logging in or signing up Presentation in the 3rd International ISV Conference 6-8 Jan 2011 tabrezahmad Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 153 Category: Science & Tech.. License: All Rights Reserved Like it (0) Dislike it (0) Added: January 13, 2011 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Victims of Cybercrimes ( Presented in the 3rd International ISV Conference 6-8th January 2011 : Dr. Tabrez Ahmad Associate Professor of Law www.site.technolexindia.com technolexindia.blogspot.com Victims of Cybercrimes ( Presented in the 3 rd International ISV Conference 6-8 th January 2011Slide 2: Thursday, January 13, 2011 Agenda: Agenda 13 January 2011 3 Background of Cybercrimes The categories of cybercrimes Combating Cybercrimes Phishing Liability of ISPs and Govt. The prosecution in cybercrimes Admissibility of digital evidence in courts Possible defense by an accused in a computer related crime Criminological theories and cybercrimes Cyberforensics The possible reliefs to a cybercrime victim and strategy adoption 12 . Future course of actionSlide 4: Digital Revolution Internet Infra in INDIA 4 4.8 Mil. High Speed Internet 65 Mil. Internet Users 248 Mil. Mobile Phones 8 Mil. Mobile Phones being added per month Internet BSNL Bharti TATA Communications Reliance ERNET Mail Servers 1Mil. Domains (0.5 Mil. “.in”) DNS 130+ IDCs 134 Major ISPs VOIP, IPTV NIC INDIA Internet Infrastructure:2008.5 Govt. Academia Enterprise Home Tele Density 24 per 1000 person IT / ITES BPO Targetted Broadband connection = 10 Mil. (2010)Background of Cybercrime: Background of Cybercrime 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 5 Real-world & Virtual- world Current approaches evolved to deal with real-world crime Cybercrime occurs in a virtual-world and therefore presents different issuesBackground of Cybercrime Cont…: Background of Cybercrime Cont… 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 6 Real-world theft: Possession of property shifts completely from A to B, i.e., A had it now B has it Theft in Virtual-world (Cyber-theft): Property is copied, so A “has” it and so does BBackground of Cybercrime Cont…: Background of Cybercrime Cont… 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 7 Internet for Security USA ARPANET Internet for Research Internet for e-commerce UNCITRAL Model Law 1996 I.T Act 2000 Internet for e-governance Internet regulation – serious matter after 9/11 attack on World Trade Centre US Patriot Act I.T Amendment Act 2008Categories of Cyber crimes: Categories of Cyber crimes 8 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.comSlide 9: 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 9What is India inc’s biggest threat?: What is India inc’s biggest threat? 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 10 Cyber crime is now a bigger threat to India Inc than physical crime. In a recent survey by IBM, a greater number of companies (44%) listed cyber crime as a bigger threat to their profitability than physical crime (31%). The cost of cyber crime stems primarily from loss of revenue, loss of market capitalisation , damage to the brand, and loss of customers, in that order. About 67% local Chief Information Officers (CIOs) who took part in the survey perceived cyber crime as more costly , compared to the global benchmark of 50%.Combating cyber crimes: Combating cyber crimes Legal framework-laws & enforcement Technological measures- Public key cryptography, Electronic signatures ,Firewalls, honey pots Cyber investigation- Computer forensics is the process of identifying, preserving, analyzing and presenting digital evidence in a manner that is legally acceptable in courts of law. These rules of evidence include admissibility (in courts), authenticity (relation to incident), completeness, reliability and believability. 11 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.comLegal Framework-Laws & Enforcement: Legal Framework-Laws & Enforcement 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 12 Information Technology Act, 2000-came into force on 17 October 2000 Information Technology ( Amendment) Act, 2008-came into force on 27 October 2009 The Information Technology ( Use of Electronic Records and Digital Signatures) Rules, 2004 The Information Technology (Security Procedure) Rules, 2004 The Information Technology ( Procedure and Safeguards for Interception, Monitoring, and Decryption of Information ) Rules, 2009 The Information Technology ( Procedure and Safeguards, for Blocking for Access of Information by Public ), Rules, 2009 The Information Technology ( Proced ure and Safeguards for Monitoring and Collecting Traffic Data or Information ) Rules, 2009.International initiatives: International initiatives 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 13 Representatives from the 26 Council of Europe members, the United States , Canada , Japan and South Africa in 2001 signed a convention on cybercrime in efforts to enhance international cooperation in combating computer-based crimes. The Convention on Cybercrime , drawn up by experts of the Council of Europe, is designed to coordinate these countries' policies and laws on penalties on crimes in cyberspace, define the formula guaranteeing the efficient operation of the criminal and judicial authorities, and establish an efficient mechanism for international cooperation. In 1997, The G-8 Ministers agreed to ten "Principles to Combat High-Tech Crime" and an "Action Plan to Combat High-Tech Crime." Main objectives- Create effective cyber crime laws Handle jurisdiction issues Cooperate in international investigations Develop acceptable practices for search and seizure Establish effective public/private sector interactionCombating Cyber crime-Indian legal framework: Combating Cyber crime-Indian legal framework 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 14 Information Technology Act, 2000-came into force on 17 October 2000 Extends to whole of India and also applies to any offence or contravention there under committed outside India by any person {section 1 (2)} read with Section 75- Act applies to offence or contravention committed outside India by any person irrespective of his nationality, if such act involves a computer, computer system or network located in India Section 2 (1) (a) –”Access” means gaining entry into ,instructing or communicating with the logical, arithmetic or memory function resources of a computer, computer resource or network IT Act confers legal recognition to electronic records and digital signatures (section 4,5 of the IT Act,2000)Cyber contravention: Cyber contravention 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 15 The IT Act prescribes provisions for contraventions in Ch IX of the Act, particularly Sec. 43 of the Act, which covers unauthorised access, downloading, introduction of virus, denial of access and Internet time theft committed by any person. It prescribes punishment by way of damages not exceeding Rs 1 crore to the affected party.Section 46 IT Act: Section 46 IT Act 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 16 Section 46 of the IT Act states that an adjudicating officer shall be adjudging whether a person has committed a contravention of any of the provisions of the said Act, by holding an inquiry. Principles of audi alterum partum and natural justice are enshrined in the said section which stipulates that a reasonable opportunity of making a representation shall be granted to the concerned person who is alleged to have violated the provisions of the IT Act. The said Act stipulates that the inquiry will be carried out in the manner as prescribed by the Central Government All proceedings before him are deemed to be judicial proceedings, every Adjudicating Officer has all powers conferred on civil courts Appeal to cyber Appellate Tribunal- from decision of Controller, Adjudicating Officer {section 57 IT act}Section 47, IT Act: Section 47, IT Act 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 17 Section 47 of the Act lays down that while adjudging the quantum of compensation under this Act, the adjudicating officer shall have due regard to the following factors, namely- (a) the amount of gain of unfair advantage, wherever quantifiable, made as a result of the default; (b) the amount of loss caused to any person as a result of the default; (c) the repetitive nature of the defaultSlide 18: 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 18 Chapter XI of the IT Act 2000 discusses the cyber crimes and offences inter alia, tampering with computer source documents (s 65), hacking (s 66), publishing of obscene information (s 67), unauthorised access to protected system (s 70), breach of confidentiality (s 72), publishing false digital signature certificate (s 73).Slide 19: 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 19 Whereas cyber contraventions are ‘ civil wrongs ’ for which compensation is payable by the defaulting party, ‘ cyber offences ’ constitute cyber frauds and crimes which are criminal wrongs for which punishment of imprisonment and/or fine is prescribed by the Information Technology Act 2000.Section 65: Source Code: Section 65: Source Code 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 20 Most important asset of software companies “Computer Source Code" means the listing of programmes, computer commands, design and layout Ingredients Knowledge or intention Concealment, destruction, alteration computer source code required to be kept or maintained by law Punishment imprisonment up to three years and / or fine up to Rs. 2 lakhHacking: Hacking 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 21 Section 66 of the IT Act 2000 deals with the offence of computer hacking. In simple words, hacking is accessing of a computer system without the express or implied permission of the owner of that computer system. Examples of hacking may include unauthorised input or alteration of input, destruction or misappropriation of output, misuse of programs or alteration of computer data. Punishment for hacking is imprisonment upto 3years or fine which may extend to 2 lakh rupees or bothPublishing obscene information: Publishing obscene information 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 22 Section 67 of the IT Act lays down punishment for the offence of publishing of obscene information in electronic form Recently, the Supreme Court in Ajay Goswami v Union of India considered the issue of obscenity on Internet and held that restriction on freedom of speech on ground of curtailing obscenity amounts to reasonable restriction under art 19(2) of the Constitution. The court observed that the test of community mores and standards has become obsolete in the Internet age. punishment on first conviction with imprisonment for a term which may extend to 5 years and with fine which may extend to 1 lakh rupees. In the event of second conviction or subsequent conviction imprisonment of description for a term which may extend to 10 years and fine which may extend to2 lakh rupees.Slide 23: Phishing Phishing is a type of deception designed to steal your valuable personal data, such as credit card numbers, passwords, account data, or other information. Con artists might send millions of fraudulent e-mail messages that appear to come from Web sites you trust, like your bank or credit card company, and request that you provide personal information .Slide 24: Phreaking + Fishing = Phishing - Phreaking = making phone calls for free back in 70’s - Fishing = Use bait to lure the target Phishing in 1995 Target: AOL users Purpose: getting account passwords for free time Threat level: low Techniques: Similar names ( www.ao1.com for www.aol.com ), social engineering Phishing in 2001 Target: Ebayers and major banks Purpose: getting credit card numbers, accounts Threat level: medium Techniques: Same in 1995, keylogger Phishing in 2007 Target: Paypal, banks, ebay Purpose: bank accounts Threat level: high Techniques: browser vulnerabilities, link obfuscation History of PhishingSlide 25: Over 28,000 unique phishing attacks reported in Dec. 2006, about double the number from 2005, Now so many millions in 2010. Estimates suggest phishing affected 2 million US citizens and cost businesses billions of dollars in 2010 Additional losses due to consumer fears Phishing: A Growing ProblemSlide 26: Phishing Scams As scam artists become more sophisticated, so do their phishing e-mail messages and pop-up windows. They often include official-looking logos from real organizations and other identifying information taken directly from legitimate Web sites . Socially aware attacks Mine social relationships from public data Phishing email appears to arrive from someone known to the victim Use spoofed identity of trusted organization to gain trust Urge victims to update or validate their account Threaten to terminate the account if the victims not reply Use gift or bonus as a bait Security promises Context-aware attacks “Your bid on eBay has won!” “The books on your Amazon wish list are on sale!”Slide 27: Another Example :Slide 28: But wait… WHOIS 210.104.211.21: Location: Korea, Republic Of Even bigger problem: I don’t have an account with US Bank! Images from Anti-Phishing Working Group’s Phishing ArchiveSlide 29: Here are a few phrases to look for if you think an e-mail message