cbcyber cicrimes and sils ocial nkin etworking tes · 2014-03-09 · social networking ‐ web site...
TRANSCRIPT
C b C i d S i l N ki SiCyber Crimes and Social Networking Sites
V. RajendranAdvocate and Cyber Law Consultant
044‐22473849; 9444073849URL: venkrajen.inj
Email: [email protected]
Security: Definition, Need and typesSecurity: Definition, Need and types
Security: Being free from danger defence against failureSecurity: Being free from danger, defence against failure,Freedom from anxiety, safeguarding assets
Safety, freedom, protection: of (Assets) from (individuals Safety, freedom, protection: of (Assets) from (individuals and threats) against (loss, injury etc)Information Assets and other assetsAsset Classification: Criticality, Volatility, ConfidentialityParties to an Info Asset: Owner, Custodian, UserProtection of information assets from threatsRisks: Vulnerabilities and threats, Impact
Confidentiality Integrity
Information SecuritySecurity
AvailabilityNon Repudiation, Authorisation, Authentication, ,
Accountability etc
Cyber Security ‐ DefinitionCyber Security ‐ Definition
Cyber Security: “Protecting information equipment Cyber Security: Protecting information, equipment, devices, computer, computer resource, communication device and information stored therein from unauthorised access, use, disclosure, disruption, modification or destruction” ‐ I.T.A.A. 2008 Sec 2 D (nb)
What constitutes cyber security?key words in the definition :key‐words in the definition :Data, Information, access, stored, communication device
Cyber Crime – Definition and genesisCyber Crime – Definition and genesis
Definition of crime offence fraudDefinition of crime, offence, fraudDefinition of cyber crime, cyber offence ??Any crime or offence wherein a ‘computer’ is used as an Any crime or offence wherein a computer is used as an object or a target of offence/crime. Definition of ‘computer’ as per I.T.A 2000: “any electronic p p ymagnetic, optical or other high‐speed data processing device or system which performs logical, arithmetic, and memory functions by manipulations of electronic magnetic or opticl functions by manipulations of electronic, magnetic or opticl impulses, and includes all input, output, processing, storage, computer software, or communication facilities which are p ,connected or related to…..”
Cyber Crimes – Computer offencesCyber Crimes Computer offences
Cyber Crime not defined in ITAElectronic Crime or Cyber Crimes are electronic variants of normal crimesFraud triangle:
1. Intention/Necessity, O i2. Opportunity
3. Rationalisation to commit the crimeG i d B i i h Genesis and Basis is the same‘Mens rea’ – Criminal Intent and motive unique in the earlier cyber crimes like hacking virus etc (like just for the earlier cyber crimes like hacking, virus etc (like just for the heck of it or to show one’s technological superiority)
Cyber CrimesCyber CrimesDefinition of Cyber Crime, computer crimes, cyber frauds, y , p , y ,computer frauds etc.Legal definition: I.T. Act – NoA t d d fi iti d Accepted definitions and usages
“Illegal behaviour that targets the security of computer systems and/or the data accessed and processed by computer networks”
“An act where computer is an object or a subject of crime”“Any crime where an I.T. gadget is used in the act”
Cyber Crimes are technological variants of normal crimes.The Act of committing, investigation, trial, evidence .. ALL VARYTheft, forgery, fraud, blackmail, harassment, law of torts….
Cyber Crimes and Normal crimesCyber Crimes and Normal crimes
Modus Operandi is differentpInvestigation mechanism and processProcess of trial E‐evidence: Volatility, production of an e‐evidenceAcceptability, retrieval issues, technological issues Jurisprudence and related issuesIrrefutability and reliability of records and process“Justice should not only be done but should also appear to have been done”
virtual community for people to share daily activities, interest in a particular topic, or t i th i i l f i tto increase their circle of acquaintances. Online service, platform, or site for building social networks or relations among people . Contains profile of each user, his/her social links, and additional services.
Social Networking ‐Social Networking Web site that provides a virtual community for people to
h th i d il ti iti ith f il d f i d t share their daily activities with family and friends, or to share their interest in a particular topic, or to increase their circle of acquaintances.q
An online service, platform, or site facilitating the building of social networks or relations among people to share interests, thoughts, ideas etc
Often consists of representation (profile) of each user, hi /h i l li k d i t f dditi l i his/her social links, and a variety of additional services.
