Digital Threats & Forensic Audit – Growing Need and

Professional Opportunity Kolkata 18-10-2014

CA ANAND PRAKASH JANGID,CISA, CISM, ACP

Privileged and Confidential 2

Agenda

• Check in

• The environment today

• Why should we worry

• Computer/Digital Forensic

• Legal aspects

• Awareness and prevention

• Case studies

• Check out

Privileged and Confidential 3

The Future is not, What it used to be

Privileged and Confidential 4

Famous Technology Predictions

I think there is a world market for maybe five computers.’

Thomas Watson, Chairman of IBM, 1943

‘There is no reason why anyone would want a computer in the home.’

Ken Olson, Present, Chairman and founder of Digital Equipment Corporation, 1977

‘640K should be enough for anybody.’

Bill Gates, 1981

‘So far, Java seems like a stinker to me…I have a hunch that it won't be a very successful language.’

Paul Graham, Author

Privileged and Confidential 5

News Headlines from 2013

Privileged and Confidential 6

The Computer world today….

Privileged and Confidential 7

The future is not what is used to

be….

Cyber fraud/crime earnings more then Drug

earnings( source FBI.gov)

Estonia brought to its knee by cyber attacks.

TOR- .onion sites

Identity thefts

Credit cards fraud in 2013 was USD 109 Billion

dollar

You & I

Privileged and Confidential 8

The x-box generation!!!

Privileged and Confidential 9

How tor work…

Privileged and Confidential 10

How tor work…

Privileged and Confidential 11

How tor work…

New Generation Devices

Typical skimming device beside

new device

New device consists of magnetic

tape reader and battery-powered

radio transmitter unit for

transmitting data.

Skimming at the Pump

Skimming at the Pump

Privileged and Confidential 15

Lets understand the new world order

Privileged and Confidential 16

The Fraud

•January 2008 Société

Générale announced that it

lost approximately €4.9

billion( $ 7.2 Billion) due to

unauthorized trading

•The bank was founded in

1984

•Operates in 82 countries and

employs 151,000 people

worldwide

Privileged and Confidential 17

The Man

Jérôme Kerviel (born

January 11, 1977)

Started his career in

2000 in the complaince

dept of SG

2005 Promoted as

JUNIOR trader in the

“Delta one” Product

team

Privileged and Confidential 18

What so special about the fraud !!!!

Magnitude of the event - $7 billion in losses, surpassing any other example of unauthorized trading

incidents in history.

Singly perputed by a JUNIOR trader

Privileged and Confidential 19

How it happned

A Junior trader(Jérôme) in SocGen’s Delta One business entered in to significant long positions in

Eurostoxx,DAX & FTSE index futures.

In the normal course of business these long positions would be hedged however the trader did not

take out genuine hedging trades

Privileged and Confidential 20

How it Happened..cont

The trader offset the reported market risk by entering in to fictitious hedge transactions.

To avoid controls he Chose transactions with “ no cash movements or margin call & which didn’t

require immediate confirmation “

Privileged and Confidential 21

How it Happened..cont

Used other individuals passwords to cancel certain transaction

Falsified documents to justify the transactions

Ensured that the fictitious transactions were of a different instrument than the ones he cancelled

Privileged and Confidential 22

Able to Use/guess other individuals passwords to cancel/conceal certain transactions.

Fake mail confirmations for the trades.

Trader used his experience of working in middle office roles to circumvent control processes .

Diverse application and access control across it not in sync.Old access to apps not removed for the

new role

Cause/contributory factor

Privileged and Confidential 23

What is Mr. Jerome doing now ?

Kerviel is now into a new job at information technology security consulting

firm Lemaire Consultants & Associates

Privileged and Confidential 24

Definition

What is Computer Forensics??

Computer forensics involves the preservation, identification, extraction, documentation, and interpretation of computer media for evidentiary and/or root cause analysis.

Multiple methods of

Discovering data on computer system

Recovering deleted, encrypted, or damaged file information

Monitoring live activity

Detecting violations of corporate policy

Information collected assists in arrests, prosecution, termination of employment, and preventing future illegal activity

Privileged and Confidential 25

Definition (cont)

•What Constitutes Digital Evidence?

Any information being subject to human intervention or not, that can be extracted from a computer.

Must be in human-readable format or capable of being interpreted by a person with expertise in the subject.

•Computer Forensics Examples

Recovering thousands of deleted emails

Performing investigation post employment termination

Recovering evidence post formatting hard drive

Performing investigation after multiple users had taken over the system

Privileged and Confidential 26

Reasons For Evidence.. Some

example Wide range of computer crimes and misuses

Fraud

SPAM investigations

Virus/Trojan distribution

Intellectual property breaches & Espionage

Unauthorized use of personal information (my favorite)

• Tracking internet browsing habits

• Reconstructing Events

• Selling company bandwidth

• Sexual harassment

• Software Piracy

Privileged and Confidential 27

Who Uses Computer Forensics?