is a phishing scam. "Verify your account." Businesses should not ask you to send passwords, login names, Social Security numbers, or other personal information through e-mail. If you receive an e-mail from anyone asking you to update your credit card information, do not respond: this is a phishing scam. "If you don't respond within 48 hours, your account will be closed." These messages convey a sense of urgency so that you'll respond immediately without thinking. Phishing e-mail might even claim that your response is required because your account might have been compromised. Fraudulent E-mail MessagesSlide 30: Fraudulent E-mail Messages (cont’d) "Dear Valued Customer." Phishing e-mail messages are usually sent out in bulk and often do not contain your first or last name. "Click the link below to gain access to your account." HTML-formatted messages can contain links or forms that you can fill out just as you'd fill out a form on a Web site. The links that you are urged to click may contain all or part of a real company's name and are usually "masked," meaning that the link you see does not take you to that address but somewhere different, usually a phony Web site. Notice in the following example that resting the mouse pointer on the link reveals the real Web address, as shown in the box with the yellow background. The string of cryptic numbers looks nothing like the company's Web address, which is a suspicious sign.Slide 31: Con artists also use Uniform Resource Locators ( URLs ) that resemble the name of a well-known company but are slightly altered by adding, omitting, or transposing letters. For example, the URL "www.microsoft.com" could appear instead as: www.mi c osoft.com www.mi rc osoft.com www. verify -microsoft.com Fraudulent E-mail Messages (cont’d)Slide 32: Never respond to an email asking for personal information Always check the site to see if it is secure. Call the phone number if necessary Never click on the link on the email. Retype the address in a new window Keep your browser updated Keep antivirus definitions updated Use a firewall Fraudulent E-mail Messages (cont’d)Slide 33: Phishing Filter (http://www.microsoft.com/athome/security/online/phishing_filter.mspx) helps protect you from Web fraud and the risks of personal data theft by warning or blocking you from reported phishing Web sites. Install up-to-date antivirus and antispyware software . Some phishing e-mail contains malicious or unwanted software (like keyloggers ) that can track your activities or simply slow your computer. Numerous antivirus programs exist as well as comprehensive computer maintenance services like Norton Utilities . To help prevent spyware or other unwanted software, download Windows Defender. Install the Microsoft Phishing Filter Using Internet Explorer 7 or Windows Live ToolbarThe Information Technology (Amendment) Act, 2008 has come into force on 27th October, 2009. : The Information Technology (Amendment) Act, 2008 has come into force on 27th October, 2009. 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 34 Almost Nine years and 10 days after the birth of cyber laws in India, the new improved cyber law regime in India has become a reality. There are around 17 changes and out of that most of the changes relate to cyber crimes.Some of the major modifications are: : Some of the major modifications are: 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 35 1. A special liability has been imposed on call centers, BPOs, banks and others who hold or handle sensitive personal data . If they are negligent in "implementing and maintaining reasonable security practices and procedures", they will be liable to pay compensation. It may be recalled that India's first major BPO related scam was the multi crore MphasiS -Citibank funds siphoning case in 2005. Under the new law, in such cases, the BPOs and call centers could also be made liable if they have not implemented proper security measures. 2. Compensation on cyber crimes like spreading viruses, copying data, unauthorised access, denial of service etc is not restricted to Rs 1 crore anymore. The Adjudicating Officers will have jurisdiction for cases where the claim is upto Rs. 5 crore . Above that the case will need to be filed before the civil courts.Slide 36: 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 36 3.The offence of cyber terrorism has been specially included in the law. A cyber terrorist can be punished with life imprisonment. 4. Sending threatening emails and sms are punishable with jail upto 3 years. 5. Publishing sexually explicit acts in the electronic form is punishable with jail upto 3 years. This would apply to cases like the Delhi MMS scandal where a video of a young couple having sex was spread through cell phones around the country.Slide 37: 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 37 6.Voyeurism is now specifically covered. Acts like hiding cameras in changing rooms, hotel rooms etc is punishable with jail upto 3 years. This would apply to cases like the infamous Pune spycam incident where a 58-year old man was arrested for installing spy cameras in his house to 'snoop' on his young lady tenants. 7. Cyber crime cases can now be investigated by Inspector rank police officers. Earlier such offences could not be investigated by an officer below the rank of a deputy superintendent of police. 8. Collecting, browsing, downloading etc of child pornography is punishable with jail upto 5 years for the first conviction. For a subsequent conviction, the jail term can extend to 7 years. A fine of upto Rs 10 lakh can also be levied.Slide 38: 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 38 9. The punishment for spreading obscene material by email, websites, sms has been reduced from 5 years jail to 3 years jail. This covers acts like sending 'dirty' jokes and pictures by email or sms . 10. Refusing to hand over passwords to an authorized official could land a person in prison for upto 7 years. 11. Hacking into a Government computer or website , or even trying to do so in punishable with imprisonment upto 10 years. 12. Rules pertaining to section 52 (Salary, Allowances and Other Terms and Conditions of Service of Chairperson and Members),Slide 39: 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 39 13. Rules pertaining to section 69 (Procedure and Safeguards for Interception, Monitoring and Decryption of Information), 14. Rules pertaining to section 69A (Procedure and Safeguards for Blocking for Access of Information by Public), 15. Rules pertaining to section 69B (Procedure and safeguard for Monitoring and Collecting Traffic Data or Information) and 16. Notification under section 70B for appointment of the Indian Computer Emergency Response Team. 17. Rules Rules pertaining to section 54 (Procedure for Investigation of Misbehaviour or Incapacity of Chairperson and Members),Slide 40: Arms Act Online sale of Arms Sec. 383 IPC Web - Jacking NDPS Act Online sale of Drugs Sec 416, 417, 463 IPC Email spoofing Sec 420 IPC Bogus websites, cyber frauds Sec 463, 470, 471 IPC Forgery of electronic records Sec 499, 500 IPC Sending defamatory messages by email Sec 503 IPC Sending threatening messages by email Computer Related Crimes under IPC and Special Laws 40Special and General statutes applicable to cybercrimes: Special and General statutes applicable to cybercrimes 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 41 While the IT Act 2000, provides for the specific offences it has to be read with the Indian Penal Code 1860 (IPC) and the Code of Criminal Procedure 1973 (Cr PC) IT Act is a special law, most IT experts are of common consensus that it does not cover or deal specifically with every kind of cyber crime for instance, for defamatory emails reliance is placed on Sec. 500 of IPC, for threatening e-mails , provisions of IPC applicable thereto are criminal intimidation ( ch XXII), extortion ( ch XVII ), for e-mail spoofing , provisions of IPC relating to frauds, cheating by personation ( ch XVII) and forgery ( ch XVIII) are attracted.Slide 42: 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 42 Likewise, criminal breach of trust and fraud (SS 405, 406, 408, 409) of the IPC are applicable and for false electronic evidence , Sec. 193 of IPC applies. For cognisability and bailability , reliance is placed on Code of Criminal Procedure which also lays down the specific provisions relating to powers of police to investigate. Liability of ISPs and Govt.: Liability of ISPs and Govt. 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 43 GOVERNMENT –NSP?? Governments Providing Services On The Network Governments Are Intermediaries. Sec 79 IT Act. Under The It Act, 2000, All Governments, Central And State, All Governmental Bodies Are “Network Service Providers”Liability of ISPs and Govt.: Liability of ISPs and Govt. 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 44 Section 79 of I T Act 200 For the removal of doubts, it is hereby declared that no person providing any service as a network service provider shall be liable under this Act, rules or regulations made there under for any third party information or data made available by him if he proves that the offence or contravention was committed without his knowledge or that he had exercised all due diligence to prevent the commission of such offence or contravention.Liability of ISPs and Govt. (Contd.): Liability of ISPs and Govt. (Contd.) 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 45 Network Service Providers: When Not Liable Explanation .— For the purposes of this section, — (a) "network service provider" means an intermediary; (b) "third party information" means any information dealt with by a network service provider in his capacity as an intermediary.Liability of ISPs and Govt.: Liability of ISPs and Govt. 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 46 TRANSPARENCY Need For Transparent E-governance Right To Information Act Government Would Now Not Be Able To Hide Records Concerning E-governanceGovernment Initiative: Government Initiative 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 47 The Cyber Crime Investigation cell (CCIC) of the CBI, notified in September 1999, started functioning from 3 March 2000. It is located in New Delhi, Mumbai, Chennai and Bangalore. Jurisdiction of the cell is all over India. Any incident of the cyber crime can be reported to a police station, irrespective of whether it maintains a separate cell or not.The Indian Computer Emergency Response Team (CERT-In): The Indian Computer Emergency Response Team (CERT-In) 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 48 IT Amendment ACT 2008 . “70A. ( 1) The Indian Computer Emergency Response Team (CERT-In) shall serve as the national nodal agency in respect of Critical Information Infrastructure for coordinating all actions relating to information security practices, procedures, guidelines, incident prevention, response and report. ( 2) For the purposes of sub-section (1), the Director of the Indian Computer Emergency Response Team may call for information pertaining to cyber security from the service providers, intermediaries or any other person.Amendments- Indian Evidence Act 1872: Amendments- Indian Evidence Act 1872 Section 3 of the Evidence Act amended to take care of admissibility of ER as evidence along with the paper based records as part of the documents which can be produced before the court for inspection. Section 4 of IT Act confers legal recognition to electronic records 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 49AUTHENTICATION OF ELECTRONIC RECORDS: AUTHENTICATION OF ELECTRONIC RECORDS 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 50 Any subscriber may authenticate an electronic record Authentication by affixing his digital signature. Any person by the use of a public key of the subscriber can verify the electronic recordLEGALITY OF ELECTRONIC SIGNATURES: LEGALITY OF ELECTRONIC SIGNATURES 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 51 Legal recognition of digital signatures. Certifying Authorities for Digital Signatures. Scheme for Regulation of Certifying Authorities for Digital Signatures CONTROLLER OF CERTIFYING AUTHORITIES: CONTROLLER OF CERTIFYING AUTHORITIES 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 52 Shall exercise supervision over the activities of Certifying Authorities Lay down standards and conditions governing Certifying Authorities Specify various forms and content of Digital Signature CertificatesDIGITAL SIGNATURES & ELECTRONIC RECORDS: DIGITAL SIGNATURES & ELECTRONIC RECORDS 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 53 Use of Electronic Records and Electronic Signatures in Government Agencies. Publications of rules and regulations in the Electronic Gazette. MCA –21 Project- Usage of Digital SignaturesPresumptions in law- Section 85 B Indian Evidence Act: Presumptions in law- Section 85 B Indian Evidence Act 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 54 The law also presumes that in any proceedings, involving secure digital signature , the court shall presume, unless the contrary is proved, that the secure digital signature is affixed by the subscriber with the intention of signing or approving the electronic record In any proceedings involving a secure electronic record, the court shall presume, unless contrary is proved, that the secure electronic record has not been altered since the specific point of time, to which the secure status relatesPresumption as to electronic messages- Section 88A of Evidence Act: Presumption as to electronic messages- Section 88A of Evidence Act 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 55 The court may treat electronic messages received as if they were sent by the originator, with the exception that a presumption is not to be made as to the person by whom such message was sent. It must be proved that the message has been forwarded from the electronic mail server to the person ( addressee ) to whom such message purports to have been addressed An electronic message is primary evidence of the fact that the same was delivered to the addressee on date and time indicated.IT Amendment Act 2008-Section 79A: IT Amendment Act 2008-Section 79A 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 56 Section 79A empowers the Central govt to appoint any department, body or agency as examiner of electronic evidence for proving expert opinion on electronic form evidence before any court or authority. Till now, government forensic lab of hyderabad was considered of evidentiary value in courts- CFSIL Statutory status to an agency as per Section 79A will be of vital importance in criminal prosecution of cybercrime cases in IndiaSec. 