workshop on cyber crimes technology, evidence & forensic ... · • uniform resource locator...
Post on 05-Sep-2019
4 Views
Preview:
TRANSCRIPT
© All Rights Reserved
Workshop on Cyber Crimes –
Technology, Evidence & Forensic
Challenges
CERT-In, DEITY & C-DAC
Contents
1. Emerging Cyber Crimes & Threats in Cyberspace
2. Technical & Legal Challenges in Cyber Space
3. Electronic Evidence Attribution
4. Appreciation of Electronic Evidence & Case Studies
5. Crimes in Cyber Space
6. Digital Evidence & Cyber Forensics
7. Mobile Forensics
2 © All Rights Reserved
© All Rights Reserved
Emerging Cyber Crimes &
Threats in Cyberspace
Department of Electronics & Information Technology
History of Communication
Telegraph
Telephone
Computer
Communications • X.25 • ISDN • FR etc.
ATM
Optical
Network
4 © All Rights Reserved
© All Rights Reserved 5
11.47 Mil. High speed Internet
Overall Tele-density – 70 %
Internet 6
Bharti
Mail Servers 180 M email accounts
14 Mil. All Domains (1.9Mil. “.in”)
DNS
260+ IDCs
`
VOIP, IPTV
Digital Revolution Internet Infra in INDIA
Govt.
Academia
Enterprise
Home
IT / ITES BPO
Targeted Broadband connections= 22 Mil. (by 2014)
NIC
ERNET
BSNL
Reliance
TATA Communications
STPI
400 Mil. Internet
Users
950 Mil. Mobile
Phones
MTNL
134 Major
ISPs
© All Rights Reserved
International Submarine Cable
Network
Source: Global Marine Systems Ltd
International Submarine Cable Network
Game Changers
5 billion devices has plugged into
Internet, expect 22 billion by 2020
In 2012, global mobile data traffic reached 225,000 terabytes per month – more
than 2x growth over 2011, growing at 10x the rate of voice traffic
Internet based TV is growing rapidly
with around 50% growth rate
The number of mobile phone subscriptions will exceed 7 billion globally by the
year end 2013
The world wide smart phone application
market will exceed $15 billion in 2013
and increase to $16 billion by 2014
The no. of mobile broadband
subscriber will reach 3 billion in
2015
7 © All Rights Reserved
Recent Smart Phone /Tablet Phenomenon is
fuelling the mobile transformation
Users expect mobile phones to
replace GPS System, MP3 Players,
and / or digital cameras by 2015
Cell Phones now being increasingly
used for Data apart from talking….
people are using it to browse the net,
listen to music, play games, send
email and SMS
1.China
2. India
3. Facebook
4. Google
5.United States
6. Brazil
If Facebook were a Country,
it would be the world’s 3rd
largest. One of every three College
Students and employees surveyed
globally believes the Internet is
fundamental resource for the
human race – as important as
air, water, food and shelter
8 © All Rights Reserved
Advanced Technology & Solutions for a wide
range of applications
TV tuners video processors Routers & Switches Video Game Consoles
SmartPhones
Servers Optical networks
WiFi, WiMAX Infrastructure
Wireless Base Stations Radio network
Controllers Storage Satellites
9 © All Rights Reserved
Cloud Computing
Cloud computing offers
a seemingly infinite pool
of readily available
computing resources,
typically housed in a
data center. Cloud
promises to eliminate
the necessity of upfront
hardware investment
and is typically available
on a short-term, pay-as-
you go basis
10 © All Rights Reserved
© All Rights Reserved 11
Three Outstanding Features Which
Make Digital Revolution Unique
1. Cyberspace
2. Knowledge Economy
3. Speed with which it has transformed
industrial economy into a knowledge
Economy
Standalone Computers
Input
Information
Run Programs
Output Processed
Output
12 © All Rights Reserved
Internet
Connecting to Internet :
ISP
13 © All Rights Reserved
© All Rights Reserved 14
1010101010
1010101010
0101010101
0101010101
1001010101
0101010101
0101010101
0101010101
Sequence number
Checksum number
Originator IP add
Receiver IP add
Part of the message
Checksum
Verified
Headers
are
Removed &
And
message
reassembled
1010101010
1010101010
0101010101
0101010101
1001010101
0101010101
0101010101
0101010101
Accuracy & Integrity
Packet Switching
© All Rights Reserved 15
Transmission
Privacy & Accessibility
© All Rights Reserved 16
192.168.2.22 192.168.4.24
203.155.53.57 69.34.32.27
Local IP
address Local IP
address
clients clients
server server
firewall firewall
Internet
Client creates
packet
192.168.2.21
192.168.2.20
192.168.2.19
router router
192.168.4.27
192.168.4.26
192.168.4.25
Public IP
Address
Public IP
Address
Communication Via Internet
Packet
Packet Packet
Packet
Packet Packet
Packet
Packet Packet
Packet
Packet
IPv4 Packet Header
© All Rights Reserved 17
IP Address
Example 128.172.101.102
• 128 – a section of the main Internet system.
• 172 - identifies a specific network (ISP).
• 101 - identifies organisation of the specific network.
• 102 - identifies a specific computer
© All Rights Reserved 18
URL & DNS
• DNS is a name resolution service which resolves
host names into IP addresses.
• Uniform Resource Locator (URL)
• URL is the address of an object like specific Web site
(address of the hosting website), email, and/or file /
Page on the Internet.
• Example
www.mit.gov.in = 164.100.52.211
URL
The Web Site Address
- Network ID
- Network ID-ISP
- Subnetwork-ISP
- Host-User
DNS Naming Convention
• “gates.microsoft.com.”