Being web‐based, they provide means for users to interact over the Internet like email instant messaging etc over the Internet, like email, instant messaging, etc
Social Networking SitesRelevance in the Indian Context – with such a huge telecom market and such wide penetration of technology, why not?Indians: known for communication & networkingPrivacy laws and confidentiality in IndiaSocial engineering – id theft the biggest menaceNetworking Sites: boon or bane?
Business UseBusiness Use
Source: Internet
Social Networking sites CrimeCrimes reported – the dark figure?Categorisation of offences under thisgClassification done by the State, offender and above all, the media?Official figures from the governmentCrimes under the ITA, IPC and other lawsCrimes were the data is used for a major offence
Offences in social networkingO e ces soc a et o gInformation theft: Access, copying, data misuse‘Information harvest’ id theft: for abuse illegal useInformation harvest ‐ id theft: for abuse, illegal usePersonating for cyber cheating, e‐forgeryH t i il C b t lkiHarassment via email Cyber stalkingMorphing and spoofing: IP and email S h h l i ?Steganography – technology or a crime?Cyber Squatting – creating a website – crime?
f d hDefamation and character assassinationDoS and DDoS – criminal intention “mens rea”
Cyber Crimes – the basisSocial engineeringId theft – information in a public placeScavenging – discarded data useful for someCareless handling of data: Xerox copiesSpam mails, junk mails – innocently trappedWriting blog – sharing info, likes and dislikesSharing photos in a SN SitesFamily functions and public places
Common crimes in SN SitesId theft and information harvestingCyber Stalking, harassment, cyber bullyingOffensive, pornographic and other obscenityPhishing and related sitesFriends’ friends’ contacts and unknownsHacking or hijackingVirus, spyware, malware, adware etc
Personation in S NWSPersonation in S.N.W.SAccounts set up by a person in someone else’s name. The act of setting up the account not a criminal offence? Police may further probe to identify whether there are any criminal
offences apparent e.g. public order offences, harassment etc. and take evidence
If no criminal offences have been identified Social Networking Websites may still disable such accounts as it is likely to breach the terms and conditions of setting up the account from the outset.
Best way to report such activity would be to contact the SNW direct via a “report this user” or “report abuse” button on the website. SNW normally treat abuse cases as a high priority and take swift action to disable any offending accounts and warn the user of any inappropriate behaviour.
Hacking a SNW account is a criminal offence in any nation.
T Popular case in India The Centre told a Delhi court that there is sufficient material to proceed against 21 social networking sites, including Facebook, Google, Yahoo and Microsoft, for offences promoting enmity between classes and causing prejudice to national integration. “The sanctioning authority has personally gone through the The sanctioning authority has personally gone through the entire records and materials produced before him and after considering and examining the same, he is satisfied that there is sufficient material to proceed against the accused there is sufficient material to proceed against the accused persons under section 153‐A, 153‐B and 295‐A of the IPC,” the Centre said in its report placed before Metropolitan Magistrate Sudesh Kumar.Magistrate Sudesh Kumar.
Casebook FacebookCasebook ‐ Facebook
• Vinay Rai vs Facebook and others: Delhi HC Dec 2011 – IT Ministry order – Objectionable and defamatory y j ycontent – National harmony ‐ hosting offensive content and searching for it
b d b d• Larger issues being debated:– Content provider vs Service providerContent Management s Ser ice Management– Content Management vs Service Management
– Responsibility of content owner – who is he/she?– Legal issues: evidence preservation productionLegal issues: evidence, preservation, production
Facebook – historyaceboo sto y
Zuckerberg – Heroes of the Computer Revolution ‐ Instituted “Hackathon” every six to eight weeks y gFacebooks’s long history of law suits Suits settled out of courtFounding – shares questioned. Use of photos questioned..g q p qIn June 2010, Pakistani Deputy Attorney General Muhammad AzharSidiqque launched a criminal investigation into Zuckerberg. The investigation also named the anonymous German woman who created h Sidi k d h ' li I l the contest. Sidiqque asked the country's police to contact Interpol to have Zuckerberg and the three others arrested. On May 19, 2010, Facebook's website was temporarily blocked in Pakistan until Facebookremoved the contest from its website at the end of May. Sidiqque also removed the contest from its website at the end of May. Sidiqque also asked its UN representative to raise the issue with the UN Gen Assembly
The Legal positionITA 2000 and ITA 2008ITA 2000 and ITA 2008E‐Records are valid documents – evidencesEvidence obtained from the siteEvidence obtained from the siteIrrefutability and admissibility of such infoIrrefutability of social networking informationIrrefutability of social networking informationCyber Evidence, Digital Forensics, e‐recordsCivil liability – private initiative to store recordsCivil liability private initiative to store recordsCriminal liability – court procedures
Case LawsCase Laws
• Suhas Katti case – first conviction in India under ITA• Pranab Mitra, Mumbai –Vijay Ninawe Abu Dhabi – Rita B R hi C l tt CBI C tBasu, Ruchira Calcutta CBI Court• Bazee.com case – Due Diligence and corporate responsibilityresponsibility• Recent incidents:
Actor Dhanya Balakrishnan in ChennaiyNayantara’s denial of Twitter – SNWS
• How Facebook uses the informationAd ti t i F b k• Advertisements in Facebook
Data Protection: The UK and IndiaData Protection: The UK and India ET BUREAU, 9 JUL, 2012, New Delhi http://economictimes.indiatimes.com/news/economy/foreign‐trade/india‐protests‐
european‐union‐study‐of‐data‐laws/articleshow/14758875 cmseuropean union study of data laws/articleshow/14758875.cms
India has protested against a European Union decision to study India's data protection laws to find out if they are in conformity with those in the 27‐nation grouping.