69, 69 A, 69 B Decryption of information: Sec. 69, 69 A, 69 B Decryption of information 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 57 Ingredients Controller issues order to Government agency to intercept any information transmitted through any computer resource. Order is issued in the interest of the sovereignty or integrity of India, the security of the State, friendly relations with foreign States, public order or preventing incitement for commission of a cognizable offence Person in charge of the computer resource fails to extend all facilities and technical assistance to decrypt the information-punishment upto 7 years.Sec 70 Protected System: Sec 70 Protected System 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 58 Ingredients Securing unauthorised access or attempting to secure unauthorised access to ‘protected system’ Acts covered by this section: Switching computer on / off Using installed software / hardware Installing software / hardware Port scanning Punishment Imprisonment up to 10 years and fine Cognizable, Non-Bailable, Court of SessionsCriminological Theories & Cyber Crime: Criminological Theories & Cyber Crime Space Transition Theory Routine Activity Theory Displacement Theory Opportunity TheorySpace Transition Theory: Space Transition Theory Persons with repressed criminal behavior (in the physical space) have a propensity to commit crime in cyberspace, which otherwise they would not commit in physical space, due to their status and position. Concern for status in physical space does not transition to cyber space. Behavior repressed in physical space are not in cyber space.Space Transition Theory: Space Transition Theory 2) Identity flexibility, dissociative anonymity, and lack of deterrence factor in the cyberspace provides the offenders the choice to commit cyber crime. Disinhibiting effect allows individuals : Open honesty about personal issues To act out on unpleasant needs Deinidividualization - inner restraints are lost when individuals not seen as individuals Leads to behavior that is Less altruistic More selfish More aggressiveSpace Transition Theory: Space Transition Theory 2) Identity flexibility, dissociative anonymity, and lack of deterrence factor in the cyberspace provides the offenders the choice to commit cyber crime. Deterrence factor changes Attacks can be made from a remote location Crime reslts not immediately apparentSpace Transition Theory: Space Transition Theory 3) Criminal behavior of offenders in cyberspace is likely to be imported to physical space which, in physical space maybe exported to cyberspace as well. Cyber crime has moved from the single individual acting for fame to professional criminals Huge financial gain with little risk Growth of e-commerce attracts criminals to the netSpace Transition Theory: Space Transition Theory 4) Intermittent venture of offenders in to the cyberspace and the dynamic spatiotemporal nature of cyberspace provide the chance to escape Cyber space is transient Cyber space is dynamic Cyber crimes have do not have spatial - temporal restrictions of traditional crimesSpace Transition Theory: Space Transition Theory 5) (a)Strangers are likely too unite together in cyberspace to commit crime in the physical space; (b) Associates of physical space are likely to unite to commit crime in cyberspace. Cyberspace allows for recruitment and dissemination Cyberspace is: Unmoderated Easy to access Cyberspace can pose an insider threat Spy / mole Disgruntled employeeSpace Transition Theory: Space Transition Theory 6) Persons from closed society are more likely to commit crimes in cyberspace than persons from open society. Open society allows individuals to voice opinions & vent feelings. Cyberspace allows individuals from closed societies to express anger & frustrations through hate messages, web page vandalism, up to cyber terrorism attacksSpace Transition Theory: Space Transition Theory 7) The conflict of norms and values of physical space with the norms and values of cyberspace may lead to cyber crimes. Cyberspace is international Societal differences between individuals may lead to cyber crime Conflicts between nations carry over into cyberspaceRoutine Activity Theory: Routine Activity Theory Routine activities in conventional societies provide opportunities for perpetrator to commit crime Three things must be present for crime to occur: Suitable target is available Motivated offender is present Lack of a suitable guardian to prevent crime from occurring Assessment of situation determines whether or not a crime takes place.Routine Activity Theory: Routine Activity Theory A suitable target can be: A person An object A place Target comes to the attention of a person searching for a criminal opportunity Targets behavior may place target in contact with perpetrator No significant deterring mechanism is presentRoutine Activity Theory: Routine Activity Theory Motivated Perpetrator Predatory crime is a method for the perpetrator to secure basic needs of desires Actions of perpetrator are intentional and illegalRoutine Activity Theory: Routine Activity Theory A capable guardian Police patrol, Security guards Neighbors, neighborhood watch, dogs Locks, fences, CCTV systems Passwords, tokens, biometric measures Guardians can be formal or informal Guardians can be human or machine Guardians MUST be capable of acting as a deterrentOpportunity Theory: Opportunity Theory Opportunity to commit a crime is a root cause of crime No crime can occur without the physical opportunity Opportunity plays a role in all crimes, not just those involving physical property Reducing opportunity reduces crimeDisplacement Theory: Displacement Theory Reductions in opportunity will not reduce crime because crime will be displaced to another location Opportunity is so compelling that removing perpetrators will not reduce crime because other perpetrators will step in Research on displacement theory has shown crime is not always displacedRoutine Activity Theory & the Internet: Routine Activity Theory & the Internet Opportunity to commit crime is multiplied Target and perpetrator are much more likely to come in contact with each other Victim has to keep returning to scene of the crime Deterrence comes shifting either events or circumstances Neither are easily alteredRoutine Activity Theory & the Internet: Routine Activity Theory & the Internet Cybercrime has more to do with the effectiveness of indirect guardianship Internet is open & unmoderated Mechanisms of the Internet designed to transfer data, not to examine the data Internet guardianships are all mechanical Reactive, respond to some action - IDS Cannot respond to new, previously untried activityHacker Neutralization Techniques: Hacker Neutralization Techniques Allows for temporary neutralization of values, beliefs, and attitudes so illegal behaviors can be performed. Justification of an act requires the need to assert its positive values Used by different types of deviantsHacker Neutralization Techniques: Hacker Neutralization Techniques Denial of Injury No harm or insignificant harm done to victim No physical information stolen, information in an electronic form Belief that downloading is copying not stealing As long as no one knows their information is being perused, no harm is doneHacker Neutralization Techniques: Hacker Neutralization Techniques Denial of Victim Victim is deserving of punishment Four categories of victims Close enemies who have harmed offender directly People who do not conform to normative social roles Groups with tribal stigmas Remote enemies who hold positions perceived as questionable or corrupt Offender may assume role of “avenger” or “crusader for justice” May justify actions as revengeHacker Neutralization Techniques: Hacker Neutralization Techniques Condemnation of the Condemners Divert attention from offenders actions to the motives and behaviors of those condemning offender’s actions Mistrust of authority Promote decentralization Price charged by software companies too high and unfair Victim failed to protect their computer systemHacker Neutralization Techniques: Hacker Neutralization Techniques Appeal to higher loyalties Offender doesn’t deny damage, act was done to protect higher loyalties Loyalty to group Responsibility to family or spouse Employer (Corporate crimes) Claim actions were done to acquire knowledgeHacker Neutralization Techniques: Hacker Neutralization Techniques Self-fulfillment Illegal activity done for Fun Excitement or thrill Computer virtuosity Offender achieves feelings of superiority & control Voyeurism Demonstration of abilityHacker Neutralization Techniques: Hacker Neutralization Techniques Hackers do not use all neutralization techniques Denial of responsibility Sad story Both external forms of neutralization Only use techniques based on internal neutralization Hackers take pride in what they do Hackers feel in shame or guiltComputer Hackers & Social Organization: Computer Hackers & Social Organization Mutual Association Clear interpersonal relationship No strong or deep interpersonal relationships on or off line Social connections relatively shallow Multiple identities and multiple forum use may limit ability to form interpersonal connections Utilize social networks to exchange knowledge and informationComputer Hackers & Social Organization: Computer Hackers & Social Organization Mutual Participation Groups are stratified rather than centrally controlled Participation in groups did not lead to group attacks Many do not want an group affiliationComputer Hackers & Social Organization: Computer Hackers & Social Organization Division of labor Some specialization in group forums does exist Stratification & division of labor Small group of moderators Larger group of users exchanging knowledge & information Loose set of rules Give respect, get respect No flaming Large population of users enforcing the rulesComputer Hackers & Social Organization: Computer Hackers & Social Organization Extended duration No group with extended history Relationships appear transitory Relationships within forums weak & short-livedIncident Response – a precursor to Techniques of Cyber investigation & forensic tools: Incident Response – a precursor to Techniques of Cyber investigation & forensic tools 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 87 ‘Incident response’ could be defined as a precise set of actions to handle any security incident in a responsible ,meaningful and timely manner. Goals of incident response- To confirm whether an incident has occurred To promote accumulation of accurate information Educate senior management Help in detection/prevention of such incidents in the future, To provide rapid detection and containment Minimize disruption to business and network operations To facilitate for criminal action against perpetratorsSlide 88: Handling of Evidences by Cyber Analysts Four major tasks for working with digital evidence Identify Collect, Observe & Preserve Analyze and Organize Verify Identify: Any digital information or artifacts that can be used as evidence . Collect, observe and preserve the evidence Analyze, identify and organize the evidence . Rebuild the evidence or repeat a situation to verify the same results every time. Checking the hash value . 