my presentation isv conference 7th jan 2011

8/8/2019 My Presentation ISV Conference 7th Jan 2011

1/119

Dr. Tabrez Ahmad Associate Professor of Lawwww.site.technolexindia.comtechnolexindia.blogspot.com

Victims of Cybercrimes( Presented in the 3 rd International ISV

Conference 6-8 th January 2011


2/119

M onday, January 10, 2011


3/119

Agenda

10 January 20113

1. Background of Cybercrimes2. The categories of cybercrimes3. Combating Cybercrimes4. Phishing5. Liability of ISPs and Govt.6. The prosecution in cybercrimes7. Admissibility of digital evidence in courts8. Possible defense by an accused in a

computer related crime

9. Criminological theories and cybercrimes10. Cyberforensics11. The possible reliefs to a cybercrime

victim and strategy adoption

12. Future course of action


4/119

Digital Revolution Internet Infra in INDIA

4

4.8 Mil. HighSpeed Internet

65 Mil. InternetUsers

248 Mil. MobilePhones

8 Mil. Mobile Phones being addedper month

Internet

BSNL

Bharti

TATACommunications

Reliance

ERNET

Mail Servers

1Mil. Domains(0.5 Mil. .in)

DNS

130+ IDCs 134 Major

ISPs

134 Major

ISPs

VOIP, IPTV

NIC

INDIA InternetInfrastructure:2008.5

Govt.

Academia

Enterprise

Home

Tele Density 24 per 1000 person

IT /

ITESBPO

Targetted Broadband connection = 10 Mil.(2010)


5/119

B ac r f ercri e

10 January 2011www.site.technolexindia.com,http://technolexindia.blogspot.com5

Real-world &Virtual- world

Current approaches evolved to deal with real-world crime

Cybercrime occurs in a virtual-world and

therefore presents different issues


6/119


7/119

Background of Cybercrime Cont


y Internet for SecurityUSA ARPANETy Internet for Researchy Internet for e-commerce UNCITRAL Model Law 1996y I.T Act 2000y Internet for e-governancey Internet regulation serious matter after 9/11 attack on World

Trade Centrey US Patriot Acty I.T Amendment Act 2008


8/119

Categories of Cyber crimes

810 January 2011 www.site.technolexindia.com,http://technolexindia.blogspot.com

Crime against property

Crime againstGovernment

Crime against persons


9/119

Categories of Cybercrimes

Cyber trespass

Trespassto person

Identit

y Theft

Phising

Cyberstalking

Spamming

Hacking

Trespass toProperty

Cybersquating

Software Piracy

Data Theft

Breach of ConfidentialInformation- Wikileaks

Cyberlibel Stealing Contents fromWebsites

Breach of Privacy

Cookies,Viruses

webcrawling

Onlinesurvellianc

e

M agicLanternTec

hnique

Cyberterrorism

FlowingPornograph

y

10 January 2011 www.site.technolexindia.com,http://technolexindia.blogspot.com 9


10/119

Wh at is India incs biggest t h reat?


y Cyber crime is now a bigger threat to India Inc than physical crime. In a

recent survey by IBM, a greater number of companies (44%) listed cybercrime as a bigger threat to their profitability than physical crime (31%).

The cost of cyber crime stems primarily from loss of revenue, loss of market capitalisation, damage to the brand, and loss of customers, in that

order.About 67% local Chief Information Officers (CIOs) who took part in thesurvey perceived cyber crime

as more costly, compared to the global

benchmark of 50%.


11/119

Combating cyber crimes

y Legal framework-laws & enforcement

y Technological measures-Public key cryptography,Electronic signatures ,Firewalls, honey pots

y Cyber investigation-Computer forensics is the processof identifying, preserving, analyzing and presentingdigital evidence in a manner that is legally acceptable incourts of law.

y

These rules of evidence include admissibility (in courts),authenticity (relation to incident), completeness,reliability and believability.

1110 January 2011www.site.technolexindia.com,http://technolexindia.blogspot.com


12/119

Legal Framework- Laws & Enforcement


y Information Technology Act, 2000-came into force on 17 October 2000y Information Technology ( Amendment) Act, 2008-came into force on 27 October

2009y The Information Technology ( Use of Electronic Records and Digital Signatures)

Rules, 2004y The Information Technology (Security Procedure) Rules, 2004y The Information Technology ( Procedure and Safeguards for Interception,

Monitoring, and Decryption of Information ) Rules, 2009y The Information Technology ( Procedure and Safeguards, for Blocking for Access oInformation by Public ), Rules, 2009

y The Information Technology ( Procedure and Safeguards for Monitoring

and Collecting Traffic Data orInformation ) Rules, 2009.


13/119

International initiatives


y Representatives from the 26 Council of Europemembers, the United States, Canada, JapanandSouth Africain 2001 signed a convention oncybercrime in efforts to enhance internationalcooperation in combating computer-based crimes.