• “.” Root
• “.com” Top-Level Domain
• “microsoft.com” Second-Level Domain
“gates.microsoft.com” Sub-Domain
• Gates user
URL of Website
19 © All Rights Reserved
© All Rights Reserved 20
The World Wide Web
• URL has two components: host name and path name – Path Name – Path going to
the page & identifies the page
– Host Name: Name of the Machine hosting the Web site/page
• User agent for Web is called a
browser:
– MS Internet Explorer
– Mozilla Firefox
– Google Chrome
• Server for Web is called Web
server:
www.deity.gov.in/cyberlaw/pic.gif
© All Rights Reserved 21
The Web: the http protocol
http: hypertext transfer protocol
• Web’s application layer protocol
• client/server model
– client: browser that requests, receives, “displays” Web objects
– server: Web server sends objects in response to requests
PC running Explorer
Server running
DeitY Web server
PC running Firefox
© All Rights Reserved © All Rights Reserved 22
Application layer protocols
Protocol Application
HTTP: Hypertext Transfer Retrieve and view Web pages
FTP: File Transfer Copy files from client to server or from server
to client
SMTP: Simple Mail Transport Send email
POP: Post Office Read email
Telnet
Provides access to remote computers.
Through Telnet an administrator or another
user can access someone else’s computer
remotely.
E-mail Address
• grai@eis.ernet.in
grai@mit.gov.in
grai@mit.mtnl.in
Local Part Domain Part
• The local-part of the address is often the username of the
recipient
• The domain-part may be a host name/service provider name
which can be looked up in the Domain Name System (DNS)
• eis – sub domain
• ernet – service provider
• in – Country code for India - top level domain
23 © All Rights Reserved
© All Rights Reserved 24
Electronic Mail
Three major components: • user agents
• mail servers
• simple mail transfer protocol: smtp
User Agent
• “mail reader”
• composing, editing, reading mail messages
• e.g. Outlook, Eudora
• outgoing, incoming messages stored on server
user mailbox
outgoing message queue
mail server
user agent
user agent
user agent
mail server
user agent
user agent
mail server
user agent
SMTP
SMTP
SMTP
© All Rights Reserved
Wi-Fi / WiMax
• Wi-Fi (Wireless Fidelity) is a wireless technology.
•Wi-Fi enables Digital devices to send and receive data indoors and
outdoors; anywhere within the range of a Wi-Fi Access Point.
• Allows to access the Internet while moving from one area to another,
within a complex / building without a disconnection or loss in coverage.
• WiMAX (Worldwide Interoperability for Microwave Access) is a wireless
communications technology designed to provide 30 to 40 megabit-per-
second data rates. WiMax enables last mile wireless broadband
connectivity as a replacement to cable & ADSL Modems.
© All Rights Reserved © All Rights Reserved 26
WiFi Illustration
WiFi Enabled Places
Basically, any location which caters to business users,
and where people with laptops make frequent visits is
an ideal choice to install WiFi.
Airports
Hotels & Resorts
Restaurants
Coffee Shops
Shopping Malls
27 © All Rights Reserved
Wi-Fi HotSpots
• A HotSpot is a geographic area that has a readily accessible wireless network.
• HotSpots are equipped with a Broadband Internet connection through one or more Access Points that allow users to access the Internet wirelessly.
• HotSpots can be setup in any public location that can support an Internet connection. All the locations discussed previously are examples of HotSpots.
28 © All Rights Reserved
© All Rights Reserved 29
Thank you
© All Rights Reserved
Electronic Evidence
Attribution
© All Rights Reserved
Electronic Record
1. Very easy to make copies
2. Very fast distribution
3. Easy archiving and retrieval
4. Copies are as good as original
5. Easily modifiable
6. Environmental Friendly
Because of 4 & 5 together, these lack authenticity
© All Rights Reserved
Why Digital Signatures?
• To provide Authenticity, Integrity and Non-repudiation to
electronic documents
• To use the Internet as the safe and secure medium for e-
Commerce and e-Governance
Digital Signature
• Combines one-way secure hash functions with public key cryptography – Hash function generates fixed length value
– No two documents produce the same hash value
– Secure Hash Algorithm 1 (SHA-1)
• Characteristics – Data Integrity - hash value
– Non-repudiation – encrypted with private key
– Does NOT provide confidentiality
33 © All Rights Reserved
Example – PGP Signed Email
From info@cert-in.org.in
Sent Tuesday, November 7, 2006 5:56 pm
To grai@cert-in.org.in
Subject Email authentication
Test mail for email authentication from CERT-In regards CERT-In Information Desk e-mail : info@cert-in.org.in Phone : 1800-11-4949 FAX : 1800-11-6969 Web : http://www.cert-in.org.in
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512-----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.0 (Build 1202) wsBVAwUBRVCBPnWXeYNsoT30AQpLmgf8DkQe9751xJ+xaFNhKCy/Oz/q8rpdHxfQ 6aFGHmDQ2gXPTelj4mFC95Rmda6uLN+nHd7GrxuFtwLqVBL6k1iuZGeuR797WqWP comFszCeVcRWtZFk8Mqxe7WbMGJc976ycD1K9IkBou6KgXopVso+JWkde+lfIbjP ijWKlrkyzrgAsz9mY6s0Cz/5T27aJAoN+Sb1gnIn2X6g+lEJuUiI7J8Fa8vpOnYL oMlF8jjNJjCVFslrnXOY0udK3qbOkLPidGCcHsod3UMre0ugJPZhXc8bMIA7g5uj FR0NJkKW6pIUCmAPKmE+JhjnE15nS9XpRJ0ryl2dBuF24q69oHNWDA== =jFzx ----