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 88Techniques of cyber investigation- Cyber forensics: Techniques of cyber investigation- Cyber forensics 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 89 Computer forensics, also called cyber forensics, is the application of computer investigation and analysis techniques to gather evidence suitable for presentation in a court of law. The goal of computer forensics is to perform a structured investigation while maintaining a documented chain of evidence to find out exactly what happened on a computer and who was responsible for it.Computer Forensic Tools: Computer Forensic Tools 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 90 Forensic Tool Kit: FTK is developed by Access Data Corporation (USA); it enables law enforcement and corporate security professionals to perform complete and in-depth computer forensic analysis. Main Window of FTKTYPICAL TOOLS : TYPICAL TOOLS 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 91 EMAIL TRACER TRUEBACK CYBERCHECK MANUALSlide 92: Current and Emerging Cyber Forensic Tools of Law Enforcement 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 92Land Mark Cases: Land Mark Cases 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 93 9/11 Attack on WTC Afzal Guru Parliament attack Case Mumbai Attack on Tajmahal etc. Firos vs. State of Kerala Syyed Asifuddin Case Bazee Case State of Tamilnadu v. Suhas Katti Balasore ATM Fraud, 2010Case Study (contd.): Case Study (contd.) 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 94 The crime was obviously committed using "Unauthorized Access" to the "Electronic Account Space" of the customers. It is therefore firmly within the domain of "Cyber Crimes". ITA-2000 is versatile enough to accommodate the aspects of crime not covered by ITA-2000 but covered by other statutes since any IPC offence committed with the use of "Electronic Documents" can be considered as a crime with the use of a "Written Documents". "Cheating", "Conspiracy", "Breach of Trust" etc are therefore applicable in the above case in addition to section in ITA-2000. Under ITA-2000 the offence is recognized both under Section 66 and Section 43. Accordingly, the persons involved are liable for imprisonment and fine as well as a liability to pay damage to the victims to the maximum extent of Rs 1 crore per victim for which the "Adjudication Process" can be invoked.Case Study (contd.): Case Study (contd.) 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 95 The BPO is liable for lack of security that enabled the commission of the fraud as well as because of the vicarious responsibility for the ex-employee's involvement. The process of getting the PIN number was during the tenure of the persons as "Employees" and hence the organization is responsible for the crime. Some of the persons who have assisted others in the commission of the crime even though they may not be directly involved as beneficiaries will also be liable under Section 43 of ITA-2000. Under Section 79 and Section 85 of ITA-2000, vicarious responsibilities are indicated both for the BPO and the Bank on the grounds of "Lack of Due Diligence". At the same time, if the crime is investigated in India under ITA-2000, then the fact that the Bank was not using digital signatures for authenticating the customer instructions is a matter which would amount to gross negligence on the part of the Bank. (However, in this particular case since the victims appear to be US Citizens and the Bank itself is US based, the crime may come under the jurisdiction of the US courts and not Indian Courts).Baazee case: Baazee case 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 96Baazee case: Baazee case 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 97 Obscene MMS clipping listed for sale on 27 th November, 2004 - “DPS Girl having fun". Some copies sold through Baazee.com Avnish Bajaj (CEO) arrested and his bail application was rejected by the trial court.Points of the prosecution: Points of the prosecution 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 98 The accused did not stop payment through banking channels after learning of the illegal nature of the transaction. The item description "DPS Girl having fun" should have raised an alarm.Points of the defence: Points of the defence 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 99 Section 67 relates to publication of obscene material and not transmission. Remedial steps were taken within 38 hours, since the intervening period was a weekend.Findings of the Court: Findings of the Court 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 100 It has not been established from the evidence that any publication took place by the accused, directly or indirectly. The actual obscene recording/clip could not be viewed on the portal of Baazee.com. The sale consideration was not routed through the accused.Findings of the Court: Findings of the Court 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 101 Prima facie Baazee.com had endeavored to plug the loophole. The accused had actively participated in the investigations. The nature of the alleged offence is such that the evidence has already crystallized and may even be tamper proof.Findings of the Court: Findings of the Court 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 102 Even though the accused is a foreign citizen, he is of Indian origin with family roots in India. The evidence indicates only that the obscene material may have been unwittingly offered for sale on the website. the heinous nature of the alleged crime may be attributable to some other person.Court order: Court order 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 103 The court granted bail to Mr. Bajaj subject to furnishing two sureties of Rs. 1 lakh each. The court ordered Mr. Bajaj to surrender his passport not to leave India without Court permission to participate and assist in the investigation.Case of- BPO Data Theft: Case of- BPO Data Theft 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 104 The recently reported case of a Bank Fraud in Pune in which some ex employees of BPO arm of MPhasis Ltd MsourcE, defrauded US Customers of Citi Bank to the tune of RS 1.5 crores has raised concerns of many kinds including the role of "Data Protection".State v Navjot Sandhu (2005)11 SCC 600: State v Navjot Sandhu (2005)11 SCC 600 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 105 Held, while examining Section 65 B Evidence Act, it may be that certificate containing details of subsection 4 of Section 65 is not filed, but that does not mean that secondary evidence cannot be given. Section 63 & 65 of the Indian Evidence Act enables secondary evidence of contents of a document to be adduced if original is of such a nature as not to be easily movable.State of Tamil Nadu Vs Suhas Katti: State of Tamil Nadu Vs Suhas Katti 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 106 This Case is notable for the fact that the conviction was achieved successfully within a relatively quick time of 7 months from the filing of the FIR . The case related to posting of obscene, defamatory and annoying message about a divorcee woman in the yahoo message group. Additional Chief Metropolitan Magistrate, delivered the judgment on 5-11-04 as follows: “The accused is found guilty of offences under section 469, 509 IPC and 67 of IT Act 2000 and the accused is convicted and is sentenced for the offence to undergo RI for 2 years under 469 IPC and to pay fine of Rs.500/- and for the offence u/s 509 IPC sentenced to undergo 1 year Simple imprisonment and to pay fine of Rs.500/- and for the offence u/s 67 of IT Act 2000 to undergo RI for 2 years and to pay fine of Rs.4000/- All sentences to run concurrently.” This is considered the first case convicted under section 67 of Information Technology Act 2000 in IndiaFiros vs. State of Kerala: Firos vs. State of Kerala 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 107 Govt of Kerala declared the FRIENDS application software as a protected system. The author of the application software challenged the notification and the constitutional validity of section 70. The Court upheld the validity of bothSyed Asifuddin case: Syed Asifuddin case 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 108 Tata Indicom employees were arrested for manipulation of the electronic 32-bit number (ESN) programmed into cell phones that were exclusively franchised to Reliance Infocomm . The court held that such manipulation amounted to tampering with computer source code as envisaged by section 65.Societe Des products Nestle SA case 2006 (33 ) PTC 469 : Societe Des products Nestle SA case 2006 (33 ) PTC 469 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 109 By virtue of provision of Section 65A, the contents of electronic records may be proved in evidence by parties in accordance with provision of 65B. Held- Sub section (1) of section 65B makes admissible as a document, paper print out of electronic records stored in optical or magnetic media produced by a computer subject to fulfillment of conditions specified in subsection 2 of Section 65B . The computer from which the record is generated was regularly used to store or process information in respect of activity regularly carried on by person having lawful control over the period, and relates to the period over which the computer was regularly used. Information was fed in the computer in the ordinary course of the activities of the person having lawful control over the computer. The computer was operating properly, and if not, was not such as to affect the electronic record or its accuracy. Information reproduced is such as is fed into computer in the ordinary course of activity. State v Mohd Afzal , 2 003 (7) AD (Delhi)1Parliament attack case: Parliament attack case 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 110 Several terrorists attacked Parliament House on 13-Dec-01 Digital evidence played an important role during their prosecution. The accused had argued that computers and digital evidence can easily be tampered and hence should not be relied upon.Parliament attack case: Parliament attack case 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 111 A laptop, several smart media storage disks and devices were recovered from a truck intercepted at Srinagar pursuant to information given by two of the suspects. These articles were deposited in the police “ malkhana ” on 16-Dec-01 but some files were written onto the laptop on 21-Dec-01.Parliament attack case: Parliament attack case 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 112 Evidence found on the laptop included: fake identity cards, video files containing clippings of political leaders with Parliament in background shot from TV news channels, scanned images of front and rear of a genuine identity card,Parliament attack case: Parliament attack case 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 113 image file of design of Ministry of Home Affairs car sticker, the game 'wolf pack' with the user name ' Ashiq '. Ashiq was the name in one of the fake identity cards used by the terrorists.The possible reliefs to a cybercrime victim and strategy adoption: The possible reliefs to a cybercrime victim and strategy adoption 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 114Possible reliefs to a cybercrime victim- strategy adoption: Possible reliefs to a cybercrime victim- strategy adoption 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 115 A victim of cybercrime needs to immediately report the matter to his local police station and to the nearest cybercrime cell Depending on the nature of crime there may be civil and criminal remedies. In civil remedies , injunction and restraint orders may be sought, together with damages, delivery up of infringing matter and/or account for profits. In criminal remedies, a cybercrime case will be registered by police if the offence is cognisable and if the same is non cognisable , a complaint should be filed with metropolitan magistrate For certain offences, both civil and criminal remedies may be available to the victimPreparation for prosecution: Preparation for prosecution 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 116 Collect all evidence available & saving snapshots of evidence Seek a cyberlaw expert’s immediate assistance for advice on preparing for prosecution Prepare a background history of facts chronologically as per facts Pen down names and addresses of suspected accused. Form a draft of complaint and remedies a victim seeks Cyberlaw expert & police could assist in gathering further evidence e.g tracing the IP in case of e-mails, search & seizure or arrest as appropriate to the situation A cyber forensic study of the hardware/equipment/ network server related to the cybercrime is generally essential Preparation of chain of events table Probing where evidence could be traced? E-mail inbox/files/folders/ web history. Accused may use erase evidence software/tools Forensically screening the hardware/data/files /print outs / camera/mobile/pen drives of evidentiary value.Future Course of Action : Future Course of Action 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 117 Mumbai Cyber lab is a joint initiative of Mumbai police and NASSCOM –more exchange and coordination of this kind More Public awareness campaigns Training of police officers to effectively combat cyber crimes More Cyber crime police cells set up across the country Effective E-surveillance Websites aid in creating awareness and encouraging reporting of cyber crime cases. Specialised Training of forensic investigators and experts Active coordination between police and other law enforcement agencies and authorities is required . Re-interpretation of criminological theories and development of cyber jurisprudenceDo you have any question?: Do you have any question?Slide 119: Thursday, January 13, 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 119 Thanks You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
