Date post: | 09-Apr-2018 |
Category: |
Documents |
Upload: | dr-tabrez-ahmad |
View: | 220 times |
Download: | 0 times |
of 119
8/8/2019 My Presentation ISV Conference 7th Jan 2011
1/119
Dr. Tabrez Ahmad Associate Professor of Lawwww.site.technolexindia.comtechnolexindia.blogspot.com
Victims of Cybercrimes( Presented in the 3 rd International ISV
Conference 6-8 th January 2011
8/8/2019 My Presentation ISV Conference 7th Jan 2011
2/119
M onday, January 10, 2011
8/8/2019 My Presentation ISV Conference 7th Jan 2011
3/119
Agenda
10 January 20113
1. Background of Cybercrimes2. The categories of cybercrimes3. Combating Cybercrimes4. Phishing5. Liability of ISPs and Govt.6. The prosecution in cybercrimes7. Admissibility of digital evidence in courts8. Possible defense by an accused in a
computer related crime
9. Criminological theories and cybercrimes10. Cyberforensics11. The possible reliefs to a cybercrime
victim and strategy adoption
12. Future course of action
8/8/2019 My Presentation ISV Conference 7th Jan 2011
4/119
Digital Revolution Internet Infra in INDIA
4
4.8 Mil. HighSpeed Internet
65 Mil. InternetUsers
248 Mil. MobilePhones
8 Mil. Mobile Phones being addedper month
Internet
BSNL
Bharti
TATACommunications
Reliance
ERNET
Mail Servers
1Mil. Domains(0.5 Mil. .in)
DNS
130+ IDCs 134 Major
ISPs
134 Major
ISPs
VOIP, IPTV
NIC
INDIA InternetInfrastructure:2008.5
Govt.
Academia
Enterprise
Home
Tele Density 24 per 1000 person
IT /
ITESBPO
Targetted Broadband connection = 10 Mil.(2010)
8/8/2019 My Presentation ISV Conference 7th Jan 2011
5/119
B ac r f ercri e
10 January 2011www.site.technolexindia.com,http://technolexindia.blogspot.com5
Real-world &Virtual- world
Current approaches evolved to deal with real-world crime
Cybercrime occurs in a virtual-world and
therefore presents different issues
8/8/2019 My Presentation ISV Conference 7th Jan 2011
6/119
8/8/2019 My Presentation ISV Conference 7th Jan 2011
7/119
Background of Cybercrime Cont
10 January 2011www.site.technolexindia.com,http://technolexindia.blogspot.com7
y Internet for SecurityUSA ARPANETy Internet for Researchy Internet for e-commerce UNCITRAL Model Law 1996y I.T Act 2000y Internet for e-governancey Internet regulation serious matter after 9/11 attack on World
Trade Centrey US Patriot Acty I.T Amendment Act 2008
8/8/2019 My Presentation ISV Conference 7th Jan 2011
8/119
Categories of Cyber crimes
810 January 2011 www.site.technolexindia.com,http://technolexindia.blogspot.com
Crime against property
Crime againstGovernment
Crime against persons
8/8/2019 My Presentation ISV Conference 7th Jan 2011
9/119
Categories of Cybercrimes
Cyber trespass
Trespassto person
Identit
y Theft
Phising
Cyberstalking
Spamming
Hacking
Trespass toProperty
Cybersquating
Software Piracy
Data Theft
Breach of ConfidentialInformation- Wikileaks
Cyberlibel Stealing Contents fromWebsites
Breach of Privacy
Cookies,Viruses
webcrawling
Onlinesurvellianc
e
M agicLanternTec
hnique
Cyberterrorism
FlowingPornograph
y
10 January 2011 www.site.technolexindia.com,http://technolexindia.blogspot.com 9
8/8/2019 My Presentation ISV Conference 7th Jan 2011
10/119
Wh at is India incs biggest t h reat?
10 January 2011www.site.technolexindia.com,http://technolexindia.blogspot.com10
y Cyber crime is now a bigger threat to India Inc than physical crime. In a
recent survey by IBM, a greater number of companies (44%) listed cybercrime as a bigger threat to their profitability than physical crime (31%).
The cost of cyber crime stems primarily from loss of revenue, loss of market capitalisation, damage to the brand, and loss of customers, in that
order.About 67% local Chief Information Officers (CIOs) who took part in thesurvey perceived cyber crime
as more costly, compared to the global
benchmark of 50%.
8/8/2019 My Presentation ISV Conference 7th Jan 2011
11/119
Combating cyber crimes
y Legal framework-laws & enforcement
y Technological measures-Public key cryptography,Electronic signatures ,Firewalls, honey pots
y Cyber investigation-Computer forensics is the processof identifying, preserving, analyzing and presentingdigital evidence in a manner that is legally acceptable incourts of law.
y
These rules of evidence include admissibility (in courts),authenticity (relation to incident), completeness,reliability and believability.
1110 January 2011www.site.technolexindia.com,http://technolexindia.blogspot.com
8/8/2019 My Presentation ISV Conference 7th Jan 2011
12/119
Legal Framework- Laws & Enforcement
10 January 2011www.site.technolexindia.com,http://technolexindia.blogspot.com12
y Information Technology Act, 2000-came into force on 17 October 2000y Information Technology ( Amendment) Act, 2008-came into force on 27 October
2009y The Information Technology ( Use of Electronic Records and Digital Signatures)
Rules, 2004y The Information Technology (Security Procedure) Rules, 2004y The Information Technology ( Procedure and Safeguards for Interception,
Monitoring, and Decryption of Information ) Rules, 2009y The Information Technology ( Procedure and Safeguards, for Blocking for Access oInformation by Public ), Rules, 2009
y The Information Technology ( Procedure and Safeguards for Monitoring
and Collecting Traffic Data orInformation ) Rules, 2009.
8/8/2019 My Presentation ISV Conference 7th Jan 2011
13/119
International initiatives
10 January 2011www.site.technolexindia.com,http://technolexindia.blogspot.com13
y Representatives from the 26 Council of Europemembers, the United States, Canada, JapanandSouth Africain 2001 signed a convention oncybercrime in efforts to enhance internationalcooperation in combating computer-based crimes.