The Convention on Cybercrime, drawn up byexperts of the Council of Europe, is designed tocoordinate these countries' policies and laws onpenalties on crimes in cyberspace, define theformula guaranteeing the efficient operation of thecriminal and judicial authorities, and establish anefficient mechanism for international cooperation.

y In 1997, TheG-8 Ministersagreed to ten"Principles to Combat High-Tech Crime" and an

"Action Plan to Combat High-Tech Crime."

y Main objectives-y Create effective cyber crime

lawsy Handle jurisdiction issuesy Cooperate in international

investigationsy Develop acceptable practices for

search and seizurey Establish effective

public/private sector

interaction


14/119

Combating Cyber crime-Indian legal framework


y Information Technology Act, 2000-came into force on 17 October 2000y Extends to whole of India and also applies to any offence or contravention

there under committed outside India by any person {section 1 (2)}y read with Section 75- Act applies to offence or contraventioncommitted

outside India by any personirrespective of his nationality,if such actinvolves a computer, computer system ornetwork located in India

y Section 2 (1) (a) Access means gaining entry into ,instructing orcommunicating with the logical, arithmetic or memory function resourcesof a computer, computer resource or network

y IT Act confers legal recognition to electronic records and digitalsignatures (section 4,5 of the IT Act,2000)


15/119

Cyber contravention


y The IT Act prescribes provisions for contraventions inCh IXof

the Act, particularlySec. 43of the Act, which covers

unauthorised access, downloading, introduction of virus, denial

of access and Internet time theft committed by any person. It

prescribes punishment by way of damages not exceeding Rs 1

crore to the affected party.


16/119

Section 46 IT Act


y Section 46of the IT Act states that an adjudicating officer shall beadjudging whether a person has committed a contravention of any of theprovisions of the said Act, by holding an inquiry. Principles of audialterum partum and natural justice are enshrined in the said sectionwhich stipulates that a reasonable opportunity of making a representationshall be granted to the concerned person who is alleged to haveviolated the provisions of the IT Act. The said Act stipulates that theinquiry will be carried out in the manner as prescribed by the CentralGovernment

y All proceedings before him are deemed to be judicial proceedings, everyAdjudicating Officer has all powers conferred on civil courts

y Appeal to cyber Appellate Tribunal- from decision of Controller,Adjudicating Officer {section 57 IT act}


17/119

Section 47, IT Act


y Section 47of the Act lays down that while adjudging the quantumof compensation under this Act, the adjudicating officer shallhave due regard to the following factors, namely-

y (a) the amount of gain of unfair advantage, wherever quantifiable,made as a result of the default;

y (b) the amount of loss caused to any person as a result of thedefault;

y (c) the repetitive nature of the default


18/119


y Chapter XIof the IT Act 2000 discusses thecyber crimesand offencesinter alia, tampering with computer source documents (s 65), hacking (s

66), publishing of obscene information (s 67), unauthorised access to

protected system (s 70), breach of confidentiality (s 72), publishing falsedigital signature certificate (s 73).


19/119

10 January 2011www.site.technolexindia.com,http://technolexindia.blogspot.com1 9

y Whereas cyber contraventions are civil wrongs for which

compensation is payable by the defaulting party, cyber offences

constitute cyber frauds and crimes which are criminal wrongs for which

punishment of imprisonment and/or fine is prescribed by the

Information Technology Act 2000.


20/119

Section 65: Source Code


y Most important asset of software companiesy Computer Source Code" means the listing of

programmes, computer commands, design and layouty Ingredients

y Knowledge or intentiony Concealment, destruction, alterationy computer source code required to be kept or maintained by law

y Punishmenty imprisonment up to three years and / ory fine up to Rs. 2 lakh


21/119

Hacking


y Section 66 of the IT Act 2000 deals with the offence of computer hacking.y In simple words, hacking is accessing of a computer system without the

express or implied permission of the owner of that computer system.y Examples of hacking may include unauthorised input or alteration of

input, destruction or misappropriation of output, misuse of programs oralteration of computer data.

y Punishment for hacking is imprisonment upto 3years or fine which mayextend to 2 lakh rupees or both


22/119

Publis h ing obscene information


y Section 67 of the IT Act lays down punishment for the offence of

publishing of obscene information in electronic formy Recently, the Supreme Court in Ajay Gosw ami v Union of India considered

the issue of obscenity on Internet and held that restriction on freedom of speech on ground of curtailing obscenity amounts to reasonablerestriction under art 19(2) of the Constitution. The court observed thatthe test of community mores and standards has become obsolete in theInternet age.

y punishment on first conviction with imprisonment for a term which mayextend to 5 years and with fine which may extend to 1 lakh rupees. In theevent of second conviction or subsequent conviction imprisonment of description for a term which may extend to 10 years and fine which may

extend to2 lakh rupees.


23/119

Phishing

Phishing is a type of deception designed to stealyour valuable personal data, such as credit cardnumbers, passwords, account data, or other information.

Con artists might send millions of fraudulent e-mailmessages that appear to come from Web sites youtrust, like your bank or credit card company, andrequest that you provide personal information .


24/119

Phreaking + F ishing = Phishing- Phreaking = making phone calls for free back in 70s- F ishing = Use bait to lure the target

Phishing in 1995Target: AOL usersPurpose: getting account passwords for free timeThreat level: lowTechniques: Similar names ( www.ao1.com for www.aol.com ), socialengineering

Phishing in 2001Target: Ebayers and major banksPurpose: getting credit card numbers, accountsThreat level: mediumTechniques: Same in 1995, keylogger

Phishing in 2007Target: Paypal, banks, ebayPurpose: bank accountsThreat level: high

Techniques: browser vulnerabilities, link obfuscation

History of Phishing


25/119

Over 28,000 unique phishing attacks reported in Dec.2006, about double the number from 2005, Now somany millions in 2010.Estimates suggest phishing affected 2 million UScitizens and cost businesses billions of dollars in2010

Additional losses due to consumer fears

Phishing: A Growing Problem


26/119

Phishing Scams As scam artists become more sophisticated, so do their

phishing e-mail messages and pop-up windows.