Presentation in the 3rd International ISV Conference 6-8 Jan 2011 tabrezahmad Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 153 Category: Science & Tech.. License: All Rights Reserved Like it (0) Dislike it (0) Added: January 13, 2011 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Victims of Cybercrimes ( Presented in the 3rd International ISV Conference 6-8th January 2011 : Dr. Tabrez Ahmad Associate Professor of Law www.site.technolexindia.com technolexindia.blogspot.com Victims of Cybercrimes ( Presented in the 3 rd International ISV Conference 6-8 th January 2011Slide 2: Thursday, January 13, 2011 Agenda: Agenda 13 January 2011 3 Background of Cybercrimes The categories of cybercrimes Combating Cybercrimes Phishing Liability of ISPs and Govt. The prosecution in cybercrimes Admissibility of digital evidence in courts Possible defense by an accused in a computer related crime Criminological theories and cybercrimes Cyberforensics The possible reliefs to a cybercrime victim and strategy adoption 12 . Future course of actionSlide 4: Digital Revolution Internet Infra in INDIA 4 4.8 Mil. High Speed Internet 65 Mil. Internet Users 248 Mil. Mobile Phones 8 Mil. Mobile Phones being added per month Internet BSNL Bharti TATA Communications Reliance ERNET Mail Servers 1Mil. Domains (0.5 Mil. “.in”) DNS 130+ IDCs 134 Major ISPs VOIP, IPTV NIC INDIA Internet Infrastructure:2008.5 Govt. Academia Enterprise Home Tele Density 24 per 1000 person IT / ITES BPO Targetted Broadband connection = 10 Mil. (2010)Background of Cybercrime: Background of Cybercrime 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 5 Real-world & Virtual- world Current approaches evolved to deal with real-world crime Cybercrime occurs in a virtual-world and therefore presents different issuesBackground of Cybercrime Cont…: Background of Cybercrime Cont… 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 6 Real-world theft: Possession of property shifts completely from A to B, i.e., A had it now B has it Theft in Virtual-world (Cyber-theft): Property is copied, so A “has” it and so does BBackground of Cybercrime Cont…: Background of Cybercrime Cont… 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 7 Internet for Security USA ARPANET Internet for Research Internet for e-commerce UNCITRAL Model Law 1996 I.T Act 2000 Internet for e-governance Internet regulation – serious matter after 9/11 attack on World Trade Centre US Patriot Act I.T Amendment Act 2008Categories of Cyber crimes: Categories of Cyber crimes 8 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.comSlide 9: 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 9What is India inc’s biggest threat?: What is India inc’s biggest threat? 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 10 Cyber crime is now a bigger threat to India Inc than physical crime. In a recent survey by IBM, a greater number of companies (44%) listed cyber crime as a bigger threat to their profitability than physical crime (31%). The cost of cyber crime stems primarily from loss of revenue, loss of market capitalisation , damage to the brand, and loss of customers, in that order. About 67% local Chief Information Officers (CIOs) who took part in the survey perceived cyber crime as more costly , compared to the global benchmark of 50%.Combating cyber crimes: Combating cyber crimes Legal framework-laws & enforcement Technological measures- Public key cryptography, Electronic signatures ,Firewalls, honey pots Cyber investigation- Computer forensics is the process of identifying, preserving, analyzing and presenting digital evidence in a manner that is legally acceptable in courts of law. These rules of evidence include admissibility (in courts), authenticity (relation to incident), completeness, reliability and believability. 11 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.comLegal Framework-Laws & Enforcement: Legal Framework-Laws & Enforcement 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 12 Information Technology Act, 2000-came into force on 17 October 2000 Information Technology ( Amendment) Act, 2008-came into force on 27 October 2009 The Information Technology ( Use of Electronic Records and Digital Signatures) Rules, 2004 The Information Technology (Security Procedure) Rules, 2004 The Information Technology ( Procedure and Safeguards for Interception, Monitoring, and Decryption of Information ) Rules, 2009 The Information Technology ( Procedure and Safeguards, for Blocking for Access of Information by Public ), Rules, 2009 The Information Technology ( Proced ure and Safeguards for Monitoring and Collecting Traffic Data or Information ) Rules, 2009.International initiatives: International initiatives 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 13 Representatives from the 26 Council of Europe members, the United States , Canada , Japan and South Africa in 2001 signed a convention on cybercrime in efforts to enhance international cooperation in combating computer-based crimes. The Convention on Cybercrime , drawn up by experts of the Council of Europe, is designed to coordinate these countries' policies and laws on penalties on crimes in cyberspace, define the formula guaranteeing the efficient operation of the criminal and judicial authorities, and establish an efficient mechanism for international cooperation. In 1997, The G-8 Ministers agreed to ten "Principles to Combat High-Tech Crime" and an "Action Plan to Combat High-Tech Crime." Main objectives- Create effective cyber crime laws Handle jurisdiction issues Cooperate in international investigations Develop acceptable practices for search and seizure Establish effective public/private sector interactionCombating Cyber crime-Indian legal framework: Combating Cyber crime-Indian legal framework 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 14 Information Technology Act, 2000-came into force on 17 October 2000 Extends to whole of India and also applies to any offence or contravention there under committed outside India by any person {section 1 (2)} read with Section 75- Act applies to offence or contravention committed outside India by any person irrespective of his nationality, if such act involves a computer, computer system or network located in India Section 2 (1) (a) –”Access” means gaining entry into ,instructing or communicating with the logical, arithmetic or memory function resources of a computer, computer resource or network IT Act confers legal recognition to electronic records and digital signatures (section 4,5 of the IT Act,2000)Cyber contravention: Cyber contravention 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 15 The IT Act prescribes provisions for contraventions in Ch IX of the Act, particularly Sec. 43 of the Act, which covers unauthorised access, downloading, introduction of virus, denial of access and Internet time theft committed by any person. It prescribes punishment by way of damages not exceeding Rs 1 crore to the affected party.Section 46 IT Act: Section 46 IT Act 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 16 Section 46 of the IT Act states that an adjudicating officer shall be adjudging whether a person has committed a contravention of any of the provisions of the said Act, by holding an inquiry. Principles of audi alterum partum and natural justice are enshrined in the said section which stipulates that a reasonable opportunity of making a representation shall be granted to the concerned person who is alleged to have violated the provisions of the IT Act. The said Act stipulates that the inquiry will be carried out in the manner as prescribed by the Central Government All proceedings before him are deemed to be judicial proceedings, every Adjudicating Officer has all powers conferred on civil courts Appeal to cyber Appellate Tribunal- from decision of Controller, Adjudicating Officer {section 57 IT act}Section 47, IT Act: Section 47, IT Act 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 17 Section 47 of the Act lays down that while adjudging the quantum of compensation under this Act, the adjudicating officer shall have due regard to the following factors, namely- (a) the amount of gain of unfair advantage, wherever quantifiable, made as a result of the default; (b) the amount of loss caused to any person as a result of the default; (c) the repetitive nature of the defaultSlide 18: 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 18 Chapter XI of the IT Act 2000 discusses the cyber crimes and offences inter alia, tampering with computer source documents (s 65), hacking (s 66), publishing of obscene information (s 67), unauthorised access to protected system (s 70), breach of confidentiality (s 72), publishing false digital signature certificate (s 73).Slide 19: 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 19 Whereas cyber contraventions are ‘ civil wrongs ’ for which compensation is payable by the defaulting party, ‘ cyber offences ’ constitute cyber frauds and crimes which are criminal wrongs for which punishment of imprisonment and/or fine is prescribed by the Information Technology Act 2000.Section 65: Source Code: Section 65: Source Code 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 20 Most important asset of software companies “Computer Source Code" means the listing of programmes, computer commands, design and layout Ingredients Knowledge or intention Concealment, destruction, alteration computer source code required to be kept or maintained by law Punishment imprisonment up to three years and / or fine up to Rs. 2 lakhHacking: Hacking 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 21 Section 66 of the IT Act 2000 deals with the offence of computer hacking. In simple words, hacking is accessing of a computer system without the express or implied permission of the owner of that computer system. Examples of hacking may include unauthorised input or alteration of input, destruction or misappropriation of output, misuse of programs or alteration of computer data. Punishment for hacking is imprisonment upto 3years or fine which may extend to 2 lakh rupees or bothPublishing obscene information: Publishing obscene information 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 22 Section 67 of the IT Act lays down punishment for the offence of publishing of obscene information in electronic form Recently, the Supreme Court in Ajay Goswami v Union of India considered the issue of obscenity on Internet and held that restriction on freedom of speech on ground of curtailing obscenity amounts to reasonable restriction under art 19(2) of the Constitution. The court observed that the test of community mores and standards has become obsolete in the Internet age. punishment on first conviction with imprisonment for a term which may extend to 5 years and with fine which may extend to 1 lakh rupees. In the event of second conviction or subsequent conviction imprisonment of description for a term which may extend to 10 years and fine which may extend to2 lakh rupees.Slide 23: Phishing Phishing is a type of deception designed to steal your valuable personal data, such as credit card numbers, passwords, account data, or other information. Con artists might send millions of fraudulent e-mail messages that appear to come from Web sites you trust, like your bank or credit card company, and request that you provide personal information .Slide 24: Phreaking + Fishing = Phishing - Phreaking = making phone calls for free back in 70’s - Fishing = Use bait to lure the target Phishing in 1995 Target: AOL users Purpose: getting account passwords for free time Threat level: low Techniques: Similar names ( www.ao1.com for www.aol.com ), social engineering Phishing in 2001 Target: Ebayers and major banks Purpose: getting credit card numbers, accounts Threat level: medium Techniques: Same in 1995, keylogger Phishing in 2007 Target: Paypal, banks, ebay Purpose: bank accounts Threat level: high Techniques: browser vulnerabilities, link obfuscation History of PhishingSlide 25: Over 28,000 unique phishing attacks reported in Dec. 2006, about double the number from 2005, Now so many millions in 2010. Estimates suggest phishing affected 2 million US citizens and cost businesses billions of dollars in 2010 Additional losses due to consumer fears Phishing: A Growing ProblemSlide 26: Phishing Scams As scam artists become more sophisticated, so do their phishing e-mail messages and pop-up windows. They often include official-looking logos from real organizations and other identifying information taken directly from legitimate Web sites . Socially aware attacks Mine social relationships from public data Phishing email appears to arrive from someone known to the victim Use spoofed identity of trusted organization to gain trust Urge victims to update or validate their account Threaten to terminate the account if the victims not reply Use gift or bonus as a bait Security promises Context-aware attacks “Your bid on eBay has won!” “The books on your Amazon wish list are on sale!”Slide 27: Another Example :Slide 28: But wait… WHOIS 210.104.211.21: Location: Korea, Republic Of Even bigger problem: I don’t have an account with US Bank! Images from Anti-Phishing Working Group’s Phishing ArchiveSlide 29: Here are a few phrases to look for if you think an e-mail message