was the fault of the course
leaders that allowed him to undertake the course [2]. If that were the case, then we would have major
problems in other areas, such as when cars are constructed they are crash tested to fully understand
areas of improvement to give users a reliable car, if companies did not test the issues, would it be
the fault of the manufacturer if the car was involved in a car crash. Teaching students to hack in
effect gives them a global knowledge of how to hack into computer systems with the help of
University lecturers. The threat they pose is unimaginable. With the current state of mind students
are in, it is easy to imagine what kinds of threats they pose, some in the past have gone on gun sprees,
killing innocent students, some starting terrorist plots and now the University helps in causing
damage to networks, essentially giving students of “how to do it” directly, showing tools that can
be used to do such crimes, similar to giving a burglar a crowbar to break into
houses. “A problem with teaching undergraduate students using this approach is that the instructor
is effectively providing them with a loaded gun” [3], [4].

Once a student acquires new skills they may use them for good or even for bad intentions, certain
policies that are not being applied at university that need to address issues for students conducting
malicious acts, however these can be rectified by applying security checks on individuals which
Universities do for certain courses such as ethical hacking. A criminal background check, the
requirement of some sort of professional certification, and student interviews are a few measures
that could potentially weed out several, if not all, students with potential malevolent intentions [5].
With an array of training courses that are available around the world it would be a difficult task to
understand the reason behind their interest in the course. It could be the fact that the individual has
been interested in security for a long time and that his main objective is to perfect his CV for better
job Prospects and a better salary; the fact cannot be ignored that ethical hackers are highly paid
individuals. To a certain extent ethical hacking is ethical. If we did not have such measures in place
we would need to manually ensure that our systems are safe, so ethical hacking can ensure safety of
our systems if conducted ethically

22
b. Trusting the potential enemy

No one individual in this world is the same; their looks, shape, size and even mental states, and the
actions for any one individual cannot be perceived as one would hope to, to remedy problems two
totally different individual would need to be hired to run tests for companies so that no one individual
can have total freedom with any one system. The need for secure information is important and maybe
an important factor into ethical hacking. Concerned individuals would want to understand certain
things about themselves or society in general; this information can lead to major problems of who
can obtain that information and who should see it.

Hacking is wrong for any gain whether that is financial or personal. It can be argued that after
working on a big projects with one of the countries big financial companies to find security flaws to
help remedy problems, can help to reinforce the knowledge of a ethical hacker and sometime in the
future out of curiosity or through spite breach his contract and sell his ideas to criminals. It was
argued that this can be achieved and that this is one of the many problems ethical hacking faces. It
is believed that Christians and Muslims feel that committing adultery is wrong and is a major sin.
Fundamentally, there is a distinction between ethics and religion, but the urge of wanting you not to
do it does not prevent you and you may go ahead and do it anyway. “…used to explain how different
people have different perception of right or wrong, depending on their religion, culture or
society.”[6] Hackers have a tendency of gaining access to systems and may well know that it is
wrong but for that same religious reason, make them want to do it for pleasure or other means.

With the growth of the technological aspects of business it is fast growing that all our data is to be
made electronic; all business transactions are done electronically to try and bring us into the next
generation. eBay for example is a global auction site that persuade businesses to sell their goods,
allows an auction room in the comfort of our own homes. Ethical hackers can and may use their
abilities to try and avoid paying for items they have brought because they know they can. They use
their power to “help themselves” without being caught, at the expense of others, and can be seen as
ethical hackers occasional job, essentially in this sense ethical hackers by day and wear black hats
when they need to! Unfortunately, some of the skilled professionals use their abilities to harm the
society, by finding the vulnerabilities in the companies’ systems and attacking them, creating and
distributing viruscontaining codes, finding the ways to avoid payments for the desires services… [7]

The idea of corruption can be seen as a major issue in ethical hacking and who we can trust to do
the job for us. An ethical hacker may do the job and do it well, but to understand his true intentions
can be justifiable. If the ethical hacker is corrupt then maybe the company is corrupt if they deny
any mishaps in checked securities that is when an EH has produced his report and the company gets
hacked, the company would turn to the security testers who tested the system. It is understood that
the idea here is rather extreme but we need to understand the possibility.

