logging in or signing up Electronic Surveillance ops aSGuest41811 Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 739 Category: Education License: All Rights Reserved Like it (0) Dislike it (0) Added: March 30, 2010 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Electronic Surveillance : Electronic Surveillance Slide 2: Organized crime around the globe lived up to its sophisticated methods by using wireless communications to cover tracks of illegal gambling, kidnappings, money laundering and other crimes. Babloo Srivastava used a cellular phone to continue kidnappings and extortion from the safety of his cell in Tihar Jail. Terrorists are also unpopular benefactors of wireless communication. Slide 3: Today the scenario has completely changed. On the one hand, the scope of criminal activities has attained tremendous proportion and on the other, a number of electronic gadgets are available for communication. These may be broadly classified as under Telephone Mobile Phone Internet Slide 4: Primary duty of Police: prevention and detection of crime For this various methods of surveillance over suspects/known criminals are used Interception of written and voice communication one of the oldest methods of surveillance In the cyber age electronic forms of communication Criminals and terrorists are using SMS, E-mail, chatting and VOIP Also using encryption techniques to avoid interception. Terrorists orgs. Like Al-Qaeda, Hamas and Hezbollah are using computer communication using encryption tools like steganography Slide 5: Task of Police becoming difficult with usage of computers and availability of encryption tools Demand for e-surveillance i.e. surveillance over internet traffic Base Trans Receiver Station Global System of Mobile Communication : Global System of Mobile Communication HLR MobileSwitchingCentre (MSC) PublicSwitchedTelephone NetworkPSTN VLR EIR AUC Base StationController (BSC) BTS BTS BTS BTS Division of A City in Cells : Division of A City in Cells Concept : Mean Reuse Distance (MRD) 4.6 x Radius of the cell Cell Radius : 1.6 Kms. Cities 16 Kms. Rural Areas Cell Radius depends on the number of usersas well as topography of cell area This concept of MRD can be extended to whole Country. Ultimately whole world. Every Cellular Operator typically gets 840 frequencies in a city. Normally 800 are used for voice Communication and 40 are used for control channels. Grid Map of the City and Cell ID : Grid Map of the City and Cell ID 1. Km. MORADABAD Tower Based On - Number of Subscribers - Density of Population * Omni Antenna in smaller city 0o Cell Direction 240o 120o APPLICATIONS : APPLICATIONS CRIMINAL TRACKING CRIME INVESTIGATION ELECTRONIC SUVEILLANCE INTELLIGENCE COLLECTION ANTI CORRUPTION INVESTIGATIONS CELLULAR PHONE MONITORING : CELLULAR PHONE MONITORING COMPUTERISED PRINT OUT CELLULAR TRACKING DEVICES IMPLEMENTATION OF LICENCE CONDITIONS IN THE SELLING OF PRE PAID CARDS SPECIALIZATION AND DISSEMINATION OF CELLULAR INVESTIGATIVE TECHNIQUES Cell Phone Tracking : Cell Phone Tracking CDR gives us IMEI Mobile number Date of call Duration of talk Time of call Number called/calling Incoming/outgoing Cell number Further Insights in the Analysis : Further Insights in the Analysis IF WE KNOW TARGET’S IMEI AND HE IS ELOPED: IMEI can be run on the same cellular operator or probable operators to get the new SIM number. IF TARGET HAS CHANGED BOTH SIM AND HANDSET(IMEI): Target’s base contact numbers P&T/ MOBILE can be run on all probable cellular operators to get his new no. IF TARGET PURCHASES A NEW SIM: Cellular operator would provide the application form,identity proof provided by the subscriber/target and the vender’s address from where the SIM is sold. This is very important piece of information. Probably the same identity proof would be used for purchasing a new SIM.Therefore, such name and address can be run in subscriber’s data base of the probable cellular operators and target’s new SIM no. can be traced. New Trends : New Trends A Criminal takes a ‘Hutch’ SIM from Delhi. Uses this SIM in roaming in Bihar. Now what happens to its Incoming & Outgoing calls? Incoming call route through the mother network so a police party can listen from Hutch, Delhi switch room But voice of outgoing calls can only be get from the switch room where the SIM is roaming/attached. Sharing of Info through SMS Called/calling no. along with the SMS text can be retrieved by the cellular operator. Cell Id : Cell Id Location within the cell known Lets us know the possible hideouts – need surveillance and intelligence collection to zero in Can know if the person is static or mobile – if on the highway, it can be understood If the cell