They often include official-looking logos from realorganizations and other identifying information taken directlyfrom legitimate Web sites.Socially aware attacks

M ine social relationships from public dataPhishing email appears to arrive from someone known to the victimUse spoofed identity of trusted organization to gain trustUrge victims to update or validate their accountThreaten to terminate the account if the victims not reply

Use gift or bonus as a baitSecurity promises

Context-aware attacksYour bid on eBay has won!The books on your Amazon wish list are on sale!


27/119

Another Example :


28/119

But wait

W HOIS 210.104.211.21:Location: Korea, Republic Of

Even bigger problem:

I dont have an account with US Bank!

Images from Anti-Phishing Working Groups Phishing Archive


29/119

Here are a few phrases to look for if you think an e-mail message is aphishing scam.

" Verify your account. " Businesses should not ask you to sendpasswords, login names, Social Security numbers, or other personal

information through e-mail. If you receive an e-mail from anyone askingyou to update your credit card information, do not respond: this is aphishing scam.

" If you don't respond within 48 hours, your account will beclosed. " These messages convey a sense of urgency so that you'll

respond immediately without thinking. Phishing e-mail might even claimthat your response is required because your account might have beencompromised.

F raudulent E-mail Messages


30/119

F raudulent E-mail Messages (contd)

" Dear Valued Customer. " Phishing e-mail messages are usuallysent out in bulk and often do not contain your first or last name.

" Click the link below to gain access to your account. " HTM L-formatted messages can contain links or forms that you can fill out justas you'd fill out a form on a Web site. The links that you are urged toclick may contain all or part of a real company's name and are usually" masked, " meaning that the link you see does not take you to thataddress but somewhere different, usually a phony Web site.

Notice in the following example that resting the mouse pointer on thelink reveals the real Web address, as shown in the box with the yellowbackground. The string of cryptic numbers looks nothing like thecompany's Web address, which is a suspicious sign.


31/119

Con artists also use Uniform Resource Locators ( URLs )that resemble the name of a well-known company but areslightly altered by adding, omitting, or transposing letters.

For example, the URL "www.microsoft.com" could appear instead as:

www.mi c osoft.comwww.mi rc osoft.com

www. verify -microsoft.com



32/119

Never respond to an email asking for personal information Always check the site to see if it is secure. Call the phonenumber if necessary

Never click on the link on the email. Retype the address in anew window

Keep your browser updatedKeep antivirus definitions updatedUse a firewall



33/119

Phishing F ilter (http://www.microsoft.com/athome/security/online/phishing

_filter.mspx) helps protect you from Web fraud and the risks of personal data theft by warning or blocking you from reported

phishing Web sites.Install up-to-date antivirus and antispyware software .

Some phishing e-mail contains malicious or unwanted software(like keyloggers ) that can track your activities or simply slowyour computer.

Numerous antivirus programs exist as well as comprehensivecomputer maintenance services like Norton Utilities . To helpprevent spyware or other unwanted software, downloadWindows Defender.

Install the Microsoft Phishing F ilter Using

Internet Explorer 7 or W indows Live Toolbar


34/119

Th e Information Tec h nology (Amendment) Act, 2008h as come into force on 27t h October, 200 9.

10 January 2011

www.site.technolexindia.com,

http://technolexindia.blogspot.com34

y Almost Nine years and 10 days after the birth of cyber laws in India, the new improved cyber lawregime in India has become a reality.

y There are around 17 changes and out of that most of the changes relate to cyber crimes.


35/119

Some of the major modifications are:

10 January 2011



y

1. A special liability has been imposed on call centers, BPOs, banks andothers who hold or handlesensitive personal data . If they are negligentin "implementing and maintaining reasonable security practices andprocedures", they will be liable to pay compensation. It may be recalledthat India's first major BPO related scam was the multi crore MphasiS-Citibank funds siphoning case in 2005. Under the new law, in such cases,

the BPOs and call centers could also be made liable if they have notimplemented proper security measures.y 2 . Compensation on cyber crimes like spreading viruses, copying data,

unauthorised access, denial of service etc is not restricted to Rs 1 croreanymore. The Adjudicating Officers will have jurisdiction for cases wherethe claim is upto Rs. 5 crore. Above that the case will need to be filed before the civil courts.


36/119

10 January 2011



y 3.The offence of cyber terrorism has been specially included

in the law. A cyber terrorist can be punished with lifeimprisonment.

y 4. Sendingthreatening emails and sms are punishable with jailupto 3 years.

y 5. Publishingsexually explicit acts in the electronic form ispunishable with jail upto 3 years. This would apply to cases likethe Delhi MMS scandal where a video of a young couple havingsex was spread through cell phones around the country.