23
c. Risk Management

Ethical hackers are highly paid professionals with a legitimate status and a means of access. They
can minimise the risk of impact, clearly identifying benefits and flaws helping senior company
directors to understand if such activities should be undertaken. Ethical hackers could explore
vulnerabilities beforehand to minimise the risk. The company could undertake penetration tests to
find if they are vulnerable to attack. Finding vulnerabilities for companies not only helps the
company but also minimises the risks of attacks, however ethical hackers have five days in general
to perform tests, what happens if vulnerabilities are overlooked. If an ethical hacker fails to deliver
results to the business and assumes the system is safe and that it has no problems, who can be liable
for legal actions if a malicious hacker gets into the system? Surprisingly, a journal by IBM on ethical
hacking reports, “….the client might ask “So, if I fix these things I'll have perfect security, right?”
"Unfortunately, this is not the case. People operate the client's computers and networks, and people
make mistakes. The longer it has been since the testing was performed, the less can be reliably said
about the state of a client's security. A portion of the final report includes recommendations for
steps the client should continue to follow in order to reduce the impact of these mistakes in the future

There is little possibility of ethical hacking in work places if information is not accurate. If a
company has been hacked ethically, what is the colour of the individual’s hat is it black or white?
Giving special privileges to users then to return with non-accurate information as Palmer [6]
describes we can ask ourselves what the differences are, as opposed to using normal security
software to do the job for you. Deeper analyses showed that correctly programming systems initially
would help to improve security. The main concern would be the cost to both manage and administer
to provide great solutions. The idea of self-improving can be another issues, so to whom we can
allow these improvements, the company or the ethical hackers to increase their knowledge and thus
getting enough information they can get hold of and then launching attacks from different parts of
the world as a ethical hacking regime that would build knowledge by posing as ethical hackers and
getting information to exploit. Another way to view this is, if legitimate ethical hackers who aim to
remedy security issues, whether they should be allowed to access certain information and be entered
into security barriers. In order to do the job we must have some leeway and be allowed to use certain
tools to help them with their job, the example of Randal Schwartz, who was sentenced for only doing
his job, best describes the need to use tools without any question, to identify security vulnerabilities.
Ethical hackers can identify problems, but to what extent, even they would not realise a normal virus
eating away at data, they may miss it or let it go since they only have a limited time to perform test,
it is the hackers intent to bypass and deceive the network, the ethical hacker may be vigilant of this
and compromise the network leaving it till problems arise, +therefore raising the issue of “man on
the inside”, so essentially ethical hackers may find it easier for hackers to infiltrate their attacks.

24
D. Helping the enemy

Almost nothing is secure in our technological world, there is freedom of information and is out there
for anyone hungry enough to want it. CAPTCHA is a Turing test application that makes accurate
distinctions between humans from computers, which can help us understand attacks more clearly
and prevent them from happening. Making the distinction between humans and computers help us
to rectify problems and to further administer them, that is to say catch the human criminals and let
the computers do their job. There are many tools that are available that help ethical hackers help
them do their job effectively. It can be understood that there are different varieties of the same tool,
a couple of tools that can be used by the ethical hacker to hack systems is NMap to find open ports
but this is readily available for anyone to download and use, Acunetix, another commercial package
that tests for web application vulnerabilities but can be available unethically by a hacker using
certain cracks that can be found on the internet These tools can be used by a normal hacker as well
as an ethical hacker, the hackers uses them for criminal intentions and the ethical hacker uses them
for the benefit of the organization to help identify weaknesses and flaws in the security.

