Laws you need to know as an Ethical Hacker


The Internet is the global system of interconnected computer networks which started 40 years back. The internet and computer networks have developed rapidly. The Internet has spread its root beyond the United States after its evolution, social media users in India have reached 226 million till date. The internet was started to share research through computer networks but the aspects have evolved in the present day, now the internet carries a lot of information resources on one network to another. Changing emails, World Wide Web, hypertext documents, file sharing; E-commerce etc. are examples of information resources and services.

With positive influences the internet does have some negative impact on the society, like the crimes that are seen in the real world internet has also witnessed crimes that infringe a person’s right. Cybercrime is a wrong that involves a computer and network, examples of cybercrime can be quoted as hacking, pornography, cyberwarfare, sextortion, copyright infringement.


With progress in technology and social interaction on virtual space personal information of an individual has become vulnerable with extended use of the internet. A cyber offender can access a person’s information externally the authorization of the victim, which leads to hacking.

In nutshell, hacking refers to an illegal intrusion into computer or network and the person who gain this unauthorized entrance is known as a hacker.
Hacking is one of the dangerous cyber crimes that are evolving in the era of internet, England grabbed the 1st rank between the victim countries by cyber attack which was attacked by 9 crores cyber attacks as reported this year and India was on the 21st place in the list of victim countries which was influenced by 6.95 lakh cyber attack.

Hacking is a technique of attaining the weak links or flaws in the computer network and thereafter gaining unauthorized access of the computer system to change the settings of the targeted network or computer system. Hacking in itself is an adverse term and often seen as a criminal act. Nonetheless, an ethical hacker uses those same skills as an unethical hacker but in a legitimate, lawful manner to try to find vulnerabilities and fix them before the bad guys can get there and try to bust in.

Hacker As A Guardian?

A hacker is any skilled computer specialist who uses its technological knowledge to overcome a technical glitch or a problem. Hackers with wicked intent are known as crackers. The word hacker is derived from the word “lusty laborers” who collected fields by dogged and rough swings of a hoe.

Hacker and its shades

Hackers may be able or dangerous depending upon the intentions or motivation behind their work. Some of the hackers barge into a system out of wonder and some of the hackers have a reasonable motivation or are authorized by legitimate officials and some of the hackers are appointed for the security of safeguarding the vulnerable data. Hackers can be classified into the following classes which are listed below:

Black Hat Hacker

A black hat hacker is also acknowledged as a cracker, as these kinds of hackers possess a piece of sound knowledge in computer networking, Network protocols, and system administration, but these kind of hackers are a reason for cybercrime as they hack the systems for wrong reasons.

White Hat Hacker/ Ethical Hacker

A white hat hacker is the opposite version of the Blackhat hacker, these hackers maintain the same amount of knowledge as black hat hackers but they use the information in an ethical way and they are system security professional so known as ethical hackers.

Grey Hat Hacker

A grey hat hacker is somebody who is among the Black Hat and white hat hacker; the grey hat hacker shows the vulnerabilities of the network system and then may in return offer assistance to fix the loopholes for money.

Script Kiddle

Script kiddle can be described as an amateur hacker who breaks into the system with the help of hacking tools recorded by another hacker.


A hacktivist is a politically motivated hacker, he is equivalent to all other hackers but his aim is to bring public intention to a political matter.


Phreaker is a telecom network hacker who hacks the telephone system wrongfully.

When does the term Hacking become legal?

With the expanded use of internet the word hacking has lost its worth and is seen more of illegal activity or as a cybercrime, unethical hackers or generally known as black hat hackers are responsible for the darker side of hacking as they are the one who breaches the cybersecurity with their skills and methods. To tackle cyber criminals like black hat hackers there is a requirement of law as well as of ethical hackers.
The white hat hackers work according to the values of hacking and protect the interest of individuals on the internet as they are the cybersecurity professional. Ethical hacking is the confirmed way of gaining permission for the same.

How is Ethical Hacking different from Black Hat Hacking?

Ethical hackers are required in an organization to penetrate systems and networks with the purpose of finding the vulnerabilities and fixing them. The role of the ethical hacker is related to that of a penetration tester, but they break into the systems legally and ethically, the authority of hacking depends upon the ethics and it creates the differentiation between the pair.