EU wants to ensure that the Indian laws meet its directive before it makes a commitment on the issue in the bilateral free trade agreement being negotiated.
EU has not accepted India's assertion that it was a 'data secure' country. This has affected the EU's plan to double the flow of outsourcing business from the region.
"We will not tie our demand for data secure status to any study from the EU side," a commerce department official told ET. "We do not want a situation where we are told just days before signing the deal that the study results were not positive."
Commerce and industry minister Anand Sharma had in a recent meeting with EU trade commissioner Karel De Gucht stressed India be given the status of a data secure country before the two sides sign the FTA.
News item, 13 July 2012, UK
Jail if police think you have encrypted data Encryption in any formEncryption in any formsteganography ie photos tooEven if
- you do not know that something is hidden- Even when you are just a carrier
If you are the confidence keeper of someone- If you are the confidence keeper of someoneRefusal to give up the key to encryption Not knowing that it is encrypted is no exception Not g yp pknowing to unlock Compare: physical house locked house-owner?
In the US – extend it to usNews story from Dara Kerr dated July 10, 2012, Source: InternetPresident Barack Obama signed an executive order"Assignment of National Security and Emergency Preparedness
"Communications Functions," Designed to empower certain governmental agencies with control over telecom
and the Web during natural disasters and security emergencies. (Section 5.2) The Secretary of Homeland Security will "oversee the development testing The Secretary of Homeland Security will oversee the development, testing,
implementation, and sustainment" of national security and emergency preparedness measures on all systems, including private "non‐military communications networks."
Critics say this gives Obama the on/off switch to the Web.This may take 30 days to become law, after being published by the Federal
Register(P id ti l th I t t d t l i U S S t bill i (Presidential powers over the Internet and telecom were in a U.S. Senate bill in
2009, proposed handing the White House, power to disconnect private‐sector computers from the Internet, but not included in Cybersecurity Act of 2012 earlier this year).
CBC N J l 5 2012CBC News July 5, 2012Target you via social media
Social media is proving to be fodder for hackers who use sites like Facebook and Twitter to target who they will send their malware to nextnext.
In 2010, hackers found a loophole in Adobe's software and sent a number of golf‐playing executives a malware‐ridden pdf file claiming number of golf‐playing executives a malware‐ridden pdf file claiming to contain tips from noted golf instructor David Leadbetter.
"Want to improve your score? In these golf tips David Leadbetter shows Want to improve your score? In these golf tips, David Leadbetter shows you some important principles," the message read. Turner said that the executives were likely targeted because of social media profiles that highlighted their enthusiasm for golf.