The Convention on Cybercrime, drawn up byexperts of the Council of Europe, is designed tocoordinate these countries' policies and laws onpenalties on crimes in cyberspace, define theformula guaranteeing the efficient operation of thecriminal and judicial authorities, and establish anefficient mechanism for international cooperation.
y In 1997, TheG-8 Ministersagreed to ten"Principles to Combat High-Tech Crime" and an
"Action Plan to Combat High-Tech Crime."
y Main objectives-y Create effective cyber crime
lawsy Handle jurisdiction issuesy Cooperate in international
investigationsy Develop acceptable practices for
search and seizurey Establish effective
public/private sector
interaction
8/8/2019 My Presentation ISV Conference 7th Jan 2011
14/119
Combating Cyber crime-Indian legal framework
10 January 2011www.site.technolexindia.com,http://technolexindia.blogspot.com14
y Information Technology Act, 2000-came into force on 17 October 2000y Extends to whole of India and also applies to any offence or contravention
there under committed outside India by any person {section 1 (2)}y read with Section 75- Act applies to offence or contraventioncommitted
outside India by any personirrespective of his nationality,if such actinvolves a computer, computer system ornetwork located in India
y Section 2 (1) (a) Access means gaining entry into ,instructing orcommunicating with the logical, arithmetic or memory function resourcesof a computer, computer resource or network
y IT Act confers legal recognition to electronic records and digitalsignatures (section 4,5 of the IT Act,2000)
8/8/2019 My Presentation ISV Conference 7th Jan 2011
15/119
Cyber contravention
10 January 2011www.site.technolexindia.com,http://technolexindia.blogspot.com15
y The IT Act prescribes provisions for contraventions inCh IXof
the Act, particularlySec. 43of the Act, which covers
unauthorised access, downloading, introduction of virus, denial
of access and Internet time theft committed by any person. It
prescribes punishment by way of damages not exceeding Rs 1
crore to the affected party.
8/8/2019 My Presentation ISV Conference 7th Jan 2011
16/119
Section 46 IT Act
10 January 2011www.site.technolexindia.com,http://technolexindia.blogspot.com16
y Section 46of the IT Act states that an adjudicating officer shall beadjudging whether a person has committed a contravention of any of theprovisions of the said Act, by holding an inquiry. Principles of audialterum partum and natural justice are enshrined in the said sectionwhich stipulates that a reasonable opportunity of making a representationshall be granted to the concerned person who is alleged to haveviolated the provisions of the IT Act. The said Act stipulates that theinquiry will be carried out in the manner as prescribed by the CentralGovernment
y All proceedings before him are deemed to be judicial proceedings, everyAdjudicating Officer has all powers conferred on civil courts
y Appeal to cyber Appellate Tribunal- from decision of Controller,Adjudicating Officer {section 57 IT act}
8/8/2019 My Presentation ISV Conference 7th Jan 2011
17/119
Section 47, IT Act
10 January 2011www.site.technolexindia.com,http://technolexindia.blogspot.com17
y Section 47of the Act lays down that while adjudging the quantumof compensation under this Act, the adjudicating officer shallhave due regard to the following factors, namely-
y (a) the amount of gain of unfair advantage, wherever quantifiable,made as a result of the default;
y (b) the amount of loss caused to any person as a result of thedefault;
y (c) the repetitive nature of the default
8/8/2019 My Presentation ISV Conference 7th Jan 2011
18/119
10 January 2011www.site.technolexindia.com,http://technolexindia.blogspot.com18
y Chapter XIof the IT Act 2000 discusses thecyber crimesand offencesinter alia, tampering with computer source documents (s 65), hacking (s
66), publishing of obscene information (s 67), unauthorised access to
protected system (s 70), breach of confidentiality (s 72), publishing falsedigital signature certificate (s 73).
8/8/2019 My Presentation ISV Conference 7th Jan 2011
19/119
10 January 2011www.site.technolexindia.com,http://technolexindia.blogspot.com1 9
y Whereas cyber contraventions are civil wrongs for which
compensation is payable by the defaulting party, cyber offences
constitute cyber frauds and crimes which are criminal wrongs for which
punishment of imprisonment and/or fine is prescribed by the
Information Technology Act 2000.
8/8/2019 My Presentation ISV Conference 7th Jan 2011
20/119
Section 65: Source Code
10 January 2011www.site.technolexindia.com,http://technolexindia.blogspot.com20
y Most important asset of software companiesy Computer Source Code" means the listing of
programmes, computer commands, design and layouty Ingredients
y Knowledge or intentiony Concealment, destruction, alterationy computer source code required to be kept or maintained by law
y Punishmenty imprisonment up to three years and / ory fine up to Rs. 2 lakh
8/8/2019 My Presentation ISV Conference 7th Jan 2011
21/119
Hacking
10 January 2011www.site.technolexindia.com,http://technolexindia.blogspot.com21
y Section 66 of the IT Act 2000 deals with the offence of computer hacking.y In simple words, hacking is accessing of a computer system without the
express or implied permission of the owner of that computer system.y Examples of hacking may include unauthorised input or alteration of
input, destruction or misappropriation of output, misuse of programs oralteration of computer data.
y Punishment for hacking is imprisonment upto 3years or fine which mayextend to 2 lakh rupees or both
8/8/2019 My Presentation ISV Conference 7th Jan 2011
22/119
Publis h ing obscene information
10 January 2011www.site.technolexindia.com,http://technolexindia.blogspot.com22
y Section 67 of the IT Act lays down punishment for the offence of
publishing of obscene information in electronic formy Recently, the Supreme Court in Ajay Gosw ami v Union of India considered
the issue of obscenity on Internet and held that restriction on freedom of speech on ground of curtailing obscenity amounts to reasonablerestriction under art 19(2) of the Constitution. The court observed thatthe test of community mores and standards has become obsolete in theInternet age.
y punishment on first conviction with imprisonment for a term which mayextend to 5 years and with fine which may extend to 1 lakh rupees. In theevent of second conviction or subsequent conviction imprisonment of description for a term which may extend to 10 years and fine which may
extend to2 lakh rupees.
8/8/2019 My Presentation ISV Conference 7th Jan 2011
23/119
Phishing
Phishing is a type of deception designed to stealyour valuable personal data, such as credit cardnumbers, passwords, account data, or other information.
Con artists might send millions of fraudulent e-mailmessages that appear to come from Web sites youtrust, like your bank or credit card company, andrequest that you provide personal information .
8/8/2019 My Presentation ISV Conference 7th Jan 2011
24/119
Phreaking + F ishing = Phishing- Phreaking = making phone calls for free back in 70s- F ishing = Use bait to lure the target
Phishing in 1995Target: AOL usersPurpose: getting account passwords for free timeThreat level: lowTechniques: Similar names ( www.ao1.com for www.aol.com ), socialengineering
Phishing in 2001Target: Ebayers and major banksPurpose: getting credit card numbers, accountsThreat level: mediumTechniques: Same in 1995, keylogger
Phishing in 2007Target: Paypal, banks, ebayPurpose: bank accountsThreat level: high
Techniques: browser vulnerabilities, link obfuscation
History of Phishing
8/8/2019 My Presentation ISV Conference 7th Jan 2011
25/119
Over 28,000 unique phishing attacks reported in Dec.2006, about double the number from 2005, Now somany millions in 2010.Estimates suggest phishing affected 2 million UScitizens and cost businesses billions of dollars in2010
Additional losses due to consumer fears
Phishing: A Growing Problem
8/8/2019 My Presentation ISV Conference 7th Jan 2011
26/119
Phishing Scams As scam artists become more sophisticated, so do their
phishing e-mail messages and pop-up windows.
