Hacking of Social Media Accounts: Analyzing the Indian Laws and Legal Remedies

Introduction

In this age of technology and digitalization and with the significant boost provided to the usage of the internet across the globe, be it for infotainment, shopping, education, or connecting with one’s friends and family, laptops and mobile phones have become the umbilical cords that attach us to our world. The development of Information Technology (IT) has been brought to a level where the internet is openly and freely accessible and affordable to the masses. Social media has become another necessary evil in contemporary times, providing a new method of connecting to and communicating with the world. A survey recorded that the Covid-19 pandemic induced a 50–70 percent increase in the usage of the internet, and of that 50 percent of the time was spent engaging on social media in 2020[1]. Because of an exceptional upsurge in the number of users and average time spent on social media applications and platforms, the abuse of personal information in the realm of the internet has aggravated the menace of hacking of social media accounts at a global level.

The Menace of Social Media Hacking

One of the most terrifying feelings of dread in today’s times could be logging into your social media account and being greeted with the message “this username and password do not match”, due to the underlined possibility of your account being hacked. There is a legitimate fear that hackers might indulge in various unsolicited and non-consensual activities once obtaining control of your social media account. Some may indulge in posting irrelevant and abusive comments and posts, releasing embarrassing posts, or playing mean pranks. Some may even go ahead and ask for a ransom by blackmailing you against posting private photos or releasing personal information into the public domain.

When a person’s account gets hacked, his secret data is spilled to the whole world, and the situation is even worse when the followers accept the statements made by the hackers as the gospel truth. It is a fact that no one is safe from the nuisance of hacking. Accounts of well-known celebrities and public figures, like of Amitabh Bachchan, Virat Kohli, Elon Musk, and even Presidents and Prime Ministers have been hacked by anti-social elements with mala fide intentions. Prime Minister Modi’s personal Twitter account, which has over 73.4 million followers, was hacked and a tweet claiming that Bitcoin had become legal tender was put up by the hackers recently in December 2021[2].

Difference between Hackers and Crackers

There is a demarcation between the two words- ‘hacking’ and ‘cracking’, which has been reflected in the 2008 amendment of the Information Technology Act, 2000[3]. Hackers are those individuals who are well adept at coding and programming and utilize their abilities in a productive and authorized manner. They help the corporate entities, public authorities, and the government to ensure the security and privacy of their internal data and company secrets. They attempt to find lacunae in the existing programming and help in improving upon the loopholes. They never intentionally harm the organizational or personal data, unlike crackers who deliberately break into the programs of others without having the authority power to do so and have a malevolent intention of harming the other party’s interests, public image, or organizational security. Regardless of these two terms being different, they are generally used interchangeably due to ignorance.

Ethical hacking denotes the attempts of a hacker to simulate gaining unauthorized entry into a computer system, application, or data. This is mainly done by replicating the potential moves and strategies of crackers and malicious attackers[4]. Such a simulation helps in understanding the present flaws in the system and subsequently improving its security safeguards.

Legal Provisions against cracking

Civil liability

Section 43A of the IT Act, 2000[5] regulates the civil liability of the parties and specifies the compensation to be paid if one indulges in the act of cracking. It was added under the 2008 amendment of the Information Technology Act, 2000[6]. Furthermore, this Section greatly accentuates the corporate responsibility for data protection under which the corporations are obligated to adopt security practices for safekeeping personal data of individuals like bank details, medical records, password details, etc.

Criminal liability

Criminal liability of attempting cracking emerges when the intention or the liability of the cracker to harm the system or steal any significant and sensitive data gets established. If the cracker only trespasses the system without any intention to harm or without attempting an act to harm the system, it only remains a form of civil liability actionable under Section 43A of the IT Act. But if criminal trespass is established, it can also result in other penal activities punishable under Indian Penal Code, 1860 (IPC), like cyber theft that is punishable under Section 378 of the IPC[7], email phishing by assuming someone’s cyber identity is punishable under Section 419 of the IPC[8], etc.

Essentials in cracking to establish Punitive Liability

• Section 66 of the IT Act, 2000[9] specifies the requirements for hacking to be illegal and punishable:
• Presence of a malicious intention while breaking into the computer of another to tamper or steal the data or destroy it.
• Performance of a wrongful act or damaging the data or diminishing the value of the data.

Laws specifically to monitor hacking

Section 43[10] and Section 66[11] of the IT Act, 2000 cover the criminal and civil offenses of data theft and hacking respectively.

