Legal News and Insight around the Globe!

Legal Consequences: Fines and Compensation for hacking and causing damage

By Tanushree Dubey

Published on: October 12, 2023 at 00:04 IST

Cybercrime is any unlawful activity conducted through a computer, networked device, or network. While the primary motive behind most cybercrimes is financial gain, certain cybercrimes specifically aim to harm or render computers or devices inoperable. 

Cybercrimes, including hacking, threaten personal liberty and privacy of an individual as defined in Article 21 of the Constitution. The Information Technology Act, of 2000, was enacted to combat these digital threats, providing penalties for hacking and other cyber offences. This article explores hacking, related laws in India, preventive measures, and steps to take if your system is hacked.

Understanding Hacking

In today’s digital age, hacking stands out as one of the most usual forms of cybercrime. Those who engage in these unlawful activities are commonly referred to as hackers. Their primary modus operandi involves exploiting vulnerabilities within technology to infiltrate someone’s computer or laptop to extract personal information. Hackers may be propelled by various motives, which include financial gain through blackmailing their victims or, in some cases, simply the thrill of the act itself. In addition, they might have ulterior motives, such as damaging reputations, causing business disruptions, or engaging in acts of defamation.

Hacking takes on various forms, including web spoofing, trojan attacks, and virus attacks. In the context of web spoofing, an individual attempts to wrest control of another person’s website, often holding it hostage for ransom or other purposes.

Meanwhile, trojans, which are unauthorized programs, serve as a means to infiltrate someone’s system covertly and gain control over it. The consequences of such actions can be dire, especially when hackers target commercial websites, potentially crippling their entire business operations. besides, these cyber criminals cause a significant threat not only to individuals and organizations but also to the security and sovereignty of nations when they breach government websites or computer systems.

Ethical Hacking vs. hacking

We’re all aware that hacking is an unlawful activity that carries legal penalties. Nevertheless, there are instances when institutions, organizations, companies, and even government bodies enlist the services of experts in hacking to assess their systems, pinpoint vulnerabilities, and rectify them promptly. This form of hacking is referred to as ethical hacking, and it’s entirely legal and acceptable. Ethical hackers work for government agencies like the Central Bureau of Investigation, National Security Agency, Federal Bureau of Investigation, and similar entities.

Ethical hacking can be thought of as a field of expertise wherein a computer security specialist, with the owner’s consent, probes their system to uncover weaknesses in the technology they employ. These organizations enlist the services of ethical hacking experts and compensate them for their efforts. This kind of hacking is a beneficial resource, especially in assisting law enforcement agencies with their investigations.

In our current digital landscape, cybersecurity and networking have emerged as rapidly growing industries, offering promising career opportunities for young professionals. This trend is propelled by the fact that the internet has become an essential part of daily life, with technology simplifying various tasks but also introducing new threats and risks.

Both hacking and ethical hacking involve breaching privacy rights, and individuals in both categories receive similar education and training. Although, the key difference lies in how they apply their knowledge. Some may misuse their skills to illicitly acquire confidential or personal information, while others use their expertise to identify and rectify vulnerabilities in computer systems and associated technologies.

In India, hacking is a punishable offence under the law. Conversely, ethical hacking is permitted, although the field is still evolving and expected to gain momentum in the coming years. Some educational institutions even offer courses in ethical hacking, highlighting the growing recognition and relevance of this profession.

Hacking Laws in India

As per a report by the United States Federal Bureau of Investigation in 2021, India was listed among the five nations most affected by cybercrime. The realm of cybercrime in the virtual space knows no geographical boundaries, which poses a significant challenge for law enforcement agencies. While an internet user is subject to the laws of their own country, conflicts arise when dealing with international disputes. This gap has led to fewer instances of cybercriminals being apprehended, as they exploit technology to commit crimes. It’s imperative to establish regulations and preventive measures to safeguard personal data and individual privacy.

To accomplish the goal to combat cyber crimes, the Indian Government introduced the Information Technology Act, of 2000. This legislation not only outlines penalties for hacking but also addresses various other cybercrimes and related offences.

INFORMATION TECHNOLOGY ACT, 2000.

As the internet and technology have developed, traditional crimes such as conspiracy, solicitation, and fraud have found new paths through computers, laptops, mobile devices, and tablets.

This necessitated the introduction of new legislation to combat these illegal activities. Thus, the Information Technology Act was enacted. This law outlines various cybercrimes and the associated penalties while also providing safeguards for data and privacy.

Section 43 of IT Act, 2000

In the realm of cybersecurity, Section 43 of the Information Technology Act, of 2000, plays a pivotal role. This section is dedicated to addressing penalties and compensation related to damages incurred by computer systems and networks.