-END PGP SIGNATURE-----
34 © All Rights Reserved
PGP Signed Email - Verification
From info@cert-in.org.in
Sent Tuesday, November 7, 2006 5:56 pm
To grai@cert-in.org.in
Subject Email authentication
*** PGP SIGNATURE VERIFICATION ***
*** Status: Good Signature
*** Signer: CERT-In Information Desk <info@cert-in.org.in> (0x6CA13DF4)
*** Signed: 11/7/2006 6:21:10 PM
*** Verified: 11/7/2006 6:22:08 PM
*** BEGIN PGP VERIFIED MESSAGE ***
Test mail for email authentication
from CERT-In
regards
CERT-In Information Desk
e-mail : info@cert-in.org.in
Phone : 1800-11-4949
FAX : 1800-11-6969
Web : http://www.cert-in.org.in
*** END PGP VERIFIED MESSAGE ***
35 © All Rights Reserved
Comparison of two messages
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
kill him not, let him free !!! -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
iQCVAwUBRVBsx68nxMrmF4C7AQLYKAP+OtxpsrZX8QRRxB2cfU/vc3e/j6jen8SGWayfRgj8fHVIXeBRwpt/8UlQ5yo0b/BHpQ3gweoEIIHzqEa58WjCvhVIYCsP9FdeIRN2I9soVhSIKp+Rh6DPl2R1PG2ZAlMT0N1KacJyw5rCSggk0dn99sQWoCHshv/rJcZMqBYrns==FkLz
-----END PGP SIGNATURE-----
----------------------------------------------------------------------------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
kill him, not let him free !!! -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
iQCVAwUBRVBs2q8nxMrmF4C7AQKo9AP+O+oEzYpQO4D7cI8Xttepgk6C1FVx+goE/1NR9oBMD86WRrQGAnlnJzXMu//NRppy+b02bbACpU2cm/GsFud4j884vjmDTnzbqRRPzzPQKmhGwAckmwxi2lAFY3Ec/9jHzGUKmiXeTX2guc9BWaJhc/Jk/ie1s5NaBUnsMXZvDvY==hpWK
-----END PGP SIGNATURE-----
Change in Signature reflecting Tampering
36 © All Rights Reserved
© All Rights Reserved
Paper signatures v/s Digital Signatures
Parameter Paper Electronic
Authenticity May be forged Can not be copied
Integrity Signature
independent of the
document
Signature depends
on the contents of
the document
Non-
repudiation
a. Handwriting
expert needed
b. Error prone
a. Any computer
user
b. Error free
V/s
© All Rights Reserved 38
Public Key Infrastructure
Public Key Infrastructure (PKI) provides the means to
bind public keys to their owners and helps in the
distribution of reliable public keys in large
heterogeneous networks.
The set of hardware, software, people, policies and
procedures needed to create, manage, store,
distribute, and revoke Public Key Certificates based
on public-key cryptography.
CA model (Trust model)
CCA Root Certificate
CA Certificate
Browser Cert.
CA Certificate
Server Cert.
39 © All Rights Reserved
© All Rights Reserved
Hash Function
Message
(Any Length) HASH
Hash is a fixed length string
128 bit MD5
160 bit SHA-1
256 bit SHA-2
Hash Function
© All Rights Reserved 41
Digital Signature Creation
Dear Mr. Ram:
We have asked the
Court to issue a
warrant against X.
Sincerely,
XXXXXX
Sender Dear Mr. Ram:
We have asked the
Court to issue a
warrant against X.
Sincerely,
XXXXXX
Sender
encrypt
Sender’s Private Key
Hash
Function
Sender
0F47CEFF
AE0317DB
AA567C29
Hash
Value
0101011110000110101
1011110101111010111
Digital
Signature
© All Rights Reserved 42
Digital Signature Validation
Dear Mr. Ram:
We have asked the
Court to issue a
warrant against X.
Sincerely,
XXXXXX
Sender
0101011110000110101
1011110101111010111
Sender's Public Key
decrypt 0F47CEFF
AE0317DB
AA567C29
0F47CEFF
AE0317DB
AA567C29 Signature is valid if the two hashes match
Recipient
Hash
Function Hash
Value
Hash
Value
DEMO
© All Rights Reserved
Public & Private Key pair
Private Key 3082 010a 0282 0101 00b1 d311 e079 5543 0708 4ccb 0542 00e2 0d83 463d e493 bab6
06d3 0d59 bd3e c1ce 4367 018a 21a8 efbc ccd0 a2cc b055 9653 8466 0500 da44 4980
d854 0aa5 2586 94ed 6356 ff70 6ca3 a119 d278 be68 2a44 5e2f cfcc 185e 47bc 3ab1
463d 1ef0 b92c 345f 8c7c 4c08 299d 4055 eb3c 7d83 deb5 f0f7 8a83 0ea1 4cb4 3aa5
b35f 5a22 97ec 199b c105 68fd e6b7 a991 942c e478 4824 1a25 193a eb95 9c39 0a8a
cf42 b2f0 1cd5 5ffb 6bed 6856 7b39 2c72 38b0 ee93 a9d3 7b77 3ceb 7103 a938 4a16
6c89 2aca da33 1379 c255 8ced 9cbb f2cb 5b10 f82e 6135 c629 4c2a d02a 63d1 6559
b4f8 cdf9 f400 84b6 5742 859d 32a8 f92a 54fb ff78 41bc bd71 28f4 bb90 bcff 9634
04e3 459e a146 2840 8102 0301 0001
Public Key 3082 01e4 f267 0142 0f61 dd12 e089 5547 0f08 4ccb 0542 00e2 0d83 463d e493 bab6
0673 0d59 bf3e c1ce 4367 012a 11a8 efbc ccd0 a2cc b055 9653 8466 0500 da44 4980
d8b4 0aa5 2586 94ed 6356 ff70 6ca3 a119 d278 be68 2a44 5e2f cfcc 185e 47bc 3ab1
463d 1df0 b92c 345f 8c7c 4c08 299d 4055 eb3c 7d83 deb5 f0f7 8a83 0ea1 4cb4 3aa5
b35f 5a22 97ec 199b c105 68fd e6b7 a991 942c e478 4824 1a25 193a eb95 9c39 0a8a
cf42 b250 1cd5 5ffb 6bed 6856 7b39 2c72 38b0 ee93 a9d3 7b77 3ceb 7103 a938 4a16
6c89 2aca da33 1379 c255 8ced 9cbb f2cb 5b10 f82e 6135 c629 4c2a d02a 63d1 6559
b4f8 cdf9 f400 84b6 5742 859d 32a8 f92a 54fb ff78 41bc bd71 28f4 bb90 bcff 9634
04de 45de af46 2240 8410 02f1 0001
© All Rights Reserved © All Rights Reserved 44
Smart Cards
• The Private key is generated in the crypto module residing in the smart card.