They often include official-looking logos from realorganizations and other identifying information taken directlyfrom legitimate Web sites.Socially aware attacks
M ine social relationships from public dataPhishing email appears to arrive from someone known to the victimUse spoofed identity of trusted organization to gain trustUrge victims to update or validate their accountThreaten to terminate the account if the victims not reply
Use gift or bonus as a baitSecurity promises
Context-aware attacksYour bid on eBay has won!The books on your Amazon wish list are on sale!
8/8/2019 My Presentation ISV Conference 7th Jan 2011
27/119
Another Example :
8/8/2019 My Presentation ISV Conference 7th Jan 2011
28/119
But wait
W HOIS 210.104.211.21:Location: Korea, Republic Of
Even bigger problem:
I dont have an account with US Bank!
Images from Anti-Phishing Working Groups Phishing Archive
8/8/2019 My Presentation ISV Conference 7th Jan 2011
29/119
Here are a few phrases to look for if you think an e-mail message is aphishing scam.
" Verify your account. " Businesses should not ask you to sendpasswords, login names, Social Security numbers, or other personal
information through e-mail. If you receive an e-mail from anyone askingyou to update your credit card information, do not respond: this is aphishing scam.
" If you don't respond within 48 hours, your account will beclosed. " These messages convey a sense of urgency so that you'll
respond immediately without thinking. Phishing e-mail might even claimthat your response is required because your account might have beencompromised.
F raudulent E-mail Messages
8/8/2019 My Presentation ISV Conference 7th Jan 2011
30/119
F raudulent E-mail Messages (contd)
" Dear Valued Customer. " Phishing e-mail messages are usuallysent out in bulk and often do not contain your first or last name.
" Click the link below to gain access to your account. " HTM L-formatted messages can contain links or forms that you can fill out justas you'd fill out a form on a Web site. The links that you are urged toclick may contain all or part of a real company's name and are usually" masked, " meaning that the link you see does not take you to thataddress but somewhere different, usually a phony Web site.
Notice in the following example that resting the mouse pointer on thelink reveals the real Web address, as shown in the box with the yellowbackground. The string of cryptic numbers looks nothing like thecompany's Web address, which is a suspicious sign.
8/8/2019 My Presentation ISV Conference 7th Jan 2011
31/119
Con artists also use Uniform Resource Locators ( URLs )that resemble the name of a well-known company but areslightly altered by adding, omitting, or transposing letters.
For example, the URL "www.microsoft.com" could appear instead as:
www.mi c osoft.comwww.mi rc osoft.com
www. verify -microsoft.com
F raudulent E-mail Messages (contd)
8/8/2019 My Presentation ISV Conference 7th Jan 2011
32/119
Never respond to an email asking for personal information Always check the site to see if it is secure. Call the phonenumber if necessary
Never click on the link on the email. Retype the address in anew window
Keep your browser updatedKeep antivirus definitions updatedUse a firewall
F raudulent E-mail Messages (contd)
8/8/2019 My Presentation ISV Conference 7th Jan 2011
33/119
Phishing F ilter (http://www.microsoft.com/athome/security/online/phishing
_filter.mspx) helps protect you from Web fraud and the risks of personal data theft by warning or blocking you from reported
phishing Web sites.Install up-to-date antivirus and antispyware software .
Some phishing e-mail contains malicious or unwanted software(like keyloggers ) that can track your activities or simply slowyour computer.
Numerous antivirus programs exist as well as comprehensivecomputer maintenance services like Norton Utilities . To helpprevent spyware or other unwanted software, downloadWindows Defender.
Install the Microsoft Phishing F ilter Using
Internet Explorer 7 or W indows Live Toolbar
8/8/2019 My Presentation ISV Conference 7th Jan 2011
34/119
Th e Information Tec h nology (Amendment) Act, 2008h as come into force on 27t h October, 200 9.
10 January 2011
www.site.technolexindia.com,
http://technolexindia.blogspot.com34
y Almost Nine years and 10 days after the birth of cyber laws in India, the new improved cyber lawregime in India has become a reality.
y There are around 17 changes and out of that most of the changes relate to cyber crimes.
8/8/2019 My Presentation ISV Conference 7th Jan 2011
35/119
Some of the major modifications are:
10 January 2011
www.site.technolexindia.com,
http://technolexindia.blogspot.com35
y
1. A special liability has been imposed on call centers, BPOs, banks andothers who hold or handlesensitive personal data . If they are negligentin "implementing and maintaining reasonable security practices andprocedures", they will be liable to pay compensation. It may be recalledthat India's first major BPO related scam was the multi crore MphasiS-Citibank funds siphoning case in 2005. Under the new law, in such cases,
the BPOs and call centers could also be made liable if they have notimplemented proper security measures.y 2 . Compensation on cyber crimes like spreading viruses, copying data,
unauthorised access, denial of service etc is not restricted to Rs 1 croreanymore. The Adjudicating Officers will have jurisdiction for cases wherethe claim is upto Rs. 5 crore. Above that the case will need to be filed before the civil courts.
8/8/2019 My Presentation ISV Conference 7th Jan 2011
36/119
10 January 2011
www.site.technolexindia.com,
http://technolexindia.blogspot.com36
y 3.The offence of cyber terrorism has been specially included
in the law. A cyber terrorist can be punished with lifeimprisonment.
y 4. Sendingthreatening emails and sms are punishable with jailupto 3 years.
y 5. Publishingsexually explicit acts in the electronic form ispunishable with jail upto 3 years. This would apply to cases likethe Delhi MMS scandal where a video of a young couple havingsex was spread through cell phones around the country.
8/8/2019 My Presentation ISV Conference 7th Jan 2011
37/119
10 January 2011
www.site.technolexindia.com,
http://technolexindia.blogspot.com37
y 6 .Voyeurism is now specifically covered. Acts like hiding cameras inchanging rooms, hotel rooms etc is punishable with jail upto 3 years.This would apply to cases like the infamous Pune spycam incidentwhere a 58-year old man was arrested for installing spy cameras in hishouse to 'snoop' on his young lady tenants.
y 7. Cyber crime cases can now be investigated byI nspector rank
police officers. Earlier such offences could not be investigated by anofficer below the rank of a deputy superintendent of police.y 8. Collecting, browsing, downloading etc of child pornography is
punishable with jail upto 5 years for the first conviction. For asubsequent conviction, the jail term can extend to 7 years. A fine of
upto Rs 10 lakh can also be levied.
