NEW DELHI: Cooking, sketching, horse riding, swimming – there is no dearth of skills that one can pick up in handy, bite-sized courses during summer. Now you can add computer hacking to that list.
Advertised as ‘ethical hacking’, the courses claim to teach you how to hack passwords and social networking accounts – all to protect your system better, of course. But cyber lawyer Pavan Duggal says that under law, there is no such thing as ‘ethical hacking’ and institutes offering such courses need to be regulated.
Faridabad-based Brains Booster, which claims to have an IIM alumnus as faculty, offers an “exclusive” summer ‘Hacking Course’. In its promotional pamphlet, the institute claims to teach how to “hack Facebook account in less than 1 minute” and even how to “run your virus when anyone opens your pen drive”.
Byte Code Cyber Securities in Delhi lists ‘Yahoo Hacking and Google Hacking’ and ‘Wi-Fi Hacking’ on their website as part of their 60-hour ethical hacking course. And Appin, with more than 100 centres nationwide, has a six-week course in ‘information security and ethical hacking’. All these courses cost upwards of Rs 6,000.
The institutes maintain that they function within the purview of law. “Unless you know how hackers and viruses work, how will you protect your system?” argues Suvam Patwari of Brains Booster. Appin, which claims to have served Intelligence Bureau, makes the same point.
“We are also in the service trade. We handle cyber and data security for corporate offices as well,” says Devendra Awasthi , centre manager at an Appin branch.
However, with a cyber criminal and an ethical hacker requiring similar skill sets, it pays to be careful about the laws. The additional DCP of the economic offences wing, S D Mishra, says the Delhi Police cyber crime cell has never received a complaint against such institutes. They have, however, made arrests in the past in cases that involved the hacking of bank websites.
Duggal points out that hacking is punishable under Section 66 of the IT Act, 2000, with three years’ imprisonment and/or up to Rs 5 lakh fine. If a contaminant (virus) is created and released into a computer system or network, the victim can sue the hacker for damages up to Rs 15 crore per intervention.
Duggal says the courses exploit a loophole in the IT Act. “The IT Act has no provisions to penalize those who encourage various kinds of cyber crimes. There is no such thing as ‘ethical hacking’ under law. This needs to be regulated , otherwise these courses will keep mushrooming,” he says.
Computer security expert Ankit Fadia recommends caution for aspirants. “It is impossible to hack into a Facebook account as quickly as these institutes claim. It’s only a marketing ploy and the students will be disappointed. It is the responsibility of the training institute to teach from the perspective of data security rather than hacking a friend’s Facebook account,” says Fadia , author of ‘The Unofficial Guide To Ethical Hacking’ and ‘How To Unblock Everything on the Internet’.
Protector or provocateur – the jury is still out on ethical hacking. But now you know what some folks are doing this summer.