Parents sue over Facebook photos of dead daughterg(a US case, 2009)
The parents of a murder victim are suing Facebook after a paramedic pleaded ilt t h t hi th i d ht ' d ti th i t th guilty to photographing their daughter s corpse and posting the image to the
social networking site, according to court documents.Caroline Wimmer, 26, was found by her parents, Ronald and Martha, after she was strangled with a hair‐dryer cord in March 2009 in Staten Island, New g y 9 ,York.Facebook site could be protected by the 1996 Communications Decency Act, which says "no provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another treated as the publisher or speaker of any information provided by another information content provider.“ Facebook is confident.The parents are also suing their daughter's convicted murderer, Calvin Lawson, paramedic Musarella, the city of New York and Greenleaf Arms p yIncorporated ‐‐ the company that owns the apartment building where Wimmer's body was found.The pair are also suing Fire Commissioner Salvatore J. Cassano and Richmond University Medical Center where Musarella had been employedUniversity Medical Center, where Musarella had been employed
On the use of FBAudience selector tool most places you share status updates, photos and other stuff ‐ click it tool and select who you want to share something with.Control over how your information. FB does not share personal information with people or services you don't want. No advt access of personal information nor sharing or sales of personal info
Some popular terms• A tag links a person, page or place to something you post, like a status
update or a photo. Tag a photo to say who’s in the photo or post a status update and say who you’re with.
• Timeline is your collection of the photos, stories and experiencesTimeline is your collection of the photos, stories and experiences• Account Settings: manage basic account preferences. edit your name or
email info, change your notifications preferences, turn on extra security features and more.F ll i t h f l ’ i t t d i if ’ • Follow is a way to hear from people you’re interested in, even if you’re not friends. The Follow button is also a way to fine‐tune your News Feed to get the types of updates you want to see.
• Your Wall is the space on your profile where you and friends can post p y p y pand share
• Profile – its uses, ability to edit any time• Status – updating it periodically – changing it frequently
C Ph t M i i t • Cover Photo – Main picture
Cover Photo• People have a better experience viewing your timeline when they
th t i i d i di id li d M k l k see a cover that is unique and individualized. Makes people know more about you, helps FB prevent spam, fake profiles, and other content that can detract from your experience on Facebook.
• Choose an image from your life like a student photo prize winner Choose an image from your life, like a student photo, prize winner etc
• Can use photo for a specific cause too, if needed along with status message or such information g
• To delete a profile picture:– Click on your current profile picture– Click through the album to find the photo you want to delete– ClickOptions under the photo– SelectDelete This Photo from the dropdown menu– Click Confirm
Activity LogActivity LogActivity log is a tool that lets you review and manage what you share on Facebook. Only you can see your activity log. can get to your activity log from your privacy shortcutsfrom your privacy shortcutsClick your privacy shortcuts in the upper‐right corner of the page …. And select who can see my stuff?
Facebook and privacy • Instant Personalization: was a pilot program which shared Facebook
information with affiliated sites, such as sharing a user's list of "liked" bands with a music website, so that when the user visits the site, their preferred music plays automatically. The EFF noted that "For users that have not opted out, Instant Personalization is instant data leakage As soon as you visit the sites in Instant Personalization is instant data leakage. As soon as you visit the sites in the pilot program (Yelp, Pandora, and Microsoft Docs) the sites can access your name, your picture, your gender, your current location, your list of friends, all the Pages you have Liked—everything Facebook classifies as public information. Even if you opt out of Instant Personalization, there's still data y p ,leakage if your friends use Instant Personalization websites—their activities can give away information about you, unless you block those applications individually."[2]
• On December 27, 2012, CBS News reported that Randi Zuckerberg, sister of b k f d k k b i i i d f i d f b i " l" Facebook founder Mark Zuckerberg, criticized a friend for being "way uncool"
in sharing a private Facebook photo of her on Twitter, only to be told that the image had appeared on a friend‐of‐a‐friend's Facebook news feed. Commenting on this misunderstanding of Facebook's privacy settings, Eva Galperin of the EFF said "Even Randi Zuckerberg can get it wrong That's an Galperin of the EFF said Even Randi Zuckerberg can get it wrong. That s an illustration of how confusing they can b
FB – Evidence and InvestigationFB – Evidence and Investigation
Many investigation rely on FB and other SNW sitesMany investigation rely on FB and other SNW sitesVictims’ profile, Crime profiling, Motive of accusedAlibis provided – prove or disproveAlibis provided prove or disproveFB provides information to governmentTracing the history, uploading of contentg y, p gContent management and service providerRelevance and significance of the contentgUsage of such content against the complainant?
Management of FB contentManagement of FB content
UploadingEditablePosting as Status – WallOpen to all or private and select group onlypermanently delete their accounts in 2010Facebook's Privacy Policy now states: "When you d l t t it i tl d l t d f delete an account, it is permanently deleted from Facebook.”