8/8/2019 My Presentation ISV Conference 7th Jan 2011
38/119
10 January 2011
www.site.technolexindia.com,
http://technolexindia.blogspot.com38
y 9. The punishment for spreadingobscene material by email,websites, sms has been reduced from 5 years jail to 3 years jail.This covers acts like sending 'dirty' jokes and pictures by email orsms.
y 10. Refusing to hand over passwords to an authorized officialcould land a person in prison for upto 7 years.
y 11. Hacking into aG overnment computer or website , oreven trying to do so in punishable with imprisonment upto 10years.
y 12 . Rules pertaining to section 52 (Salary, Allowances and OtherTerms and Conditions of Service of Chairperson and Members),
8/8/2019 My Presentation ISV Conference 7th Jan 2011
39/119
10 January 2011
www.site.technolexindia.com,
http://technolexindia.blogspot.com39
y 13. Rules pertaining to section 69 (Procedure and Safeguards forInterception, Monitoring and Decryption of Information),
y 14 . Rules pertaining to section 69A (Procedure and Safeguardsfor Blocking for Access of Information by Public),
y 15 . Rules pertaining to section 69B (Procedure and safeguardfor Monitoring and Collecting Traffic Data or Information) and
y
16 . Notification under section 70B for appointment of the IndianComputer Emergency Response Team.y 17 . Rules Rules pertaining to section 54 (Procedure for
Investigation of Misbehaviour or Incapacity of Chairperson andMembers),
8/8/2019 My Presentation ISV Conference 7th Jan 2011
40/119
Arms ActOnline sale of Arms
Sec. 383 IPCW eb -Jacking
NDPS ActOnline sale of Drugs
Sec 416, 417, 463 IPCEmail spoofing
Sec 420 IPCBogus websites, cyber frauds
Sec 463, 470, 471 IPCF orgery of electronic records
Sec 499, 500 IPCSending defamatory messages by email
Sec 503 IPCSending threatening messages by email
Computer Related Crimes under IPCand Special Laws
40
8/8/2019 My Presentation ISV Conference 7th Jan 2011
41/119
Sp ecial and General statutes a pp licable tocybercrimes
10 January 2011www.site.technolexindia.com,
http://technolexindia.blogspot.com41
y While the IT Act 2000, provides for the specific offences it has to be read with the Indian
Penal Code 1860 (IPC) and the Code of Criminal Procedure 1973 (Cr PC)
IT Act is a special law, most IT experts are of common consensus that it does not cover or
deal specifically with every kind of cyber crimey for instance, fordef amator y emailsreliance is placed onSec. 500of IPC, forthreatening e-
mails, provisions of IPC applicable thereto arecriminal intimidation (ch XXII), extortion
(ch XVII), for e-mail spoofing, provisions of IPC relating tofrauds, cheating by personation
(ch XVII) and forgery (ch XVIII)are attracted.
8/8/2019 My Presentation ISV Conference 7th Jan 2011
42/119
10 January 2011www.site.technolexindia.com,
http://technolexindia.blogspot.com42
y Likewise,criminal breach of trustand fr aud (SS 405, 406, 408, 409) of the
IPCare applicable and forfalse electronic evidence, Sec. 193of IPC
applies.
y For cognisability and bailability, reliance is placed on Code of Criminal
Procedure which also lays down the specific provisions relating topowers of police to investigate.
8/8/2019 My Presentation ISV Conference 7th Jan 2011
43/119
Liability of ISPs and Govt.
10 January 2011www.site.technolexindia.com,
http://technolexindia.blogspot.com43
GO VERNMENT NSP??
y Governments Providing Services On The Network
y Governments Are Intermediaries. Sec 79 IT Act.y Under The It Act, 2000, All Governments, Central
And State, All Governmental Bodies Are Network
Service Providers
8/8/2019 My Presentation ISV Conference 7th Jan 2011
44/119
Liability of ISPs and Govt.
10 January 2011www.site.technolexindia.com,
http://technolexindia.blogspot.com44
Section 79 of IT Act 200y For the removal of doubts, it is hereby declared that no person
providing any service as a network service provider shall be liableunder this Act, rules or regulations made there under for any thirdparty information or data made available by him if he proves thatthe offence or contravention was committed without hisknowledge or that he had exercised all due diligence to preventthe commission of such offence or contravention.
8/8/2019 My Presentation ISV Conference 7th Jan 2011
45/119
Liability of ISPs and Govt. (Contd.)
10 January 2011www.site.technolexindia.com,
http://technolexindia.blogspot.com45
Network Service Providers:When Not Liabley Ex pl anation. For the purposes of this section,
( a) "network service provider" means an intermediary;( b ) "third party information" means any information dealt with by a
network service provider in his capacity as an intermediary.
8/8/2019 My Presentation ISV Conference 7th Jan 2011
46/119
Liability of ISPs and Govt.
10 January 2011www.site.technolexindia.com,
http://technolexindia.blogspot.com46
TRANSPARENCYy Need ForTransparent E-governance
y
RightTo Information Acty Government Would Now Not Be Able To Hide Records
Concerning E-governance
8/8/2019 My Presentation ISV Conference 7th Jan 2011
47/119
Government Initiative
10 January 2011www.site.technolexindia.com,
http://technolexindia.blogspot.com47
The Cyber Crime Investigation cell (CCIC) of the CBI, notified in September 1999, startedfunctioning from 3 M arch 2000.
It is located in New Delhi, M umbai, Chennaiand Bangalore.
Jurisdiction of the cell is all over India.
Any incident of the cyber crime can bereported to a police station, irrespective of whether it maintains a separate cell or not.
8/8/2019 My Presentation ISV Conference 7th Jan 2011
48/119
The Indian Computer Emergency ResponseTeam (CERT-In)
10 January 2011www.site.technolexindia.com,
http://technolexindia.blogspot.com48
y I T Amendment ACT 2008 .70A. (1 ) T he Indian Com puter E mergenc y ResponseT eam ( C E RT -In ) shall serve as the national
nodal agency in respect of Critical Information Infrastructure for coordinating allactions relating to information security practices, procedures, guidelines, incident
prevention, response and report.
(2 ) F or the purposes of sub-section(1 ), the Director of the Indian Com puter Emergency ResponseTeam may call for information pertaining to cyber security from the service providers,intermediaries or any other person.
8/8/2019 My Presentation ISV Conference 7th Jan 2011
49/119
Amendments- Indian Evidence
Act 1872y Section 3of the Evidence Act amended to take care of admissibility of
ER as evidence along with the paper based records as part of thedocuments which can be produced before the court for inspection.
y Section 4of IT Act confers legal recognition to electronic records
10 January 2011www.site.technolexindia.com,http://technolexindia.blogspot.com 4
9
8/8/2019 My Presentation ISV Conference 7th Jan 2011
50/119
AUTHENTICATION OF ELECTRONICRECORDS
10 January 2011www.site.technolexindia.com,
http://technolexindia.blogspot.com50
y Any subscriber may authenticate an electronic recordy Authentication by affixing his digital signature.y Any person by the use of a public key of the subscriber can
verify the electronic record
8/8/2019 My Presentation ISV Conference 7th Jan 2011
51/119
LEGALITY OF ELECTRONIC S IGNATURES
10 January 2011www.site.technolexindia.com,
http://technolexindia.blogspot.com51
y Legal recognition of digital signatures.
y Certifying Authorities for Digital Signatures.
y
Scheme for Regulation of Certifying Authorities for DigitalSignatures
8/8/2019 My Presentation ISV Conference 7th Jan 2011
52/119
CONTROLLER OF CERTIFYING AUTHORITIES
10 January 2011www.site.technolexindia.com,
http://technolexindia.blogspot.com52
y Shall exercise supervision over the activities of Certifying Authoritiesy Lay down standards and conditions governing Certifying Authoritiesy Specify various forms and content of Digital Signature Certificates
8/8/2019 My Presentation ISV Conference 7th Jan 2011
53/119
DIGITAL S IGNATURES & ELECTRONICRECORDS
10 January 2011www.site.technolexindia.com,
http://technolexindia.blogspot.com53
y Use of Electronic Records and Electronic Signatures in
GovernmentAgencies.