number doesn’t change from night to early morning, it means that the criminal is staying put at one place Frequency of cell id during specific period With cell number and time of call analysis, we can estimate his movement pattern Even when the cell phone is not in use, the cell in which the mobile is currently available is also known in the HLR Last cell where the mobile was switched off is also known in HLR Hence should have cell chart of all mobile operators Tower : Tower Makes sense to check all communication from the tower before, during and after the commission of crime From the mobile numbers found, check and eliminate all innocent numbers by checking on the addresses –get a print out of a tower communication and understand Can monitor communication from a tower when some criminals are expected to arrive at a particular place Numbers called/calling : Numbers called/calling Know all friends/accomplices – check on addresses on land lines and mobile numbers Can put them on surveillance Analysis: Frequency of call Time of particular calls Calls made during the commission of the offence Pattern of calling – calls made after receiving call from someone Daytime/nighttime calls IMEI Number : IMEI Number Remains unchanged for a particular set Run the IMEI number and one can get the mobile number of the criminal; then get the CDR Time of calls : Time of calls Day time/ night time calls Night stay at any place If criminal changes mobile set.. : If criminal changes mobile set.. Assumption is that he will still call the same numbers – his friends would still be the same Check on CDRs of the land lines and mobiles of his friends and estimate the mobile number of the criminal When we get a criminal’s Mobile.. : When we get a criminal’s Mobile.. His mobile number IMEI number His address – if not fake Can get his address book Get numbers of his accomplices/friends Analyse his CDR Look for calls made just before the commission of the crime Missed calls Divert lines Electronic Surveillance : Electronic Surveillance Legal Provisions Diversion of Phone Calls Organizational Issues Scientific Analysis of Call Details Formalization of Evidence Case Studies Legal Provisions : Legal Provisions The UP.Police Regulation/VCNB : The UP.Police Regulation/VCNB Surveillance of the activities of bad characters well defined in U.P. Police Regulation Chap- 20 Sec. 223-276. Village crime note book (VCNB) divided onto 5 parts. Part-V deals with History-sheets of convicted, acquitted or habitual criminals. It was expected of Police to keep a surveillance on these categories of criminals. The Telegraph Act : The Telegraph Act Definition Telegraph: Any appliance, instrument, material or apparatus used or capable of use for transmission or reception of signs, signals, writing, images and sounds or intelligence of any nature by wire, visual or other electro-magnetic emissions, Radio waves or Hertzian waves, galvanic, electric or magnetic means Interception of messages : Interception of messages Any officer specially authorized by the Central Government or a State Government may, in the interest of sovereignty and integrity of India the security of the State friendly relations with foreign states public order for preventing incitement to the commission of an offence, continued... Slide 26: may order that any message or class of messages to or from any person or class of persons, or relating to any particular subject, brought for transmission or transmitted or received by any telegraph, shall not be transmitted, or shall be intercepted or detained, or shall be disclosed to the officer mentioned in the order. (Sec 5(2)) THE IT ACT, 2000 : THE IT ACT, 2000 Definitions: Computer resource : means computer, computer system, computer network, data, computer database or software. (Sec 2(k) Electronic form : with reference to information means any information generated, sent, received or stored in media: magnetic, optical, computer memory, micro film, computer generated micro fiche or similar device. (Sec. 2 (r) Electronic record : means data or record generated, image or sound stored, received or sent in an electronic form or micro film or computer generated micro fiche. (Sec. 2 (t) LEGAL RECOGNITION OF ELECTRONIC RECORDS : LEGAL RECOGNITION OF ELECTRONIC RECORDS Section (4) IT Act 2000: Where any law provides that information or any other matter shall be in writing or in the typewritten or printed form, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied if such information or matter is - (a) rendered or made available in an electronic form; and (b) accessible so as to be usable for subsequent reference. Section (91, 92) IT Act 2000: IPC (45 of 1860) and Indian Evidence Act (1 of 1872) amended accordingly. AMENDMENTS TO IPC : AMENDMENTS TO IPC “Document” to mean “document or electronic record” in the following sections: 167 : Public servant framing incorrect document. 