Under Section 43, a civil offence is made out when a person accesses another’s computer without authorization and extracts and/or damages any data. In such a case, the cracker will be liable to pay compensation to the adversely affected parties. Under the IT Act, 2000, the maximum cap for compensation is a fine is Rs. 1 Crore, but this ceiling was removed in the 2008 amendment. The amendment also added Section 43A to include corporate responsibility to protect client data.

Section 66 of the IT Act, 2000 provides for the offence of hacking into a laptop network with an evil intent and without authorization. The entry into the social media account or network must have been through deceitful means and there must be some genuine harm done to the owner of the network or account. Clause (2) of the Section provides for imprisonment upto three years or fine up to Rs. 1 Lac or both. Furthermore, Section 66B[12] specifies the punishment for receiving stolen computer data. The punishment incorporates imprisonment for three years or fine upto Rs. 1 Lac or both. Mens rea is a significant requirement for fixing liability Section 66A[13]. The presence of an evil intent while obtaining information illegally will be regulated by this Section. Further, Section 66C^[14]of the Act specifies the punishment for performing theft. According to the Section, the inappropriate or dishonest use of a password or electronic signature is liable for imprisonment for a term, which may extend upto 3 years and fine upto 1 Lac rupees or both.

The question of jurisdiction in cybercrimes and hacking always remains disputed as the crime is usually not restricted in a territory. It is a borderless crime and hence it becomes difficult to determine which region or country holds jurisdiction in a specific case. 

Immediate Steps to take if your Social Media Account gets Hacked

• Change your password- Assuming that you are still able to sign in to your account, you should change the password. Pick a stronger password than before. If you are unable to sign in, use the ‘forgot password?’ option. 
• Turn on two-factor authentication- Practically all social media and email sites provide an option of two-factor authentication that boosts the privacy of one’s accounts. 
• Change your sign-in details of other sites that had a similar password and login-id- If the login details of your account are similar to the one hacked, change them immediately as the hacker will try his luck at hacking your other accounts as well.
• Report the case to your social media provider- report this incident to the provider immediately to initiate action against the wrongdoer and you can also file a case against the hacker. Subsequent steps to ensure phone privacy in the event of hacking.
• Legally get your account blocked-  In case of not being able to access or control the activity of your account in any form, then you must go to the menu, select the option of ‘settings’ and answer the security questions which were asked at the time of the creation of your account. The account will provide all the information of what all devices have been logged into that account. You should go and ‘end activity’ for those accounts that you are unsure of.  The cracker will be logged out briefly and at this moment one should put a stronger password. Then go to the help setting and choose the option ‘I think my account was hacked or someone is using it without my permission’ to secure your account.

Subsequent steps to ensure phone privacy in the event of hacking

• Eliminate any suspicious Apps and scan the phone for Malware- It is possible that the cracker infects your phone and steals your personal information by installing malware through a suspicious Application. Scan for such breaches in your device, remove all such Apps and reboot / factory reset your mobile phone and other devices.
• Closely take a look at your security and protection settings- Analyze the App permissions you have given to several Apps, and revise them according to need to avoid any hacking incidents.
• Check the new activity on your device and inform your followers- Checkyour new posts, direct messages, and general activity while you are/were locked out movement. Inform your followers about the event so that they are aware of such an instance and ignore any unscrupulous activity that was performed using your account.
• Set up a recovery mail- If you haven’t set up a recovery mail yet, set it up for your email and social media accounts to ensure that your accounts don’t get breached as easily

5. Be careful while clicking on links or downloading material- Do not visit any suspicious website or click on any unknown links to ensure the security of your device. One may also install anti-virus software to avoid being tricked into traps.

Report the incident

In India, there are several cyber cells where an individual can report an incident of hacking. The individual needs to compose a written grievance application under provisions of the IT Act, 2000 containing the name, address, email, and phone number which must be filed in presence of a cyber cell head. Then the application needs to be submitted to the Head of the respective cyber cell along with certain other documents:

1. Server logs– When an application for grievance is recorded on the site, the server logs containing the history of hacking and data tempering must be provided.
2. Soft and printed version of defective documents- The material of tampered statement is considered as a piece of significant proof, which is put together by the individual against whom the cybercrime has been perpetrated.
3. A printed version of an original page and the tampered page- It is also necessary to submit the hard copy of an original page and tarnished page which can help to locate the material of tempered statement. So as to make the processing of your request simpler for the digital cell, it is important to present the printed version of an original page and the tampered page which can assist with finding the material of the tampered statement.
4. The applicant should also provide each detail including the details of the individual who cracked his account and the location and device from which he did so.
5. It is important to provide all the pieces of evidence truthfully with all possible details so that cybercrime can be investigated appropriately.
6. An individual whose record has been hacked can give the detail of the individuals whom he suspects to have committed the said offence of cracking.