y Publications of rules and regulations in the Electronic
Gazette.
y MCA 21 Project- Usage of Digital Signatures
8/8/2019 My Presentation ISV Conference 7th Jan 2011
54/119
Presum p tions in law- Section 85 BIndian Evidence Act
10 January 2011www.site.technolexindia.com,
http://technolexindia.blogspot.com54
y The law also presumes that in any proceedings, involvingsecure digitalsignature, the court shall presume, unless the contrary is proved, that thesecuredigital signature is affixed by the subscriber with the intention of signing orapproving the electronic record
y
In any proceedings involving asecure electronic record, the court shallpresume, unless contrary is proved, that the secure electronic record has not been alteredsince the specific point of time, to which the secure status relates
8/8/2019 My Presentation ISV Conference 7th Jan 2011
55/119
P resum p tion as to electronic messages-Section 88A of Evidence Act
10 January 2011www.site.technolexindia.com,
http://technolexindia.blogspot.com55
y The court may treat electronic messages received as if they weresent by the originator, with the exception that apresumption isnot to be made as to the person by whom such message was sent.
y It must be proved that the message has been forwarded from the
electronic mail server to the person ( addressee ) to whom suchmessage purports to have been addressedy An electronic message is primary evidence of the fact that the
same was delivered to the addressee on date and time indicated.
8/8/2019 My Presentation ISV Conference 7th Jan 2011
56/119
IT Amendment Act 2008- Section 7 9 A
10 January 2011www.site.technolexindia.com,
http://technolexindia.blogspot.com56
y Section 79A empowers the Central govt to appoint any department, body or agency as examiner of electronic evidence for proving expertopinion on electronic form evidence before any court or authority.
y Till now, government forensic lab of hyderabad was considered of
evidentiary value in courts- CFSILy Statutory status to an agency as per Section 79A will be of vital
importance in criminal prosecution of cybercrime cases in India
8/8/2019 My Presentation ISV Conference 7th Jan 2011
57/119
8/8/2019 My Presentation ISV Conference 7th Jan 2011
58/119
Sec 70 P rotected System
10 January 2011www.site.technolexindia.com,
http://technolexindia.blogspot.com58
y
Ingredientsy Securing unauthorised access or attempting to secure unauthorisedaccess
y to protected systemy Acts covered by this section:
y
Switching computer on / off y Using installed software / hardwarey Installing software / hardwarey Port scanning
y Punishmenty
Imprisonment up to 10 years and finey Cognizable, Non-Bailable, Court of Sessions
8/8/2019 My Presentation ISV Conference 7th Jan 2011
59/119
Criminological T h eories & Cyber Crime
Space Transition Theory
Routine Activity Theory
Displacement Theory
Opportunity Theory
8/8/2019 My Presentation ISV Conference 7th Jan 2011
60/119
Sp ace Transition T h eory1) Persons with repressed criminal behavior (in the physical
space) have a propensity to commit crime in cyberspace,which otherwise they would not commit in physical space,due to their status and position.Concern for status in physical space does not transition tocyber space.Behavior repressed in physical space are not in cyber space.
8/8/2019 My Presentation ISV Conference 7th Jan 2011
61/119
Sp ace Transition T h eory2) Identity flexibility, dissociative anonymity, and lack of deterrence
factor in the cyberspace provides the offenders the choice tocommit cyber crime.
y Disinhibiting effect allows individuals:y Open honesty about personal issuesy To act out on unpleasant needs
y Deinidividualization - inner restraints are lost when individualsnot seen as individuals
y Leads to behavior that isy Less altruisticy More selfishy More aggressive
8/8/2019 My Presentation ISV Conference 7th Jan 2011
62/119
Sp ace Transition T h eory2) Identity flexibility, dissociative anonymity, and lack of
deterrence factor in the cyberspace provides the offendersthe choice to commit cyber crime.
y Deterrence factor changesy Attacks can be made from a remote locationy Crime reslts not immediately apparent
8/8/2019 My Presentation ISV Conference 7th Jan 2011
63/119
Sp ace Transition T h eory3) Criminal behavior of offenders in cyberspace is likely to be
imported to physical space which, in physical space maybe
exported to cyberspace as well.
y Cyber crime has moved from the single individual acting for fame
to professional criminalsy Huge financial gain with little risk
y Growth of e-commerce attracts criminals to the net
8/8/2019 My Presentation ISV Conference 7th Jan 2011
64/119
Sp ace Transition T h eory4) Intermittent venture of offenders in to the cyberspace and
the dynamic spatiotemporal nature of cyberspace provide thechance to escape
y Cyber space is transienty Cyber space is dynamicy Cyber crimes have do not have spatial - temporal restrictions
of traditional crimes
8/8/2019 My Presentation ISV Conference 7th Jan 2011
65/119
Sp ace Transition T h eory5) (a)Strangers are likely too unite together in cyberspace to commit
crime in the physical space; (b) Associates of physical space arelikely to unite to commit crime in cyberspace.
y Cyberspace allows for recruitment and disseminationy
Cyberspace is:y Unmoderatedy Easy to access
y Cyberspace can pose an insider threaty Spy / moley
Disgruntled employee
8/8/2019 My Presentation ISV Conference 7th Jan 2011
66/119
Sp ace Transition T h eory6) Persons from closed society are more likely to commit
crimes in cyberspace than persons from open society.y Open society allows individuals to voice opinions & vent
feelings.y Cyberspace allows individuals from closed societies to
express anger & frustrations through hate messages, webpage vandalism, up to cyber terrorism attacks
8/8/2019 My Presentation ISV Conference 7th Jan 2011
67/119
Sp ace Transition T h eory7) The conflict of norms and values of physical space with the
norms and values of cyberspace may lead to cyber crimes.y Cyberspace is internationaly Societal differences between individuals may lead to cyber
crimey Conflicts between nations carry over into cyberspace
8/8/2019 My Presentation ISV Conference 7th Jan 2011
68/119
Routine Activity T h eoryy Routine activities in conventional societies provide opportunities
for perpetrator to commit crimey Three things must be present for crime to occur:
y
Suitable target is availabley Motivated offender is presenty Lack of a suitable guardian to prevent crime from occurring
y Assessment of situation determines whether or not a crime takes
place.