How does Ethical hacking work?

As ethical hacking is suitable to be done with the permission of the victim or the targeted system, the only way to tackle black hat hacking is tackling it by ethical hacking, the procedures used in penetration are created in a way to follow the real attacks without causing any damage and safeguard the organization or an individual against the cyber attacks. After it is determined how the attackers work the Network administrators, engineers and security expert emulate the environment of security level to conduct a penetration test. The things necessary to know are what the victim is looking for, to make the tests easy and effective.

The Steps that are involved in Penetration tests are as follows:

• Ground rules should be established: to set the expectation, to distinguish the parties involved, written permissions or an agreement of access mainly known as Statement of work in the United state
• Passive Scanning: Collecting information about the target without his knowledge also known as Open Source Intelligence, information such as Social Networking Site, Online databases etc.
• Active Scanning and Enumeration: Using research tools to scan the target’s public exposure.
• Fingerprinting: Performing examination of the target systems to identify, operating system, applications, and patch level open ports, user accounts etc.
• Choosing a target system.
• Exploiting the uncovered vulnerabilities: completing the appropriate tools targeted at the suspected exposures.
• Escalating privilege: increase the security context so the ethical hacker has more control like gaining root or central rights, using cracked passwords for unauthorized access
• Documenting and reporting: A file shall be kept about every technique used or every tool that was used, vulnerabilities that were exploited and much more.

Laws To Remember as an Ethical Hacker

Hacking has moved from being an intellectual curiosity to a cybercrime around the world and has bothered the nations with the security, data breach, financial breach, only frauds etc. An unfair hacking is clearly an offense in the eyes of every nation. These crimes have risen tremendously; Information technology and law were two different fields which never intersected but with the misuse of technology the law had to safeguard the rights of the netizens. Various legislations and regulations have been framed across the world to protect the right of an individual in the pragmatic world of which ethical hacker has to keep in mind while working in good faith.

With the growth in usage of internet in India, cyber attacks have affected the security of the computer networks as well; India adopted the model law on electronic commerce which was adopted by the United Nations Commission on International Trade Law consequently Information Technology Act of 2000 came into force, the end of the act was an Act to provide legal recognition for transactions by means of electronic data interchange and, generally referred to as “electronic commerce”, which include the use of alternatives to paper-based methods of communication and storage of information.

There is a thin line between a black hat hacker and a white hat hacker which is laid in section 84 declaring that the protection granted to the government, the controller or any person acting on account of them to act in good faith. If an ethical hacker is named by a government or a controller and the person has to act in furtherance of this act or any rule and regulation or order.

Section 43 of the Act states that if any person without consent of the owner or any other person who is an in charge of a computer, computer system or computer network, if modifies, damages, disrupts computer network, downloads, copies or extract any data or information from such computer network or accesses to such computer system he may be penalized for damages. The name used in this provision is without permission of the owner that gives an impression if a person is working under the authority or in a good faith he may not be liable for the damages.

Section 43- A of the Act says that if any person fails to protect the data he is liable for compensation, so if an ethical hacker is a body corporate and he crashes to protect the data he his handling he will be liable under section 43-A of IT Act.

Section 66 of the IT Act deals with the computer-related offenses which declare that any person who dishonestly and fraudulently does any act mentioned in section 43 of the Act he shall be penalized with 3 year years.

The government agencies like CBI, Army and law enforcement bodies, Intelligence Bureau, Ministry of Communication and Information Technology under the Information Technology Act can form government agency beneath section 70-A and Section 70-B for the Critical Information Infrastructure Protection can improve the cybersecurity experts to protect itself from cyber terrorism as laid down in section 66-F of the Information Technology Act where it has been mentioned without authorization or exceeds authorized access.

The IT law of India does punish a hacker who does not have proper authorization to get access to the computer hacker but it does not preserve ethical hackers unless he is employed by the government under section 84. Ethical hackers cannot be overlooked, as their presence is much needed to protect the computer networks against cyber terrorism and cyber attacks.
One Comment

Add a Comment

Your email address will not be published. Required fields are marked *