Section 43 of the IT act, addresses penalties and compensation related to the damage of computer systems and networks. It outlines various actions that are considered offenses such as:

  • Unauthorized Computer Access: Gaining entry to a computer, computer system, or network without proper authorization.
  • Data Extraction: Acquiring, copying, or extracting data from a computer or network without the requisite permissions.
  • Computer Contaminants: Introducing computer contaminants or viruses into systems.
  • System Damage: Causing harm to computer systems, data, or software.
  • Network Disruption: Disrupting the normal operation of computer systems or networks.
  • Access Denial: Preventing authorized access to individuals.
  • Assisting Unauthorized Access: Providing aid or assistance for unauthorized entry.
  • Manipulative Billing: Charging services to another person’s account through deceptive manipulation.
  • Information Tampering: Destroying, deleting, altering, or diminishing the value of information within a computer resource.
  • Source Code Offenses: Engaging in activities like theft, concealment, destruction, or malicious alteration of computer source code.

The legal outcome for committing any of these offences may include an obligation to provide compensation to the affected party. As technology continues to evolve, a comprehensive understanding of these is crucial for individuals and entities alike to navigate the complex world of cybersecurity and digital ethics.

Punishment for hacking and causing Damage

Section 66 of the Information Technology Act, of 2000, deals with the punishment for hacking and also outlines the key elements of hacking.

These essential elements to punish under this section are as follows:

  • Intention to Cause Harm: To qualify as hacking, there must be an intent to harm someone.
  • Unlawful Means: The harm must be caused through unlawful and illegal methods.
  • Knowledge of Confidentiality: The perpetrator must be aware that the information contained in the computer, laptop, or mobile device is crucial and confidential. Disclosure, destruction, or alteration of this information could lead to serious harm to the rightful owner.

According to this, hacking is a punishable offence, carrying a penalty of imprisonment for up to three years, a fine of up to five lakh rupees, or both. One of the rapidly growing cyber crimes related to hacking is identity theft, where an individual manipulates or appropriates someone else’s personal information without their consent.

Additionally, Section 66 of the Information Technology Act is interconnected with the Indian Penal Code, 1860 (IPC), as it uses the terms ‘dishonestly‘ and ‘fraudulently,’.


The use of the terms ‘dishonestly’ and ‘fraudulently’ aligns with the definitions provided in Section 24 and Section 25 of the Indian Penal Code, 1860.

Section 24 elucidates that any action carried out with the intent of causing wrongful gain to one party or wrongful loss to another is categorized as ‘dishonest.’

On the other hand, as outlined in Section 25, a person’s actions are termed ‘fraudulent’ if they engage in an act with the specific intention to defraud, but not otherwise.

Here is the list of legal consequences of causing damages as enumerated under IT Act

Section 66A: This section pertained to the punishment for sending offensive messages through communication services using a computer resource or a communication device. It specified that sending grossly offensive or false information with the intent to cause annoyance or harm could result in imprisonment for up to three years and a fine.

Please note that Section 66A was struck down by the Supreme Court in 2015, rendering it no longer applicable.

Section 66B: This section deals with the punishment for dishonestly receiving stolen computer resources or communication devices. Individuals who knowingly retain or receive stolen computer resources or communication devices can face imprisonment for up to three years, a fine of up to one lakh rupees, or both.

Section 66C: This section addresses identity theft. If someone fraudulently or dishonestly uses the electronic signature, password, or any unique identification feature of another person, they can be punished with imprisonment for up to three years and a fine of up to one lakh rupees.

Section 66D: This section pertains to cheating by personation using a computer resource or communication device. If someone cheats by personating through any communication device or computer resource, they can face imprisonment for up to three years and a fine of up to one lakh rupees.

Section 66E: This section deals with the violation of privacy. If someone intentionally or knowingly captures, publishes, or transmits the image of a private area of another person without their consent, under circumstances violating their privacy, they can be punished with imprisonment of up to three years, a fine not exceeding two lakh rupees, or both.

Section 66F: This section addresses cyber terrorism. It specifies that individuals who engage in acts intended to threaten the unity, integrity, security, or sovereignty of India by compromising computer resources, causing harm, or accessing restricted information can be charged with cyber terrorism. The punishment for cyber terrorism includes imprisonment, potentially for life.

These sections are essential components of the legal framework that governs computer-related offenses and cybersecurity in India, with corresponding penalties for offenders.

Other cybersecurity offences covered by the Act

The Information Technology Act, of 2000, outlines various offences related to hacking, which are punishable under Chapters IX and XI of the Act.

some of these offences along with their respective penalties:

  • Unauthorised Access: This occurs when an individual attempts to access computers or other devices like laptops and mobiles not belonging to them without their consent. Section 43 of the Act specifies that the punishment for such unauthorized access can include a fine of up to one crore rupees. The term ‘access’ is defined in Section 2 (1) (a) of the Act.
  • Tampering with Computer Documents: Section 65 of the IT Act addresses the act of tampering with documents stored in a computer. If someone knowingly or intentionally conceals, destroys, alters, or causes others to do so with computer source code and documents stored within, they can be penalized. The punishment for this may involve imprisonment for up to 3 years, a fine not exceeding two lakh rupees or both.
  • Accessing Protected Systems: Section 70 of the Act pertains to computer systems declared as protected by the appropriate government. Unauthorized access to such protected systems, without permission from the government, carries a severe penalty. Offenders could receive a sentence of imprisonment for a maximum of 10 years, coupled with penalties.
  • Breach of Privacy or Confidentiality: The Act also addresses breaches of privacy or confidentiality. If someone, without consent, accesses the electronic records, books, registers, information, or documents of another person in violation of the Act, they can be punished under Section 72. The penalties for this include imprisonment for up to 2 years, a fine of up to one lakh rupees, or both.