FB and SNW sites ‐ addictionStudy conducted in 2011 – it is an addictionQuitting FB is like quitting smoking or alcoholg g gStudy in the US: This is more addictive Psychological factor Feeling of alone –shareFeeling of guilty and an addiction and self‐pityCountries where FB is banned:
Syria, China, Iran and Vietnam
Some data on FB• No of facebook users worldwide 1.2 billion• Percentage 18‐24 year olds using 98%• Percentage of people on earth using SNWS 11%• Time spent in FB every month 700 billion min• Average time spent by a person p.m. 15 hours• Total number of people accessing FB with phone 250 millionp p g p 5• Facebook users under the age of 10 25%• Percentage of teens viewing unsafe SNWS 59%• Percentage of Americans who are not confident about SNWS g
privacy 24%
Source: http://www.statisticbrain.com/social‐networking‐statistics/
More data on FB• Facebook continues to grow
How to make money from its ads and mobile users.• Latest facts and figures from its earnings call for 1st quarter 2013 sg g q 3
• Daily active users have reached 665 million• Monthly active users have passed 1.1 billion for the first time• 751 million mobile users access Facebook every month751 million mobile users access Facebook every month• Mobile only active users total 189 million
• Mobile now generates 30% of its advt revenue up from 23% at the end of 2012end of 2012
Source: http://www.jeffbullas.com/2013/05/06/21‐awesome‐social‐media‐facts‐figures‐and‐statistics‐for‐social media facts figures and statistics for2013/#EiBm3bIQsDSDtQ3j.99
Twitter• Twitter is the fastest growing social network in the world by
active users according to a GlobalWebIndex Study.• So how does that translate into hard numbers?
% h f J M h • 44% growth from June 2012 to March 2013• 288 million monthly active users• That means that 21% of the world’s internet population are using
T itt thTwitter every month• Over 500 million registered accounts• Twitter’s fastest growing age demographic is 55 to 64 year olds,
registering an increase in active users of 79%registering an increase in active users of 79%
Source http://www.jeffbullas.com/2013/05/06/21‐awesome‐social‐media‐facts‐figures‐and‐statistics‐for‐g2013/#EiBm3bIQsDSDtQ3j.99
Youtube• When you wanted to watch a video it used to be VCR, then it became
a DVD player, then we moved onto cable networks and now it is YouTube.
• These numbers from YouTube’s own blog put some perspective on it These numbers from YouTube s own blog put some perspective on it penetration into our culture and time.
• 1 billion unique monthly visitors• 6 billion hours of videos are watched every month• This means that 50% more hours of video are watched in March 2013
compared to last August when it was 4 billion hours a month and last May when it was 3 billion.
• YouTube reaches more U.S. adults ages 18‐34 than any cable networkYouTube reaches more U.S. adults ages 18 34 than any cable network•
Read more at http://www.jeffbullas.com/2013/05/06/21‐awesome‐social‐media‐facts‐figures‐and‐statistics‐for‐2013/#EiBm3bIQsDSDtQ3j 992013/#EiBm3bIQsDSDtQ3j.99
Google+• Google+ is making an impact on the social media universe and is now
the second largest social network.• What are some of the numbers on Google’s social network built to • What are some of the numbers on Google s social network built to
protect it from Facebook’s growth and data capture to ensure it remains relevant?
• It is Google’s social layer that enhances it’s other online assets.• 359 million monthly active users according to a GlobalWebIndex study• Its active users base grew by 33% from June 2012 through to March 2013
Source http://www jeffbullas com/2013/05/06/21 awesome socialSource http://www.jeffbullas.com/2013/05/06/21‐awesome‐social‐media‐facts‐figures‐and‐statistics‐for‐2013/#EiBm3bIQsDSDtQ3j.99
LinkedInLinkedIn reported to be the largest professional business p g pnetwork on the planet
continues to grow but not at the pace of Twitter or Google+continues to grow but not at the pace of Twitter or Google+as reported by Visual.ly.
O 200 illiOver 200 million users2 new users join it every second64% of users are outside the USA
Read more at http://www.jeffbullas.com/2013/05/06/21‐awesome‐social‐media‐facts‐figures‐and‐statistics‐for‐2013/#EiBm3bIQsDSDtQ3j.99
Thank you
V. Rajendran
Advocate and Cyber Law ConsultantAdvocate and Cyber Law Consultant
+91‐44‐22473849; +91‐9444073849