172,173,175 : Production of documents before courts or public servants. 192,204 : Fabrication of false evidence 463,464,466,468,469,470,471,474,476,477A : Offences relating to documents. AMENDMENTS TO THE EVIDENCE ACT : AMENDMENTS TO THE EVIDENCE ACT E-records to be admissible as documentary evidence. (Sections 3, 65A, 65B) Provisions relating to proving of digital signatures. (Section 67A) Presumptions as to e-agreements; e-records and digital signatures; DSCs; e-messages; e-records 5 years old. (Sections 85A,85B,85C,88A,90A) Admissibility of Electronic Records : Admissibility of Electronic Records Any information contained in an electronic record which is printed on a paper, stored, recorded or copied in optical or magnetic media produced by a computer (hereinafter referred to as the computer output) shall be deemed to be also a document. Section -65B Slide 32: Following conditions must be satisfied in relation to the information, and the computer the computer was used regularly to store or process information for the purposes of regular activities the information derived was regularly fed into the computer in the ordinary course of the said activities the computer was operating properly the information is derived from such information which was fed into the computer in the ordinary course of the said activities. Diversion Of Phone Calls : Diversion Of Phone Calls Diversion of Phone Calls : Diversion of Phone Calls Identify the suspect number to be taken on parallel monitoring Exercise discretion Collect ownership details and address from the Service Provider Request Home Secretary for permission for parallel listening under Sec 5(2) of Indian Telegraph Act Once permission is received, request the Service Provider to divert the number on a pre-identified police number Slide 35: Assign police personnel by name for listening For quick responses based on call content For evidence Record all conversations On single line recorders Voice logger systems : Computer based automatic systems for recording and retrieval of voice calls on multiple channels Simultaneous transcription of conversations Slide 36: Maintain systematic records of all numbers taken on diversion Inform the service provider to close the diversion when it is no longer required Request the Home Secretary for extension of diversion period beyond one month, if necessary. Organizational Issues : Organizational Issues Management of E-Surveillance : Management of E-Surveillance Form the manpower into self-contained teams: Composition should include personnel handling sources, e-surveillance, physical surveillance, field craft, formalization Necessary resources: 4 to 5 mobile phones, Surveillance Kits, appropriate vehicles, internet access, money Call Data Records Contents : Call Data Records Contents Call Type: Incoming or Outgoing "IN" or "MTC": Mobile Terminating Call "OUT" or "MOC" : Mobile Outgoing Call MSISDN Mobile Station International Integrated Services Digital Network Number, or simply, the mobile number dialed to reach a subscriber Ten Digits 919810012345 91 : 2 digit Country Code 98 : 2 digit National Destination Code 10012345 :8 digit Subscriber Number Slide 40: B Number Called/Calling number: may be any other network number Start Time Starting time of the call in hh:mm:ss, with date Duration In seconds Cell Id Code of the terminating cell: where call ended. Some operators give originating and terminating cell-ids Charged Party Number to which call charges are billed Slide 41: IMEI International Mobile Equipment Identity, a unique number given to every single mobile phone, typically found behind the battery. IMEI numbers of cellular phones connected to a GSM network are stored in a database, Equipment Identity Register, containing all valid mobile phone equipment. It is a 15 digit number: 234567-56-456654-0 : 6 digit Type Approval Code : 2 digit Manufacturer Code : 6 digit Serial Number : 1 Additional digit, usually 0 Slide 42: IMSI International Mobile Subscriber Identity Each GSM mobile subscriber's SIM is assigned a unique 15 digit IMSI. 404152800227727 3 digit Mobile Country Code 2 digit Mobile Network Code 10 digit Mobile Subscriber Identity Number IMSI allows any mobile network to know the home country and network of the subscriber Required to locate numbers roaming in other networks In case of 'duplicate' mobile number, IMSI will be different Analysis of Call Data Records : Analysis of Call Data Records Objective: To locate the