• The key is kept in the memory of the smart card.
• The key is highly secured as it doesn’t leave the card, the message digest is sent inside the card for signing, and the signatures leave the card.
• The card gives mobility to the key and signing can be done on any system (Having smart card reader).
Source of Public Key
• Public Key with Certificate can be published anywhere
• Browsers contain Certificates from reputed CA’s
• Attached as a signature to e-mail
– Pretty Good Privacy (PGP)
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4
iQCVAwUBOx6SgoFNSxzKNZKFAQGK+gP6AnCVghZqbL3+rM5JMSqoC5OEYIkbvYZN
92CL+YSCj/EkdZnjxFmU9+wGsWiCwxvs/TzSX6SZxlpG1bHFKf0OPu7+JEfJ7J5z
cPCSqbFXiXzmukMl5KNx0p0veIDW4DmwleDpkmhT05qnCheweoNyvTSzfA1TGeLl
mpjBi6zUjiY=
=Xq10
-----END PGP SIGNATURE-----
45 © All Rights Reserved
© All Rights Reserved
CCA’s PUBLIC KEY 2048 bit
3082 010a 0282 0101 00aa d454 b97c 73bf 177a 0b2f
85ab 0738 3d76 8637 980c c815 52de 2fc6 9d09 3548
9c75 1dbe c705 3ad1 cfc7 db51 033c ebf6 a367 d693
b669 29b8 c147 851a b4f9 f1e4 e361 e1e8 91ea 8283
fe2f f3d4 7fdd fbb7 d761 ebb0 4cee 41e3 6e8d 3cd9
4ae0 569c 4270 9c5a 8725 cff7 bf2a b079 cb09 de1d
22e7 0bcc 800b 6118 fa28 963f d1c6 86c1 75b2 8f80
ff5c 83a7 7310 1f03 db26 1639 61cf db36 3a2b e5a5
8aa8 c9d6 c10d 5d03 b274 b36e 1c90 d8bc d561 9278
a3d7 146f 7006 f386 8cc6 3fae 5e99 b071 7f23 fcaa
4853 e2ff 5561 5bc8 1747 42f2 c180 79fe 7d74 0ea8
4550 69e0 e0e9 d91d 75a4 c144 6211 de1f 0a0d b295
9831 8c99 ae7e 5e0e da89 0f84 14d7 5b80 373f 57cc
70ec 7232 0502 0301 0001
This key is available at cca.gov.in and can be downloaded
© All Rights Reserved
Controller of Certifying Authorities as the “Root”
Authority certifies the technologies, infrastructure
and practices of all the Certifying Authorities
licensed to issue Digital Signature Certificates
Role of Controller of Certifying Authority
© All Rights Reserved
IDRBT Certificate
Paper Electronic
© All Rights Reserved 49
Thank you
© All Rights Reserved
Appreciation of Electronic
Evidence & Case Studies
Appreciation of Evidence
“The process by which a judge concludes
whether or not a fact is proved is called
appreciation of evidence. It is a duty of the
court to appreciate evidence minutely,
carefully, and to analyse it.”
Kajal Sen v.State of Assam AIR 2002 SC617
51 © All Rights Reserved
© All Rights Reserved
Electronic Evidence
Electronic evidence means that the “evidence
which existed in electronic (intangible) form is
being produced in tangible form.
Electronic Record
S.2(1)(t) “Electronic record” means data,
record or data generated, image or sound
stored, received or sent in an electronic
form or micro film or computer generated
micro fiche;
53 © All Rights Reserved
Human Intervention
The entire process of procuring electronic
evidence is controlled by human agencies.
Can it be manipulated, tampered with?
The science may be infallible, but human action,
which controls the result of the scientific forensic
examination, may be fallible.
54 © All Rights Reserved
Appreciating Technology
Applying technology and getting desired
results is one thing, but appreciating the
value of the ‘evidence’ is another.
One may lose evidence not because of ‘lack
of technology’, but because of ‘lack of
appreciation of technology’.
55 © All Rights Reserved
The Questions are:
• Did the investigators/litigants take care in
gathering the evidence?
• Could they fake the evidence?
56 © All Rights Reserved
Courts and tribunals have to judge the
evidence before them by applying the test
of human probabilities”.