Google is a great search engine that allows valuable and sometimes illegal information to be
obtained. Google causes privacy concerns, for the true people that understand how to obtain such
information by using clever commands can use Google as a helpful tool into getting as much
information as possible. Is it ethical for Google to hold such information about a certain individual
or companies? Certainly, the answer here would be no, it
allows us to obtain sensitive information about our targets, good for the hacker, but bad for the
target. Though it is still available, companies must ensure that all employees don’t send any sensitive
information across the internet. Google can play a major part as to giving valuable and sometimes
sensitive information. This causes great concern for the individuals that purchase or have web
servers with valuable information. With further investigation Google allows retrieving valuable
information. Let us take for example shipping a valuable package and that it is decided to be sent
using the online system to save time of having to go to the post office, UPS provide a service that
makes this possible.

If a person makes a booking to send a parcel, UPS would collect the package and send it to the
desired location. A would be hacker could intercept the booking and impersonate as the company
and intercept the package. Using clever searches on Google private video cameras are not so private,
searches show that we can access information directly through Google allowing the would be
criminals to execute a perfect crime without even doing field research. If a ethical hacker was able
to track the day to day activities of a certain petrol station, he or she, as a thief could easily calculate
the times of business and more importantly the amount of time he/she have to commit the perfect
crime, giving them a specific and accurate time window. The most important and widely obtainable
information is that of passwords, a search "Index of /" +password.txt”, can allow a range of different
passwords searched from databases, allowing hackers in general to wide range of information
allowing them to commit unsettling crimes.

Google in general can be a very powerful tool that helps assists hacker in a major way, to help

25
minimise the problem can be difficult as we would need separate servers to store information which
can be costly and time consuming. Allowing individuals to do such activities helps increase
knowledge of the enemy whether they are terrorists or criminals therefore helping the enemy commit
crimes which raises issues that Google can be blamed in allowing hackers such information, so it
can be argued that Google does help administer some issues making ethical hacking unethical, since
everyone has access to this information.

e. Applying ethical hacking in practise

Now if we see this problem at real life level instead of merely the theoretical playing field one would
also have to seriously consider the ethics of allowing ethical hackers into systems of the government
calibre such as police databases or DVLA records could make a strong case in terms of safety. One
memorised record that is not directly linked to the penetration tester at the time can be obtained and
exploited, so the trust of information is again infringed upon. Ethical hackers working in banks
would create another controversy, having access to valuable data ranging from student accounts to
high senior executives, the desire to steal or memorise one account detail would be enough to help.
With many online frauds being committed these days it would create problems in tracking down
ethical hackers and pinning the blame, having access to accounts will, in effect blame the ethical
hacker even if they did not commit the crime, so in certain environments where fraud is likely to
take place can indeed raise issues. This argument is very important to address since if a job was
given to an ethical hacker to check vulnerabilities in banking systems, and a week later several
accounts were hacked then who would be to blame, most certainly it would raise question marks.
Now let us imagine the scenario of a residential care home and allowing access to systems for
administration for safety measures. Members of any community, whether they reside in private
homes, large public buildings or residential care homes are entitled to a certain level of privacy.
Most weaknesses occur more readily through humans rather than computer errors, but it can be
argued that computer failure rates can be between 10-15% therefore allowing a hacker to explore
the system within a given time period at the time of failure. One can assume that in this program
each resident would receive a number and their daily routines and whereabouts could easily be
accessed via the network, whether the patient is playing cards or taking a shower. Certainly no
person would be comfortable knowing a network administrators could easily decipher when they
were showering, using the bathroom or getting ready for bed. This brings us to another potential
ethical issue. Could it not be said that such a system could potentially open up the patients.

of the home, who are already vulnerable, to potential danger as someone could easily figure
out their given routine? Surely it is a possibility

26
F. The problem inside!
Understanding insider attacks is a big problem finding the reasons behind the attacks that take place
are rather clear, the shear greed for financial gain. Most cases deal with disgruntled employees who
ask for raises and then commit fraud, most frauds lure employees to steal vital information from
their company and start their own company, starting their own company with full knowledge of the
potential profits this can be done by stealing, ethical hackers can be presented with a great deal of
information that could help, it is also suggested that people within the organisation tend not to
suspect insiders and focus the problem on outsider attacks. Over the past 10 years or so there has
been many UK frauds taken place from insider attacks. It is also suggested that 28% of fraud takes
place by employees and their partners and currently 33%; the growing concern is at the “top”,
employees feel that if the manager can do it so can they. KPMG imply that 42% of frauds committed
are from insider attacks which clearly imply that an insider attack contributes to most of the attacks
that take place, trust and knowledge being the most important factor from within the business that
contributes to the attacks .