suspect PHYSICALLY To collect information about his activities Call details highlight contacts of the suspect. Numbers may point to suspect's associates, relatives or victims. Slide 44: Geographical Area wise Grouping ISD code wise STD code wise Frequency of calls Duration of calls These indicate intimacy with suspect. Should be verified with field information. First and Last call in a day Some suspects call particular people Night Calls May indicate place of stay Slide 45: IMEI wise groupings Indicate the number of handsets being used. Many SIM cards may be used on the same handset. As handsets are costly, they are not disposed off easily. There are instances where old IMEI number has figured after 7 months. Some suspects use different handsets to talk to different types of contacts. From one IMEI, all family members may be contacted, and from another all associates. Slide 46: Cell Id wise groupings Most frequent cell-id indicates place of stay. Late night and early morning calls invariably indicate place of stay. Cell Id is indicated only when the user is within the home network from Home Location Register. While roaming, cell-id is not indicated in CDR. During roaming, cell-id is provided by the current service provider network from their Visitor Location Register. IMSI is needed to locate a roamer. Slide 47: Call Diverts Commonly used by criminals to avoid interception Details required from the Service Provider Call Conferencing Check: Start Time < Start Time+ Duration Slide 48: Don't Ignore Single Calls ! Invariably, the first call after purchase of a new SIM card is made from the current handset. The handset may be changed afterwards, but the CDR of this new SIM will give new IMEI number. First outgoing to a landline/mobile First incoming from a landline/mobile Service Provider Interface : Service Provider Interface Diversion of phone calls Details of Call Diverts IMEI runs on different networks Telephone number runs in CDRs Physical area identification by Cell Id Cell Id location, even while roaming, by IMSI Any other information. The PCO Drill : The PCO Drill Collect following details from the PCO: Calls made by suspects to any other numbers : Preceding and succeeding calls - from all lines of the PCO Bill paid by the caller - to identify other dialed numbers Physical description of callers Any vehicle used by callers Mount Physical Surveillance on frequently used PCOs Formalising The Evidence : Formalising The Evidence Slide 52: While writing the case diaries the following must be included: Letter to Home Secretary requesting permission for parallel monitoring Permission of the Government Letter to Service Provider requesting diversion Names of police personnel entrusted the job of hearing, recording and transcripting the conversations Date and time of conversation Transcript of conversation Certificate of responsible official in charge of the process Slide 53: Call details of the suspect number and other correlated numbers issued by the Service Provider Statements of officials of Service Provider Organization issuing the call details Request to court for voice sample of the suspect Report of the forensic laboratory Case Studies : Case Studies Prateek Deewan Kidnapping Case : Pratek Deevan, a student of Class 11, studying in Dehradun was kidnapped on 01 November,2002 while traveling from Dehradun to Delhi by a Qualis. Dead body of the driver laden with bullet injuries was recovered from the highway next day. For the first two weeks the kidnappers made ransom calls using different mobile numbers from Ludhiyana, Amritsar, Delhi, Jodhpur, Baroda and Meerut. A ransom of Rs. 2.5 Crore was demanded. Prateek Deewan Kidnapping Case Slide 56: An email from rediffmail account was received demanding ransom. ISP was requested to provide details of the IP address of the originating email. Physical address was located to be in Bombay. A team was sent to Bombay. Kidnappers created a different email-id on yahoo.com and instructed the family of the victim to chat on yahoo!chat. Slide 57: While the chat was continued, ISP provided details of the IP address and physical address of the suspect. It was a cyber café in Bombay. STF team arrested the accused red handed while chatting from the cyber café. On interrogation the accused revealed the hideout where the kidnapped was kept. The victim was rescued and all accused were arrested on 02 December, 2004. Slide 58: Electronic Surveillance needs to be complemented appropriately by matching field work and physical surveillance for achieving the targets physically. QUESTIONS : QUESTIONS Slide 60: THANKS ! OMPAL SINGH Computer Instructor, UP.Police Academy, Moradabad You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