Commissioner of Income Tax, West Bengal II v. Durga Prasad More AIR 1971 SC 2439
57 © All Rights Reserved
Mohammed Ajmal Mohammad Amir
Kasab v State of Maharashtra & Ors*
The Hon’ble Supreme Court appreciated
the electronic evidence, whether in the
form of CCTV footage, mobile devices,
memory cards, data storage devices,
intercepted communications over VoIP, IP
Addresses, etc. while delivering the
judgment.
* (2012) 9 SCC 1
58 © All Rights Reserved
In all human affairs absolute certainty is myth. Prof.Brett
puts it, “all exactness is fake”. Ordinarily, E.L.Dorado
theory of “absolute proof” being unattainable, the law
accepts for it probability as a working substitute.
Hardly one come across a case, where Court does not
resort to “certain probability” as working substitute for
proof beyond all reasonable doubt. However, in the
case in hand, from the evidence, oral and documentary,
reference of which have copiously been made in the
judgment by my noble and learned Brother Aftab Alam,
J. make me believe that “absolute certainty” may not
necessarily be a myth or fake in all cases and can be a
reality.
J. Chandramauli Kr. Prasad
59 © All Rights Reserved
In State of Gujarat v. Shailendra Kamal
Kishor Pande & Ors*., it was held that
“..….CD itself is primary and direct evidence admissible as
to what has been said and picked up by the recorder……it
has to be proved that the same has been prepared and
preserved safely by independent authority, like Police….”
* 2008 CRI.L.J.953
60 © All Rights Reserved
Tukaram S.Dighole v.Manikrao Shivaji Kokate*
Hon’ble Supreme Court held that “standard
of proof” in the form of electronic evidence
should be “more accurate and stringent”
compared to other documentary
evidence….
* (2010) 4 SCC 329
61 © All Rights Reserved
In Jagjit Singh v State of Haryana*, it was
held by the court that “…original CDs
received from Zee Telefilms and…..an
opportunity had been given to the parties to
review the materials….there is no infirmity in
speaker’s reliance on the digital
evidence…..”
* AIR 2007SC 950
62 © All Rights Reserved
In Court on its own motion v. State*, the
court viewed that even in the absence of
original recordings (like negative of a
photograph), reliance may be placed on
‘positive’.
* WP (Crl) No. 796 of 2007. Judgment delivered on
21.08.2008.
63 © All Rights Reserved
In Trimex International FZE Ltd.v. Vedanta Aluminium Ltd. India*
The Court held that in the absence of signed agreement
between the parties, it would be possible to infer from various documents duly approved and signed by the parties in the form of exchange of e-mails, letter, telex,
telegrams and other means of telecommunications.
*(2010)3 SCC1
Similarly in Shakti Bhog Foods Ltd. v. Kola Shipping Ltd., (2009) 2 SCC 134
64 © All Rights Reserved
Sanjay Kumar Kedia v. Narcotics Control Bureau & Anr
CRIMINAL APPEAL NO. 1659 OF 2007
(SLP (Crl.) No. 3892 of 2007)
The company (Xponse Technologies Ltd. And Xpose IT Services Pvt.
Ltd. Headed by Sanjay Kedia) has designed, developed, hosted the
pharmaceutical websites and using these websites, huge quantity of
psychotropic substances (Phentermine and Butalbital) have been
distributed in USA with the help of his associates.
ALADIESPHARMACY.com, EXPRESSPHENTERMINE.com,
FAMILYYONLINEPHARMACY.com
ONLINEEXPRESSPHARMACY.com, SHIPPEDLIPITOR.com
DELIVEREDMEDICINE.COM ,TRUEVALUEPRESCRIPTIONS.COM
That IP address was 203.86.100.76
65 © All Rights Reserved
S.B.SINHA & HARJIT SINGH BEDI, JJ. :
That the Xponse Technologies Ltd and Xponse IT Services
Pvt Ltd were not acting merely as a network service
provider but were actually running internet pharmacy and
dealing with prescription drugs like Phentermine and
Butalbital."
66 © All Rights Reserved
In Ravi Kant Sharma & Ors. v State, the
court held that “…call details record is not a
direct computer printout of the data available
in the computer/servers of the telephone
company….”
CRL.A. 357/2008. Judgment delivered on 12.10.2011
67 © All Rights Reserved
Rohit Vedpaul Kaushal v. State of Maharashtra
The Bombay High Court, after examining the
SMS messages sent by the accused held:
“ that some of the SMS sent by the
accused certainly fall within the scope of
Section 67 of the IT Act”
* 2007 INDLAW MUM 755
68 © All Rights Reserved
In Mrs.Nidhi Kakkar v Munish Kakkar*, the
court held “ If person produced text of
information generated through computer, it
should be admissible in evidence, provided
proof was tendered in manner brought
through Evidence Act…”
* (2011)162 PLR113
69 © All Rights Reserved
Dharambir v.CBI
The Delhi High Court has held:
“Given the wide definition of the words ‘document’
and ‘evidence’ in the amended Section 3 of the
IEA, read with section 2(o) and 2(t), of IT Act, a
hard disc which at any time has been subject to
a change of any kind is an electronic record
would therefore be a document within the
meaning of section 3 of IEA.”
* 148 (2008) DLT 289
70 © All Rights Reserved
Presenting e-Evidence
It is obligatory to note that the evidence in
electronic form is in ‘intangible form’ and
the bottomline is – admissibility of such
evidence in a court of law.
71 © All Rights Reserved
For example, if an exhibit is an electronic
record or data produced by a computer,
the “accuracy” of such an exhibit must
encompass the accuracy of the
process, which produced the said
record, as well as accuracy of content.
72 © All Rights Reserved
Accuracy of the processes depends on the quality of original source, the quality of the internal computer manipulation, the audit mechanism which might reduce error or provide corroboration, the integrity of the way in which the exhibit –what the court actually considers- has been derived, perhaps even the integrity of the way in which the exhibit has been handled by investigators.
