Computers around the world are systematically being victimized by rampant hacking. This hacking is not only widespread but is being executed so flawlessly that the attackers can comprise a system steal everything of value and completely erase their tracks within 20 minutes.

The goal of the ethical hacker is to help the organization take preemptive measures against cruel attacks all the while staying within the legal limits .This philosophy stems from the proven practice of trying to catch a thief by thinking like one. As technology advances and organization depend on technology increasingly, information assets have evolved into critical components of survival. If hacking involves creativity and thinking out of the box then susceptibility testing and security audits will not ensure the security proofing of an organization.

To ensure a better security system for the protection of the information assets the respective companies have to approach the defense in-depth sysystem.The definition of an ethical hacker is very similar to a penetration tester. The ethical Hacker is an individual who is usually employed within the organization and who can be trusted to undertake an attempt to penetrate networks or computer system using the same method as an ethical hacker. When it is done by request and under a contract between an ethical hacker and an organization it is legal. The most important point is that an ethical hacker has authorization to probe the target.

Unknown facts are that U.S defense was attacked 45000 times and these were not attempted attacks but those which occured in the year 2009 which is a 60% increase and which cost the pentagon an estimated costs of US$100 million CNN reports and the most shocking news is, the American president Mr. Barak Obamas personal account was hacked by a 19 year old teenager. Hacking is a felony in the U.S.A and many other countries.

Therefore the key thing to note is that Computer attacks and cyber crime is becoming more virulent and corporate systems managers should move quickly to plug holes in their networks. Burglars often leave finger -prints, are seen by eyewitnesses, or trip up and reveal their connection to stolen items. Electronic criminals however can mask their identity by forwarding email though anonymous re-mailing servers or through encryption, and what they steal damage or just view authorization can go long unnoticed. Many organizations got to play a safe method to safeguard their system therefore you decide on how you are going to safeguard and value your information system.

Singapore informatics is a registered institute in the country to get the certification by the EC council in the U.S.A.

Why Choose EC-Council Programs for your next Certification?

EC-Council carved the path for ethical hacking as a globally accepted practice in Information Security Assurance. The creation of the Certified Ethical Hacker in 2003 shook the core of the Information Security Community proving that policy and awareness simply weren't enough. Now, a globally accepted information security organization, EC-Council provides completely a practical Vendor Neutral tactical security programs. To beat a hacker, you must think like one, this is the premise of our flagship certification, the Certified Ethical Hacker, which teaches the tools and techniques of the worlds most notorious underground hackers.

Their audiences include multinational companies like Dow jones,Lloyds,Merill lynch,Microsoft,Shell,HSBC,Hewlett Packard,IBM,Standard chartered, American express,MCIS -Zurich,Schipol Airport Authority,KPMG,Deloiite consulting, Trend Micro,IDC,S.E.A insurance, China mobile,A&T solutions and many more.

This course will significantly benefit Executives, IT Managers, Security Officers, Auditors, Security professionals, Site Administrators and anyone who is concerned about the integrity of the networking infrastructure. The Certified Ethical Hacking (CEH) Version 6 the latest will be conducted from 18th to 22nd of August by CERTIFIED ETHICAL HACKING TRAINER Mr.Desmond D Alexander.

What are the offences under Computer Crime Act?

Criminal procedure under computer crime and other related acts

Any person who obtains unauthorised access to a computer or network (Computer hacking and cracking), modification of a computer or network unlawfully, offences committed against national security, dealing with data unlawfully obtained, illegal interception of data, using of illegal device, unauthorised disclosure of information enabling access to a service are the offences defined under sections 3 to 10 of the Act respectively. Attempts to commit, abetment and conspiring to commit aforesaid offences are also offences under sections 11, 12 and 13 of the Act (earlier these offences were discussed in detail).

What are the procedural provisions on investigations of offences under the Act?

Part 2 of the Computer Crime Act provides provisions for investigations in connection with offences under the same Act.

These procedural provisions are important to accelerate investigations due to nature of computer evidence and all offences are cognizable offences under this Act (s.16) and shall be investigated, tried or other wise dealt with according to the provisions of the Code of Criminal Procedure Act No.19 of 1979 unless as otherwise provided under Computer Crime Act (s.15).

The Minister may make regulations under this Act for any matter that is authorised or required to be made under this Act or required to be prescribed under this Act, for the purpose of carrying out or giving effect to the principles and provisions of the same Act

Who are the investigators under Computer Crime Act?

A panel of experts will be appointed by the Minister-in-charge of the subject of Science and Technology and qualifications, experience and remuneration of such experts are explained in the section 17 of the Act.

What are the powers the investigators have to investigate such offences?

The Act specifically states that such experts called upon to assist any police officer shall have power to enter upon any premises along with a police officer not below the rank of a sub-inspector, access any information system, computer or computer system or any programme, data or information held in such computer to perform any function or to do any such other thing, require any person to disclose any traffic data, oral examination of any person, do such other things as may be reasonably required for the purpose of the same Act.