Electronic Surveillance ops aSGuest41811 Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 739 Category: Education License: All Rights Reserved Like it (0) Dislike it (0) Added: March 30, 2010 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Electronic Surveillance : Electronic Surveillance Slide 2: Organized crime around the globe lived up to its sophisticated methods by using wireless communications to cover tracks of illegal gambling, kidnappings, money laundering and other crimes. Babloo Srivastava used a cellular phone to continue kidnappings and extortion from the safety of his cell in Tihar Jail. Terrorists are also unpopular benefactors of wireless communication. Slide 3: Today the scenario has completely changed. On the one hand, the scope of criminal activities has attained tremendous proportion and on the other, a number of electronic gadgets are available for communication. These may be broadly classified as under Telephone Mobile Phone Internet Slide 4: Primary duty of Police: prevention and detection of crime For this various methods of surveillance over suspects/known criminals are used Interception of written and voice communication one of the oldest methods of surveillance In the cyber age electronic forms of communication Criminals and terrorists are using SMS, E-mail, chatting and VOIP Also using encryption techniques to avoid interception. Terrorists orgs. Like Al-Qaeda, Hamas and Hezbollah are using computer communication using encryption tools like steganography Slide 5: Task of Police becoming difficult with usage of computers and availability of encryption tools Demand for e-surveillance i.e. surveillance over internet traffic Base Trans Receiver Station Global System of Mobile Communication : Global System of Mobile Communication HLR MobileSwitchingCentre (MSC) PublicSwitchedTelephone NetworkPSTN VLR EIR AUC Base StationController (BSC) BTS BTS BTS BTS Division of A City in Cells : Division of A City in Cells Concept : Mean Reuse Distance (MRD) 4.6 x Radius of the cell Cell Radius : 1.6 Kms. Cities 16 Kms. Rural Areas Cell Radius depends on the number of usersas well as topography of cell area This concept of MRD can be extended to whole Country. Ultimately whole world. Every Cellular Operator typically gets 840 frequencies in a city. Normally 800 are used for voice Communication and 40 are used for control channels. Grid Map of the City and Cell ID : Grid Map of the City and Cell ID 1. Km. MORADABAD Tower Based On - Number of Subscribers - Density of Population * Omni Antenna in smaller city 0o Cell Direction 240o 120o APPLICATIONS : APPLICATIONS CRIMINAL TRACKING CRIME INVESTIGATION ELECTRONIC SUVEILLANCE INTELLIGENCE COLLECTION ANTI CORRUPTION INVESTIGATIONS CELLULAR PHONE MONITORING : CELLULAR PHONE MONITORING COMPUTERISED PRINT OUT CELLULAR TRACKING DEVICES IMPLEMENTATION OF LICENCE CONDITIONS IN THE SELLING OF PRE PAID CARDS SPECIALIZATION AND DISSEMINATION OF CELLULAR INVESTIGATIVE TECHNIQUES Cell Phone Tracking : Cell Phone Tracking CDR gives us IMEI Mobile number Date of call Duration of talk Time of call Number called/calling Incoming/outgoing Cell number Further Insights in the Analysis : Further Insights in the Analysis IF WE KNOW TARGET’S IMEI AND HE IS ELOPED: IMEI can be run on the same cellular operator or probable operators to get the new SIM number. IF TARGET HAS CHANGED BOTH SIM AND HANDSET(IMEI): Target’s base contact numbers P&T/ MOBILE can be run on all probable cellular operators to get his new no. IF TARGET PURCHASES A NEW SIM: Cellular operator would provide the application form,identity proof provided by the subscriber/target and the vender’s address from where the SIM is sold. This is very important piece of information. Probably the same identity proof would be used for purchasing a new SIM.Therefore, such name and address can be run in subscriber’s data base of the probable cellular operators and target’s new SIM no. can be traced. New Trends : New Trends A Criminal takes a ‘Hutch’ SIM from Delhi. Uses this SIM in roaming in Bihar. Now what happens to its Incoming & Outgoing calls? Incoming call route through the mother network so a police party can listen from Hutch, Delhi switch room But voice of outgoing calls can only be get from the switch room where the SIM is roaming/attached. Sharing of Info through SMS Called/calling no. along with the SMS text can be retrieved by the cellular operator. Cell Id : Cell Id Location within the cell known Lets us know the possible hideouts – need surveillance and intelligence collection to zero in Can know if the person is static or mobile – if on the highway, it can be understood