73 © All Rights Reserved
Also, it is crucial that there should be a clear chain of custody or continuity of evidence, i.e., from collectors to preservers to examiners to analysts.
It is thus imperative that hash function should be calculated by the collector(s) and subsequently verified by the examiner(s).
74 © All Rights Reserved
Hence, it is pertinent that one must not be
swayed by the technicality of electronic
evidence but should appreciate the entire
evidence gathering and evaluation
mechanism.
75 © All Rights Reserved
© All Rights Reserved
Section 65 B of IEA
S.65 B Admissibility of Electronic Records
(1)Any information contained in an electronic
record which is printed on a paper, stored,
recorded or copied in optical or magnetic
media produced by a computer shall be
deemed to be also a document, if the
conditions mentioned in this section are
satisfied in relation to the information and
computer in question and shall be admissible
in any proceedings, without further proof or
production of the original …….
77 © All Rights Reserved
(2) The conditions:
(a) the computer output containing the information was produced by the computer during the period over which the computer was used regularly to store or process information for the purposes of any activities regularly carried over that period by the person having lawful control over the use of the computer;
(b) during the said period, information of the kind contained in the electronic record or of the kind from which the information so contained is derived was regularly fed into computer in the ordinary course of said activities;
78 © All Rights Reserved
(c) throughout the said period, the computer was operating properly or if not then in respect of any period in which it was not operating properly or was out of operation…..was not as such to affect the electronic record or the accuracy of its contents; and
(d) the information contained in the electronic record reproduces or is derived from such information fed into the computer in the ordinary course of said activities.
79 © All Rights Reserved
(3) Where over any period, the function of storing
or processing information …..regularly
performed by computers, whether in
combination, or succession, or by different
combinations………..in whatever order,
all the computers used for that purpose during that
period shall be treated ……as constituting a
single computer
80 © All Rights Reserved
(4) A certificate signed by a person occupying a responsible official position in relation to operation of the relevant device or the management of the relevant activities to include any of the following things:
· identifying the electronic record containing the statement and describing the manner in which it was produced
· giving such particulars of any device involved in the production of that electronic record as may be appropriate for the purpose of showing that the electronic record was produced by a computer
81 © All Rights Reserved
The objective behind aforesaid step-by-step
processes is to identify whether the
computer in question has properly
processed, stored and reproduced
whatever information it received.
82 © All Rights Reserved
State v. Mohd. Afzal*
Held. That under S.65 B, computer generated electronic records is an admissible evidence at trial if proved in manner specified by section.
Electronic record in the form of a print out…..compliance with sub-section Sub-section (1) and (2) of section 65 B is enough to make admissible and prove electronic records. This conclusion flows out, even from the language of sub-section (4).
* 107(2003) Delhi Law Times 385 (DB)
83 © All Rights Reserved
P.Padmanabh v. Syndicate Bank Ltd., Bangalore
The High Court of Karnataka held:
“Clear admission of malfunctioning of either
ATM machine or computer…..provisions of
section 65B cannot be pressed into
service by plaintiff”.
* 2008 (2) Kar.L.J. 153
84 © All Rights Reserved
© All Rights Reserved
Is it a Primary Evidence or Secondary
Evidence?
Under the IE Act, the contents of documents may be proved either by primary or secondary evidence. Section 62 of the Act defines “Primary evidence” as “….the document itself produced for the inspection of the Court”.
The Act, also defines, “Secondary Evidence” as the “certified copies made from the original by mechanical processes which in themselves ensure the accuracy of the copy, and copies compared with such copies”[section 63(2)]
86 © All Rights Reserved
• Section 65. Cases in which secondary evidence relating to documents may be given –
(d) When the original of such a nature as not to be easily movable;
• Section 65 A. Special provisions as to evidence relating to electronic record – The contents of electronic records may be proved in accordance with the provisions of section 65B.
87 © All Rights Reserved
In State v. Navjot Sandhu*…It is not in dispute that the information
contained in the call records is stored in huge servers which
cannot be easily moved and produced in the court…..Hence,
printouts taken from the computers/servers by mechanical
process and certified by a responsible official of the service
providing company can be led in evidence through a witness
who can identify the signatures of the certifying officer or
otherwise speak of the facts based on his personal knowledge.
Irrespective of the compliance with the requirements of section
65B, which is a provision dealing with admissibility of electronic
records, there is no bar to adducing secondary evidence under
the other provisions of the Evidence Act, namely sections 63
and 65. It may be noted that the certificate containing the details
in sub-section (4) of section 65B is not filed in the instant case,
but that does not mean that secondary evidence cannot be
given in the circumstances mentioned in the relevant provisions,
namely sections 63 and 65.
* (2005)11 SCC 600
88 © All Rights Reserved
Vodafone Essar Ltd. v Raju Sud, concerned a
dispute with regard to the subscriber, inter alia,
challenging the authenticity of computer
generated bills, which contained the charges.
The court held, “….printouts taken from the
computer/server by mechanical process as
contemplated under section 65 and 65A of the
Evidence Act is permitted, irrespective of the
compliance with the requirement of section 65B
of the Act.”
* Pronounced on Nov. 22, 2011, Suit no. 3264/2009, BHC
89 © All Rights Reserved
Irrespective of the compliance with the
requirements of section 65B, which is a
provision dealing with admissibility of
electronic records, there is no bar to
adducing secondary evidence under the
other provisions of the Evidence Act,
namely sections 63 and 65.