is a phishing scam. "Verify your account." Businesses should not ask you to send passwords, login names, Social Security numbers, or other personal information through e-mail. If you receive an e-mail from anyone asking you to update your credit card information, do not respond: this is a phishing scam. "If you don't respond within 48 hours, your account will be closed." These messages convey a sense of urgency so that you'll respond immediately without thinking. Phishing e-mail might even claim that your response is required because your account might have been compromised. Fraudulent E-mail MessagesSlide 30: Fraudulent E-mail Messages (cont’d) "Dear Valued Customer." Phishing e-mail messages are usually sent out in bulk and often do not contain your first or last name. "Click the link below to gain access to your account." HTML-formatted messages can contain links or forms that you can fill out just as you'd fill out a form on a Web site. The links that you are urged to click may contain all or part of a real company's name and are usually "masked," meaning that the link you see does not take you to that address but somewhere different, usually a phony Web site. Notice in the following example that resting the mouse pointer on the link reveals the real Web address, as shown in the box with the yellow background. The string of cryptic numbers looks nothing like the company's Web address, which is a suspicious sign.Slide 31: Con artists also use Uniform Resource Locators ( URLs ) that resemble the name of a well-known company but are slightly altered by adding, omitting, or transposing letters. For example, the URL "www.microsoft.com" could appear instead as: www.mi c osoft.com www.mi rc osoft.com www. verify -microsoft.com Fraudulent E-mail Messages (cont’d)Slide 32: Never respond to an email asking for personal information Always check the site to see if it is secure. Call the phone number if necessary Never click on the link on the email. Retype the address in a new window Keep your browser updated Keep antivirus definitions updated Use a firewall Fraudulent E-mail Messages (cont’d)Slide 33: Phishing Filter (http://www.microsoft.com/athome/security/online/phishing_filter.mspx) helps protect you from Web fraud and the risks of personal data theft by warning or blocking you from reported phishing Web sites. Install up-to-date antivirus and antispyware software . Some phishing e-mail contains malicious or unwanted software (like keyloggers ) that can track your activities or simply slow your computer. Numerous antivirus programs exist as well as comprehensive computer maintenance services like Norton Utilities . To help prevent spyware or other unwanted software, download Windows Defender. Install the Microsoft Phishing Filter Using Internet Explorer 7 or Windows Live ToolbarThe Information Technology (Amendment) Act, 2008 has come into force on 27th October, 2009. : The Information Technology (Amendment) Act, 2008 has come into force on 27th October, 2009. 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 34 Almost Nine years and 10 days after the birth of cyber laws in India, the new improved cyber law regime in India has become a reality. There are around 17 changes and out of that most of the changes relate to cyber crimes.Some of the major modifications are: : Some of the major modifications are: 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 35 1. A special liability has been imposed on call centers, BPOs, banks and others who hold or handle sensitive personal data . If they are negligent in "implementing and maintaining reasonable security practices and procedures", they will be liable to pay compensation. It may be recalled that India's first major BPO related scam was the multi crore MphasiS -Citibank funds siphoning case in 2005. Under the new law, in such cases, the BPOs and call centers could also be made liable if they have not implemented proper security measures. 2. Compensation on cyber crimes like spreading viruses, copying data, unauthorised access, denial of service etc is not restricted to Rs 1 crore anymore. The Adjudicating Officers will have jurisdiction for cases where the claim is upto Rs. 5 crore . Above that the case will need to be filed before the civil courts.Slide 36: 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 36 3.The offence of cyber terrorism has been specially included in the law. A cyber terrorist can be punished with life imprisonment. 4. Sending threatening emails and sms are punishable with jail upto 3 years. 5. Publishing sexually explicit acts in the electronic form is punishable with jail upto 3 years. This would apply to cases like the Delhi MMS scandal where a video of a young couple having sex was spread through cell phones around the country.Slide 37: 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 37 6.Voyeurism is now specifically covered. Acts like hiding cameras in changing rooms, hotel rooms etc is punishable with jail upto 3 years. This would apply to cases like the infamous Pune spycam incident where a 58-year old man was arrested for installing spy cameras in his house to 'snoop' on his young lady tenants. 7. Cyber crime cases can now be investigated by Inspector rank police officers. Earlier such offences could not be investigated by an officer below the rank of a deputy superintendent of police. 8. Collecting, browsing, downloading etc of child pornography is punishable with jail upto 5 years for the first conviction. For a subsequent conviction, the jail term can extend to 7 years. A fine of upto Rs 10 lakh can also be levied.Slide 38: 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 38 9. The punishment for spreading obscene material by email, websites, sms has been reduced from 5 years jail to 3 years jail. This covers acts like sending 'dirty' jokes and pictures by email or sms . 10. Refusing to hand over passwords to an authorized official could land a person in prison for upto 7 years. 11. Hacking into a Government computer or website , or even trying to do so in punishable with imprisonment upto 10 years. 12. Rules pertaining to section 52 (Salary, Allowances and Other Terms and Conditions of Service of Chairperson and Members),Slide 39: 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 39 13. Rules pertaining to section 69 (Procedure and Safeguards for Interception, Monitoring and Decryption of Information), 14. Rules pertaining to section 69A (Procedure and Safeguards for Blocking for Access of Information by Public), 15. Rules pertaining to section 69B (Procedure and safeguard for Monitoring and Collecting Traffic Data or Information) and 16. Notification under section 70B for appointment of the Indian Computer Emergency Response Team. 17. Rules Rules pertaining to section 54 (Procedure for Investigation of Misbehaviour or Incapacity of Chairperson and Members),Slide 40: Arms Act Online sale of Arms Sec. 383 IPC Web - Jacking NDPS Act Online sale of Drugs Sec 416, 417, 463 IPC Email spoofing Sec 420 IPC Bogus websites, cyber frauds Sec 463, 470, 471 IPC Forgery of electronic records Sec 499, 500 IPC Sending defamatory messages by email Sec 503 IPC Sending threatening messages by email Computer Related Crimes under IPC and Special Laws 40Special and General statutes applicable to cybercrimes: Special and General statutes applicable to cybercrimes 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 41 While the IT Act 2000, provides for the specific offences it has to be read with the Indian Penal Code 1860 (IPC) and the Code of Criminal Procedure 1973 (Cr PC) IT Act is a special law, most IT experts are of common consensus that it does not cover or deal specifically with every kind of cyber crime for instance, for defamatory emails reliance is placed on Sec. 500 of IPC, for threatening e-mails , provisions of IPC applicable thereto are criminal intimidation ( ch XXII), extortion ( ch XVII ), for e-mail spoofing , provisions of IPC relating to frauds, cheating by personation ( ch XVII) and forgery ( ch XVIII) are attracted.Slide 42: 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 42 Likewise, criminal breach of trust and fraud (SS 405, 406, 408, 409) of the IPC are applicable and for false electronic evidence , Sec. 193 of IPC applies. For cognisability and bailability , reliance is placed on Code of Criminal Procedure which also lays down the specific provisions relating to powers of police to investigate. Liability of ISPs and Govt.: Liability of ISPs and Govt. 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 43 GOVERNMENT –NSP?? Governments Providing Services On The Network Governments Are Intermediaries. Sec 79 IT Act. Under The It Act, 2000, All Governments, Central And State, All Governmental Bodies Are “Network Service Providers”Liability of ISPs and Govt.: Liability of ISPs and Govt. 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 44 Section 79 of I T Act 200 For the removal of doubts, it is hereby declared that no person providing any service as a network service provider shall be liable under this Act, rules or regulations made there under for any third party information or data made available by him if he proves that the offence or contravention was committed without his knowledge or that he had exercised all due diligence to prevent the commission of such offence or contravention.Liability of ISPs and Govt. (Contd.): Liability of ISPs and Govt. (Contd.) 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 45 Network Service Providers: When Not Liable Explanation .— For the purposes of this section, — (a) "network service provider" means an intermediary; (b) "third party information" means any information dealt with by a network service provider in his capacity as an intermediary.Liability of ISPs and Govt.: Liability of ISPs and Govt. 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 46 TRANSPARENCY Need For Transparent E-governance Right To Information Act Government Would Now Not Be Able To Hide Records Concerning E-governanceGovernment Initiative: Government Initiative 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 47 The Cyber Crime Investigation cell (CCIC) of the CBI, notified in September 1999, started functioning from 3 March 2000. It is located in New Delhi, Mumbai, Chennai and Bangalore. Jurisdiction of the cell is all over India. Any incident of the cyber crime can be reported to a police station, irrespective of whether it maintains a separate cell or not.The Indian Computer Emergency Response Team (CERT-In): The Indian Computer Emergency Response Team (CERT-In) 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 48 IT Amendment ACT 2008 . “70A. ( 1) The Indian Computer Emergency Response Team (CERT-In) shall serve as the national nodal agency in respect of Critical Information Infrastructure for coordinating all actions relating to information security practices, procedures, guidelines, incident prevention, response and report. ( 2) For the purposes of sub-section (1), the Director of the Indian Computer Emergency Response Team may call for information pertaining to cyber security from the service providers, intermediaries or any other person.Amendments- Indian Evidence Act 1872: Amendments- Indian Evidence Act 1872 Section 3 of the Evidence Act amended to take care of admissibility of ER as evidence along with the paper based records as part of the documents which can be produced before the court for inspection. Section 4 of IT Act confers legal recognition to electronic records 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 49AUTHENTICATION OF ELECTRONIC RECORDS: AUTHENTICATION OF ELECTRONIC RECORDS 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 50 Any subscriber may authenticate an electronic record Authentication by affixing his digital signature. Any person by the use of a public key of the subscriber can verify the electronic recordLEGALITY OF ELECTRONIC SIGNATURES: LEGALITY OF ELECTRONIC SIGNATURES 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 51 Legal recognition of digital signatures. Certifying Authorities for Digital Signatures. Scheme for Regulation of Certifying Authorities for Digital Signatures CONTROLLER OF CERTIFYING AUTHORITIES: CONTROLLER OF CERTIFYING AUTHORITIES 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 52 Shall exercise supervision over the activities of Certifying Authorities Lay down standards and conditions governing Certifying Authorities Specify various forms and content of Digital Signature CertificatesDIGITAL SIGNATURES & ELECTRONIC RECORDS: DIGITAL SIGNATURES & ELECTRONIC RECORDS 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 53 Use of Electronic Records and Electronic Signatures in Government Agencies. Publications of rules and regulations in the Electronic Gazette. MCA –21 Project- Usage of Digital SignaturesPresumptions in law- Section 85 B Indian Evidence Act: Presumptions in law- Section 85 B Indian Evidence Act 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 54 The law also presumes that in any proceedings, involving secure digital signature , the court shall presume, unless the contrary is proved, that the secure digital signature is affixed by the subscriber with the intention of signing or approving the electronic record In any proceedings involving a secure electronic record, the court shall presume, unless contrary is proved, that the secure electronic record has not been altered since the specific point of time, to which the secure status relatesPresumption as to electronic messages- Section 88A of Evidence Act: Presumption as to electronic messages- Section 88A of Evidence Act 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 55 The court may treat electronic messages received as if they were sent by the originator, with the exception that a presumption is not to be made as to the person by whom such message was sent. It must be proved that the message has been forwarded from the electronic mail server to the person ( addressee ) to whom such message purports to have been addressed An electronic message is primary evidence of the fact that the same was delivered to the addressee on date and time indicated.IT Amendment Act 2008-Section 79A: IT Amendment Act 2008-Section 79A 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 56 Section 79A empowers the Central govt to appoint any department, body or agency as examiner of electronic evidence for proving expert opinion on electronic form evidence before any court or authority. Till now, government forensic lab of hyderabad was considered of evidentiary value in courts- CFSIL Statutory status to an agency as per Section 79A will be of vital importance in criminal prosecution of cybercrime cases in IndiaSec. 