37/119

10 January 2011



y 6 .Voyeurism is now specifically covered. Acts like hiding cameras inchanging rooms, hotel rooms etc is punishable with jail upto 3 years.This would apply to cases like the infamous Pune spycam incidentwhere a 58-year old man was arrested for installing spy cameras in hishouse to 'snoop' on his young lady tenants.

y 7. Cyber crime cases can now be investigated byI nspector rank

police officers. Earlier such offences could not be investigated by anofficer below the rank of a deputy superintendent of police.y 8. Collecting, browsing, downloading etc of child pornography is

punishable with jail upto 5 years for the first conviction. For asubsequent conviction, the jail term can extend to 7 years. A fine of

upto Rs 10 lakh can also be levied.


38/119

10 January 2011



y 9. The punishment for spreadingobscene material by email,websites, sms has been reduced from 5 years jail to 3 years jail.This covers acts like sending 'dirty' jokes and pictures by email orsms.

y 10. Refusing to hand over passwords to an authorized officialcould land a person in prison for upto 7 years.

y 11. Hacking into aG overnment computer or website , oreven trying to do so in punishable with imprisonment upto 10years.

y 12 . Rules pertaining to section 52 (Salary, Allowances and OtherTerms and Conditions of Service of Chairperson and Members),


39/119

10 January 2011



y 13. Rules pertaining to section 69 (Procedure and Safeguards forInterception, Monitoring and Decryption of Information),

y 14 . Rules pertaining to section 69A (Procedure and Safeguardsfor Blocking for Access of Information by Public),

y 15 . Rules pertaining to section 69B (Procedure and safeguardfor Monitoring and Collecting Traffic Data or Information) and

y

16 . Notification under section 70B for appointment of the IndianComputer Emergency Response Team.y 17 . Rules Rules pertaining to section 54 (Procedure for

Investigation of Misbehaviour or Incapacity of Chairperson andMembers),


40/119

Arms ActOnline sale of Arms

Sec. 383 IPCW eb -Jacking

NDPS ActOnline sale of Drugs

Sec 416, 417, 463 IPCEmail spoofing

Sec 420 IPCBogus websites, cyber frauds

Sec 463, 470, 471 IPCF orgery of electronic records

Sec 499, 500 IPCSending defamatory messages by email

Sec 503 IPCSending threatening messages by email

Computer Related Crimes under IPCand Special Laws

40


41/119

Sp ecial and General statutes a pp licable tocybercrimes

10 January 2011www.site.technolexindia.com,


y While the IT Act 2000, provides for the specific offences it has to be read with the Indian

Penal Code 1860 (IPC) and the Code of Criminal Procedure 1973 (Cr PC)

IT Act is a special law, most IT experts are of common consensus that it does not cover or

deal specifically with every kind of cyber crimey for instance, fordef amator y emailsreliance is placed onSec. 500of IPC, forthreatening e-

mails, provisions of IPC applicable thereto arecriminal intimidation (ch XXII), extortion

(ch XVII), for e-mail spoofing, provisions of IPC relating tofrauds, cheating by personation

(ch XVII) and forgery (ch XVIII)are attracted.


42/119



y Likewise,criminal breach of trustand fr aud (SS 405, 406, 408, 409) of the

IPCare applicable and forfalse electronic evidence, Sec. 193of IPC

applies.

y For cognisability and bailability, reliance is placed on Code of Criminal

Procedure which also lays down the specific provisions relating topowers of police to investigate.


43/119

Liability of ISPs and Govt.



GO VERNMENT NSP??

y Governments Providing Services On The Network

y Governments Are Intermediaries. Sec 79 IT Act.y Under The It Act, 2000, All Governments, Central

And State, All Governmental Bodies Are Network

Service Providers


44/119




Section 79 of IT Act 200y For the removal of doubts, it is hereby declared that no person

providing any service as a network service provider shall be liableunder this Act, rules or regulations made there under for any thirdparty information or data made available by him if he proves thatthe offence or contravention was committed without hisknowledge or that he had exercised all due diligence to preventthe commission of such offence or contravention.


45/119

Liability of ISPs and Govt. (Contd.)



Network Service Providers:When Not Liabley Ex pl anation. For the purposes of this section,

( a) "network service provider" means an intermediary;( b ) "third party information" means any information dealt with by a

network service provider in his capacity as an intermediary.


46/119




TRANSPARENCYy Need ForTransparent E-governance

y

RightTo Information Acty Government Would Now Not Be Able To Hide Records

Concerning E-governance


47/119

Government Initiative



The Cyber Crime Investigation cell (CCIC) of the CBI, notified in September 1999, startedfunctioning from 3 M arch 2000.

It is located in New Delhi, M umbai, Chennaiand Bangalore.

Jurisdiction of the cell is all over India.

Any incident of the cyber crime can bereported to a police station, irrespective of whether it maintains a separate cell or not.


48/119

The Indian Computer Emergency ResponseTeam (CERT-In)



y I T Amendment ACT 2008 .70A. (1 ) T he Indian Com puter E mergenc y ResponseT eam ( C E RT -In ) shall serve as the national

nodal agency in respect of Critical Information Infrastructure for coordinating allactions relating to information security practices, procedures, guidelines, incident

prevention, response and report.

(2 ) F or the purposes of sub-section(1 ), the Director of the Indian Com puter Emergency ResponseTeam may call for information pertaining to cyber security from the service providers,intermediaries or any other person.