90 © All Rights Reserved
For the purpose of admissibility of electronic record produced by a computer, a three prong test is important:
1. Document in question – is an electronic record [as defined under S.2(1)(t) of the IT Act, 2000],
2. Produced by a computer [as defined under S.2(1)(i) of the IT Act, 2000], and
3. Accompanied by a certificate, fulfilling the conditions laid down S.65 (B)(2)-(B)(4) or proven by way of secondary evidence.
91 © All Rights Reserved
For the purpose of admissibility of electronic record produced by any other device other than a computer, a two prong test is important:
1. Document in question – is an electronic record [as defined under S.2(1)(t) of the IT Act, 2000],
2. Accompanied by an affidavit, or proven by way of secondary evidence.
92 © All Rights Reserved
Section 79A* Examiner of Electronic Evidence
Central Government may, for the purpose of
providing expert opinion on electronic form
evidence before any
court……specify…any Department, body
or agency of the Central Government or a
State Government as an Examiner of
Electronic Evidence Electronic form Evidence means any information, of probative value
that is either stored or transmitted in electronic form and includes
computer evidence, digital audio, digital video, cell phones, digital
fax machines.
93 © All Rights Reserved
In SIL Import, USA v. Exim Aides Silk
Importers*, the Hon’ble Supreme Court
observed the need of the judiciary to
interpret a statute by making allowances for
any relevant technological change that has
occurred.
* (1999) 4 SCC 567
94 © All Rights Reserved
© All Rights Reserved
Case Studies
© All Rights Reserved
Phishing
© All Rights Reserved
Phishing
• Facts Victim received on his personal email an email from Income Tax Department (information@incometaxindia.gov.in ) mentioning that he had refund on the tax paid.
Mistaking it as genuine refund he clicked the attachment which led him to a webpage where he keyed in the critical information i.e., username, password etc. of his bank account.
After twenty days he received a SMS from the bank authorities that a transaction was made and hence Rs.94100/- was debited from his account
Case No./Crime No.
35/2011
City: Hyderabad
© All Rights Reserved
Investigation
The deceptive e-mail that was sent to him as if from Income Tax Department was analysed and the IP Address from which it originated was identified as 78.94.188.22 which, however was traced to Germany (Herne Unitymedia Nrw Gmbh).
The print of the deceptive e-mail was collected to prove case as per section 471 IPC that is a false electronic record was produced as genuine.
Inquiries with the bank revealed that an amount of Rs 94,100/- was debited towards a merchandise transaction through eBay an online marketing place
© All Rights Reserved
Investigation
Identification of buyer’s mobile no.
and address as shipping address for
delivery.
The IP Address (180.215.151.190)
pertaining to the fraudulent
transaction was collected and it was
traced to MTS Network.
From the call data records the tower
locations of the mobile numbers
were figured out.
Culprit was arrested.
© All Rights Reserved
Investigation
From the possession of the accused
a laptop and MTS Internet Data
Card that he used for sending
phishing e-mails were recovered.
The laptop was examined
forensically and traces of phishing
emails sent by the accused were
recovered.
A case under sections 66- C
(Identity theft) & 66-D (Cheating by
personation) and IPC Provisions
i.e., 420 & 471 registered.
© All Rights Reserved
Child Pornography
© All Rights Reserved
Child Pornography
• Facts A complaint was received on email
from Interpol against an IP address
involved in sending child
pornography images.
Interpol was briefed by the Child
Exploitation Online Protection
Centre(CEoP)
The email mentioned the uploading
of child pornography images and
receipt of payment using Internet
account from Chennai.
FIR No. 0554/2009
City: Chennai
© All Rights Reserved
Investigation
IP address revealed BSNL network. It led to the identification of Wilheum (a foreign national).
His laptop was seized and examined forensically.
It revealed hundreds of child pornography images. His bank account also showed payment details.
A case was registered including section 67B of the IT Act.
© All Rights Reserved
Cyber terrorism
© All Rights Reserved
Cyber Terrorism
• Facts On September 7, 2011 a bomb blast
took place outside Gate No. 5 of
Delhi High Court around 10AM.
Around 4pm an email received by
the police taking responsibility of the
blast and further identifying
Ahmedabad as the next target.
This email was sent in the name of
a terrorist, who was on the most
wanted list of FBI.
FIR No. DCB – II –
3050/2011
City: Ahmedabad
© All Rights Reserved
Investigation
IP address revealed as if email was
sent from Moscow.
Further use of forensic tools
revealed that this email was sent
using a Virtual Private Network
(VPN) and with the same email id
some blog-sites were also
accessed.
Using web-log analysis the culprit
was identified and charged under
section 66 F (cyber terrorism) of the
IT Act.
© All Rights Reserved
Thank You
© All Rights Reserved
Crimes in Cyber Space
Questions being asked now-a-days
• What is the cyber space?
• What are cyber crimes and the most
damaging new attack patterns?
• Who are the cyber criminals?
• What are the most promising initiatives to
deter cyber attacks?
109 © All Rights Reserved
The Nature of Cyber Space
• Proliferation of Information Technology
• Rapid growth in Internet
• Increasing online transactions
• Information systems are essential part of critical
infrastructure
110 © All Rights Reserved
© All Rights Reserved 111
Why cyber space is at risk?