27
 COUNTERING THE PROBLEMS

To counter problems researchers are looking towards new ways of improving ethical hacking and
hacking in general from inside the company. One approach is to use models to monitor employees
closely to reduce the risk of impact. One solution is to use a model approach that can seriously help
in ethical hacking. Not only does this model help; it also tries to reduce the impact by identifying
implications early enough to help reduce the impact of confrontation. The model depicted from [9]
gives an insight to the problem and how it can be helped. To minimise risks and to further monitor
the behaviour of ethical hackers and to try to eliminate the problems as and when they occur.

Not only can these models be used in the workplace they can be adopted in other fields of work such
as education. Another solution could be to automate ethical hacking which causes great concerns in
allowing machines take over jobs of humans, the biggest problem that lies here is that machines are
prone to making mistakes and can sometimes even crash [10]. An approach that focuses on a
particular attack.

28
Blockage of back door leak by automatic system

29
Top 12 Indian Ethical Hackers In 2017

An Ethical Hacker is the one who protects the system or network by doing penetration testing on the

network with the owner permission for the purpose of finding the weak points that could be exploited

by malicious hackers.

1. Vivek Ramachandran :

Vivek Ramachandran is the Founder and CEO of Pentester Academy and SecurityTube Training.
He is the author of multiple books - "Kali Linux: Wireless Penetrating Testing", "Make your own
Hacker Gadget" and "Backtrack 5: Wireless Penetration Testing". These are rated 5 Stars on Amazon
and have together sold thousands of copies worldwide. He is a regular speaker/trainer at top security
conferences such as Blackhat USA and Europe, DEFCON, Brucon, Hacktivity etc.

30
2. Ankit Fadia :

Ankit Fadia is an Indian author, Speaker, Television host, and self-proclaimed “Indian ethical hacker”
of computers, who skills and ethics have been debated. At the age of 10 he showed his interest in
ethical hacking when he was read a newspaper article and at the age of 14, he completed his book on
“Ethical hacking” published by Macmillan India.

3. Koushik Dutta :

Koushik Dutta is famous for hacking android mobile phones. He is working with Clockwork mod and
now developing mobile platforms that can be safely used by Android users.

31
4. Sunny Vaghela :

Sunny Vaghela the founder of tech defense labs, completes his graduation from Nirma University.

At the age of 18, Sunny exposed loopholes like SMS & Call Forging in Mobile Networks he also
launched a website where any complaints on cyber-crime can be solved.

At the age of 19 Sunny has found loopholes like “Cross-Site Scripting” and “Session Hijacking” in
popular Social Networking Website www.orkut.com.

At the age of 20, Sunny has successfully solved various cases of Cyber Crimes for Ahmedabad Crime
Branch including Credit Card Fraud Case, Phishing Cases, Biggest Data Theft Case, Several Orkut
Fake Profile Impersonation Cases Espionage Case, etc.

5. Trishneet Arora :

Trishneet Arora is a hacking hero is an Indian author, cyber security expert, and entrepreneur. Arora
has written books on cybersecurity, ethical hacking, and web defense. He is the founder and CEO of
TAC Security, an IT security company.

32
6. Sai Sathish :

Sai Sathish is a Young entrepreneur, founder, and CEO of Indian servers. He trained thousands of
college students and professionals all over the world. He helped the government to improve security
and safe transactions and forensic investigator by doing pentesting on government sites and rewarded
by IAS officers.