49/119

Amendments- Indian Evidence

Act 1872y Section 3of the Evidence Act amended to take care of admissibility of

ER as evidence along with the paper based records as part of thedocuments which can be produced before the court for inspection.

y Section 4of IT Act confers legal recognition to electronic records

10 January 2011www.site.technolexindia.com,http://technolexindia.blogspot.com 4

9


50/119

AUTHENTICATION OF ELECTRONICRECORDS



y Any subscriber may authenticate an electronic recordy Authentication by affixing his digital signature.y Any person by the use of a public key of the subscriber can

verify the electronic record


51/119

LEGALITY OF ELECTRONIC S IGNATURES



y Legal recognition of digital signatures.

y Certifying Authorities for Digital Signatures.

y

Scheme for Regulation of Certifying Authorities for DigitalSignatures


52/119

CONTROLLER OF CERTIFYING AUTHORITIES



y Shall exercise supervision over the activities of Certifying Authoritiesy Lay down standards and conditions governing Certifying Authoritiesy Specify various forms and content of Digital Signature Certificates


53/119

DIGITAL S IGNATURES & ELECTRONICRECORDS



y Use of Electronic Records and Electronic Signatures in

GovernmentAgencies.

y Publications of rules and regulations in the Electronic

Gazette.

y MCA 21 Project- Usage of Digital Signatures


54/119

Presum p tions in law- Section 85 BIndian Evidence Act



y The law also presumes that in any proceedings, involvingsecure digitalsignature, the court shall presume, unless the contrary is proved, that thesecuredigital signature is affixed by the subscriber with the intention of signing orapproving the electronic record

y

In any proceedings involving asecure electronic record, the court shallpresume, unless contrary is proved, that the secure electronic record has not been alteredsince the specific point of time, to which the secure status relates


55/119

P resum p tion as to electronic messages-Section 88A of Evidence Act



y The court may treat electronic messages received as if they weresent by the originator, with the exception that apresumption isnot to be made as to the person by whom such message was sent.

y It must be proved that the message has been forwarded from the

electronic mail server to the person ( addressee ) to whom suchmessage purports to have been addressedy An electronic message is primary evidence of the fact that the

same was delivered to the addressee on date and time indicated.


56/119

IT Amendment Act 2008- Section 7 9 A



y Section 79A empowers the Central govt to appoint any department, body or agency as examiner of electronic evidence for proving expertopinion on electronic form evidence before any court or authority.

y Till now, government forensic lab of hyderabad was considered of

evidentiary value in courts- CFSILy Statutory status to an agency as per Section 79A will be of vital

importance in criminal prosecution of cybercrime cases in India


57/119


58/119

Sec 70 P rotected System



y

Ingredientsy Securing unauthorised access or attempting to secure unauthorisedaccess

y to protected systemy Acts covered by this section:

y

Switching computer on / off y Using installed software / hardwarey Installing software / hardwarey Port scanning

y Punishmenty

Imprisonment up to 10 years and finey Cognizable, Non-Bailable, Court of Sessions


59/119

Criminological T h eories & Cyber Crime

Space Transition Theory

Routine Activity Theory

Displacement Theory

Opportunity Theory


60/119

Sp ace Transition T h eory1) Persons with repressed criminal behavior (in the physical

space) have a propensity to commit crime in cyberspace,which otherwise they would not commit in physical space,due to their status and position.Concern for status in physical space does not transition tocyber space.Behavior repressed in physical space are not in cyber space.


61/119

Sp ace Transition T h eory2) Identity flexibility, dissociative anonymity, and lack of deterrence

factor in the cyberspace provides the offenders the choice tocommit cyber crime.

y Disinhibiting effect allows individuals:y Open honesty about personal issuesy To act out on unpleasant needs

y Deinidividualization - inner restraints are lost when individualsnot seen as individuals

y Leads to behavior that isy Less altruisticy More selfishy More aggressive


62/119

Sp ace Transition T h eory2) Identity flexibility, dissociative anonymity, and lack of

deterrence factor in the cyberspace provides the offendersthe choice to commit cyber crime.

y Deterrence factor changesy Attacks can be made from a remote locationy Crime reslts not immediately apparent


63/119

Sp ace Transition T h eory3) Criminal behavior of offenders in cyberspace is likely to be

imported to physical space which, in physical space maybe

exported to cyberspace as well.

y Cyber crime has moved from the single individual acting for fame

to professional criminalsy Huge financial gain with little risk

y Growth of e-commerce attracts criminals to the net


64/119

Sp ace Transition T h eory4) Intermittent venture of offenders in to the cyberspace and

the dynamic spatiotemporal nature of cyberspace provide thechance to escape

y Cyber space is transienty Cyber space is dynamicy Cyber crimes have do not have spatial - temporal restrictions

of traditional crimes


65/119

Sp ace Transition T h eory5) (a)Strangers are likely too unite together in cyberspace to commit

crime in the physical space; (b) Associates of physical space arelikely to unite to commit crime in cyberspace.

y Cyberspace allows for recruitment and disseminationy

Cyberspace is:y Unmoderatedy Easy to access

y Cyberspace can pose an insider threaty Spy / moley

Disgruntled employee


66/119

Sp ace Transition T h eory6) Persons from closed society are more likely to commit

crimes in cyberspace than persons from open society.y Open society allows individuals to voice opinions & vent

feelings.y Cyberspace allows individuals from closed societies to

express anger & frustrations through hate messages, webpage vandalism, up to cyber terrorism attacks


67/119

Sp ace Transition T h eory7) The conflict of norms and values of physical space with the

norms and values of cyberspace may lead to cyber crimes.y Cyberspace is internationaly Societal differences between individuals may lead to cyber

crimey Conflicts between nations carry over into cyberspace


68/119

Routine Activity T h eoryy Routine activities in conventional societies provide opportunities

for perpetrator to commit crimey Three things must be present for crime to occur:

y

Suitable target is availabley Motivated offender is presenty Lack of a suitable guardian to prevent crime from occurring

y Assessment of situation determines whether or not a crime takes

place.