For the purpose of an investigation under this Act, an expert or a police officer may have powers to search and seizure of any information including subscriber information and traffic data in the possession of any service provider, intercept any wire or electronic communication including subscriber information and traffic data, at any stage of such communication with warrant (s.18).

Further, if preservation of information reasonably required for the purposes of investigations (s.19), expert or police officer has powers to arrest, search and seize any information accessible within any premises without a warrant in the course of investigation (s.21).

What is the legal position of reports prepared by investigators?

Section 26 of the Act specifies that a certificate, declaration, information, data, report or any other similar document duly signed and issued by an expert under the Act or a police officer and duly authenticated by such expert of the panel in the prescribed manner shall be admissible in evidence and prima facie evidence of the facts stated therein.

What are the orders that can be issued against person in control of computer or computer system to ensure that the information be preserved for the purpose of investigation of offences under computer crime Act?

When an expert or a police officer is satisfied that the information is reasonably required for the purpose of an investigation under this Act and there is a risk that the information may be lost, destroyed, modified or rendered inaccessible, he can issue a written notice to the person in control of such computer or computer system to ensure that the information be preserved for such period in accordance with such notice not exceeding 7 days. Further, a Magistrate can extend such period in aggregate not more than 90 days on an application made by such expert or Police officer (s.19).

What are the duties of investigators under investigation of offences under the Act?

It is the duty of the Police officer to record and afford access to seize data to the owner or person in charge of the computer or computer system (s.22) and to assist for investigation (s.23) etc. Section 24 of the Computer Crime Act provides provisions for maintenance of confidentiality of information obtained in the course of an investigation.

What are the rights of investigators?

Section 28 provides immunity from legal proceedings against experts (who are peace officers under the section 29 of the Act) and police officers appointed for investigations under the Act.

What are the provisions to maintain international cooperation to investigate offences under the Act ?

There is no doubt that International Corporation will play a vital role for investigating and recovery of evidence under this Act since Computer programmes, online messages etc., cross territories of the countries very often. To fulfil this requirement some provisions have been inserted to the Computer Crime Act.

Section 33 of the Act provides where a request is made to the Government of Sri Lanka, by or on behalf on another Government for the purpose of extradition of any person accused or convicted of an offence under this Act the Minister shall forthwith notify the requesting Government of the measures which the Government of Sri Lanka has taken, or proposed to take to extradite the person for that offence. Rights of non-resident persons arrested under this Act specified under Section 34 of the Act.

Under section 35 of the Computer Crime Act the provisions of the Mutual Assistance in Criminal Matters Act No.25 of 2002 are applicable for the investigation and prosecution of the offences under the Computer Crime Act. Provisions under the Mutual Assistance in Criminal Matters Act explain that the procedure shall be followed to make a request from the authority of a foreign State by Sri Lankan Authority and vice versa to transfer of evidence, thing, witnesses and accused and the procedure after complying with such request.

What are the other Computer related offences?

Publication of an obscene article electronically may be a criminal offence under amended section 2 of the Obscene Publication Ordinance, No.22 of 1983.

Section 286B of the Penal Code (Amendment Act No.16 of 2006) introduced the offence as it is a duty of person providing service by computer to prevent sexual abuse of a child and person who contravenes the same shall be guilty of an offence. Further, storing or distribution of child phonographs by e-mail and the Internet may be an offence under section 286(c) of the Penal Code (Amendment) No.22 of 1995 read with provisions under Electronic Transactions Act No.19 of 2006.

However, it is time to bring new amendments to the same law avoiding certain unnecessary disputes that arise over interpretation of creation of pseudo-photographs under this Ordinance.

Under Intellectual Property Act

Chapter XXXVIII of the Intellectual Property Act No.36 of 2003 defines the Offences and Penalties against violation of Intellectual Property Rights and these provisions are applicable for Intellectual Property Rights violations in cyber space as well.

Offences under Sri Lanka Telecommunications Act No.25 of 1991

`intrusion', `interception and disclosure of contents of message' by telecommunication officials, other than in the course of his duty are offences under sections 52-54 of the Act.. "Usage information" means information relating to the identity of calling subscriber, called subscriber, date and time of originating of message and the type of message for the purpose of sections 52 and 54.

Provisions under Code of Criminal Procedure Act No.19 of 1979 are applicable for investigations of these offences.

Offences under Payment Devices Frauds Act

The Act was introduced to deal with fraudulent transactions taken place in connection with electronic devices and similar provisions relating to Computer Crime Act on procedural matters can be found under the present Act as well. Offences under this Act are cognizable offences. Section 12 explains on Confidentiality of information obtained in the course of an investigation.

Here are some excerpts from an inter view with Sunil D.B. Abeyaratne. The writer is , LL.M (London), Dip.in Business Management (IGNOU), Dip.in Forensic Medicine and Science (Colombo), Attorney-at-Law, ExCo Member of LAWASIA and BASL.