7. Rahul Tyagi :

Rahul Tyagi completed his post-graduate with major in computer science and has conducted more than
a hundred training session globally in 5 years. He also provides his service to cybersecurity and Anti-
hacking organization in India. Rahul Tyagi working as Vice president at Lucideus.

33
8. Sangeet Chopra :

Sangeet Chopra conducted hundreds of workshop globally. Currently, he is working as Information

security consultant at cyber cure technologies private limited. He has a good speaking skill with
ultimate knowledge.

9. Falgun Rathod :

Falgun Rathod has solved the number of complex cybercrime cases. He is listed in top ten Indian
ethical hackers of India by Indian today and Silicon India. He is working as Chapter leader at OWASP
foundation. His photo was published on the page of International Security Magazine.

34
10. Benild Joseph :

Benild Joseph is a 25-year-old limca Book record holder and renowned white hat hacker with definitive
experience in the Benild Joseph is listed among the top 10 ethical hackers in India by Microsoft social
forum and silicon Indian magazine. Benild has discovered critical vulnerabilities in popular websites
including Facebook, Yahoo, Blackberry, Sony pictures, Tesco, AstraZeneca, Vodafone, and Deutsche
Telekom. He is the co-author of "CCI" a book written for law enforcement agencies in India.

11. Aseen Jakhar :

Aseen Jakhar is a renowned Open Security Researcher and OSI (Open Source India ) Speaker. He has
worked in various Security products and tools such as IBM ISS Proventia,
Mirapoint messaging/security application, anti-virus software, multicast Packet reflector, and UTM
appliance, he has been a speaker at various Security Conferences including Blackhat EU, Defcon,
Hack.lu, Xcon, IBM security ISACA Bangalore and many more. He is well known in the hacking and
Security world as the founder of NULL (the open Security Community ) one of the largest Security
community in India, Null Community main aim is to provide vulnerability and advance security.
Aseen Jakhar research includes Linux remote, dynamic web filter automated web application detection
and thread injection.

12. Rajesh Babu :

He is one of the top Indian ethical hackers who has worked in government offices and agencies.
Currently, he is the owner of own company called Mirox Technopark in Kerala. He has also been a
part of one of the most dangerous hacker group called 'Black Hackers'.

35
Conclusion

The act of ethical hacking is not defined in any Indian law. Its legality can only be ascertained after
having a conceptual understanding of the laws that govern hacking. Ethical hacking lacks men’s rea
which is the prime reason for making any act, an illegal act. This is one of the reasons why ethical
hacking is not illegal in India. After testing ethical hacking with parameters of both the civil law and
the criminal law, it can be concluded that ethical is legal hacking in India.

36
References

1. Laws Against Hacking In India by Surbhi Kapoor (https://blog.ipleaders.in/laws-hacking-

india/)
2. Hacking (http://www.amarjitassociates.com/articles/hacking.htm)
3. The Information Technology Act, 2000
(http://www.dot.gov.in/sites/default/files/itbill2000_0.pdf)
4. Cyber Hacking law by Abhishek Jaiswal
(http://www.legalservicesindia.com/articles/cyhac.htm)
5. Information Technology Law (http://ictlaw.com/computer-crime/hacking/)
6. Is white Hat Hacking legal in India? (https://blog.ipleaders.in/white-hat-hacking-legal-
india/)
7. Ethical Hacking and It’s Legality (http://legaldesire.com/ethical-hacking-legality/)
8. white hat (https://searchsecurity.techtarget.com/definition/white-hat)
9. Ethical hacking (http://wiki.cas.mcmaster.ca/index.php/Ethical_Hacking)
10. Ethical Hacker – Our cyber cops https://www.indiatoday.in/education-today/plan-your-
career/story/ethical-hacker-188141-2014-04-08
11. Ethical Hacking as a
Career https://career.webindia123.com/career/options/it_field/ethical_hacking/intro.htm
12. Ethical Hackers Are In Demand, And Here’s How You Can Become
One https://www.huffingtonpost.in/siddarth-bharwani/ethical-hackers-a-
growing_b_9304040.html

37