69, 69 A, 69 B Decryption of information: Sec. 69, 69 A, 69 B Decryption of information 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 57 Ingredients Controller issues order to Government agency to intercept any information transmitted through any computer resource. Order is issued in the interest of the sovereignty or integrity of India, the security of the State, friendly relations with foreign States, public order or preventing incitement for commission of a cognizable offence Person in charge of the computer resource fails to extend all facilities and technical assistance to decrypt the information-punishment upto 7 years.Sec 70 Protected System: Sec 70 Protected System 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 58 Ingredients Securing unauthorised access or attempting to secure unauthorised access to ‘protected system’ Acts covered by this section: Switching computer on / off Using installed software / hardware Installing software / hardware Port scanning Punishment Imprisonment up to 10 years and fine Cognizable, Non-Bailable, Court of SessionsCriminological Theories & Cyber Crime: Criminological Theories & Cyber Crime Space Transition Theory Routine Activity Theory Displacement Theory Opportunity TheorySpace Transition Theory: Space Transition Theory Persons with repressed criminal behavior (in the physical space) have a propensity to commit crime in cyberspace, which otherwise they would not commit in physical space, due to their status and position. Concern for status in physical space does not transition to cyber space. Behavior repressed in physical space are not in cyber space.Space Transition Theory: Space Transition Theory 2) Identity flexibility, dissociative anonymity, and lack of deterrence factor in the cyberspace provides the offenders the choice to commit cyber crime. Disinhibiting effect allows individuals : Open honesty about personal issues To act out on unpleasant needs Deinidividualization - inner restraints are lost when individuals not seen as individuals Leads to behavior that is Less altruistic More selfish More aggressiveSpace Transition Theory: Space Transition Theory 2) Identity flexibility, dissociative anonymity, and lack of deterrence factor in the cyberspace provides the offenders the choice to commit cyber crime. Deterrence factor changes Attacks can be made from a remote location Crime reslts not immediately apparentSpace Transition Theory: Space Transition Theory 3) Criminal behavior of offenders in cyberspace is likely to be imported to physical space which, in physical space maybe exported to cyberspace as well. Cyber crime has moved from the single individual acting for fame to professional criminals Huge financial gain with little risk Growth of e-commerce attracts criminals to the netSpace Transition Theory: Space Transition Theory 4) Intermittent venture of offenders in to the cyberspace and the dynamic spatiotemporal nature of cyberspace provide the chance to escape Cyber space is transient Cyber space is dynamic Cyber crimes have do not have spatial - temporal restrictions of traditional crimesSpace Transition Theory: Space Transition Theory 5) (a)Strangers are likely too unite together in cyberspace to commit crime in the physical space; (b) Associates of physical space are likely to unite to commit crime in cyberspace. Cyberspace allows for recruitment and dissemination Cyberspace is: Unmoderated Easy to access Cyberspace can pose an insider threat Spy / mole Disgruntled employeeSpace Transition Theory: Space Transition Theory 6) Persons from closed society are more likely to commit crimes in cyberspace than persons from open society. Open society allows individuals to voice opinions & vent feelings. Cyberspace allows individuals from closed societies to express anger & frustrations through hate messages, web page vandalism, up to cyber terrorism attacksSpace Transition Theory: Space Transition Theory 7) The conflict of norms and values of physical space with the norms and values of cyberspace may lead to cyber crimes. Cyberspace is international Societal differences between individuals may lead to cyber crime Conflicts between nations carry over into cyberspaceRoutine Activity Theory: Routine Activity Theory Routine activities in conventional societies provide opportunities for perpetrator to commit crime Three things must be present for crime to occur: Suitable target is available Motivated offender is present Lack of a suitable guardian to prevent crime from occurring Assessment of situation determines whether or not a crime takes place.Routine Activity Theory: Routine Activity Theory A suitable target can be: A person An object A place Target comes to the attention of a person searching for a criminal opportunity Targets behavior may place target in contact with perpetrator No significant deterring mechanism is presentRoutine Activity Theory: Routine Activity Theory Motivated Perpetrator Predatory crime is a method for the perpetrator to secure basic needs of desires Actions of perpetrator are intentional and illegalRoutine Activity Theory: Routine Activity Theory A capable guardian Police patrol, Security guards Neighbors, neighborhood watch, dogs Locks, fences, CCTV systems Passwords, tokens, biometric measures Guardians can be formal or informal Guardians can be human or machine Guardians MUST be capable of acting as a deterrentOpportunity Theory: Opportunity Theory Opportunity to commit a crime is a root cause of crime No crime can occur without the physical opportunity Opportunity plays a role in all crimes, not just those involving physical property Reducing opportunity reduces crimeDisplacement Theory: Displacement Theory Reductions in opportunity will not reduce crime because crime will be displaced to another location Opportunity is so compelling that removing perpetrators will not reduce crime because other perpetrators will step in Research on displacement theory has shown crime is not always displacedRoutine Activity Theory & the Internet: Routine Activity Theory & the Internet Opportunity to commit crime is multiplied Target and perpetrator are much more likely to come in contact with each other Victim has to keep returning to scene of the crime Deterrence comes shifting either events or circumstances Neither are easily alteredRoutine Activity Theory & the Internet: Routine Activity Theory & the Internet Cybercrime has more to do with the effectiveness of indirect guardianship Internet is open & unmoderated Mechanisms of the Internet designed to transfer data, not to examine the data Internet guardianships are all mechanical Reactive, respond to some action - IDS Cannot respond to new, previously untried activityHacker Neutralization Techniques: Hacker Neutralization Techniques Allows for temporary neutralization of values, beliefs, and attitudes so illegal behaviors can be performed. Justification of an act requires the need to assert its positive values Used by different types of deviantsHacker Neutralization Techniques: Hacker Neutralization Techniques Denial of Injury No harm or insignificant harm done to victim No physical information stolen, information in an electronic form Belief that downloading is copying not stealing As long as no one knows their information is being perused, no harm is doneHacker Neutralization Techniques: Hacker Neutralization Techniques Denial of Victim Victim is deserving of punishment Four categories of victims Close enemies who have harmed offender directly People who do not conform to normative social roles Groups with tribal stigmas Remote enemies who hold positions perceived as questionable or corrupt Offender may assume role of “avenger” or “crusader for justice” May justify actions as revengeHacker Neutralization Techniques: Hacker Neutralization Techniques Condemnation of the Condemners Divert attention from offenders actions to the motives and behaviors of those condemning offender’s actions Mistrust of authority Promote decentralization Price charged by software companies too high and unfair Victim failed to protect their computer systemHacker Neutralization Techniques: Hacker Neutralization Techniques Appeal to higher loyalties Offender doesn’t deny damage, act was done to protect higher loyalties Loyalty to group Responsibility to family or spouse Employer (Corporate crimes) Claim actions were done to acquire knowledgeHacker Neutralization Techniques: Hacker Neutralization Techniques Self-fulfillment Illegal activity done for Fun Excitement or thrill Computer virtuosity Offender achieves feelings of superiority & control Voyeurism Demonstration of abilityHacker Neutralization Techniques: Hacker Neutralization Techniques Hackers do not use all neutralization techniques Denial of responsibility Sad story Both external forms of neutralization Only use techniques based on internal neutralization Hackers take pride in what they do Hackers feel in shame or guiltComputer Hackers & Social Organization: Computer Hackers & Social Organization Mutual Association Clear interpersonal relationship No strong or deep interpersonal relationships on or off line Social connections relatively shallow Multiple identities and multiple forum use may limit ability to form interpersonal connections Utilize social networks to exchange knowledge and informationComputer Hackers & Social Organization: Computer Hackers & Social Organization Mutual Participation Groups are stratified rather than centrally controlled Participation in groups did not lead to group attacks Many do not want an group affiliationComputer Hackers & Social Organization: Computer Hackers & Social Organization Division of labor Some specialization in group forums does exist Stratification & division of labor Small group of moderators Larger group of users exchanging knowledge & information Loose set of rules Give respect, get respect No flaming Large population of users enforcing the rulesComputer Hackers & Social Organization: Computer Hackers & Social Organization Extended duration No group with extended history Relationships appear transitory Relationships within forums weak & short-livedIncident Response – a precursor to Techniques of Cyber investigation & forensic tools: Incident Response – a precursor to Techniques of Cyber investigation & forensic tools 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 87 ‘Incident response’ could be defined as a precise set of actions to handle any security incident in a responsible ,meaningful and timely manner. Goals of incident response- To confirm whether an incident has occurred To promote accumulation of accurate information Educate senior management Help in detection/prevention of such incidents in the future, To provide rapid detection and containment Minimize disruption to business and network operations To facilitate for criminal action against perpetratorsSlide 88: Handling of Evidences by Cyber Analysts Four major tasks for working with digital evidence Identify Collect, Observe & Preserve Analyze and Organize Verify Identify: Any digital information or artifacts that can be used as evidence . Collect, observe and preserve the evidence Analyze, identify and organize the evidence . Rebuild the evidence or repeat a situation to verify the same results every time. Checking the hash value . 