69/119

Routine Activity T h eoryy A suitable target can be:

y A persony An objecty A place

y

Target comes to the attention of a person searching for a criminalopportunity

y Targets behavior may place target in contact with perpetratory No significant deterring mechanism is present


70/119

Routine Activity T h eoryy Motivated Perpetratory Predatory crime is a method for the perpetrator to secure

basic needs of desiresy Actions of perpetrator are intentional and illegal


71/119

Routine Activity T h eoryy A capable guardian

y Police patrol, Security guardsy Neighbors, neighborhood watch, dogsy Locks, fences, CCTV systemsy

Passwords, tokens, biometric measuresy Guardians can be formal or informaly Guardians can be human or machiney Guardians MUST be capable of acting as a deterrent


72/119

Opp ortunity T h eoryy Opportunity to commit a crime is a root cause of crimey No crime can occur without the physical opportunityy Opportunity plays a role in all crimes, not just those

involving physical propertyy Reducing opportunity reduces crime


73/119

Dis p lacement T h eoryy Reductions in opportunity will not reduce crime because

crime will be displaced to another locationy Opportunity is so compelling that removing perpetrators

will not reduce crime because other perpetrators will step iny Research on displacement theory has shown crime is not

always displaced


74/119

Routine Activity T h eory & t h e Internety Opportunity to commit crime is multipliedy Target and perpetrator are much more likely to come in

contact with each othery Victim has to keep returning to scene of the crimey Deterrence comes shifting either events or circumstances

y Neither are easily altered


75/119

Routine Activity T h eory & t h e Internety Cybercrime has more to do with the effectiveness of indirect

guardianshipy Internet is open & unmoderatedy Mechanisms of the Internet designed to transfer data, not to

examine the datay Internet guardianships are all mechanical

y Reactive, respond to some action - IDSy Cannot respond to new, previously untried activity


76/119

Hacker Neutralization Tec h niquesy Allows for temporary neutralization of values, beliefs, and

attitudes so illegal behaviors can be performed.y Justification of an act requires the need to assert its positive

valuesy Used by different types of deviants


77/119

Hacker Neutralization Tec h niquesy Denial of Injury

y No harm or insignificant harm done to victimy No physical information stolen, information in an electronic

formy Belief that downloading is copying not stealingy As long as no one knows their information is being perused, no

harm is done


78/119

Hacker Neutralization Tec h niquesy Denial of Victim

y Victim is deserving of punishmenty Four categories of victims

y Close enemies who have harmed offender directlyy

People who do not conform to normative social rolesy Groups with tribal stigmasy Remote enemies who hold positions perceived as questionable or corrupt

y Offender may assume role of avenger or crusader for justicey May justify actions as revenge


79/119

Hacker Neutralization Tec h niquesy Condemnation of the Condemners

y Divert attention from offenders actions to the motives and behaviors of those condemning offenders actions

y Mistrust of authorityy Promote decentralizationy Price charged by software companies too high and unfairy Victim failed to protect their computer system


80/119

Hacker Neutralization Tec h niquesy Appeal to higher loyalties

y Offender doesnt deny damage, act was done to protect higher

loyaltiesy Loyalty to groupy Responsibility to family or spousey Employer (Corporate crimes)

y Claim actions were done to acquire knowledge


81/119

Hacker Neutralization Tec h niquesy Self-fulfillment

y Illegal activity done fory Funy Excitement or thrilly

Computer virtuosityy Offender achieves feelings of superiority & controly Voyeurismy Demonstration of ability


82/119

Hacker Neutralization Tec h niquesy Hackers do not use all neutralization techniques

y Denial of responsibilityy Sad storyy Both external forms of neutralizationy Only use techniques based on internal neutralizationy Hackers take pride in what they doy Hackers feel in shame or guilt


83/119

Com p uter Hackers & Social Organizationy Mutual Association

y Clear interpersonal relationshipy No strong or deep interpersonal relationships on or off liney Social connections relatively shallowy Multiple identities and multiple forum use may limit ability to

form interpersonal connectionsy Utilize social networks to exchange knowledge and information


84/119

Com p uter Hackers & Social Organizationy Mutual Participation

y Groups are stratified rather than centrally controlledy Participation in groups did not lead to group attacksy Many do not want an group affiliation