Defending is difficult Risk v/s convenience Increasing complexity Security was never a
part of Internet Varied threats and
threat actors
Attacking is easy Attacker’s anonymity Attribution challenges Inconsistent laws Proximity no longer a
requirement
Cyber space is getting target-rich
Increasingly valuable Increasingly online Increasing dependency Technical convergence
Three faces of cyber crime
• Organised Crime
• Terrorist Groups
• Nation States
112 © All Rights Reserved
Computer is incidental to
other Crimes
Computer is not essential for the crime to occur, but it is used in the Criminal Act
• The Crime, in general, could occur without the technology
• The Computer helps the crime to occur faster, easier
• Permits processing of greater amounts of information
• Makes the crime more difficult to identify and trace
113 © All Rights Reserved
Crimes associated with the
prevalence of computers
The presence of computers generates new
versions of traditional crimes
• Piracy
• Copyright violation
• Blackmarketing, Public Order
• Murder
• Outage
Technological growth essentially creates new
crime targets
114 © All Rights Reserved
© All Rights Reserved
Cyber Crimes – increasing ??
• The anonymity of cyberspace makes identity
tracing a significant problem which hinders
investigations.
• Most Computer Crimes go undetected by their
victims
• Of the crimes / attacks which are detected, few
are reported
Cyber Crimes being observed in India
• Hacking
• Hactivism
• ATM & Credit/Debit/Gift Card Frauds
• Web defacement
• Proxy Scan
• Denial of Service
• Distributed Denial of Service
• Malicious Codes
– Virus
– Bots
• Data Theft and Data Manipulation
– Identity Theft
– Financial Frauds
116 © All Rights Reserved
© All Rights Reserved 117
Targeted attacks
• Targeted attacks - espionage
• social engineering
– specially drafted email & sender's account
• spoofed/compromised email accounts
• vulnerabilites and exploits
– MS office, pdf etc.
• Malware - known and crafted
– poor detection
• stealth channels and information theft
• Resilient Command & Control
© All Rights Reserved 118
`
`
`
`
``
``
Recon
Access
Infiltration
Internet
Hosts
Firewall
Public
Servers
Private
Servers
Network Hosts
Phase 1
Discover / Map
Phase 2
Penetrate
Perimeter
Phase 3
Attack
Resources
A typical penetration or hacking
© All Rights Reserved 119
DDoS / BOTs
Command and
Control Servers
BOTS
Victim
Bot-Herder
© All Rights Reserved 120
Command and
Control Servers
BOTS
Spammer
Internet
Spam using BOTs/ Mass Mailing Worms
Spyware
• Spyware is used by companies to gather the surfing habits of
the users.
• Pop-up ads are usually a result of spyware being present on
a computer.
• Keyloggers are a form of spyware that secretly record
keystrokes and have the ability to email them back to the
intruder.
121 © All Rights Reserved
Cyber Crimes through e-mails
• Examples of crimes involving e-mails:
– Spam – Unwanted emails
– Passing confidential or secret information
– Extortion: Illegal means of acquiring things
– Sexual harassment
– Misuse of compromised e-mail accounts for
demanding money in distress
122 © All Rights Reserved
Wi-Fi Hijacking
• Approx. 60-70% of the wi-fi networks are
estimated to be insecure & available for
unauthorised internet access
• Why are so many wi-fi networks insecure? – Lack of user awareness for its possible misuses
– How to configure the wi-fi access point for a secure wi-fi
network
– But… criminals look for insecure wi-fi networks to commit
their crimes
– And… the authorities will come knocking on your door….
123 © All Rights Reserved
Phishing
The term Phishing is derived from ‘fishing’ password + fishing = phishing
“Phishing is the act of sending a communication
(Email/Message/Fax/SMS) to a user falsely
claiming to be an legitimate enterprise/Brand in an
attempt to scam the unsuspecting user into
disclosing sensitive private information that will be
used for identity theft. ”
124 © All Rights Reserved
Mechanics of Phishing
Phishing Website
1. Attacker hosts Phishing Website
- Insecure webserver
- Free hosting
- Fast-flux, Rock phish
- `
Web Server
2. Attacker sends
spam mails/SMSes
etc. containing
Phishing links
Data collection point
125 © All Rights Reserved
© All Rights Reserved 126
Phishing Web site
Legitimate Web Site
Phishing – PayPal Website
Phishing e-mail: Income Tax Deptt.
127 © All Rights Reserved
Phishing in the name of
Tax Refund
128 © All Rights Reserved
On click to ‘Tax Refund Form’
129 © All Rights Reserved
Data Didling
• BIHAR SECONDARY STATE BOARD
• PRIVATE STUDENTS TOPPED OVER GOVT STUDENTS
– 6 DIGIT ROLL NUMBER
• GOVT STUDENTS STARTS WITH 3
• PRIVATE STUDENTS STARTS WITH 4
• SOFTWARE MANIPULATION
– 300000 > ROLL_No < 400000 DEDUCT 9
– 400000> ROLL_No < 500000 ADD 9
130 © All Rights Reserved
Cyber terrorism
• Attack on critical national infrastructure, such as
electricity, gas, water; banking and finance;
transport systems; telecommunications
131 © All Rights Reserved
© All Rights Reserved © All Rights Reserved 132
SPAM - Mail
• Terrorist often exchange their message via
SPAM Messages
• All email servers filter as SPAM
• Group – A accesses http://www.spammimic.com
site and encode the messages to be sent
• Copies encoded text and sending to Group
– B
• Group – B checks mail in SPAM folder copy the
content of the mail then decode original content
from aforesaid site.
133 © All Rights Reserved
Terrorists communication via SPAM mails
Group A
Click Encode
Type your text: This is private
Text
Click Encode
Copy the text and send as mail. All mail
server classifies as SPAM
Now Group B (Recipient will receive mail
from SPAM folder and copy the text
accesses same web site and getting
decode the original (hidden)text)
134 © All Rights Reserved
Terrorists communication via SPAM mails
Group B
Click Decode
Copy the text from mail under
SPAM folder
Click Decode
Decoded text: This is private
Text
135 © All Rights Reserved
© All Rights Reserved 136
Thank You
top related