In case a written complaint cannot be filed due to inaccessibility to a cyber cell, the following method can be adopted:

1. One should file an F.I.R. in the police station under Section 154[15] of Code of Criminal Procedure, 1973 (CrPC) and if the police refuse to accept the FIR, the complaint can be made to the judicial magistrate or commissioner of that city.
2. Cybercrime is an offence that is covered as a cognizable offence under the IPC, 1860, and so the police can arrest a person without a warrant. On filing a complaint, the investigation will commence and a charge sheet will be filed in the court under Section 173[16] of CrPC.

Conclusion

It can be seen that the Indian laws are not the panacea to cybercrimes including the cracking of computer networks and social media accounts. The Government Machinery to curb cyber crimes hasn’t been able to eliminate cybercrime, though they have forestalled them to a certain extent.  Even stricter laws against cybercrimes and cracking should be brought into place as the future is virtual and digital. We are living in the Metaverse and these deceitful activities of cracking will only continue to rise over time and will not only compromise on personal security but also national security. Until a stricter policy with administrative control comes into existence, all the citizens should stay vigilant about their rights and must not ignore any unscrupulous activity that they encounter over the cyberspace. If individuals ensure that they report such acts immediately and ensure that the wrongdoers are appropriately penalized, the deterrence against such wrongful acts will automatically grow and a safer cyber environment will exist in our society.

This article is authored by Tejaswini Kaushal, student at Dr. Ram Manohar Lohiya National Law University, Lucknow

---

[1]https://www.frontiersin.org/articles/10.3389/fhumd.2021.684137/full

[2]https://timesofindia.indiatimes.com/india/pm-modis-twitter-account-hacked-with-bitcoin-post-promptly-secured/articleshow/88245185.cms

[3]https://police.py.gov.in/Information%20Technology%20Act%202000%20-%202008%20(amendment).pdf

[4]https://www.synopsys.com/glossary/what-is-ethical-hacking.html#:~:text=Definition,and%20actions%20of%20malicious%20attackers.

[5]https://indiankanoon.org/doc/76191164/

[6]https://eprocure.gov.in/cppp/rulesandprocs/kbadqkdlcswfjdelrquehwuxcfmijmuixngudufgbuubgubfugbububjxcgfvsbdihbgfGhdfgFHytyhRtMTk4NzY

[7]https://indiankanoon.org/doc/1280620/

[8]https://indiankanoon.org/doc/1667388/#:~:text=Section%20419%20in%20The%20Indian%20Penal%20Code&text=419.,with%20fine%2C%20or%20with%20both

[9]https://indiankanoon.org/doc/326206/

[10]https://indiankanoon.org/doc/39800/

[11]https://indiankanoon.org/doc/326206/

[12]https://indiankanoon.org/doc/48199014/

[13]https://indiankanoon.org/doc/170483278/

[14]https://indiankanoon.org/doc/118912881/

[15]https://indiankanoon.org/doc/1980578/#:~:text=(1)%20Every%20information%20relating%20to,reduced%20to%20writing%20as%20aforesaid%2C

[16]https://indiankanoon.org/doc/1412034/#:~:text=173.,be%20completed%20without%20unnecessary%20delay

What is the difference between a hacker and a cracker?

There is an extremely delicate line of demarcation between the two words- ‘hacking’ and ‘cracking’, which has been reflected in the 2008 amendment of the Information Technology Act, 2000. Programmers are those individuals who are well adept at coding and programming and utilize their abilities in a productive and authorized manner to help organizations improve their data security. Crackers, on the other hand, are those who deliberately break into the
programs of others without having the authority power to do so and have a malevolent intention of harming the other party’s interests, public image, or organizational security.

What is Ethical Hacking?

Ethical hacking involves an approved attempt of a hacker to simulate gaining unauthorized entry into a computer system, application, or data. This is mainly done by replicating the potential moves and strategies of crackers and malicious attackers. Such a simulation helps in understanding the present flaws in the system and subsequently improving its security safeguards.

Which legal provisions are applicable against cracking?

Section 43, Section 43A, Section 66, Section 66A, and Section 66B of the Information Technology Act 2000, and Section 378 and Section 419 of the Indian Penal Code 1860 may be applicable as per the situation requires.

What are the foremost steps to take in case of a social media account hacking?

Perform the following steps primarily in case you social media account gets hacked:
i. Change your password and turn on two-factor authentication
ii. Get your account blocked
iii. Inform followers of the hacking and to ignore any activity that had taken place
through your account during that duration
iv. Report the case to your social media provider
v. Take legal action against the hacker and report the incident to your respective the cyber cell