8/8/2019 My Presentation ISV Conference 7th Jan 2011
69/119
Routine Activity T h eoryy A suitable target can be:
y A persony An objecty A place
y
Target comes to the attention of a person searching for a criminalopportunity
y Targets behavior may place target in contact with perpetratory No significant deterring mechanism is present
8/8/2019 My Presentation ISV Conference 7th Jan 2011
70/119
Routine Activity T h eoryy Motivated Perpetratory Predatory crime is a method for the perpetrator to secure
basic needs of desiresy Actions of perpetrator are intentional and illegal
8/8/2019 My Presentation ISV Conference 7th Jan 2011
71/119
Routine Activity T h eoryy A capable guardian
y Police patrol, Security guardsy Neighbors, neighborhood watch, dogsy Locks, fences, CCTV systemsy
Passwords, tokens, biometric measuresy Guardians can be formal or informaly Guardians can be human or machiney Guardians MUST be capable of acting as a deterrent
8/8/2019 My Presentation ISV Conference 7th Jan 2011
72/119
Opp ortunity T h eoryy Opportunity to commit a crime is a root cause of crimey No crime can occur without the physical opportunityy Opportunity plays a role in all crimes, not just those
involving physical propertyy Reducing opportunity reduces crime
8/8/2019 My Presentation ISV Conference 7th Jan 2011
73/119
Dis p lacement T h eoryy Reductions in opportunity will not reduce crime because
crime will be displaced to another locationy Opportunity is so compelling that removing perpetrators
will not reduce crime because other perpetrators will step iny Research on displacement theory has shown crime is not
always displaced
8/8/2019 My Presentation ISV Conference 7th Jan 2011
74/119
Routine Activity T h eory & t h e Internety Opportunity to commit crime is multipliedy Target and perpetrator are much more likely to come in
contact with each othery Victim has to keep returning to scene of the crimey Deterrence comes shifting either events or circumstances
y Neither are easily altered
8/8/2019 My Presentation ISV Conference 7th Jan 2011
75/119
Routine Activity T h eory & t h e Internety Cybercrime has more to do with the effectiveness of indirect
guardianshipy Internet is open & unmoderatedy Mechanisms of the Internet designed to transfer data, not to
examine the datay Internet guardianships are all mechanical
y Reactive, respond to some action - IDSy Cannot respond to new, previously untried activity
8/8/2019 My Presentation ISV Conference 7th Jan 2011
76/119
Hacker Neutralization Tec h niquesy Allows for temporary neutralization of values, beliefs, and
attitudes so illegal behaviors can be performed.y Justification of an act requires the need to assert its positive
valuesy Used by different types of deviants
8/8/2019 My Presentation ISV Conference 7th Jan 2011
77/119
Hacker Neutralization Tec h niquesy Denial of Injury
y No harm or insignificant harm done to victimy No physical information stolen, information in an electronic
formy Belief that downloading is copying not stealingy As long as no one knows their information is being perused, no
harm is done
8/8/2019 My Presentation ISV Conference 7th Jan 2011
78/119
Hacker Neutralization Tec h niquesy Denial of Victim
y Victim is deserving of punishmenty Four categories of victims
y Close enemies who have harmed offender directlyy
People who do not conform to normative social rolesy Groups with tribal stigmasy Remote enemies who hold positions perceived as questionable or corrupt
y Offender may assume role of avenger or crusader for justicey May justify actions as revenge
8/8/2019 My Presentation ISV Conference 7th Jan 2011
79/119
Hacker Neutralization Tec h niquesy Condemnation of the Condemners
y Divert attention from offenders actions to the motives and behaviors of those condemning offenders actions
y Mistrust of authorityy Promote decentralizationy Price charged by software companies too high and unfairy Victim failed to protect their computer system
8/8/2019 My Presentation ISV Conference 7th Jan 2011
80/119
Hacker Neutralization Tec h niquesy Appeal to higher loyalties
y Offender doesnt deny damage, act was done to protect higher
loyaltiesy Loyalty to groupy Responsibility to family or spousey Employer (Corporate crimes)
y Claim actions were done to acquire knowledge
8/8/2019 My Presentation ISV Conference 7th Jan 2011
81/119
Hacker Neutralization Tec h niquesy Self-fulfillment
y Illegal activity done fory Funy Excitement or thrilly
Computer virtuosityy Offender achieves feelings of superiority & controly Voyeurismy Demonstration of ability
8/8/2019 My Presentation ISV Conference 7th Jan 2011
82/119
Hacker Neutralization Tec h niquesy Hackers do not use all neutralization techniques
y Denial of responsibilityy Sad storyy Both external forms of neutralizationy Only use techniques based on internal neutralizationy Hackers take pride in what they doy Hackers feel in shame or guilt
8/8/2019 My Presentation ISV Conference 7th Jan 2011
83/119
Com p uter Hackers & Social Organizationy Mutual Association
y Clear interpersonal relationshipy No strong or deep interpersonal relationships on or off liney Social connections relatively shallowy Multiple identities and multiple forum use may limit ability to
form interpersonal connectionsy Utilize social networks to exchange knowledge and information
8/8/2019 My Presentation ISV Conference 7th Jan 2011
84/119
Com p uter Hackers & Social Organizationy Mutual Participation
y Groups are stratified rather than centrally controlledy Participation in groups did not lead to group attacksy Many do not want an group affiliation
8/8/2019 My Presentation ISV Conference 7th Jan 2011
85/119
Com p uter Hackers & Social Organizationy Division of labor
y Some specialization in group forums does existy Stratification & division of labor
y Small group of moderatorsy Larger group of users exchanging knowledge & information
y Loose set of rulesy Give respect, get respecty No flaming
y
Large population of users enforcing the rules
8/8/2019 My Presentation ISV Conference 7th Jan 2011
86/119
Com p uter Hackers & Social Organization
y Extended durationy No group with extended history
y Relationships appear transitory
y Relationships within forums weak & short-lived
Incident Res ponse a p recursor to Tec h niques of Cyber
8/8/2019 My Presentation ISV Conference 7th Jan 2011
87/119
q yinvestigation & forensic tools
10 January 2011www.site.technolexindia.com,http://technolexindia.blogspot.com87
y Incident response could be defined as a precise set of actions to handle
any security incident in a responsible ,meaningful and timely manner.y Goals of incident response-y To confirm whether an incident has occurredy To promote accumulation of accurate informationy Educate senior managementy Help in detection/prevention of such incidents in the future,y To provide rapid detection and containmenty Minimize disruption to business and networkoperations
y To facilitate for criminal action againstperpetrators
8/8/2019 My Presentation ISV Conference 7th Jan 2011
88/119
Handling of Evidences by Cyber Analysts
Four major tasks for working with digital evidence
IdentifyCollect,Observe
&Preserve
Analyzeand
OrganizeVerify
Identify: Any digital information or artifacts that can beused as evidence.Collect, observe and preserve the evidence
Analyze, identify and organize the evidence.Rebuild the evidence or repeat a situation to verify thesame results every time. Checking the hash value .
10 January 2011www.site.technolexindia.com,http://technolexindia.blogspot.com88
Tec h niques of cyber investigation
8/8/2019 My Presentation ISV Conference 7th Jan 2011
89/119
Tec h niques of cyber investigation-Cyber forensics
10 January 2011www.site.technolexindia.com,http://technolexindia.blogspot.com8 9
y Computer forensics, also called cyber forensics, is the application of computerinvestigation and analysis techniques to gather evidence suitable for presentation in acourt of law.
y The goal of computer forensics is to perform a structured investigation while
maintaining a documented chain of evidence to find out exactly what happened on acomputer and who was responsible for it.