85/119

Com p uter Hackers & Social Organizationy Division of labor

y Some specialization in group forums does existy Stratification & division of labor

y Small group of moderatorsy Larger group of users exchanging knowledge & information

y Loose set of rulesy Give respect, get respecty No flaming

y

Large population of users enforcing the rules


86/119

Com p uter Hackers & Social Organization

y Extended durationy No group with extended history

y Relationships appear transitory

y Relationships within forums weak & short-lived

Incident Res ponse a p recursor to Tec h niques of Cyber


87/119

q yinvestigation & forensic tools


y Incident response could be defined as a precise set of actions to handle

any security incident in a responsible ,meaningful and timely manner.y Goals of incident response-y To confirm whether an incident has occurredy To promote accumulation of accurate informationy Educate senior managementy Help in detection/prevention of such incidents in the future,y To provide rapid detection and containmenty Minimize disruption to business and networkoperations

y To facilitate for criminal action againstperpetrators


88/119

Handling of Evidences by Cyber Analysts

Four major tasks for working with digital evidence

IdentifyCollect,Observe

&Preserve

Analyzeand

OrganizeVerify

Identify: Any digital information or artifacts that can beused as evidence.Collect, observe and preserve the evidence

Analyze, identify and organize the evidence.Rebuild the evidence or repeat a situation to verify thesame results every time. Checking the hash value .


Tec h niques of cyber investigation


89/119

Tec h niques of cyber investigation-Cyber forensics


y Computer forensics, also called cyber forensics, is the application of computerinvestigation and analysis techniques to gather evidence suitable for presentation in acourt of law.

y The goal of computer forensics is to perform a structured investigation while

maintaining a documented chain of evidence to find out exactly what happened on acomputer and who was responsible for it.


90/119

Com p uter Forensic Tools


Forensic Tool Kit:

FTK is developed by Access Data Corporation

(USA); it enables lawenforcement andcorporate securityprofessionals to perform

complete and in-depthcomputer forensicanalysis.

Main W indow of F TK


91/119

TY P ICAL TOOLS


y EMAIL TRACERy TRUEBACKy CYBERCHECKy

MANUAL

Current and Emerging Cyber F orensic Tools of Law Enforcement


92/119



93/119

Land Mark Cases


y 9/11 Attack on WTCy Afzal Guru Parliament attack Casey Mumbai Attack on Tajmahal etc.y

Firos vs. State of Keralay SyyedAsifuddin Casey Bazee Casey State of Tamilnadu v. Suhas Kattiy Balasore ATM Fraud, 2010

Case S tudy (contd .)


94/119



y The crime was obviously committed using "Unauthorized

Access" to the "Electronic Account Space" of the customers.It is therefore firmly within the domain of "Cyber Crimes".y ITA-2000 is versatile enough to accommodate the aspects

of crime not covered by ITA-2000 but covered by other statutes since any IPC offence committed with the use of "Electronic Documents" can be considered as a crime withthe use of a "Written Documents". "Cheating", "Conspiracy","Breach of Trust" etc are therefore applicable in the abovecase in addition to section in ITA-2000.

y Under ITA-2000 the offence is recognized both under Section 66 and Section 43. Accordingly, the persons

involved are liable for imprisonment and fine as well as aliability to pay damage to the victims to the maximum extentof Rs 1 crore per victim for which the "Adjudication Process"can be invoked.



95/119



y The BPO is liable for lack of security that enabled the commission of the fraud as wellas because of the vicarious responsibility for the ex-employee's involvement. The

process of getting the PIN number was during the tenure of the persons as"Employees" and hence the organization is responsible for the crime.y Some of the persons who have assisted others in the commission of the crime even

though they may not be directly involved as beneficiaries will also be liable underSection 43 of ITA-2000.

y Under Section 79 and Section 85 of ITA-2000, vicarious responsibilities are indicated

both for the BPO and the Bank on the grounds of "Lack of Due Diligence".y At the same time, if the crime is investigated in India under ITA-2000, then the factthat the Bank was not using digital signatures for authenticating the customerinstructions is a matter which would amount to gross negligence on the part of theBank. (However, in this particular case since the victims appear to be US Citizens andthe Bank itself is US based, the crime may come under the jurisdiction of the US courtsand not Indian Courts).

B


96/119

Baazee case



97/119

Baazee case


y Obscene MMS clipping listed for sale on27th November, 2004 - DPS Girl having fun".

y Some copies sold through Baazee.com

y Avnish Bajaj (CEO) arrested and his bail application wasrejected by the trial court.


98/119

Points of t h e p rosecution


y The accused did not stop payment through banking channelsafter learning of the illegal nature of the transaction.

y The item description "DPS Girl having fun" should haveraised an alarm.


99/119

Points of t h e defence


y Section 67 relates to publication of obscene material andnot transmission.

y Remedial steps were taken within 38 hours, since theintervening period was a weekend.


100/119

Findings of t h e Court


y It has not been established from the evidence that anypublication took place by the accused, directly orindirectly.

y The actual obscene recording/clip could not be viewedon the portal of Baazee.com.

y The sale consideration was not routed through theaccused.


101/119



y Prima facie Baazee.com had endeavored to plug theloophole.

y The accused had actively participated in theinvestigations.

y The nature of the alleged offence is such that theevidence has already crystallized and may even be tamperproof.


102/119



y Even though the accused is a foreign citizen, he is of Indian origin with family roots in India.

y

The evidence indicatesy only that the obscene material may have been unwittinglyoffered for sale on the website.

y the heinous nature of the alleged crime may be attributable tosome other person.