These provisions within the Information Technology Act, of 2000, serve to protect individuals and organizations from various forms of cybercrime and unauthorized access to computer systems and data, ensuring a secure digital environment

How hacking can be prevented

To safeguard your computer system and other communication devices from potential attacks or hacking attempts, it’s essential to adopt the following precautions:

  • Use Strong, Regularly Updated Passwords: Employ robust passwords for your accounts and make it a practice to change them periodically. Strong passwords are less susceptible to hacking.
  • Avoid Password Sharing: Never share your passwords with anyone, as this can compromise the security of your accounts and devices.
  • Keep Software Updated: Regularly update your computer software, including the operating system and applications. These updates essentially include security patches.
  • Install Antivirus Software: Utilize antivirus software or internet security tools to detect and prevent malware and other cyber threats.
  • Exercise Caution with Downloads: Be cautious when downloading files, particularly from unfamiliar websites or sources. Only acquire files from reputable and trusted sources.
  • Secure Wi-Fi with Encryption: While using Wi-Fi networks, ensure they are protected with strong passwords and encryption to prevent unauthorized access.
  • Implement Two-Step Authentication: Enable two-step authentication or verification processes for your accounts. This adds an extra layer of security and makes it more difficult for hackers to breach your systems.
  • Beware of Suspicious Emails: Stay vigilant about emails from suspicious or unknown sources. Avoid opening them, and promptly delete any suspicious messages.
  • Regular Data Backups: Regularly back up your data and information stored on your computer. This makes sure that even if a breach occurs, you can recover your data.
  • Secure Data Removal: When disposing of or selling a computer system, ensure all stored information is completely erased to prevent unauthorized access to your data.

By taking these security measures, individuals can significantly reduce the risk of hacking and enhance the protection of their digital devices and information.

What to do after you are hacked

While it’s crucial to take preventive measures to avoid cyberattacks, sometimes, despite our best efforts, our computer or electronic device may still fall victim to hacking. If you suspect that your computer has been hacked, it’s essential to take immediate action:

  • Identify Unfamiliar Applications: Check your device for any unfamiliar applications or software that you didn’t install. Instead of using or clicking on them, deactivate or uninstall them immediately.
  • Reset Passwords: Without delay, reset all your passwords, including those for your bank accounts and other critical information. This helps secure your accounts from further unauthorized access.
  • Log Out and Inform Contacts: Log out from all your online accounts and inform your friends and family about the breach. guide them not to respond to any suspicious messages or emails sent from your account.
  • Disconnect from the Internet: Disconnect from the Internet to prevent further cyberattacks by the hacker. This step helps isolate your system from potential threats.
  • Reload the Operating System: Consider reloading your computer’s operating system and obtain updates only from trusted sources to safeguard against potential virus attacks.
  • Remove External Devices: Before proceeding, detach any external devices or hardware connected to your system. Ensure you back up all your work and essential data. If your hard drive is suspected to be compromised, erase all information stored there.
  • Install Security Software: Install reputable security software or antivirus programs on your system to bolster its defences against future cyber threats.
  • Contact Your Bank: Immediately reach out to your bank to monitor your accounts and financial transactions for any suspicious activity.
  • Report to Authorities: If necessary, report the hacking incident to the appropriate law enforcement authorities. They can provide guidance and investigate the matter further.

Remember, swift action is crucial when dealing with a suspected hacking incident. Taking these steps can help reduce the damage and protect your personal and financial information from further harm.

Conclusion

In summary, cybercrimes, particularly hacking, present is a substantial threat to personal liberty and privacy, prompting the enactment of the Information Technology Act, of 2000, in India. This discussion has delved into the perils of hacking, the specific legal framework addressing cybercrimes in the country, preventive strategies, and steps to take when facing a system breach.

The significance of this topic lies in its relevance to our interconnected digital lives. With the ever-growing reliance on technology, protecting personal information and online security has become paramount. The Information Technology Act serves as a crucial tool in this battle against cyber threats.

By comprehending the risks associated with hacking and staying informed about cybersecurity measures, individuals can better shield themselves from potential harm. Moreover, swift and informed action in the event of a security breach can reduce the damages caused by cybercriminals.

In today’s digital age, awareness and proactive steps in the realm of cybersecurity are essential. These efforts contribute to protecting personal freedoms and privacy, helping individuals navigate the complexities of the online world with confidence and security.