8/8/2019 My Presentation ISV Conference 7th Jan 2011
90/119
Com p uter Forensic Tools
10 January 2011www.site.technolexindia.com,http://technolexindia.blogspot.com9 0
Forensic Tool Kit:
FTK is developed by Access Data Corporation
(USA); it enables lawenforcement andcorporate securityprofessionals to perform
complete and in-depthcomputer forensicanalysis.
Main W indow of F TK
8/8/2019 My Presentation ISV Conference 7th Jan 2011
91/119
TY P ICAL TOOLS
10 January 2011www.site.technolexindia.com,http://technolexindia.blogspot.com9 1
y EMAIL TRACERy TRUEBACKy CYBERCHECKy
MANUAL
Current and Emerging Cyber F orensic Tools of Law Enforcement
8/8/2019 My Presentation ISV Conference 7th Jan 2011
92/119
10 January 2011www.site.technolexindia.com,http://technolexindia.blogspot.com9 2
8/8/2019 My Presentation ISV Conference 7th Jan 2011
93/119
Land Mark Cases
10 January 2011www.site.technolexindia.com,http://technolexindia.blogspot.com9 3
y 9/11 Attack on WTCy Afzal Guru Parliament attack Casey Mumbai Attack on Tajmahal etc.y
Firos vs. State of Keralay SyyedAsifuddin Casey Bazee Casey State of Tamilnadu v. Suhas Kattiy Balasore ATM Fraud, 2010
Case S tudy (contd .)
8/8/2019 My Presentation ISV Conference 7th Jan 2011
94/119
Case S tudy (contd .)
10 January 2011www.site.technolexindia.com,http://technolexindia.blogspot.com9 4
y The crime was obviously committed using "Unauthorized
Access" to the "Electronic Account Space" of the customers.It is therefore firmly within the domain of "Cyber Crimes".y ITA-2000 is versatile enough to accommodate the aspects
of crime not covered by ITA-2000 but covered by other statutes since any IPC offence committed with the use of "Electronic Documents" can be considered as a crime withthe use of a "Written Documents". "Cheating", "Conspiracy","Breach of Trust" etc are therefore applicable in the abovecase in addition to section in ITA-2000.
y Under ITA-2000 the offence is recognized both under Section 66 and Section 43. Accordingly, the persons
involved are liable for imprisonment and fine as well as aliability to pay damage to the victims to the maximum extentof Rs 1 crore per victim for which the "Adjudication Process"can be invoked.
Case S tudy (contd .)
8/8/2019 My Presentation ISV Conference 7th Jan 2011
95/119
Case S tudy (contd .)
10 January 2011www.site.technolexindia.com,http://technolexindia.blogspot.com9 5
y The BPO is liable for lack of security that enabled the commission of the fraud as wellas because of the vicarious responsibility for the ex-employee's involvement. The
process of getting the PIN number was during the tenure of the persons as"Employees" and hence the organization is responsible for the crime.y Some of the persons who have assisted others in the commission of the crime even
though they may not be directly involved as beneficiaries will also be liable underSection 43 of ITA-2000.
y Under Section 79 and Section 85 of ITA-2000, vicarious responsibilities are indicated
both for the BPO and the Bank on the grounds of "Lack of Due Diligence".y At the same time, if the crime is investigated in India under ITA-2000, then the factthat the Bank was not using digital signatures for authenticating the customerinstructions is a matter which would amount to gross negligence on the part of theBank. (However, in this particular case since the victims appear to be US Citizens andthe Bank itself is US based, the crime may come under the jurisdiction of the US courtsand not Indian Courts).
B
8/8/2019 My Presentation ISV Conference 7th Jan 2011
96/119
Baazee case
10 January 2011www.site.technolexindia.com,http://technolexindia.blogspot.com9 6
8/8/2019 My Presentation ISV Conference 7th Jan 2011
97/119
Baazee case
10 January 2011www.site.technolexindia.com,http://technolexindia.blogspot.com9 7
y Obscene MMS clipping listed for sale on27th November, 2004 - DPS Girl having fun".
y Some copies sold through Baazee.com
y Avnish Bajaj (CEO) arrested and his bail application wasrejected by the trial court.
8/8/2019 My Presentation ISV Conference 7th Jan 2011
98/119
Points of t h e p rosecution
10 January 2011www.site.technolexindia.com,http://technolexindia.blogspot.com9 8
y The accused did not stop payment through banking channelsafter learning of the illegal nature of the transaction.
y The item description "DPS Girl having fun" should haveraised an alarm.
8/8/2019 My Presentation ISV Conference 7th Jan 2011
99/119
Points of t h e defence
10 January 2011www.site.technolexindia.com,http://technolexindia.blogspot.com99
y Section 67 relates to publication of obscene material andnot transmission.
y Remedial steps were taken within 38 hours, since theintervening period was a weekend.
8/8/2019 My Presentation ISV Conference 7th Jan 2011
100/119
Findings of t h e Court
10 January 2011www.site.technolexindia.com,http://technolexindia.blogspot.com100
y It has not been established from the evidence that anypublication took place by the accused, directly orindirectly.
y The actual obscene recording/clip could not be viewedon the portal of Baazee.com.
y The sale consideration was not routed through theaccused.
8/8/2019 My Presentation ISV Conference 7th Jan 2011
101/119
Findings of t h e Court
10 January 2011www.site.technolexindia.com,http://technolexindia.blogspot.com101
y Prima facie Baazee.com had endeavored to plug theloophole.
y The accused had actively participated in theinvestigations.
y The nature of the alleged offence is such that theevidence has already crystallized and may even be tamperproof.
8/8/2019 My Presentation ISV Conference 7th Jan 2011
102/119
Findings of t h e Court
10 January 2011www.site.technolexindia.com,http://technolexindia.blogspot.com102
y Even though the accused is a foreign citizen, he is of Indian origin with family roots in India.
y
The evidence indicatesy only that the obscene material may have been unwittinglyoffered for sale on the website.
y the heinous nature of the alleged crime may be attributable tosome other person.
8/8/2019 My Presentation ISV Conference 7th Jan 2011
103/119
Court order
10 January 2011www.site.technolexindia.com,http://technolexindia.blogspot.com103
y The court granted bail to Mr. Bajaj subject to furnishingtwo sureties of Rs. 1 lakh each.
y The court ordered Mr. Bajaj toy surrender his passporty not to leave India without Court permissiony to participate and assist in the investigation.
8/8/2019 My Presentation ISV Conference 7th Jan 2011
104/119
Case of- B PO Data T h eft
10 January 2011www.site.technolexindia.com,http://technolexindia.blogspot.com104
y The recently reported case of a Bank Fraud in Pune in whichsome ex employees of BPO arm of MPhasis Ltd MsourcE,defrauded US Customers of Citi Bank to the tune of RS 1.5crores has raised concerns of many kinds including the role of
"Data Protection".