103/119

Court order


y The court granted bail to Mr. Bajaj subject to furnishingtwo sureties of Rs. 1 lakh each.

y The court ordered Mr. Bajaj toy surrender his passporty not to leave India without Court permissiony to participate and assist in the investigation.


104/119

Case of- B PO Data T h eft


y The recently reported case of a Bank Fraud in Pune in whichsome ex employees of BPO arm of MPhasis Ltd MsourcE,defrauded US Customers of Citi Bank to the tune of RS 1.5crores has raised concerns of many kinds including the role of

"Data Protection".

S tate v Navjot Sand h u


105/119

S tate v Navjot Sand h u(2005)11 SCC 600


y Held, while examining Section 65 B Evidence Act, it may be thatcertificate containing details of subsection 4 of Section 65 is notfiled, but that does not mean thatsecondary evidencecannot begiven.

y Section 63 & 65 of the Indian Evidence Act enables secondaryevidence of contents of a document to be adduced if original is of such a nature as not to be easily movable.


106/119


107/119

Firos vs . S tate of Kerala


y Govt of Kerala declared the FRIENDS application software asa protected system.

y The author of the application software challenged the

notification and the constitutional validity of section 70.

y The Court upheld the validity of both


108/119

Syed Asifuddin case


y Tata Indicom employees were arrested for manipulationof the electronic 32-bit number (ESN) programmed intocell phones that were exclusively franchised to RelianceInfocomm.

y The court held that such manipulation amounted totampering with computer source code as envisaged by

section 65.

Societe Des products Nestle SA case 2006 (33 ) PTC 46 9


109/119


y By virtue of provision of Section 65A, the contents of electronic records may be proved in evidence by parties in accordance with provision of 65B.

y

Held- Sub section (1) of section 65B makes admissible as a document, paper print out of electronicrecords stored in optical or magnetic media produced by a computer subject to fulfillment of conditions specified in subsection 2 of Section 65B .

a) The computer from which the record is generated was regularly used to store or processinformation in respect of activity regularly carried on by person having lawful control over theperiod, and relates to the period over which the computer was regularly used.

b) Information was fed in the computer in the ordinary course of the activities of the person havinglawful control over the computer.

c) The computer was operating properly, and if not, was not such as to affect the electronic record orits accuracy.

d) Information reproduced is such as is fed into computer in the ordinary course of activity.y State v Mohd Afzal, 2 003 (7) AD (Delhi)1


110/119

Parliament attack case


y Several terrorists attacked Parliament House on 13-Dec-01

y Digital evidence played an important role during theirprosecution.

y The accused had argued that computers and digital evidencecan easily be tampered and hence should not be relied upon.


111/119



y A laptop, several smart media storage disks and devices wererecovered from a truck intercepted at Srinagar pursuant toinformation given by two of the suspects.

y

These articles were deposited in the police malkhana on 16-Dec-01 but some files were written onto the laptop on 21-Dec-01.


112/119



y Evidence found on the laptop included:y fake identity cards,y video files containing clippings of political leaders with

Parliament in background shot from TV news channels,y scanned images of front and rear of a genuine identity card,


113/119



y image file of design of Ministry of Home Affairs car sticker,

y the game 'wolf pack' with the user name 'Ashiq'. Ashiq was thename in one of the fake identity cards used by the terrorists.

The possible reliefs to a cybercrime


114/119

p yvictim and strategy adoption


Possible reliefs to a cybercrime victim- strategy


115/119

ado p tion


y A victim of cybercrime needs to immediately report the matter to his localpolice station and to the nearest cybercrime cell

y Depending on the nature of crime there may be civil and criminalremedies.

y In civil remedies , injunction and restraint orders may be sought, together

with damages, delivery up of infringing matter and/or account for profits.y In criminal remedies, a cybercrime case will be registered by police if the

offence is cognisable and if the same is non cognisable, a complaint should be filed with metropolitan magistrate

y For certain offences, both civil and criminal remedies may be available tothe victim

Pre paration for p rosecution


116/119

p p


y Collect all evidence available & saving snapshots of evidencey Seek a cyberlaw experts immediate assistance for advice on preparing for prosecutiony Prepare a background history of facts chronologically as per factsy Pen down names and addresses of suspected accused.y Form a draft of complaint and remedies a victim seeksy Cyberlaw expert & police could assist in gathering further evidence e.g tracing the IP

in case of e-mails, search & seizure or arrest as appropriate to the situationy

A cyber forensic study of the hardware/equipment/ network server related to thecybercrime is generally essentialy Preparation of chain of events tabley Probing where evidence could be traced? E-mail inbox/files/folders/ web history.y Accused may use erase evidence software/toolsy Forensically screening the hardware/data/files /print outs / camera/mobile/pen

drives of evidentiary value.


117/119

Future Course of Action


y Mumbai Cyber lab is a joint initiative of

Mumbai police andNASSCO M more exchange and coordination of this kind

y M ore Public awareness campaignsy Training of police officers to effectively combat cyber crimesy M ore Cyber crime police cells set up across the countryy Effective E-surveillancey Websites aid in creating awareness and encouraging

reporting of cyber crime cases.y Specialised Training of forensic investigators and expertsy Active coordination between police and other law

enforcement agencies and authorities is required.y Re-interpretation of criminological theories and development

of cyber jurisprudence

Do you h ave any question?


118/119

Do you h ave any question?


119/119