Criminal Prosecutors

Civil Litigations

Insurance Companies

Private Corporations

Law Enforcement Officials

Individual/Private Citizens

Privileged and Confidential 28

Steps Of Computer Forensics

Computer forensic is emerging body of knowledge. Presently most experts follow a four (4) step process

Acquisition

Physically or remotely obtaining possession of the computer, all network mappings from the system, and external physical storage devices

Identification

This step involves identifying what data could be recovered and electronically retrieving it by running various Computer Forensic tools and software suites

Evaluation

Evaluating the information/data recovered to determine if and how it could be used again the suspect for employment termination or prosecution in court

Privileged and Confidential 29

Steps Of Computer Forensics (cont)

Presentation

This step involves the presentation of evidence discovered in a

manner which is understood by lawyers, non-technically

staff/management, and suitable as evidence as determined by

United States and internal laws

Privileged and Confidential 30

Who are these typical fraudster and what's their

motives???

Privileged and Confidential 31

RBN – Who?

12 Levashovskiy Prospect. 197110 Saint-Petersburg, - RU RBN

Operations

Ref: Bizeul.org - 11/21/07

Ref: Bizeul.org

Privileged and Confidential 32

RBN – What? (a)

The Russian Business Network (commonly abbreviated as RBN) is a

Russian Internet Service Provider based in St. Petersburg which is

notorious for its hosting of illegal and dubious businesses, including;

child pornography, phishing and malware distribution sites. -

Wikipedia

Privileged and Confidential 33

Requirements Model

33

Ref: David Bizeul

Privileged and Confidential 34

Definition of Evidence..

The Act amends the definition of ‘Evidence’in Section 3, the interpretation

clause of the Indian Evidence Act 1872, to state:

‘Evidence’ means and includes

1) ..

2) All documents including electronic records produced for the inspection

of the Court

Privileged and Confidential 35

What is an Electronic Record ?

According to section 2(t) of the Information Technology Act, 2000 “electronic record” means

data, record or data generated, image or sound stored, received or sent in an electronic form or

micro film or computer generated micro fiche.

Privileged and Confidential 36

Legal Recognition of electronic records

Section 4 of The IT Act,2000

Where any law provides that information or any

other matter shall be in writing or in the typewritten

or printed form, then, notwithstanding anything

contained in such law, such requirement shall be

deemed to have been satisfied if such information

or matter is-

a) rendered made available in an electronic form;

and

b) accessible so as to be usable for a subsequent

reference.

Privileged and Confidential 37

Electronic Evidence

(Recent Case Law)

Mohinder Sharma, a resident of Budhpur in northwest Delhi was Sent to 20 years of Imprisonment and 1.02 Lakhs Penalty was charged.”Electronic Evidence was Relied upon”

Mohinder Sharma V/S State , Delhi HC

Surveillance with the help of its unique international mobile equipment identity (IMEI) number and was found being used by Sharma with a different SIM. He had destroyed the original SIM.

Privileged and Confidential 38

Case Law on Email as evidence

M/s. P. R. Transport Agency v. Union of India (AIR 2006 ALLAHABAD

23)

Thus, the acceptance of the tender, communicated by the

respondents to the petitioner by e-mail, will be deemed to be received by

the petitioner at Varanasi or Chandauli, which are the only two places

where the petitioner has his place of business

Privileged and Confidential 39

Case Law on SMS,MMS as Evidence

In State of Delhi v. Mohd. Afzal & ors,

It was held that electronic records are admissible as

evidence. If someone challenges the accuracy of a

computer evidence or electronic record on the

grounds of misuse of system or operating failure or

interpolation, then the person challenging it must

prove the same beyond reasonable doubt. The court

observed that mere theoretical and general

apprehensions cannot make clear evidence

defective and in admissible. This case has well

demonstrated the admissibility of electronic

evidence in various forms in Indian courts.

Privileged and Confidential 40

Some Case Studies

Google adword fraud and pay per click fraud

Geometric software example ( Intellectual property)

Delhi Airport Data card issue( Bandwidth and Identify theft)

BBMP(Database related fraud)

Tokyo stock exchange -

TDS Fraud at income tax Hyderabad

Swift frauds

Onmobile Case

Digital signtaure

Cloud Forensics

Privileged and Confidential 42

Cloud Forensics

Cloud forensics is a cross discipline of cloud computing and digital forensics.

Cloud forensics is a subset of network forensics.

Network forensics deals with forensic investigations of networks.

Cloud computing is based on broad network access. cloud forensics follows the main phases of

network forensics with techniques tailored to cloud computing environments.

Intro Control

and Audit Risks Forensics

Privileged and Confidential 43

Objectives of Digital Forensics

To find out whether the digital artifact had been used for a criminal act

To identify the data that had been generated during the period of committing the criminal act

To recover and preserve the integrity of the data that had been generated

To analyze the data and prove in the court of law the validity and integrity of the data

Intro Control

and Audit Risks Forensics

Privileged and Confidential 44

Challenges in Cloud Forensics

Forensic Data Collection

Live Forensics

Evidence Segregation

Virtualised Environments

Internal Staffing

External Dependency

Chains

Service Level Agreements

Multiple Jurisdictions

Intro Control

and Audit Risks Forensics

Questions and

Thank You CA ANAND PRAKASH JANGID

+91 9620233516

anand@quadrisk.com

www.quadrisk.com