If the cell number doesn’t change from night to early morning, it means that the criminal is staying put at one place Frequency of cell id during specific period With cell number and time of call analysis, we can estimate his movement pattern Even when the cell phone is not in use, the cell in which the mobile is currently available is also known in the HLR Last cell where the mobile was switched off is also known in HLR Hence should have cell chart of all mobile operators Tower : Tower Makes sense to check all communication from the tower before, during and after the commission of crime From the mobile numbers found, check and eliminate all innocent numbers by checking on the addresses –get a print out of a tower communication and understand Can monitor communication from a tower when some criminals are expected to arrive at a particular place Numbers called/calling : Numbers called/calling Know all friends/accomplices – check on addresses on land lines and mobile numbers Can put them on surveillance Analysis: Frequency of call Time of particular calls Calls made during the commission of the offence Pattern of calling – calls made after receiving call from someone Daytime/nighttime calls IMEI Number : IMEI Number Remains unchanged for a particular set Run the IMEI number and one can get the mobile number of the criminal; then get the CDR Time of calls : Time of calls Day time/ night time calls Night stay at any place If criminal changes mobile set.. : If criminal changes mobile set.. Assumption is that he will still call the same numbers – his friends would still be the same Check on CDRs of the land lines and mobiles of his friends and estimate the mobile number of the criminal When we get a criminal’s Mobile.. : When we get a criminal’s Mobile.. His mobile number IMEI number His address – if not fake Can get his address book Get numbers of his accomplices/friends Analyse his CDR Look for calls made just before the commission of the crime Missed calls Divert lines Electronic Surveillance : Electronic Surveillance Legal Provisions Diversion of Phone Calls Organizational Issues Scientific Analysis of Call Details Formalization of Evidence Case Studies Legal Provisions : Legal Provisions The UP.Police Regulation/VCNB : The UP.Police Regulation/VCNB Surveillance of the activities of bad characters well defined in U.P. Police Regulation Chap- 20 Sec. 223-276. Village crime note book (VCNB) divided onto 5 parts. Part-V deals with History-sheets of convicted, acquitted or habitual criminals. It was expected of Police to keep a surveillance on these categories of criminals. The Telegraph Act : The Telegraph Act Definition Telegraph: Any appliance, instrument, material or apparatus used or capable of use for transmission or reception of signs, signals, writing, images and sounds or intelligence of any nature by wire, visual or other electro-magnetic emissions, Radio waves or Hertzian waves, galvanic, electric or magnetic means Interception of messages : Interception of messages Any officer specially authorized by the Central Government or a State Government may, in the interest of sovereignty and integrity of India the security of the State friendly relations with foreign states public order for preventing incitement to the commission of an offence, continued... Slide 26: may order that any message or class of messages to or from any person or class of persons, or relating to any particular subject, brought for transmission or transmitted or received by any telegraph, shall not be transmitted, or shall be intercepted or detained, or shall be disclosed to the officer mentioned in the order. (Sec 5(2)) THE IT ACT, 2000 : THE IT ACT, 2000 Definitions: Computer resource : means computer, computer system, computer network, data, computer database or software. (Sec 2(k) Electronic form : with reference to information means any information generated, sent, received or stored in media: magnetic, optical, computer memory, micro film, computer generated micro fiche or similar device. (Sec. 2 (r) Electronic record : means data or record generated, image or sound stored, received or sent in an electronic form or micro film or computer generated micro fiche. (Sec. 2 (t) LEGAL RECOGNITION OF ELECTRONIC RECORDS : LEGAL RECOGNITION OF ELECTRONIC RECORDS Section (4) IT Act 2000: Where any law provides that information or any other matter shall be in writing or in the typewritten or printed form, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied if such information or matter is - (a) rendered or made available in an electronic form; and (b) accessible so as to be usable for subsequent reference. Section (91, 92) IT Act 2000: IPC (45 of 1860) and Indian Evidence Act (1 of 1872) amended accordingly. AMENDMENTS TO IPC : AMENDMENTS TO IPC “Document” to mean “document or electronic record” in the following sections: 167 : Public servant framing incorrect document. 