S tate v Navjot Sand h u
8/8/2019 My Presentation ISV Conference 7th Jan 2011
105/119
S tate v Navjot Sand h u(2005)11 SCC 600
10 January 2011www.site.technolexindia.com,http://technolexindia.blogspot.com105
y Held, while examining Section 65 B Evidence Act, it may be thatcertificate containing details of subsection 4 of Section 65 is notfiled, but that does not mean thatsecondary evidencecannot begiven.
y Section 63 & 65 of the Indian Evidence Act enables secondaryevidence of contents of a document to be adduced if original is of such a nature as not to be easily movable.
8/8/2019 My Presentation ISV Conference 7th Jan 2011
106/119
8/8/2019 My Presentation ISV Conference 7th Jan 2011
107/119
Firos vs . S tate of Kerala
10 January 2011www.site.technolexindia.com,http://technolexindia.blogspot.com107
y Govt of Kerala declared the FRIENDS application software asa protected system.
y The author of the application software challenged the
notification and the constitutional validity of section 70.
y The Court upheld the validity of both
8/8/2019 My Presentation ISV Conference 7th Jan 2011
108/119
Syed Asifuddin case
10 January 2011www.site.technolexindia.com,http://technolexindia.blogspot.com108
y Tata Indicom employees were arrested for manipulationof the electronic 32-bit number (ESN) programmed intocell phones that were exclusively franchised to RelianceInfocomm.
y The court held that such manipulation amounted totampering with computer source code as envisaged by
section 65.
Societe Des products Nestle SA case 2006 (33 ) PTC 46 9
8/8/2019 My Presentation ISV Conference 7th Jan 2011
109/119
10 January 2011www.site.technolexindia.com,http://technolexindia.blogspot.com10 9
y By virtue of provision of Section 65A, the contents of electronic records may be proved in evidence by parties in accordance with provision of 65B.
y
Held- Sub section (1) of section 65B makes admissible as a document, paper print out of electronicrecords stored in optical or magnetic media produced by a computer subject to fulfillment of conditions specified in subsection 2 of Section 65B .
a) The computer from which the record is generated was regularly used to store or processinformation in respect of activity regularly carried on by person having lawful control over theperiod, and relates to the period over which the computer was regularly used.
b) Information was fed in the computer in the ordinary course of the activities of the person havinglawful control over the computer.
c) The computer was operating properly, and if not, was not such as to affect the electronic record orits accuracy.
d) Information reproduced is such as is fed into computer in the ordinary course of activity.y State v Mohd Afzal, 2 003 (7) AD (Delhi)1
8/8/2019 My Presentation ISV Conference 7th Jan 2011
110/119
Parliament attack case
10 January 2011www.site.technolexindia.com,http://technolexindia.blogspot.com110
y Several terrorists attacked Parliament House on 13-Dec-01
y Digital evidence played an important role during theirprosecution.
y The accused had argued that computers and digital evidencecan easily be tampered and hence should not be relied upon.
8/8/2019 My Presentation ISV Conference 7th Jan 2011
111/119
Parliament attack case
10 January 2011www.site.technolexindia.com,http://technolexindia.blogspot.com111
y A laptop, several smart media storage disks and devices wererecovered from a truck intercepted at Srinagar pursuant toinformation given by two of the suspects.
y
These articles were deposited in the police malkhana on 16-Dec-01 but some files were written onto the laptop on 21-Dec-01.
8/8/2019 My Presentation ISV Conference 7th Jan 2011
112/119
Parliament attack case
10 January 2011www.site.technolexindia.com,http://technolexindia.blogspot.com112
y Evidence found on the laptop included:y fake identity cards,y video files containing clippings of political leaders with
Parliament in background shot from TV news channels,y scanned images of front and rear of a genuine identity card,
8/8/2019 My Presentation ISV Conference 7th Jan 2011
113/119
Parliament attack case
10 January 2011www.site.technolexindia.com,http://technolexindia.blogspot.com113
y image file of design of Ministry of Home Affairs car sticker,
y the game 'wolf pack' with the user name 'Ashiq'. Ashiq was thename in one of the fake identity cards used by the terrorists.
The possible reliefs to a cybercrime
8/8/2019 My Presentation ISV Conference 7th Jan 2011
114/119
p yvictim and strategy adoption
10 January 2011www.site.technolexindia.com,http://technolexindia.blogspot.com114
Possible reliefs to a cybercrime victim- strategy
8/8/2019 My Presentation ISV Conference 7th Jan 2011
115/119
ado p tion
10 January 2011www.site.technolexindia.com,http://technolexindia.blogspot.com115
y A victim of cybercrime needs to immediately report the matter to his localpolice station and to the nearest cybercrime cell
y Depending on the nature of crime there may be civil and criminalremedies.
y In civil remedies , injunction and restraint orders may be sought, together
with damages, delivery up of infringing matter and/or account for profits.y In criminal remedies, a cybercrime case will be registered by police if the
offence is cognisable and if the same is non cognisable, a complaint should be filed with metropolitan magistrate
y For certain offences, both civil and criminal remedies may be available tothe victim
Pre paration for p rosecution
8/8/2019 My Presentation ISV Conference 7th Jan 2011
116/119
p p
10 January 2011www.site.technolexindia.com,http://technolexindia.blogspot.com116
y Collect all evidence available & saving snapshots of evidencey Seek a cyberlaw experts immediate assistance for advice on preparing for prosecutiony Prepare a background history of facts chronologically as per factsy Pen down names and addresses of suspected accused.y Form a draft of complaint and remedies a victim seeksy Cyberlaw expert & police could assist in gathering further evidence e.g tracing the IP
in case of e-mails, search & seizure or arrest as appropriate to the situationy
A cyber forensic study of the hardware/equipment/ network server related to thecybercrime is generally essentialy Preparation of chain of events tabley Probing where evidence could be traced? E-mail inbox/files/folders/ web history.y Accused may use erase evidence software/toolsy Forensically screening the hardware/data/files /print outs / camera/mobile/pen
drives of evidentiary value.
8/8/2019 My Presentation ISV Conference 7th Jan 2011
117/119
Future Course of Action
10 January 2011www.site.technolexindia.com,http://technolexindia.blogspot.com117
y Mumbai Cyber lab is a joint initiative of
Mumbai police andNASSCO M more exchange and coordination of this kind
y M ore Public awareness campaignsy Training of police officers to effectively combat cyber crimesy M ore Cyber crime police cells set up across the countryy Effective E-surveillancey Websites aid in creating awareness and encouraging
reporting of cyber crime cases.y Specialised Training of forensic investigators and expertsy Active coordination between police and other law
enforcement agencies and authorities is required.y Re-interpretation of criminological theories and development
of cyber jurisprudence
Do you h ave any question?
8/8/2019 My Presentation ISV Conference 7th Jan 2011
118/119
Do you h ave any question?
8/8/2019 My Presentation ISV Conference 7th Jan 2011
119/119