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 88Techniques of cyber investigation- Cyber forensics: Techniques of cyber investigation- Cyber forensics 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 89 Computer forensics, also called cyber forensics, is the application of computer investigation and analysis techniques to gather evidence suitable for presentation in a court of law. The goal of computer forensics is to perform a structured investigation while maintaining a documented chain of evidence to find out exactly what happened on a computer and who was responsible for it.Computer Forensic Tools: Computer Forensic Tools 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 90 Forensic Tool Kit: FTK is developed by Access Data Corporation (USA); it enables law enforcement and corporate security professionals to perform complete and in-depth computer forensic analysis. Main Window of FTKTYPICAL TOOLS : TYPICAL TOOLS 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 91 EMAIL TRACER TRUEBACK CYBERCHECK MANUALSlide 92: Current and Emerging Cyber Forensic Tools of Law Enforcement 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 92Land Mark Cases: Land Mark Cases 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 93 9/11 Attack on WTC Afzal Guru Parliament attack Case Mumbai Attack on Tajmahal etc. Firos vs. State of Kerala Syyed Asifuddin Case Bazee Case State of Tamilnadu v. Suhas Katti Balasore ATM Fraud, 2010Case Study (contd.): Case Study (contd.) 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 94 The crime was obviously committed using "Unauthorized Access" to the "Electronic Account Space" of the customers. It is therefore firmly within the domain of "Cyber Crimes". ITA-2000 is versatile enough to accommodate the aspects of crime not covered by ITA-2000 but covered by other statutes since any IPC offence committed with the use of "Electronic Documents" can be considered as a crime with the use of a "Written Documents". "Cheating", "Conspiracy", "Breach of Trust" etc are therefore applicable in the above case in addition to section in ITA-2000. Under ITA-2000 the offence is recognized both under Section 66 and Section 43. Accordingly, the persons involved are liable for imprisonment and fine as well as a liability to pay damage to the victims to the maximum extent of Rs 1 crore per victim for which the "Adjudication Process" can be invoked.Case Study (contd.): Case Study (contd.) 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 95 The BPO is liable for lack of security that enabled the commission of the fraud as well as because of the vicarious responsibility for the ex-employee's involvement. The process of getting the PIN number was during the tenure of the persons as "Employees" and hence the organization is responsible for the crime. Some of the persons who have assisted others in the commission of the crime even though they may not be directly involved as beneficiaries will also be liable under Section 43 of ITA-2000. Under Section 79 and Section 85 of ITA-2000, vicarious responsibilities are indicated both for the BPO and the Bank on the grounds of "Lack of Due Diligence". At the same time, if the crime is investigated in India under ITA-2000, then the fact that the Bank was not using digital signatures for authenticating the customer instructions is a matter which would amount to gross negligence on the part of the Bank. (However, in this particular case since the victims appear to be US Citizens and the Bank itself is US based, the crime may come under the jurisdiction of the US courts and not Indian Courts).Baazee case: Baazee case 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 96Baazee case: Baazee case 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 97 Obscene MMS clipping listed for sale on 27 th November, 2004 - “DPS Girl having fun". Some copies sold through Baazee.com Avnish Bajaj (CEO) arrested and his bail application was rejected by the trial court.Points of the prosecution: Points of the prosecution 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 98 The accused did not stop payment through banking channels after learning of the illegal nature of the transaction. The item description "DPS Girl having fun" should have raised an alarm.Points of the defence: Points of the defence 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 99 Section 67 relates to publication of obscene material and not transmission. Remedial steps were taken within 38 hours, since the intervening period was a weekend.Findings of the Court: Findings of the Court 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 100 It has not been established from the evidence that any publication took place by the accused, directly or indirectly. The actual obscene recording/clip could not be viewed on the portal of Baazee.com. The sale consideration was not routed through the accused.Findings of the Court: Findings of the Court 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 101 Prima facie Baazee.com had endeavored to plug the loophole. The accused had actively participated in the investigations. The nature of the alleged offence is such that the evidence has already crystallized and may even be tamper proof.Findings of the Court: Findings of the Court 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 102 Even though the accused is a foreign citizen, he is of Indian origin with family roots in India. The evidence indicates only that the obscene material may have been unwittingly offered for sale on the website. the heinous nature of the alleged crime may be attributable to some other person.Court order: Court order 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 103 The court granted bail to Mr. Bajaj subject to furnishing two sureties of Rs. 1 lakh each. The court ordered Mr. Bajaj to surrender his passport not to leave India without Court permission to participate and assist in the investigation.Case of- BPO Data Theft: Case of- BPO Data Theft 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 104 The recently reported case of a Bank Fraud in Pune in which some ex employees of BPO arm of MPhasis Ltd MsourcE, defrauded US Customers of Citi Bank to the tune of RS 1.5 crores has raised concerns of many kinds including the role of "Data Protection".State v Navjot Sandhu (2005)11 SCC 600: State v Navjot Sandhu (2005)11 SCC 600 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 105 Held, while examining Section 65 B Evidence Act, it may be that certificate containing details of subsection 4 of Section 65 is not filed, but that does not mean that secondary evidence cannot be given. Section 63 & 65 of the Indian Evidence Act enables secondary evidence of contents of a document to be adduced if original is of such a nature as not to be easily movable.State of Tamil Nadu Vs Suhas Katti: State of Tamil Nadu Vs Suhas Katti 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 106 This Case is notable for the fact that the conviction was achieved successfully within a relatively quick time of 7 months from the filing of the FIR . The case related to posting of obscene, defamatory and annoying message about a divorcee woman in the yahoo message group. Additional Chief Metropolitan Magistrate, delivered the judgment on 5-11-04 as follows: “The accused is found guilty of offences under section 469, 509 IPC and 67 of IT Act 2000 and the accused is convicted and is sentenced for the offence to undergo RI for 2 years under 469 IPC and to pay fine of Rs.500/- and for the offence u/s 509 IPC sentenced to undergo 1 year Simple imprisonment and to pay fine of Rs.500/- and for the offence u/s 67 of IT Act 2000 to undergo RI for 2 years and to pay fine of Rs.4000/- All sentences to run concurrently.” This is considered the first case convicted under section 67 of Information Technology Act 2000 in IndiaFiros vs. State of Kerala: Firos vs. State of Kerala 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 107 Govt of Kerala declared the FRIENDS application software as a protected system. The author of the application software challenged the notification and the constitutional validity of section 70. The Court upheld the validity of bothSyed Asifuddin case: Syed Asifuddin case 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 108 Tata Indicom employees were arrested for manipulation of the electronic 32-bit number (ESN) programmed into cell phones that were exclusively franchised to Reliance Infocomm . The court held that such manipulation amounted to tampering with computer source code as envisaged by section 65.Societe Des products Nestle SA case 2006 (33 ) PTC 469 : Societe Des products Nestle SA case 2006 (33 ) PTC 469 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 109 By virtue of provision of Section 65A, the contents of electronic records may be proved in evidence by parties in accordance with provision of 65B. Held- Sub section (1) of section 65B makes admissible as a document, paper print out of electronic records stored in optical or magnetic media produced by a computer subject to fulfillment of conditions specified in subsection 2 of Section 65B . The computer from which the record is generated was regularly used to store or process information in respect of activity regularly carried on by person having lawful control over the period, and relates to the period over which the computer was regularly used. Information was fed in the computer in the ordinary course of the activities of the person having lawful control over the computer. The computer was operating properly, and if not, was not such as to affect the electronic record or its accuracy. Information reproduced is such as is fed into computer in the ordinary course of activity. State v Mohd Afzal , 2 003 (7) AD (Delhi)1Parliament attack case: Parliament attack case 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 110 Several terrorists attacked Parliament House on 13-Dec-01 Digital evidence played an important role during their prosecution. The accused had argued that computers and digital evidence can easily be tampered and hence should not be relied upon.Parliament attack case: Parliament attack case 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 111 A laptop, several smart media storage disks and devices were recovered from a truck intercepted at Srinagar pursuant to information given by two of the suspects. These articles were deposited in the police “ malkhana ” on 16-Dec-01 but some files were written onto the laptop on 21-Dec-01.Parliament attack case: Parliament attack case 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 112 Evidence found on the laptop included: fake identity cards, video files containing clippings of political leaders with Parliament in background shot from TV news channels, scanned images of front and rear of a genuine identity card,Parliament attack case: Parliament attack case 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 113 image file of design of Ministry of Home Affairs car sticker, the game 'wolf pack' with the user name ' Ashiq '. Ashiq was the name in one of the fake identity cards used by the terrorists.The possible reliefs to a cybercrime victim and strategy adoption: The possible reliefs to a cybercrime victim and strategy adoption 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 114Possible reliefs to a cybercrime victim- strategy adoption: Possible reliefs to a cybercrime victim- strategy adoption 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 115 A victim of cybercrime needs to immediately report the matter to his local police station and to the nearest cybercrime cell Depending on the nature of crime there may be civil and criminal remedies. In civil remedies , injunction and restraint orders may be sought, together with damages, delivery up of infringing matter and/or account for profits. In criminal remedies, a cybercrime case will be registered by police if the offence is cognisable and if the same is non cognisable , a complaint should be filed with metropolitan magistrate For certain offences, both civil and criminal remedies may be available to the victimPreparation for prosecution: Preparation for prosecution 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 116 Collect all evidence available & saving snapshots of evidence Seek a cyberlaw expert’s immediate assistance for advice on preparing for prosecution Prepare a background history of facts chronologically as per facts Pen down names and addresses of suspected accused. Form a draft of complaint and remedies a victim seeks Cyberlaw expert & police could assist in gathering further evidence e.g tracing the IP in case of e-mails, search & seizure or arrest as appropriate to the situation A cyber forensic study of the hardware/equipment/ network server related to the cybercrime is generally essential Preparation of chain of events table Probing where evidence could be traced? E-mail inbox/files/folders/ web history. Accused may use erase evidence software/tools Forensically screening the hardware/data/files /print outs / camera/mobile/pen drives of evidentiary value.Future Course of Action : Future Course of Action 13 January 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 117 Mumbai Cyber lab is a joint initiative of Mumbai police and NASSCOM –more exchange and coordination of this kind More Public awareness campaigns Training of police officers to effectively combat cyber crimes More Cyber crime police cells set up across the country Effective E-surveillance Websites aid in creating awareness and encouraging reporting of cyber crime cases. Specialised Training of forensic investigators and experts Active coordination between police and other law enforcement agencies and authorities is required . Re-interpretation of criminological theories and development of cyber jurisprudenceDo you have any question?: Do you have any question?Slide 119: Thursday, January 13, 2011 www.site.technolexindia.com, http://technolexindia.blogspot.com 119 Thanks