172,173,175 : Production of documents before courts or public servants. 192,204 : Fabrication of false evidence 463,464,466,468,469,470,471,474,476,477A : Offences relating to documents. AMENDMENTS TO THE EVIDENCE ACT : AMENDMENTS TO THE EVIDENCE ACT E-records to be admissible as documentary evidence. (Sections 3, 65A, 65B) Provisions relating to proving of digital signatures. (Section 67A) Presumptions as to e-agreements; e-records and digital signatures; DSCs; e-messages; e-records 5 years old. (Sections 85A,85B,85C,88A,90A) Admissibility of Electronic Records : Admissibility of Electronic Records Any information contained in an electronic record which is printed on a paper, stored, recorded or copied in optical or magnetic media produced by a computer (hereinafter referred to as the computer output) shall be deemed to be also a document. Section -65B Slide 32: Following conditions must be satisfied in relation to the information, and the computer the computer was used regularly to store or process information for the purposes of regular activities the information derived was regularly fed into the computer in the ordinary course of the said activities the computer was operating properly the information is derived from such information which was fed into the computer in the ordinary course of the said activities. Diversion Of Phone Calls : Diversion Of Phone Calls Diversion of Phone Calls : Diversion of Phone Calls Identify the suspect number to be taken on parallel monitoring Exercise discretion Collect ownership details and address from the Service Provider Request Home Secretary for permission for parallel listening under Sec 5(2) of Indian Telegraph Act Once permission is received, request the Service Provider to divert the number on a pre-identified police number Slide 35: Assign police personnel by name for listening For quick responses based on call content For evidence Record all conversations On single line recorders Voice logger systems : Computer based automatic systems for recording and retrieval of voice calls on multiple channels Simultaneous transcription of conversations Slide 36: Maintain systematic records of all numbers taken on diversion Inform the service provider to close the diversion when it is no longer required Request the Home Secretary for extension of diversion period beyond one month, if necessary. Organizational Issues : Organizational Issues Management of E-Surveillance : Management of E-Surveillance Form the manpower into self-contained teams: Composition should include personnel handling sources, e-surveillance, physical surveillance, field craft, formalization Necessary resources: 4 to 5 mobile phones, Surveillance Kits, appropriate vehicles, internet access, money Call Data Records Contents : Call Data Records Contents Call Type: Incoming or Outgoing "IN" or "MTC": Mobile Terminating Call "OUT" or "MOC" : Mobile Outgoing Call MSISDN Mobile Station International Integrated Services Digital Network Number, or simply, the mobile number dialed to reach a subscriber Ten Digits 919810012345 91 : 2 digit Country Code 98 : 2 digit National Destination Code 10012345 :8 digit Subscriber Number Slide 40: B Number Called/Calling number: may be any other network number Start Time Starting time of the call in hh:mm:ss, with date Duration In seconds Cell Id Code of the terminating cell: where call ended. Some operators give originating and terminating cell-ids Charged Party Number to which call charges are billed Slide 41: IMEI International Mobile Equipment Identity, a unique number given to every single mobile phone, typically found behind the battery. IMEI numbers of cellular phones connected to a GSM network are stored in a database, Equipment Identity Register, containing all valid mobile phone equipment. It is a 15 digit number: 234567-56-456654-0 : 6 digit Type Approval Code : 2 digit Manufacturer Code : 6 digit Serial Number : 1 Additional digit, usually 0 Slide 42: IMSI International Mobile Subscriber Identity Each GSM mobile subscriber's SIM is assigned a unique 15 digit IMSI. 404152800227727 3 digit Mobile Country Code 2 digit Mobile Network Code 10 digit Mobile Subscriber Identity Number IMSI allows any mobile network to know the home country and network of the subscriber Required to locate numbers roaming in other networks In case of 'duplicate' mobile number, IMSI will be different Analysis of Call Data Records : Analysis of Call Data Records Objective: To locate the suspect PHYSICALLY To collect information about his activities Call details highlight contacts of the suspect. Numbers may point to suspect's associates, relatives or victims. Slide 44: Geographical Area wise Grouping ISD code wise STD code wise Frequency of calls Duration of calls These indicate intimacy with suspect. Should be verified with field information. First and Last call in a day Some suspects call particular people Night Calls May indicate place of stay Slide 45: IMEI wise groupings Indicate the number of handsets being used. Many SIM cards may be used on the same handset. As handsets are costly, they are not disposed off easily. There are instances where old IMEI number has figured after 7 months. Some suspects use different handsets to talk to different types of contacts. From one IMEI, all family members may be contacted, and from another all associates. Slide 46: Cell Id wise groupings Most frequent cell-id indicates place of stay. Late night and early morning calls invariably indicate place of stay. Cell Id is indicated only when the user is within the home network from Home Location Register. While roaming, cell-id is not indicated in CDR. During roaming, cell-id is provided by the current service provider network from their Visitor Location Register. IMSI is needed to locate a roamer. Slide 47: Call Diverts Commonly used by criminals to avoid interception Details required from the Service Provider Call Conferencing Check: Start Time < Start Time+ Duration Slide 48: Don't Ignore Single Calls ! Invariably, the first call after purchase of a new SIM card is made from the current handset. The handset may be changed afterwards, but the CDR of this new SIM will give new IMEI number. First outgoing to a landline/mobile First incoming from a landline/mobile Service Provider Interface : Service Provider Interface Diversion of phone calls Details of Call Diverts IMEI runs on different networks Telephone number runs in CDRs Physical area identification by Cell Id Cell Id location, even while roaming, by IMSI Any other information. The PCO Drill : The PCO Drill Collect following details from the PCO: Calls made by suspects to any other numbers : Preceding and succeeding calls - from all lines of the PCO Bill paid by the caller - to identify other dialed numbers Physical description of callers Any vehicle used by callers Mount Physical Surveillance on frequently used PCOs Formalising The Evidence : Formalising The Evidence Slide 52: While writing the case diaries the following must be included: Letter to Home Secretary requesting permission for parallel monitoring Permission of the Government Letter to Service Provider requesting diversion Names of police personnel entrusted the job of hearing, recording and transcripting the conversations Date and time of conversation Transcript of conversation Certificate of responsible official in charge of the process Slide 53: Call details of the suspect number and other correlated numbers issued by the Service Provider Statements of officials of Service Provider Organization issuing the call details Request to court for voice sample of the suspect Report of the forensic laboratory Case Studies : Case Studies Prateek Deewan Kidnapping Case : Pratek Deevan, a student of Class 11, studying in Dehradun was kidnapped on 01 November,2002 while traveling from Dehradun to Delhi by a Qualis. Dead body of the driver laden with bullet injuries was recovered from the highway next day. For the first two weeks the kidnappers made ransom calls using different mobile numbers from Ludhiyana, Amritsar, Delhi, Jodhpur, Baroda and Meerut. A ransom of Rs. 2.5 Crore was demanded. Prateek Deewan Kidnapping Case Slide 56: An email from rediffmail account was received demanding ransom. ISP was requested to provide details of the IP address of the originating email. Physical address was located to be in Bombay. A team was sent to Bombay. Kidnappers created a different email-id on yahoo.com and instructed the family of the victim to chat on yahoo!chat. Slide 57: While the chat was continued, ISP provided details of the IP address and physical address of the suspect. It was a cyber café in Bombay. STF team arrested the accused red handed while chatting from the cyber café. On interrogation the accused revealed the hideout where the kidnapped was kept. The victim was rescued and all accused were arrested on 02 December, 2004. Slide 58: Electronic Surveillance needs to be complemented appropriately by matching field work and physical surveillance for achieving the targets physically. QUESTIONS : QUESTIONS Slide 60: THANKS ! OMPAL SINGH Computer Instructor, UP.Police Academy, Moradabad